|
FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
New Accounts Unable to Authenticate
Hello All,
I'm experiencing a problem where newly created accounts are unable to authenticate when logging in with a new SSH session - even though I can 'su -' to them from another luser account (password works). Environment: FreeBSD 6.2-RELEASE This seems to have started around the time I added a new group to /etc/group and assigned it a new group number. newgroup:*:1006:www,otrs When I looked at the /etc/password entry for new accounts, the uid/gid assignment was out of sync, like this: test1:*:1007:1008:test1:/home/test1:/bin/tcsh test2:*:1009:1010:test2:/home/test2:/bin/tcsh (I was using default values (just hitting enter) for the assignment of user/group during the adduser process.) I thought this might have something to do with it, so I deleted the new accounts (this was only happening for accounts created after the new group 'newgroup' was added). I then deleted the group 'newgroup'. When I then added new users, the gid/uid entries in /etc/password had the same values as I would expect: test1:*:1007:1007:test1:/home/test1:/bin/tcsh test2:*:1008:1008:test2:/home/test2:/bin/tcsh ... but I still have the same problem with logging in - I can 'su - ' to the new account from a pre-existing (non-root) luser account, but cannot log in fresh with the new user itself. When I try to log in as the new user, I get 'Access Denied'. /var/log/messages shows: sshd[59417]: error: PAM: authentication error for illegal user test1 from 11.22.33.44 Anyone have a clue what's going on here? Thanks, Shawn |
|
|||
Check your /etc/login.access file.
|
|
|||
New Accounts Unable to Authenticate
/etc/login.access has not been touched.
Still a "virgin" file - everything commented out. |
|
|||
Thanks robbak!
The /etc/ssh/sshd_config was the key. I had "AllowGroups" set to only a couple of groups, and I had not added the new accounts to either of them in the 'adduser' process. It had been quite a while since I added a new account, and I'd forgotten about my restrictive AllowGroups policy in the meantime. I'll make a memo of it in my system documentation so as not to forget next time!! Thanks so much for the helpful pointer, Shawn |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Can't passwd on all accounts anymore | ck2323 | FreeBSD General | 1 | 7th October 2009 03:28 AM |
unable to log in | delboy | FreeBSD Installation and Upgrading | 5 | 31st August 2008 11:39 AM |
Unable to hear any sound | ebzzry | FreeBSD General | 26 | 29th July 2008 06:39 PM |
Unable to login squirrelmail | satimis | Other BSD and UNIX/UNIX-like | 3 | 28th May 2008 04:21 PM |
unable to read messages | ocicat | Feedback and Suggestions | 1 | 3rd May 2008 08:01 AM |