https://community.hpe.com/t5/operating-system-linux/su-incorrect-password/m-p/5055957#M48792 you are using pam_tally. look for a binary named pam_tally and run it. It should show a list of locked users. Then try this to reset the user:<BR /><BR /># pam_tally --user=<USERNAME> --reset<BR /><BR />pam_tally keeps track of failed logins and will not allow logon after so many unsuccessful attempts. Since telnet works you can probably see the pam module listed in /etc/pam.d/sshd.</USERNAME> Mon, 02 Jul 2007 12:19:39 GMT Court Campbell 2007-07-02T12:19:39Z https://community.hpe.com/t5/operating-system-linux/su-incorrect-password/m-p/5055954#M48789 I am getting the following error when trying to su - userid from root. I can telnet to the user but ssh also fails with a password error. No changes (as far as I know, I'm not the only one with access) have been made to the system recently.<BR /><BR />Any thoughts?<BR /><BR />Thanks. Mon, 02 Jul 2007 09:14:16 GMT https://community.hpe.com/t5/operating-system-linux/su-incorrect-password/m-p/5055954#M48789 David Wall 2007-07-02T09:14:16Z https://community.hpe.com/t5/operating-system-linux/su-incorrect-password/m-p/5055955#M48790 check /var/log/messages and /var/log/secure and see if you see any errors. My best guess would be that it is a pam issue. Mon, 02 Jul 2007 09:58:17 GMT https://community.hpe.com/t5/operating-system-linux/su-incorrect-password/m-p/5055955#M48790 Court Campbell 2007-07-02T09:58:17Z https://community.hpe.com/t5/operating-system-linux/su-incorrect-password/m-p/5055956#M48791 Here is the output from first an su - ruser attempt as root and then a secure shell attempt.<BR /><BR />secure<BR />Jul 2 12:23:11 localhost sshd[22732]: Failed password for root from ::ffff:10.101.241.55 port 3349 ssh2<BR />Jul 2 12:23:23 localhost sshd[22732]: Accepted password for root from ::ffff:10.101.241.55 port 3349 ssh2<BR />Jul 2 12:23:35 localhost sshd[22795]: Failed password for ruser from ::ffff:10.101.241.55 port 3351 ssh2<BR />Jul 2 12:23:40 localhost sshd[22796]: Connection closed by ::ffff:10.101.241.55<BR /><BR />messages<BR />Jul 2 12:22:42 localhost pam_tally[22717]: user ruser (500) tally 4, deny 2<BR />Jul 2 12:23:09 localhost sshd(pam_unix)[22732]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=p62534.company.org user=root<BR />Jul 2 12:23:23 localhost sshd(pam_unix)[22748]: session opened for user root by root(uid=0)<BR />Jul 2 12:23:35 localhost pam_tally[22795]: user ruser (500) tally 5, deny 2<BR /><BR />A telnet produces the following in the secure file and works fine.<BR /><BR />Jul 2 12:30:49 localhost xinetd[2510]: START: telnet pid=23227 from=10.101.241.55 Mon, 02 Jul 2007 11:32:14 GMT https://community.hpe.com/t5/operating-system-linux/su-incorrect-password/m-p/5055956#M48791 David Wall 2007-07-02T11:32:14Z https://community.hpe.com/t5/operating-system-linux/su-incorrect-password/m-p/5055957#M48792 you are using pam_tally. look for a binary named pam_tally and run it. It should show a list of locked users. Then try this to reset the user:<BR /><BR /># pam_tally --user=<USERNAME> --reset<BR /><BR />pam_tally keeps track of failed logins and will not allow logon after so many unsuccessful attempts. Since telnet works you can probably see the pam module listed in /etc/pam.d/sshd.</USERNAME> Mon, 02 Jul 2007 12:19:39 GMT https://community.hpe.com/t5/operating-system-linux/su-incorrect-password/m-p/5055957#M48792 Court Campbell 2007-07-02T12:19:39Z https://community.hpe.com/t5/operating-system-linux/su-incorrect-password/m-p/5055958#M48793 I guess I could have mentioned that you are set to deny access after to failed logon attempts. Mon, 02 Jul 2007 12:25:22 GMT https://community.hpe.com/t5/operating-system-linux/su-incorrect-password/m-p/5055958#M48793 Court Campbell 2007-07-02T12:25:22Z https://community.hpe.com/t5/operating-system-linux/su-incorrect-password/m-p/5055959#M48794 That was it.<BR /><BR />Thanks. Mon, 02 Jul 2007 12:27:02 GMT https://community.hpe.com/t5/operating-system-linux/su-incorrect-password/m-p/5055959#M48794 David Wall 2007-07-02T12:27:02Z