> The problem is probably in pam. Lot s of internet docs have incorrect
> info advice and say.
> account required pam_nologin.so
> account sufficient pam_ldap.so
>
> When you do that you get the situation you have now. In some phases of
> login sufficient becomes required.
>
> Try this:
B
Also much documentation on the internet is plain wrong and untested.
For example people will say this is ok:
#%PAM-1.0
auth sufficient pam_ldap.so
auth include system-auth
accountrequired pam_nologin.so
accountsufficient pam_ldap.so
accountinclude system-auth
