RE: Help! Can't login or su, but SSH is ok...
> -----Original Message-----
> From: Marc Branchaud [mailto:marcnarc@x2omedia.com]
> Sent: Monday, January 22, 2007 2:54 PM
> To: debian-user@lists.debian.org
> Subject: Help! Can't login or su, but SSH is ok...
>
> Hi all,
>
> Over the weekend one of my sarge boxes decided to stop
> accepting logins.
> Currently, the box allows remote SSH (via public-key
> authentication)
> for regular users, but it doesn't allow user logins via
> telnet or on the
> console, even for root. SSH'd-in users also can't su to any user.
>
> The only way root can currently log in is to reboot in recovery mode.
> Even in that mode, root can su to a regular user, but the
> regular user
> can't su.
>
> su reports:
> su: Authentication information cannot be recovered
> Sorry.
>
> On Friday, I did change the box's configuration. I had
> previously been
> trying to make it work with Samba Windows domain
> authentication, and had
> added some pam_winbind.so lines to files in /etc/pam.d/. On Friday I
> decided that I didn't really need Windows domain auth, so I
> removed all
> references to pam_winbind.so from my /etc/pam.d/ files.
> There were no
> problems after the changes on Friday, though I wasn't overly
> systematic
> about trying things out, but I'm pretty sure I su'd to root...
>
> I can't figure out what went wrong. My /etc/pam.d/ files
> look fine to
> me (I can compare them to those on another, working sarge box on the
> same network). I'm not even sure that's where the problem
> lies. Google
> can't tell me what "Authentication information cannot be recovered"
> means, and the machine isn't logging anything when su or logins fail.
Did you also make sure /etc/nsswitch.conf looks like the default? Namely,
passwd, group, and shadow should all have "compat", and only "compat",
in the second column.
-- Kevin
Reply to: