Good afternoon, all!

I've recently run across a problem that has me stumped. It has to do with local accounts on machines that have OpenLDAP installed. These are mostly Red Hat 4 and 5 installations.

I can create a user with adduser or useradd, either one. If I try to login with that new account, from SSH or from the console, I get "Access denied". However, I can su to that user, enter their password, and get all around the box. This shows that it's not strictly a credentials issue. I checked and there's no pam_deny, or anything like that.

I also double-checked permissions on /home/user and actually set everything to 777, with no joy.

Are there any other corners where an interactive login might be barred for new accounts?

Thanks to all in advance!


Gregg

What's your /etc/ssh/sshd_config ? And what's in the logs about failed attempts ?

Hello, linosaurusroot!

Relevant portions are:

Jun 9 15:08:38 testserver passwd(pam_unix)[10667]: password changed for testadmin
Jun 9 15:09:06 testserver sshd(pam_unix)[10668]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=dhcp20.testdomain.com user=testadmin

I can su to that user, so login is working through that route. The failures happen both on the console and through SSH

SSH configs:

# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
Host *
GSSAPIAuthentication yes
# If this option is set to yes then the remote X11 clients will have full access
# to the local X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
ForwardX11Trusted yes