From owner-freebsd-questions@FreeBSD.ORG  Mon May 29 18:32:32 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 04C8116A513
	for <freebsd-questions@freebsd.org>;
	Mon, 29 May 2006 18:32:32 +0000 (UTC)
	(envelope-from jason+lists.freebsd-questions@lixfeld.ca)
Received: from eshara.ebit.ca (eshara.ebit.ca [69.90.17.218])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B127243D53
	for <freebsd-questions@freebsd.org>;
	Mon, 29 May 2006 18:32:31 +0000 (GMT)
	(envelope-from jason+lists.freebsd-questions@lixfeld.ca)
Received: from [216.7.194.254] (helo=[192.168.100.191])
	by eshara.ebit.ca with esmtpsa (TLSv1:RC4-SHA:128)
	(Exim 4.54 (FreeBSD)) id 1FkmXW-000Mm6-Pv
	for freebsd-questions@freebsd.org; Mon, 29 May 2006 14:32:30 -0400
Mime-Version: 1.0 (Apple Message framework v750)
Content-Transfer-Encoding: 7bit
Message-Id: <CD4734AA-418E-48BB-A99E-4937FBA02192@lixfeld.ca>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: FreeBSD Questions Mailing List <freebsd-questions@freebsd.org>
From: Jason Lixfeld <jason+lists.freebsd-questions@lixfeld.ca>
Date: Mon, 29 May 2006 14:32:27 -0400
X-Mailer: Apple Mail (2.750)
Subject: Problems sshing in remotely using pam_ldap
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 May 2006 18:32:32 -0000

I have a system running 6.1-RELEASE, OpenLDAP 2.3.23, Pam-LDAP 1.80  
and NSS-LDAP 1.249.

I have a user, called testuser configured in LDAP.

I can ssh testuser@localhost and it works no problem.

If I try to ssh into the box from another host, it fails.  What I see  
in the ssh debug during the failure is:

login_get_lastlog: Cannot find account for uid 2000

This error confuses me because uid 2000 exists:

# id 2000
uid=2000(testuser) gid=2000(testuser) groups=2000(testuser)
# id testuser
uid=2000(testuser) gid=2000(testuser) groups=2000(testuser)

So I really have no idea what it could be.

I read something back from 2003 saying that something similar  
happened but it was due to incompatible ssh versions, but both  
localhost and the remote host are using v2, so that doesn't seem to  
be the issue.

Any ideas?