HPE Community
Operating System - Linux
1752781 Members
6310 Online
108789 Solutions
New Discussion юеВ

Re: su: incorrect password

 
SOLVED
Go to solution
David Wall
Advisor

тАО07-02-2007 02:14 AM

тАО07-02-2007 02:14 AM

su: incorrect password

I am getting the following error when trying to su - userid from root. I can telnet to the user but ssh also fails with a password error. No changes (as far as I know, I'm not the only one with access) have been made to the system recently.

Any thoughts?

Thanks.
0 Kudos
5 REPLIES 5
Court Campbell
Honored Contributor

тАО07-02-2007 02:58 AM

тАО07-02-2007 02:58 AM

Re: su: incorrect password

check /var/log/messages and /var/log/secure and see if you see any errors. My best guess would be that it is a pam issue.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
David Wall
Advisor

тАО07-02-2007 04:32 AM

тАО07-02-2007 04:32 AM

Re: su: incorrect password

Here is the output from first an su - ruser attempt as root and then a secure shell attempt.

secure
Jul 2 12:23:11 localhost sshd[22732]: Failed password for root from ::ffff:10.101.241.55 port 3349 ssh2
Jul 2 12:23:23 localhost sshd[22732]: Accepted password for root from ::ffff:10.101.241.55 port 3349 ssh2
Jul 2 12:23:35 localhost sshd[22795]: Failed password for ruser from ::ffff:10.101.241.55 port 3351 ssh2
Jul 2 12:23:40 localhost sshd[22796]: Connection closed by ::ffff:10.101.241.55

messages
Jul 2 12:22:42 localhost pam_tally[22717]: user ruser (500) tally 4, deny 2
Jul 2 12:23:09 localhost sshd(pam_unix)[22732]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=p62534.company.org user=root
Jul 2 12:23:23 localhost sshd(pam_unix)[22748]: session opened for user root by root(uid=0)
Jul 2 12:23:35 localhost pam_tally[22795]: user ruser (500) tally 5, deny 2

A telnet produces the following in the secure file and works fine.

Jul 2 12:30:49 localhost xinetd[2510]: START: telnet pid=23227 from=10.101.241.55
0 Kudos
Court Campbell
Honored Contributor

тАО07-02-2007 05:19 AM

тАО07-02-2007 05:19 AM

Solution

Re: su: incorrect password

you are using pam_tally. look for a binary named pam_tally and run it. It should show a list of locked users. Then try this to reset the user:

# pam_tally --user= --reset

pam_tally keeps track of failed logins and will not allow logon after so many unsuccessful attempts. Since telnet works you can probably see the pam module listed in /etc/pam.d/sshd.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
Court Campbell
Honored Contributor

тАО07-02-2007 05:25 AM

тАО07-02-2007 05:25 AM

Re: su: incorrect password

I guess I could have mentioned that you are set to deny access after to failed logon attempts.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
David Wall
Advisor

тАО07-02-2007 05:27 AM

тАО07-02-2007 05:27 AM

Re: su: incorrect password

That was it.

Thanks.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.