Tuesday, 8 July 2008

Wrong password ?

Implementing the Oracle Authentication for Operating System (OAfOS) for a certain Oracle Enterprise Linux (OEL) server we got a Access Denied error when we tried to login the server using the credentials from the Oracle Internet Directory (OID) ldap server. When we looked in the /var/log/secure messages file we saw the error
sshd[22791]: Failed password for invalid user xander

This even though the same account xander worked fine for other OEL servers.
When we used the su xander from the root account on the OEL server we were able to create the directory:

$ su xander

Creating directory '/home/xander'.

Creating directory '/home/xander/.kde'.

Creating directory '/home/xander/.kde/Autostart'.

It turned out that this specific machine had an extra access policy in the /etc/security/access.conf file. This policy only let users access the machine through SSH when they were member of a group.
When we added the same group to the OID and added the username to the group, the password error was gone and we were able login using SSH

No comments: