From owner-freebsd-questions@FreeBSD.ORG Fri Apr 24 10:22:54 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8A0401065670; Fri, 24 Apr 2009 10:22:54 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) by mx1.freebsd.org (Postfix) with ESMTP id 461168FC14; Fri, 24 Apr 2009 10:22:54 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost1.zedat.fu-berlin.de (Exim 4.69) with esmtp (envelope-from ) id <1LxIYX-0006fq-Ag>; Fri, 24 Apr 2009 12:22:53 +0200 Received: from telesto.geoinf.fu-berlin.de ([130.133.86.198]) by inpost2.zedat.fu-berlin.de (Exim 4.69) with esmtpsa (envelope-from ) id <1LxIYX-0003qV-8v>; Fri, 24 Apr 2009 12:22:53 +0200 Message-ID: <49F192AA.1010605@zedat.fu-berlin.de> Date: Fri, 24 Apr 2009 10:21:30 +0000 From: "O. Hartmann" Organization: Freie =?ISO-8859-15?Q?Universit=E4t_Berlin?= User-Agent: Thunderbird 2.0.0.21 (X11/20090417) MIME-Version: 1.0 To: freebsd-current@FreeBSD.org, freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: 130.133.86.198 Cc: Subject: OpenLDAP/SSH : sshd[1414]: fatal: login_get_lastlog: Cannot find account for uid 1000 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2009 10:22:55 -0000 Since several months after a upgrade from OpenLDAP 2.4.11 to the most recent one I have trouble login in on machines which authenticate users via OpenLDAP. The OpenLDAP server is at the momen a FreeBSD 7.2 box running most recent OpenLDAP from ports. The follwoing is also true for each OpenLDAP 2.4.16 I've running on most recent FreeBSD 8.0-CURRENT boxes. I can't login via ssh anymore! For first circumvention of the problem I installed local users, so I can login via them. Here what I can and what not: I can enumerate each user in the OpenLDAP DIT via id I wish I can use the OpenLDAP server to login on a samba share I can 'su' to users having their account stuff in the OpenLDAP DIT Whenever I (or any other user) try to login to a host which does PAMyfied authentication to LDAP servers (whihc worked weeks ago perfectly), I (or he) gets this: sshd[1414]: fatal: login_get_lastlog: Cannot find account for uid 1000 Loggin the console messages on the server shows this: sshd[482]: nss_ldap: could not search LDAP server - Server is unavailable sshd[482]: fatal: login_get_lastlog: Cannot find account for uid 1000 I tried to reconfigure /etc/ssh/sshd_config on the host side, restored it with a version that worked long before and then tried to reconfigure it by scratch, beginning from default. No success. Due to the fact other services can autheticate without problems via LDAP, this must have to do with SSH and/or the way it is implemented in FreeBSD. Please help. Regards, Oliver