Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-1460921.1
Update Date:2017-11-06
Keywords:
Solution Type  Problem Resolution Sure

Solution  1460921.1 :   Error 'incorrect password' reports when run command su after inputting correct password on exadata server  

Related Items 
    

  • Exadata Database Machine V2
    •  
  • Linux OS
    •  
Related Categories 
    

  • PLA-Support>Infrastructure>Operating Systems and Virtualization>Operating Systems>Oracle Linux
    •  
  • _Old GCS Categories>ST>Server>Engineered Systems>Exadata>Administration and Configuration
    •  




Customer configured LDAP on Exadata DB/ Compute node, later he is unable to su - localuser from ldap user and su - ldapuser from localuser.

In this Document
Symptoms
Changes
Cause
Solution

Created from <SR 3-5648905921>

Applies to:

Exadata Database Machine V2 - Version All Versions to All Versions [Release All Releases]
Linux OS - Version Oracle Linux 5.4 to Oracle Linux 6.2 [Release OL5U4 to OL6U2]
Linux x86-64

Symptoms

Error 'incorrect password' reports when run command  su after inputting correct password on exadata server .
For example,  account  'test ' unable to switch as root by command su like below:

[test@server ~]$ su -
Password:
su: incorrect password
[test@server ~]$


 Account test can not switch to other local use and LDAP use , for example like below account test1. And there is not logs in /var/log/secure

[test@server ~]$ su - test1
Password:
su: incorrect password
[test@server ~]

 

Changes

 By default in Exadata setup  the /etc/pam.d/su file:

# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid


 

Pam is not broken infact its a security option, seems more like switching as root  "su -" by user is disable. Alternative option is to use Sudo

 

Cause

Below line in the /etc/pam.d/su file:

# Uncomment the following line to require a user to be in the "wheel" group.
 auth required pam_wheel.so use_uid     <--------

 

Solution

1. login to the server as root

2. Edit /etc/pam.d/su file,comment the line below  and users will be required to enter password of root when they 'su -' as the default in all Linux OS.

 # Uncomment the following line to require a user to be in the "wheel" group.
 #auth required pam_wheel.so use_uid


3. Try to do  'su -' as normal user & ldap user.

[test@testbox~]$ su -
Password:
login successful

logs below in system messages log:


May 22 16:07:56 testbox su: pam_unix(su-l:session): session opened for user test by root(uid=0)
May 22 16:08:18 testbox su: pam_unix(su-l:session): session opened for user root by root(uid=500)


 

 


Attachments 
This solution has no attachment
  Copyright © 2018 Oracle, Inc.  All rights reserved.
 Feedback