Shell User Cannot SSH

[halsafar]

I created a shell user bar for the client foo. When I try and ssh in as foobar@myserver.com it fails.

/etc/passwd contains an entry for foobar and it looks correct.

As root I can su foobar and get the correct home dir and permissions. As a regular user already logged in I cannot su foobar, the password is not accepted.

Code:

tail -f /var/log/auth.log shows this activity on the failure:
May  3 18:32:35 myserver su[15418]: pam_unix(su:auth): authentication failure; logname=theuser uid=1000 euid=0 tty=/dev/pts/6 ruser=theuser rhost=  user=foobar
May  3 18:32:35 myserver su[15418]: pam_winbind(su:auth): getting password (0x00000388)
May  3 18:32:35 myserver su[15418]: pam_winbind(su:auth): pam_get_item returned a password
May  3 18:32:35 myserver su[15418]: pam_winbind(su:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
May  3 18:32:36 myserver su[15418]: pam_authenticate: Authentication failure

I am at a complete loss here. The user definitely exists on the system as the user is in /etc/passwd and I can su to that user as root without issues. However the user cannot login via SSH or right on the machine itself.

Update:
- More frustrating. If I try deactive the shell user then reactivate it is clear in auth.log that the password is udpated for that user, no errors. I can now login directly but SSH is still broken.
- What other info can I share to held shed light on this problem?

[halsafar]

Solved!

Not entirely sure why but here is where it stands:
- all shell users made cannot be used immediately. Have to deactivate the user then reactive the user, forcing the password update.
- have to manually add the user to sshusers group (adduser foobar sshusers)
- /etc/ssh/sshd_config is required to have AllowGroups sshusers set. This appears not to be set by default.