OK - here's a *total* guess. But you prroblem looks similar to one I faced
last week trying to get authentication against AD:
> Oct 29 12:31:15 hactar su[3325]: (pam_unix) check pass; user unknown
> Oct 29 12:31:15 hactar su[3325]: (pam_unix) authentication failure;
> logname= uid=1000 euid=0 tty=pts/1 ruser=hrm rhost=
Do you have to map local user account names to directory names? It seems
to have a uid but no login name...
