Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 01-03-2014, 02:51 AM   #1
Registered: Jan 2010
Posts: 82

Rep: Reputation: 1
SSH login failed pam_unix authentication failure error

Hi All,

I have configured LDAP on CentOS machine and is working fine. Just I created one new LDAP client machine and setup LDAP client on it. But I am getting below error.

Jan 3 14:14:05 dev sshd[3231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=yogesh
Jan 3 14:14:07 dev sshd[3231]: Failed password for yogesh from ::1 port 49366 ssh2

Could anyone help me to get it resolve?

Old 01-10-2014, 12:28 AM   #2
Registered: Feb 2008
Distribution: Fedora,RHEL,Ubuntu
Posts: 661

Rep: Reputation: 66
Does the user trying to ssh is a ldap user?
Old 01-17-2014, 06:14 AM   #3
Registered: Jan 2010
Posts: 82

Original Poster
Rep: Reputation: 1
Hi All,

Yes the user is LDAP user.

The issue is resolved after changing the password-auth-ac file in /etc/pam.d It looks like as below:

# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required
auth        sufficient nullok try_first_pass
auth        requisite uid >= 500 quiet
auth        sufficient use_first_pass
auth        required

account     required
account     required broken_shadow
account     sufficient
account     sufficient uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore]
account     required

password    requisite try_first_pass retry=3 type=
password    sufficient sha512 shadow nullok try_first_pass use_authtok
password    sufficient use_authtok
password    required

session     optional revoke
session     required
session     [success=1 default=ignore] service in crond quiet use_uid
session     required
session     optional
This works pretty well for me.
1 members found this post helpful.
Old 05-19-2015, 06:17 AM   #4
LQ Newbie
Registered: Mar 2009
Posts: 1

Rep: Reputation: 0
worked for CentOS 7 openldap client

Dear All

The suggested change in /etc/pam.d/password-auth-ac worked for us in CentOS 7 as openldap client (server also CentOS 7 openldap). For quite some time we were struggling to figure out the problem. This came handy.
Summary: in /etc/pam.d/password-auth-ac file replace with
Thanks a lot.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix SSL - SASL LOGIN authentication failed: generic failure grambldouch Linux - Server 1 03-21-2014 08:50 AM
[SOLVED] SSH authentication Failure zeeper Linux - Security 12 04-24-2013 01:58 AM
postfix SSL - SASL LOGIN authentication failed: generic failure grambldouch Linux - Server 1 09-26-2012 07:09 AM
cyrus NO Login failed: authentication failure nobu Linux - Enterprise 6 10-24-2005 08:15 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:13 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration