SSHD and PAM : "No account present for user" but getent and su work fine
807559Jul 23 2008 — edited Aug 22 2008Hi all,
I'm dealing with some weirdness here. If anyone can help that would be great.
Fully patched Solaris 9 box : SunOS alberta.foo.com 5.9 Generic_122300-29 sun4u sparc SUNW,Ultra-5_10
While trying to SSH to the box as 'jblaine' my required PAM module returns SUCCESS then SSHD chokes for some unknown reason:
Jul 23 08:57:56 alberta.foo.com sshd[492]: [ID 584047 auth.debug] (pam_krb5): jblaine: pam_sm_authenticate: exit (success)
Jul 23 08:57:56 alberta.foo.com sshd[492]: [ID 800047 auth.info] Keyboard-interactive (PAM) userauth failed[13] while authenticating: No account present for user
================================================================================
Proof that I exist just fine!
alberta# grep jblaine /etc/passwd
alberta#
alberta# getent passwd jblaine
jblaine::26560:10:Jeff Blaine:/home/jblaine:/usr/local/bin/bash
alberta#
alberta# su - jblaine
~:alberta> id
uid=26560(jblaine) gid=10(staff)
~:alberta>
================================================================================
/etc/nsswitch.conf :
passwd: files ldap
group: files ldap
hosts: files dns ldap
networks: ldap [NOTFOUND=return] files
protocols: ldap [NOTFOUND=return] files
rpc: ldap [NOTFOUND=return] files
ethers: ldap [NOTFOUND=return] files
netmasks: files ldap
bootparams: ldap [NOTFOUND=return] files
publickey: ldap [NOTFOUND=return] files
netgroup: ldap
automount: files ldap
aliases: files ldap
services: files ldap
printers: user files ldap
auth_attr: files ldap
prof_attr: files ldap
project: files ldap
================================================================================
alberta# ldapsearch -h barnowl -b dc=rcf,dc=foo,dc=com uid=jblaine
uid=jblaine,ou=People,dc=rcf,dc=foo,dc=com
uid=jblaine
cn=Jeff Blaine
objectClass=account
objectClass=posixAccount
objectClass=top
loginShell=/usr/local/bin/bash
uidNumber=26560
gidNumber=10
homeDirectory=/home/jblaine
gecos=Jeff Blaine
================================================================================
sshd auth requisite pam_authtok_get.so.1
sshd auth required pam_dhkeys.so.1
sshd auth required pam_krb5RA.so debug try_first_pass minimum_uid=100
sshd session optional pam_krb5RA.so debug minimum_uid=100
sshd session required pam_afs_session.so debug retain_after_close minimum_uid=100
sshd-kbdint auth requisite pam_authtok_get.so.1
sshd-kbdint auth required pam_dhkeys.so.1
sshd-kbdint auth required pam_krb5RA.so debug try_first_pass minimum_uid=100
sshd-kbdint session optional pam_krb5RA.so debug
sshd-kbdint session required pam_afs_session.so debug retain_after_close minimum_uid=100
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_krb5RA.so debug try_first_pass minimum_uid=100
other account requisite pam_roles.so.1
other account required pam_projects.so.1
other account required pam_unix_account.so.1
other session required pam_unix_session.so.1
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1