SSSD rejects LDAP login with su: incorrect password

authentication rhel6 ldap openldap sssd

Solution 1:

It's unsatisfying, but su - leopetr4 and ssh leopetr4@my_hostname started working soon after I set the bounty on the question. I spent some time thinking about why that was without coming to a clear conclusion, as it would be bad for it to stop working as suddenly as it started.

One change I recall making is switching the pam_password setting in /etc/pam_ldap.conf from md5 and exop:

#pam_password md5
pam_password exop

However, the change from broken to working was not immediate, so I hesitate to attribute it to that change.

Solution 2:

Sorry that I had to use answer to ask these questions...

What is the output of: authconfig --probe and getent passwd leopetr4

Is your system-auth the same as your password-auth? Can you provide your PAM login file as well?

You may also want to try setting cache_credentials = false in sssd.conf and to clear the cache while testing using sss_cache -E

Related

How do I get AWS CloudFormation to recreate a resource I manually deleted?
Reviewing firewall rules
Is there a point in using Prelink anymore?
What to filter when providing very limited open WiFi to a small conference or meeting?
Different ways to restart Apache?
Make apachebench(ab) send HTTP1.1 request?
Reverse proxy for a subdirectory in nginx
How do SAN Certs degrade performance?
Is it possible to change BIOS settings from Linux?
Linux; What is stripe_cache_size and what does it do?
Configuring Logstash when installed as a service [closed]
Jenkins on Docker - Free Swap Space 0