Shell User Cannot SSH

Discussion in 'General' started by halsafar, May 4, 2012.

  1. halsafar

    halsafar New Member

    [solved] Shell User Cannot SSH

    I created a shell user bar for the client foo. When I try and ssh in as foobar@myserver.com it fails.

    /etc/passwd contains an entry for foobar and it looks correct.

    As root I can su foobar and get the correct home dir and permissions. As a regular user already logged in I cannot su foobar, the password is not accepted.

    Code:
    tail -f /var/log/auth.log shows this activity on the failure:
    May  3 18:32:35 myserver su[15418]: pam_unix(su:auth): authentication failure; logname=theuser uid=1000 euid=0 tty=/dev/pts/6 ruser=theuser rhost=  user=foobar
    May  3 18:32:35 myserver su[15418]: pam_winbind(su:auth): getting password (0x00000388)
    May  3 18:32:35 myserver su[15418]: pam_winbind(su:auth): pam_get_item returned a password
    May  3 18:32:35 myserver su[15418]: pam_winbind(su:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
    May  3 18:32:36 myserver su[15418]: pam_authenticate: Authentication failure
    

    I am at a complete loss here. The user definitely exists on the system as the user is in /etc/passwd and I can su to that user as root without issues. However the user cannot login via SSH or right on the machine itself.

    Update:
    - More frustrating. If I try deactive the shell user then reactivate it is clear in auth.log that the password is udpated for that user, no errors. I can now login directly but SSH is still broken.
    - What other info can I share to held shed light on this problem?
     
    Last edited: May 4, 2012
  2. halsafar

    halsafar New Member

    Solved!

    Not entirely sure why but here is where it stands:
    - all shell users made cannot be used immediately. Have to deactivate the user then reactive the user, forcing the password update.
    - have to manually add the user to sshusers group (adduser foobar sshusers)
    - /etc/ssh/sshd_config is required to have AllowGroups sshusers set. This appears not to be set by default.
     

Share This Page