I haven't used pam_winbind
, but I am presuming you have explicitly configured it and are intentionally using it..?
I'm not sure yet if the "AllowUsers" message is a red herring or is related to the problem cause. (Check not only AllowUsers in sshd_config, but also DenyUsers, AllowGroups, and DenyGroups, just for grins. Also make sure that if you're using the form USER@HOST, that HOST is correct.)
So, it seems
like the answer is to grant the new user access to whatever facility pam_winbind is checking. Just like itadmin...