From owner-freebsd-questions@FreeBSD.ORG Thu Oct 20 10:24:10 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95ABF16A41F for ; Thu, 20 Oct 2005 10:24:10 +0000 (GMT) (envelope-from xfb52@dial.pipex.com) Received: from smtp-out1.blueyonder.co.uk (smtp-out1.blueyonder.co.uk [195.188.213.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0CA2043D66 for ; Thu, 20 Oct 2005 10:24:09 +0000 (GMT) (envelope-from xfb52@dial.pipex.com) Received: from [80.192.2.234] ([80.192.2.234]) by smtp-out1.blueyonder.co.uk with Microsoft SMTPSVC(5.0.2195.6713); Thu, 20 Oct 2005 11:24:59 +0100 Message-ID: <43577047.8090706@dial.pipex.com> Date: Thu, 20 Oct 2005 11:24:07 +0100 From: Alex Zbyslaw User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-GB; rv:1.7.11) Gecko/20050917 X-Accept-Language: en-us, pl MIME-Version: 1.0 To: Olaf Greve References: <435767E5.7020002@axis.nl> In-Reply-To: <435767E5.7020002@axis.nl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 20 Oct 2005 10:24:59.0789 (UTC) FILETIME=[865F33D0:01C5D560] Cc: freebsd-questions Subject: Re: Weird SSH problem... Any ideas?!? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Oct 2005 10:24:10 -0000 Olaf Greve wrote: > Hi, > > Yesterday it has been brought to my attention that SSH access is not > working well on my new server. > > The background: I have set-up a new server (FreeBSD 5.4-Release > AMD/64) and I migrated the user accounts from my old server (FreeBSD > 5.2.1-Release i386). > > Now, I was under the assumption everything was working fine, as I > myself have no issues in SSH-ing as unprivileged user to the machine > (note: my unprivileged account is featured in the wheel group, which > may be of importance!). > > However, when a regular user who resides in a regular group tries to > SSH to the machine, after entering the correct password the connection > is immediately dropped, and the following error (note: the below lines > contain dummy names and IP addresses) is shown in /var/log/auth.log: > > Oct 20 11:39:40 milx sshd[48147]: Accepted keyboard-interactive/pam > for abcdef from 123.45.67.89 port 35335 ssh2 > Oct 20 11:39:40 milx sshd[48150]: fatal: login_get_lastlog: Cannot > find account for uid 1234 > > I have done some Googling on it, and there are quite a few hits when > searching for this particular error message. The errors seem to be > happening on all sorts of Unixes, yet as my machines are FreeBSD ones, > I'm asking here. > > I have unfortunately not been able to find a solution using Google, > but I did find some pointers as to the cause. They are: > -This seems to happen when SSH cannot retrieve the last login date and > time for a user. Can this somehow implicitly or explicitly be flushed? > -This does not happen when "su -" ing to the user's account from the > box itself. > -This may not happen to users that are allowed to become root (i.e. > are in the wheel group). If it *is* related to getting last login time then maybe the permissions on /var/log/wtmp are wrong? Mine are 352 -rw-r--r-- 1 root wheel - 329428 Oct 20 10:54 /var/log/wtmp but if other did not have read permission it would fit with the assumptions and symptoms you mention. Group wheel is only about su-ing on BSD, though it is often used to give read/write permissions on files to those privileged users. --Alex