Local User Authentication Failed When LDAP Server is Not Available
When we stop using the LDAP server and or somehow network disconnected from the LDAP server. We are unable to login into the server even from local user with the correct password. After reset the password also the local user is unable to log in or su to local user is denied.
Environment
- RHEL 6
- RHEL 7
- RHEL 8
- Centos and other GNU LInux
Issue
- Local user is unable to login system, LDAP server is unavailable
- Local user is unable to login system, AD server is unavailable
- Local user is unable to switch user
Resolution
Change in file /etc/nsswitch.conf passwd option to:
# passwd: ldap [!SUCCESS=continue] files
Root Cause
When we do the hardening of the server or system we configure nsswitch.conf file. So when the LDAP server is unreachable PAM fails to receive authentication information for the user due to this user failed to login.
Diagnostic Steps
If we log in from a remote user:
# test@test1 # ssh abc@somehost
abc@somehost's password:
Connection closed by 10.15.217.222
If we log in from a local user:
# [abc@somehost ~]$ su - abc
Password:
su: incorrect password
Maybe you need to start system-daemon. But it is not necessary it works without it.
Now you have successfully logged in to the system with the local user to which you were not able to log in.
This is the perfect webpage for everyone who wishes to understand this topic. You realize so much its almost hard to argue with you (not that I personally would want toÖHaHa). You definitely put a brand new spin on a subject that has been written about for a long time. Great stuff, just great!