From owner-freebsd-questions@FreeBSD.ORG  Thu Oct 20 10:27:23 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 607EE16A41F
	for <freebsd-questions@freebsd.org>;
	Thu, 20 Oct 2005 10:27:23 +0000 (GMT)
	(envelope-from norgaard@math.ku.dk)
Received: from imf.math.ku.dk (fw.math.ku.dk [130.225.103.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 80A5243D76
	for <freebsd-questions@freebsd.org>;
	Thu, 20 Oct 2005 10:27:13 +0000 (GMT)
	(envelope-from norgaard@math.ku.dk)
Received: from imf.math.ku.dk (localhost [127.0.0.1])
	by imf.math.ku.dk (Postfix) with ESMTP id BE03E1B3B4;
	Thu, 20 Oct 2005 12:27:09 +0200 (CEST)
Received: from shannon.math.ku.dk (shannon.math.ku.dk [130.225.103.12])
	by imf.math.ku.dk (Postfix) with ESMTP;
	Thu, 20 Oct 2005 12:27:09 +0200 (CEST)
Date: Thu, 20 Oct 2005 12:27:09 +0200 (CEST)
From: Erik Norgaard <norgaard@math.ku.dk>
To: Olaf Greve <o.greve@axis.nl>
In-Reply-To: <435767E5.7020002@axis.nl>
Message-ID: <Pine.LNX.4.64.0510201218070.18028@shannon.math.ku.dk>
References: <435767E5.7020002@axis.nl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-questions <freebsd-questions@freebsd.org>
Subject: Re: Weird SSH problem... Any ideas?!?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2005 10:27:23 -0000

On Thu, 20 Oct 2005, Olaf Greve wrote:

> Oct 20 11:39:40 milx sshd[48147]: Accepted keyboard-interactive/pam for 
> abcdef from 123.45.67.89 port 35335 ssh2
> Oct 20 11:39:40 milx sshd[48150]: fatal: login_get_lastlog: Cannot find 
> account for uid 1234

Some things to try, in sshd_config set:

PrintLastLog=no
LogLevel=DEBUG

try toggling with AllowGroups and AllowUsers this is good for 
security also as you can deny system users or groups login and 
restrict users to login only from specific hosts, see the manpage 
for more options.

Also try:

lastlog <user that cannot login>

> -This does not happen when "su -" ing to the user's account from the box 
> itself.

Note, there is a differens between su'ing and logging in. Can you 
login?

> -This may not happen to users that are allowed to become root (i.e. are in 
> the wheel group).

> Possibly it would help to add the user account to the wheel group, but I'm 
> reluctant to do so for obvious reasons.

No, you never want to accept such a solution, even if it solves 
the problem.

Cheers, Erik