Re: [SSSD-users] Get error "Incorrect Password" when su to a ldap user with password prompt

Sun, 29 Jun 2014 07:12:06 -0700 

hi Lukas

the debugging tips is really helpfule trouble shooting, i got a lot error
"pam_sss(sshd:auth): received for user nick: 9 (Authentication service
cannot retrieve authentication info)"
it turned out that i used ldap (without SSL) that sssd not support any more
<http://www.linuxquestions.org/questions/linux-enterprise-47/rhel-6-ldap-now-requires-tls-843917/#post4521478>
for secure reason.
after enable ssl for my openldap server, thinks work now

thanks very much

  Thanks & Best Regards!

                  ///
                 (. .)
  --------ooO--(_)--Ooo--------
  |           Nick Tan           |
  ------------------------------------


On Sat, Jun 28, 2014 at 1:33 AM, Lukas Slebodnik <[email protected]>
wrote:

> On (28/06/14 00:03), XuQing Tan wrote:
> >Hi folks
> >
> >i setup sssd 1.9.2 on centos 6 x64
> >i can get the user info via 'id <user>'
> >i can su to that user as root (no password prompt since i'm root)
> >
> >[root@nick-ldap ~]# su - nick
> >-sh-4.1$ exit
> >logout
> >
> root can swith to another user without any prompting password.
>    (pam_sss was not involved)
> It is default behaviour.
> I am not pam expert, but it should be caused by next line in /etc/pam.d/su
>
> account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
>
> >but i can't su to this user as non-root (with password prompt but get
> >incorrect password error)
> >[root@nick-ldap ~]# su - demo
> >[demo@nick-ldap ~]$ su - nick
> >Password:
> >su: incorrect password
> There are two explanation:
>     a) you used wrong password.
>     b) there is some problem with sssd configuration.
>
> In second case, put "debug_level = 7" into pam and domain section in
> sssd.conf;
> restarts sssd; reproduce problem; and try to analyse log files in
> /var/log/sssd
> If you don't find root of problem please send sanitised log fail to the
> mailing
> list.
>
> LS
> _______________________________________________
> sssd-users mailing list
> [email protected]
> https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>

_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

Reply via email to