Linux – I cannot su when LDAP is running

I have problem with ldap, that when it is online, I login with user/pass from LDAP db and then cannot su to root with local pass. When I turn offline LDAP I can login with local user/pass and su to root with local pass. auth.log:

Sep 27 12:18:33 intranet sshd[18321]: pam_unix(sshd:session): session opened for user mejmo by (uid=0)
Sep 27 12:18:39 intranet unix_chkpwd[18340]: check pass; user unknown
Sep 27 12:18:39 intranet unix_chkpwd[18340]: password check failed for user (root)
Sep 27 12:18:39 intranet su[18339]: pam_unix(su:auth): authentication failure; logname=mejmo uid=10009 euid=10009 tty=/dev/pts/1 ruser=mejmo rhost=  user=r
Sep 27 12:18:42 intranet su[18339]: pam_authenticate: Permission denied
Sep 27 12:18:42 intranet su[18339]: FAILED su for root by mejmo

I'm typing the good password, because I can login when LDAP server is offline. Please help, getting crazy …

EDIT: I figured out, that when I create user locally as well, turn LDAP online, then I am able to su to root. I think the problem is, that pam_unix can't see the user that is using su, because there is no entry in passwd, but nssswitch.conf is ok (files ldap on passwd,shadow,etc.)

EDIT2:

account         sufficient      pam_ldap.so debug
account         sufficient      pam_unix.so audit

auth    sufficient      pam_ldap.so
auth    sufficient      pam_unix.so audit likeauth use_first_pass
auth    required        pam_deny.so

EDIT3: It works with nscd running, but it does nasty logs and occasionally I cannot login .. Where could be the problem with nscd ? 🙁

Sep 27 16:27:35 intranet sshd[25830]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Sep 27 16:27:35 intranet sshd[25830]: pam_ldap: reconnecting to LDAP server...
Sep 27 16:27:35 intranet sshd[25830]: pam_ldap: ldap_simple_bind Can't contact LDAP server