We purchased a new Xserve this summer for our school and I migrated
some services from our older Tiger Xserve to that server. I am
having the same problem now one both servers as well as the other
servers and clients connected to the open directory master (on the
new Xserve). I can no longer 'su' into the root user on the server
or any client using ssh or sitting locally at the machines. Terminal
just responds by saying Sorry. When I try it on the server I get the
following errors from the system.log:
Aug 22 11:21:11 ns su: pam_authenticate: Permission denied
Aug 22 11:21:16 ns DirectoryService[55]: Failed Authentication return
is being delayed due to over five recent auth failures for username:
root.
I am not sure why it says I have tried five times when I only tried
once from the terminal. Also I can log into the root user
graphically no problem (server and clients) and this has helped work
around the problem. I have also found that I can gain root access by
typing:
sudo su root
Amazingly (maybe just amazing to me) all I need to type in is my
admin password and I am in. I am a little frightened now that all
the admins can have root access to the servers and clients. (Maybe
it is supposed to work this way and I never knew.) I have tried
reseting the password once I am in as a root user, but that hasn't
seemed to help.
I only have ssh allowed internally using the firewall and I am not
seeing anything suspicious in the secure.log. I am not sure of any
other logs to check.
I am guessing that I might have something set up incorrectly on the
new OpenDirectory master which is why it would be affecting all the
clients as well as the servers connected to it. I even tested a
machine which I knew was work before the new open directory master
was set up, and I can't 'su' to the root user on that machine.
Any help would be greatly appreciated.
Nate Rudd
Technology Coordinator
Christian Academy in Japan
email@hidden
