On (28/06/14 00:03), XuQing Tan wrote: >Hi folks > >i setup sssd 1.9.2 on centos 6 x64 >i can get the user info via 'id <user>' >i can su to that user as root (no password prompt since i'm root) > >[root@nick-ldap ~]# su - nick >-sh-4.1$ exit >logout > root can swith to another user without any prompting password. (pam_sss was not involved) It is default behaviour. I am not pam expert, but it should be caused by next line in /etc/pam.d/su account sufficient pam_succeed_if.so uid = 0 use_uid quiet >but i can't su to this user as non-root (with password prompt but get >incorrect password error) >[root@nick-ldap ~]# su - demo >[demo@nick-ldap ~]$ su - nick >Password: >su: incorrect password There are two explanation: a) you used wrong password. b) there is some problem with sssd configuration. In second case, put "debug_level = 7" into pam and domain section in sssd.conf; restarts sssd; reproduce problem; and try to analyse log files in /var/log/sssd If you don't find root of problem please send sanitised log fail to the mailing list. LS _______________________________________________ sssd-users mailing list sssd-users(a)lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users