To verify you have the correct passwd etc - try to login as root in a virtual terminal
<ctrl+alt+f2> to get there
<ctrl+alt+f1> to get back.
If that passwd is OK for rot login there, then it SHOULD be OK for 'su'.
Your pam.d/su file looks UP but we should also see the /etc/pam.d/system-auth
We are interested in the 'auth' entries. so your su file like ....
auth sufficient pam_rootok.so
auth include system-auth
Just says that root succeeds (pam_rootok) w/o as passwd. Everyone else has to pass the '/etc/pam.d//system-auth' criteria.
look in /var/log/secure to see what when wrong with the pam authentication.
Some of the pam hurdles are base on uid number, whether you are in the 'wheel' group and more.