LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-03-2014, 02:51 AM   #1
yogesh_attarde
Member
 
Registered: Jan 2010
Posts: 82

Rep: Reputation: 1
SSH login failed pam_unix authentication failure error


Hi All,

I have configured LDAP on CentOS machine and is working fine. Just I created one new LDAP client machine and setup LDAP client on it. But I am getting below error.

Jan 3 14:14:05 dev sshd[3231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=yogesh
Jan 3 14:14:07 dev sshd[3231]: Failed password for yogesh from ::1 port 49366 ssh2


Could anyone help me to get it resolve?

Regards,
Yogesh
 
Old 01-10-2014, 12:28 AM   #2
vishesh
Member
 
Registered: Feb 2008
Distribution: Fedora,RHEL,Ubuntu
Posts: 661

Rep: Reputation: 66
Does the user trying to ssh is a ldap user?
 
Old 01-17-2014, 06:14 AM   #3
yogesh_attarde
Member
 
Registered: Jan 2010
Posts: 82

Original Poster
Rep: Reputation: 1
Hi All,

Yes the user is LDAP user.

The issue is resolved after changing the password-auth-ac file in /etc/pam.d It looks like as below:

Code:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

account     required      pam_access.so
account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_ldap.so
This works pretty well for me.
 
1 members found this post helpful.
Old 05-19-2015, 06:17 AM   #4
vvspune
LQ Newbie
 
Registered: Mar 2009
Posts: 1

Rep: Reputation: 0
worked for CentOS 7 openldap client

Dear All

The suggested change in /etc/pam.d/password-auth-ac worked for us in CentOS 7 as openldap client (server also CentOS 7 openldap). For quite some time we were struggling to figure out the problem. This came handy.
Summary: in /etc/pam.d/password-auth-ac file replace pam_sss.so with pam_ldap.so
Thanks a lot.

V.V.Subramani
NCRA, TIFR, Pune
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix SSL - SASL LOGIN authentication failed: generic failure grambldouch Linux - Server 1 03-21-2014 08:50 AM
[SOLVED] SSH authentication Failure zeeper Linux - Security 12 04-24-2013 01:58 AM
postfix SSL - SASL LOGIN authentication failed: generic failure grambldouch Linux - Server 1 09-26-2012 07:09 AM
cyrus NO Login failed: authentication failure nobu Linux - Enterprise 6 10-24-2005 08:15 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration