Receiving error on SSH login error: PAM: Authentication failure
10-24-2012 01:32 PM
I am getting in /var/log/secure PAM: authentication failure when trying to login with a user through SSH. I have UsePam enabled and ChallengeResponse set to yes.
I am running on RHEL 5 and I am able to switch to user if logged in as root and I switch to the user. So it appears to be SSH.
Any ideas on what to check?
error: PAM: Authentication failure
Solved! Go to Solution.
10-24-2012 07:00 PM
First of all, test all is well from an AD-integration perpective. To do this type the following command for the user account in question:
adinfo -A -u fred.thomas Active Directory password: Password for user "fred.thomas" is correct
If the command returns that the password is correct, next check to make sure the account is in good standing by using adquery as shown below.
# adquery user fred.thomas -xwclkde accountExpires:Never passwordExpires:Never nextPasswordChange:Tue Dec 17 11:04:11 2012 lastPasswordChange:Mon Apr 16 11:04:11 2012 accountLocked:false accountDisabled:false zoneEnabled:true
If the user's password is good and the account is in good standing, then its likely an issue with SSH.
To troubleshoot SSH, please send me the following information:
What version of OpenSSH are you using? Run "ps -ef | grep sshd" and "ssh -V".
Send the sshd_config for review.
Turn ON Centrify debug by running "/usr/share/centrifydc/bin/addebug on".
Next run "<path_to_sshd>/sshd -ddde -p 2222" to start the SSHD server in the foreground with verbosity turned on.
From the ssh client, connect to the SSHD server on port 2222, "ssh -p 2222 -vvv <hostname>" and try to authenticate.
Please send the output from the SSHD foreground session and cient for analysis.
Now turn OFF Centrify debug "/usr/share/centrifydc/bin/addebug off"
Collect the system's diagnostics by running "adinfo --support".
Send the files /tmp/adinfo_support.tar, sshd_config and verbose sshd and ssh client outputs to firstname.lastname@example.org for review.
VP of Enterprise Solutions
Found my response helpful? Click the Kudos button!
10-26-2012 02:09 PM
I have a similar error. I am running HP-UX 11.31 with Direct Control 5.0.2-388, OPenSSH 4.5.4-121 and Windows 2008 R2 AD.
Can you provide the solution to this problem?
I have all the logs colected as per your instructions.
Thank you for your support.
10-26-2012 03:04 PM
10-30-2012 06:56 AM
08-15-2016 08:46 AM
This is a resolved thread from 2012.
Please create a new thread based on your issue. If you are still trying to deal with disconnects - do an adinfo -T and check connectivity with your domain controllers.