Contents of /etc/pam.d/sshd and /etc/pam.d/system-auth is as follows<br><br><b>bash-3.2# cat /etc/pam.d/system-auth</b><br>#%PAM-1.0<br># This file is auto-generated.<br># User changes will be destroyed the next time authconfig is run.<br>
auth        required      pam_env.so<br>auth        sufficient    pam_unix.so nullok try_first_pass<br>auth        requisite     pam_succeed_if.so uid &gt;= 500 quiet<br>auth        sufficient    /lib64/security/pam_sss.so use_first_pass<br>
auth        required      pam_deny.so<br><br>account     required      pam_unix.so<br>account     sufficient    pam_localuser.so<br>account     sufficient    pam_succeed_if.so uid &lt; 500 quiet<br>account [default=bad success=ok user_unknown=ignore] /lib64/security/pam_sss.so<br>
account     required      pam_permit.so<br><br>password    requisite     pam_cracklib.so try_first_pass retry=3 type=<br>password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok<br>password    sufficient    /lib64/security/pam_sss.so use_authtok<br>
password    required      pam_deny.so<br><br>session     required      pam_mkhomedir.so umask=0022 skel=/etc/skel/<br>session     optional      pam_keyinit.so revoke<br>session     required      pam_limits.so<br>session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid<br>
session     sufficient    /lib64/security/pam_sss.so<br>session     required      pam_unix.so<br>bash-3.2#<br><br><br><b>bash-3.2# cat /etc/pam.d/sshd</b><br>#%PAM-1.0<br>auth       include      system-auth<br>account    required     pam_nologin.so<br>
account    include      system-auth<br>password   include      system-auth<br>session    optional     pam_keyinit.so force revoke<br>session    include      system-auth<br>session    required     pam_loginuid.so<br>bash-3.2#<br>
<br>And there is no file on the system with name /etc/pam.d/password-auth I guess this is present in RHEL 6 and not in RHEL 5.5<br><br><br>Thanks<br><br><div class="gmail_quote">On Fri, Nov 11, 2011 at 3:09 PM, Jakub Hrozek <span dir="ltr">&lt;<a href="mailto:jhrozek@redhat.com">jhrozek@redhat.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div class="im">On Fri, Nov 11, 2011 at 02:48:40PM +0530, Nitesh Mehare wrote:<br>
&gt;    Jakub,<br>
</div>&gt;    I tried the modifying sssd.confA  to useA  simple_allow_groups = idsldap<br>
<div class="im">&gt;    Still it is not working.One thing I would like to ask .is my configuration<br>
&gt;    correct in system-auth and nsswitch.conf file?<br>
&gt;    Am i missing something.<br>
&gt;    Also one more thing I have noticed in /var/log/secure log file<br>
&gt;<br>
&gt;    Nov 11 13:34:58 bagira sshd[30879]: Address 9.118.25.17 maps to<br>
&gt;    <a href="http://nitesh.in.ibm.com" target="_blank">nitesh.in.ibm.com</a>, but this does not map back to the address - POSSIBLE<br>
&gt;    BREAK-IN ATTEMPT!<br>
&gt;    Nov 11 13:35:00 bagira sshd[30879]: pam_unix(sshd:auth): authentication<br>
</div>&gt;    failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=9.118.25.17A<br>
<div class="im">&gt;    user=nitback1<br>
&gt;    Nov 11 13:35:02 bagira sshd[30879]: Failed password for nitback1 from<br>
&gt;    9.118.25.17 port 4300 ssh2<br>
&gt;<br>
<br>
</div>Does your /etc/pam.d/sshd include password-auth or system-auth? Can you<br>
paste the file that it includes?<br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
sssd-devel mailing list<br>
<a href="mailto:sssd-devel@lists.fedorahosted.org">sssd-devel@lists.fedorahosted.org</a><br>
<a href="https://fedorahosted.org/mailman/listinfo/sssd-devel" target="_blank">https://fedorahosted.org/mailman/listinfo/sssd-devel</a><br>
</div></div></blockquote></div><br>