Local User Authentication Failed When LDAP Server is Not Available

explinux — Mon, 12 Apr 2021 10:26:00 +0000

Local User Authentication Failed When LDAP Server is Not Available

When we stop using the LDAP server and or somehow network disconnected from the LDAP server. We are unable to login into the server even from local user with the correct password. After reset the password also the local user is unable to log in or su to local user is denied.

Environment

RHEL 6
RHEL 7
RHEL 8
Centos and other GNU LInux

Issue

Local user is unable to login system, LDAP server is unavailable
Local user is unable to login system, AD server is unavailable
Local user is unable to switch user

Resolution

Change in file /etc/nsswitch.conf passwd option to:

# passwd: ldap [!SUCCESS=continue] files

Root Cause

When we do the hardening of the server or system we configure nsswitch.conf file. So when the LDAP server is unreachable PAM fails to receive authentication information for the user due to this user failed to login.

Diagnostic Steps

If we log in from a remote user:

# test@test1  # ssh abc@somehost
abc@somehost's password:
Connection closed by 10.15.217.222

If we log in from a local user:

# [abc@somehost ~]$ su - abc
Password:
su: incorrect password

Maybe you need to start system-daemon. But it is not necessary it works without it.

Now you have successfully logged in to the system with the local user to which you were not able to log in.

LDAP – ExpLinux

Local User Authentication Failed When LDAP Server is Not Available

Local User Authentication Failed When LDAP Server is Not Available

Environment

Issue

Resolution

Root Cause

Diagnostic Steps