Security Software

I did read almost topics about the subject but i cant see a solution for the problem.

I'm running DS 6.2, solaris 10 latest update for server and client, but my client fail when try log in.

* The proxyagent its ok.
* getent passwd shows my users.
* 'su - user' from root account work fine, but 'su - user' from a regular user dont work, console login dont work, ssh login dont work.
* using a ldap browser i can bind to ldap using userDN / password.

Anybody can help-me, please !!!!!

My pam.conf :
------------------------
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth required pam_dial_auth.so.1
login auth binding pam_unix_auth.so.1 server_policy
login auth required pam_ldap.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth binding pam_unix_auth.so.1 server_policy
rlogin auth required pam_ldap.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_cred.so.1
rsh auth binding pam_unix_auth.so.1 server_policy
rsh auth required pam_ldap.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_dial_auth.so.1
ppp auth binding pam_unix_auth.so.1 server_policy
ppp auth required pam_ldap.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth binding pam_unix_auth.so.1 server_policy
other auth required pam_ldap.so.1
#
# passwd command (explicit because of a different authentication module)
#
passwd auth binding pam_passwd_auth.so.1 server_policy
passwd auth required pam_ldap.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account requisite pam_roles.so.1
other account binding pam_unix_account.so.1 server_policy
other account required pam_ldap.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1 server_policy
#
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#

Debug logs:
-------------------
Dec 5 11:20:37 build login[15583]: [ID 857369 auth.debug] PAM[15583]: pam_start(login,agaksri,8066378:80695d0) - debug = 1
Dec 5 11:20:37 build login[15583]: [ID 436049 auth.debug] PAM[15583]: pam_set_item(80695d0:service)
Dec 5 11:20:37 build login[15583]: [ID 436049 auth.debug] PAM[15583]: pam_set_item(80695d0:user)
Dec 5 11:20:37 build login[15583]: [ID 436049 auth.debug] PAM[15583]: pam_set_item(80695d0:conv)
Dec 5 11:20:37 build login[15583]: [ID 436049 auth.debug] PAM[15583]: pam_set_item(80695d0:tty)
Dec 5 11:20:37 build login[15583]: [ID 436049 auth.debug] PAM[15583]: pam_set_item(80695d0:rhost)
Dec 5 11:20:37 build login: [ID 314219 auth.debug] PAM[15583]: pam_authenticate(80695d0, 0)
Dec 5 11:20:37 build login: [ID 842538 auth.debug] PAM[15583]: load_modules(80695d0, pam_sm_authenticate)=/usr/lib/security/pam_authtok_get.so.1
Dec 5 11:20:37 build login: [ID 634567 auth.debug] PAM[15583]: load_function: successful load of pam_sm_authenticate
Dec 5 11:20:37 build login: [ID 842538 auth.debug] PAM[15583]: load_modules(80695d0, pam_sm_authenticate)=/usr/lib/security/pam_dhkeys.so.1
Dec 5 11:20:37 build login: [ID 634567 auth.debug] PAM[15583]: load_function: successful load of pam_sm_authenticate
Dec 5 11:20:37 build login: [ID 842538 auth.debug] PAM[15583]: load_modules(80695d0, pam_sm_authenticate)=/usr/lib/security/pam_unix_cred.so.1
Dec 5 11:20:37 build login: [ID 634567 auth.debug] PAM[15583]: load_function: successful load of pam_sm_authenticate
Dec 5 11:20:37 build login: [ID 842538 auth.debug] PAM[15583]: load_modules(80695d0, pam_sm_authenticate)=/usr/lib/security/pam_dial_auth.so.1
Dec 5 11:20:37 build login: [ID 634567 auth.debug] PAM[15583]: load_function: successful load of pam_sm_authenticate
Dec 5 11:20:37 build login: [ID 842538 auth.debug] PAM[15583]: load_modules(80695d0, pam_sm_authenticate)=/usr/lib/security/pam_unix_auth.so.1
Dec 5 11:20:37 build login: [ID 634567 auth.debug] PAM[15583]: load_function: successful load of pam_sm_authenticate
Dec 5 11:20:37 build login: [ID 842538 auth.debug] PAM[15583]: load_modules(80695d0, pam_sm_authenticate)=/usr/lib/security/pam_ldap.so.1
Dec 5 11:20:37 build login: [ID 634567 auth.debug] PAM[15583]: load_function: successful load of pam_sm_authenticate
Dec 5 11:20:37 build login: [ID 227947 auth.debug] PAM[15583]: pam_get_user(80695d0, 80695d0, NULL)
Dec 5 11:20:42 build login: [ID 436049 auth.debug] PAM[15583]: pam_set_item(80695d0:authtok)
Dec 5 11:20:42 build last message repeated 1 time
Dec 5 11:20:42 build login: [ID 227947 auth.debug] PAM[15583]: pam_get_user(80695d0, 8047d10, NULL)
Dec 5 11:20:42 build login: [ID 952117 auth.debug] PAM[15583]: pam_authenticate(80695d0, 0): error Authentication failed
Dec 5 11:20:42 build login: [ID 285619 auth.debug] ldap pam_sm_authenticate(login agaksri), flags = 0
Dec 5 11:20:42 build login: [ID 436049 auth.debug] PAM[15583]: pam_set_item(80695d0:authtok)
Dec 5 11:20:46 build login: [ID 436049 auth.debug] PAM[15583]: pam_set_item(80695d0:user)
Dec 5 11:20:46 build login: [ID 436049 auth.debug] PAM[15583]: pam_set_item(80695d0:ruser)
Dec 5 11:20:46 build login: [ID 436049 auth.debug] PAM[15583]: pam_set_item(80695d0:user_prompt)
Dec 5 11:20:46 build login: [ID 314219 auth.debug] PAM[15583]: pam_authenticate(80695d0, 0)
Dec 5 11:20:46 build login: [ID 842538 auth.debug] PAM[15583]: load_modules(80695d0, pam_sm_authenticate)=/usr/lib/security/pam_authtok_get.so.1
Dec 5 11:20:46 build login: [ID 227947 auth.debug] PAM[15583]: pam_get_user(80695d0, 80695d0, NULL)


ldapclient list:
---------------------
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,ou=tigoias,dc=goias,dc=gov
NS_LDAP_BINDPASSWD= {NS1}ecc4aa3a54331543
NS_LDAP_SERVERS= aga253distp021
NS_LDAP_SEARCH_BASEDN= ou=tigoias,dc=goias,dc=gov
NS_LDAP_AUTH= tls:simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= aga253distp043
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=people,ou=tigoias,dc=goias,dc=gov?one
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=group,ou=tigoias,dc=goias,dc=gov?one
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=people,ou=tigoias,dc=goias,dc=gov?one
NS_LDAP_BIND_TIME= 10
NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:tls:simple
NS_LDAP_SERVICE_AUTH_METHOD= passwd-cmd:tls:simple

[root@build:/etc] # /usr/lib/ldap/ldap_cachemgr -g

cachemgr configuration:
server debug level 0
server log file "/var/ldap/cachemgr.log"
number of calls to ldapcachemgr 20

cachemgr cache data statistics:
Configuration refresh information:
Previous refresh time: 2007/12/05 14:22:32
Next refresh time: 2007/12/06 02:22:32
Server information:
Previous refresh time: 2007/12/05 15:02:32
Next refresh time: 2007/12/05 15:22:32
server: aga253distp021, status: UP
Cache data information:
Maximum cache entries: 256
Number of cache entries: 0