I have a RHEL 5 server that I can log into with an LDAP account hosted on a server running Sun DSEE 6.3 with an ssh key pair but not with my username and password. When I try to login to the console I am given the "login incorrect" message as if I fat fingered my password. Other users with identical account configurations can log in with no problem. Any ideas?
If you have an SSH key pair then the SSH login does not need your password for SSHing to your server so your password could be incorrect or your password expired or your account locked out on the LDAP server. I suggest you get your password reset on the LDAP server and ensure the account isn't locked.
My password is correct, current, and not locked because I can log into any other machine on the network using the LDAP account with no problem. I even double checked the LDAP account via DSCC. The machine is having the same problem with an account on its local passwd and shadow files and I changed the password the other day. I checked the shadow file and the local wasn't locked or expired either.
I am at a loss at this point.
Some ideas:
Do your local and LDAP accounts have the same username? (Not a good idea from a fault finding point of view).
If the usernames are the same do you set the passwords to be the same?
In what order are files and ldap in /etc/nsswitch.conf file's passwd line and is it the same on your other machines?
Are the settings in pam.conf and ldap.conf the same on this machine as the other ones?
Is your account set to use an allowed shell as defined in /etc/shells?
I agree it is odd when others can log on okay?
I don't have access to the machine from home so I will answer what I can. The local and LDAP accounts have different usernames. I know passwd is set to compat but Im not sure about the files/ldap order. I know it is connecting to the directory server because it resolves uids from it for file permissions. I am using the same client profile on other machines (Solaris) as well without any problems. I'm not sure about /etc/shells, but my login shell is bash. I am fairly sure (not 100%) that my co-worker that can use his LDAP account is also using bash.
Thanks Tony Fuller. I figured it out. One of the PAM files was configured to use pam_tally so the machine had a local lockout mechanism I wasn't aware of.