HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   Shell User Cannot SSH (http://www.howtoforge.com/forums/showthread.php?t=57173)

halsafar 4th May 2012 02:36

[solved] Shell User Cannot SSH
 
I created a shell user bar for the client foo. When I try and ssh in as foobar@myserver.com it fails.

/etc/passwd contains an entry for foobar and it looks correct.

As root I can su foobar and get the correct home dir and permissions. As a regular user already logged in I cannot su foobar, the password is not accepted.

Code:

tail -f /var/log/auth.log shows this activity on the failure:
May  3 18:32:35 myserver su[15418]: pam_unix(su:auth): authentication failure; logname=theuser uid=1000 euid=0 tty=/dev/pts/6 ruser=theuser rhost=  user=foobar
May  3 18:32:35 myserver su[15418]: pam_winbind(su:auth): getting password (0x00000388)
May  3 18:32:35 myserver su[15418]: pam_winbind(su:auth): pam_get_item returned a password
May  3 18:32:35 myserver su[15418]: pam_winbind(su:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
May  3 18:32:36 myserver su[15418]: pam_authenticate: Authentication failure


I am at a complete loss here. The user definitely exists on the system as the user is in /etc/passwd and I can su to that user as root without issues. However the user cannot login via SSH or right on the machine itself.

Update:
- More frustrating. If I try deactive the shell user then reactivate it is clear in auth.log that the password is udpated for that user, no errors. I can now login directly but SSH is still broken.
- What other info can I share to held shed light on this problem?

halsafar 4th May 2012 02:51

Solved!

Not entirely sure why but here is where it stands:
- all shell users made cannot be used immediately. Have to deactivate the user then reactive the user, forcing the password update.
- have to manually add the user to sshusers group (adduser foobar sshusers)
- /etc/ssh/sshd_config is required to have AllowGroups sshusers set. This appears not to be set by default.


All times are GMT +2. The time now is 16:24.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.