[solved] Shell User Cannot SSH I created a shell user bar for the client foo. When I try and ssh in as [email protected] it fails. /etc/passwd contains an entry for foobar and it looks correct. As root I can su foobar and get the correct home dir and permissions. As a regular user already logged in I cannot su foobar, the password is not accepted. Code: tail -f /var/log/auth.log shows this activity on the failure: May 3 18:32:35 myserver su[15418]: pam_unix(su:auth): authentication failure; logname=theuser uid=1000 euid=0 tty=/dev/pts/6 ruser=theuser rhost= user=foobar May 3 18:32:35 myserver su[15418]: pam_winbind(su:auth): getting password (0x00000388) May 3 18:32:35 myserver su[15418]: pam_winbind(su:auth): pam_get_item returned a password May 3 18:32:35 myserver su[15418]: pam_winbind(su:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user May 3 18:32:36 myserver su[15418]: pam_authenticate: Authentication failure I am at a complete loss here. The user definitely exists on the system as the user is in /etc/passwd and I can su to that user as root without issues. However the user cannot login via SSH or right on the machine itself. Update: - More frustrating. If I try deactive the shell user then reactivate it is clear in auth.log that the password is udpated for that user, no errors. I can now login directly but SSH is still broken. - What other info can I share to held shed light on this problem?
Solved! Not entirely sure why but here is where it stands: - all shell users made cannot be used immediately. Have to deactivate the user then reactive the user, forcing the password update. - have to manually add the user to sshusers group (adduser foobar sshusers) - /etc/ssh/sshd_config is required to have AllowGroups sshusers set. This appears not to be set by default.
