New Accounts Unable to Authenticate
I'm experiencing a problem where newly created accounts are unable to authenticate when logging in with a new SSH session - even though I can 'su -' to them from another luser account (password works).
Environment: FreeBSD 6.2-RELEASE
This seems to have started around the time I added a new group to /etc/group and assigned it a new group number.
When I looked at the /etc/password entry for new accounts, the uid/gid assignment was out of sync, like this:
(I was using default values (just hitting enter) for the assignment of user/group during the adduser process.)
I thought this might have something to do with it, so I deleted the new accounts (this was only happening for accounts created after the new group 'newgroup' was added). I then deleted the group 'newgroup'. When I then added new users, the gid/uid entries in /etc/password had the same values as I would expect:
... but I still have the same problem with logging in - I can 'su - ' to the new account from a pre-existing (non-root) luser account, but cannot log in fresh with the new user itself.
When I try to log in as the new user, I get 'Access Denied'.
sshd: error: PAM: authentication error for illegal user test1 from 22.214.171.124
Anyone have a clue what's going on here?
No idea, my friend, but I've got a few ideas.
First, could you check your /etc/ssh/sshd_config file for any "AllowUsers", "DenyUsers",, "AllowGroup" or "DenyGroup" entries? (Or any other "Allow..." or "Deny>>" entries that sound suspicious.
I have a feeling that there are some other deny files that ssh checks, but cannot find them at the moment.
The only dumb question is a question not asked.
The only dumb answer is an answer not given.
The /etc/ssh/sshd_config was the key.
I had "AllowGroups" set to only a couple of groups, and I had not added the new accounts to either of them in the 'adduser' process. It had been quite a while since I added a new account, and I'd forgotten about my restrictive AllowGroups policy in the meantime. I'll make a memo of it in my system documentation so as not to forget next time!!
Thanks so much for the helpful pointer,
|Thread||Thread Starter||Forum||Replies||Last Post|
|Can't passwd on all accounts anymore||ck2323||FreeBSD General||1||7th October 2009 03:28 AM|
|unable to log in||delboy||FreeBSD Installation and Upgrading||5||31st August 2008 11:39 AM|
|Unable to hear any sound||ebzzry||FreeBSD General||26||29th July 2008 06:39 PM|
|Unable to login squirrelmail||satimis||Other BSD and UNIX/UNIX-like||3||28th May 2008 04:21 PM|
|unable to read messages||ocicat||Feedback and Suggestions||1||3rd May 2008 08:01 AM|