Olaf Greve wrote:
Hi,
Yesterday it has been brought to my attention that SSH access is not
working well on my new server.
The background: I have set-up a new server (FreeBSD 5.4-Release
AMD/64) and I migrated the user accounts from my old server (FreeBSD
5.2.1-Release i386).
Now, I was under the assumption everything was working fine, as I
myself have no issues in SSH-ing as unprivileged user to the machine
(note: my unprivileged account is featured in the wheel group, which
may be of importance!).
However, when a regular user who resides in a regular group tries to
SSH to the machine, after entering the correct password the connection
is immediately dropped, and the following error (note: the below lines
contain dummy names and IP addresses) is shown in /var/log/auth.log:
Oct 20 11:39:40 milx sshd[48147]: Accepted keyboard-interactive/pam
for abcdef from 123.45.67.89 port 35335 ssh2
Oct 20 11:39:40 milx sshd[48150]: fatal: login_get_lastlog: Cannot
find account for uid 1234
I have done some Googling on it, and there are quite a few hits when
searching for this particular error message. The errors seem to be
happening on all sorts of Unixes, yet as my machines are FreeBSD ones,
I'm asking here.
I have unfortunately not been able to find a solution using Google,
but I did find some pointers as to the cause. They are:
-This seems to happen when SSH cannot retrieve the last login date and
time for a user. Can this somehow implicitly or explicitly be flushed?
-This does not happen when "su -" ing to the user's account from the
box itself.
-This may not happen to users that are allowed to become root (i.e.
are in the wheel group).
If it *is* related to getting last login time then maybe the permissions
on /var/log/wtmp are wrong?
Mine are
352 -rw-r--r-- 1 root wheel - 329428 Oct 20 10:54 /var/log/wtmp
but if other did not have read permission it would fit with the
assumptions and symptoms you mention.
Group wheel is only about su-ing on BSD, though it is often used to give
read/write permissions on files to those privileged users.
--Alex
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
