Skip to content

Linux : pam_unix(su -l:auth): authentication failure

Symptom

User is not able to “su” to another account (be it local, or LDAP based)

[admazwan_ngali@oracle~]$ su - servicesoasit
Password:
Password:
su: incorrect password

/var/log/secure will display this error log.

Jul 21 23:53:37 oracle su[22863]: pam_vas: Authentication <succeeded> for <Active Directory> 
user: <servicesoasit> account: <ServiceSOASIT@AMER.DELL.COM> service: <su-l> reason: <N/A> Access Control Identifier(NT Name):<AMERICAS\ServiceSOASIT>
Jul 21 23:53:38 oracle su[22863]: pam_unix(su-l:auth): authentication failure; 
logname=admazwan_ngali uid=2184379 euid=2184379 tty=pts/6 ruser= rhost=  user=servicesoasit

As you can see pam_vas already verified authentication is a success, but “su” still refused you to switch user.

Troubleshooting

Ensure setuid is set on /bin/su file. Not sure why it’s changed, probably it happened during OEL upgrade recently.

[root@oracle pam.d]# ll /bin/su
-rwxr-xr-x 1 root root 28336 Oct 16  2012 /bin/su

Try to “su” to another account again. Issue should be fixed.

[root@oracle pam.d]# chmod +s /bin/su
[root@oracle pam.d]# ll /bin/su
-rwsr-xr-x 1 root root 28336 Oct 16  2012 /bin/su
[admazwan_ngali@oracle ~]$ su - servicesoasit
Password:
[servicesoasit@oracle~]$
Published inLinuxTutorials

2 Comments

  1. Devesh Kumar Devesh Kumar

    I have the s bit set for /bin/su

    [root@6_3_30_global1a log]# ls -lrt /bin/su
    -rwsr-xr-x 1 root root 28336 May 11 2011 /bin/su

    Error in secure log:
    nov 6 14:05:15 6_3_30_global1a su: pam_unix(su-l:auth): authentication failure; logname=admintools uid=5500 euid=0 tty=pts/5 ruser=admintools rhost= user=root

    This happens when i have a python script trying to nstall something on the server.
    Execute: cd /var/RPMs/MIH-6.3.30-STF02 && ./RPM_install.bash
    – Command Output:
    /bin/su: incorrect password

    Please advice.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.