Symptom
User is not able to “su” to another account (be it local, or LDAP based)
[admazwan_ngali@oracle~]$ su - servicesoasit Password: Password: su: incorrect password
/var/log/secure will display this error log.
Jul 21 23:53:37 oracle su[22863]: pam_vas: Authentication <succeeded> for <Active Directory> user: <servicesoasit> account: <ServiceSOASIT@AMER.DELL.COM> service: <su-l> reason: <N/A> Access Control Identifier(NT Name):<AMERICAS\ServiceSOASIT> Jul 21 23:53:38 oracle su[22863]: pam_unix(su-l:auth): authentication failure; logname=admazwan_ngali uid=2184379 euid=2184379 tty=pts/6 ruser= rhost= user=servicesoasit
As you can see pam_vas already verified authentication is a success, but “su” still refused you to switch user.
Troubleshooting
Ensure setuid is set on /bin/su file. Not sure why it’s changed, probably it happened during OEL upgrade recently.
[root@oracle pam.d]# ll /bin/su -rwxr-xr-x 1 root root 28336 Oct 16 2012 /bin/su
Try to “su” to another account again. Issue should be fixed.
[root@oracle pam.d]# chmod +s /bin/su [root@oracle pam.d]# ll /bin/su -rwsr-xr-x 1 root root 28336 Oct 16 2012 /bin/su
[admazwan_ngali@oracle ~]$ su - servicesoasit Password: [servicesoasit@oracle~]$
I have the s bit set for /bin/su
[root@6_3_30_global1a log]# ls -lrt /bin/su
-rwsr-xr-x 1 root root 28336 May 11 2011 /bin/su
Error in secure log:
nov 6 14:05:15 6_3_30_global1a su: pam_unix(su-l:auth): authentication failure; logname=admintools uid=5500 euid=0 tty=pts/5 ruser=admintools rhost= user=root
This happens when i have a python script trying to nstall something on the server.
Execute: cd /var/RPMs/MIH-6.3.30-STF02 && ./RPM_install.bash
– Command Output:
/bin/su: incorrect password
Please advice.
You have to put the SGID as well