Are users that are added to NS expected to be listed in the passwd file? I see that one of the users (myself) wasn’t it. When logging in with SSH, the login succeeds but causes pam authentication errors to be logged in /var/log/secure. Users that have log watchers such as swatch (myself) will receive false positives because the user isn’t in the passwd file.
To work around this, I added the user (myself) manually and reset the password using sudo passwd -f <username>. The ‘-f’ option is used to force the password even though it may be a dictionary password.
When I added the myself to the passwd file, I ensured I used the proper user and group id’s that NS used when the user was created by using the id command.
Oct 7 19:11:35 proteus passwd: pam_unix(passwd:chauthtok): user "james" does not exist in /etc/passwd
Oct 7 19:11:40 proteus passwd: pam_unix(passwd:chauthtok): user “james” does not exist in /etc/passwd
Oct 7 19:11:45 proteus sshd[14802]: pam_unix(sshd:session): session closed for user james
Oct 7 19:13:16 proteus unix_chkpwd[14896]: password check failed for user (james)
Oct 7 19:13:16 proteus sshd[14894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=juliet-01-wifi.us.nss.net user=james
Oct 7 19:13:17 proteus sshd[14894]: pam_unix(sshd:session): session opened for user james by (uid=0)
Oct 7 19:13:54 proteus unix_chkpwd[14925]: password check failed for user (james)
Oct 7 19:13:54 proteus sudo: pam_unix(sudo:auth): authentication failure; logname=james uid=5001 euid=0 tty=/dev/pts/1 ruser=james rhost= user=james
I never was an issue before. Everything worked fine up until recently I was forced to change my password, even though I setup the server so I didn’t have to. I wasn’t able to change my password using CLI but I was able to do it at the WebUI. Difference between LDAP and what not. I installed swatch (a log file watching utility) to identify failed login attempts on my NS servers and anything else I’m running *nix on. The NS servers were the only ones giving me a problem, they reported failed login attempts even though I logged on successfully. After looking around I noticed the errors indicated my id wasn’t in the passwd file. I manually added my id, forced changing the password with sudo passwd -f <username> and made it match the one I used that I had setup with NS.
One note I want to make, when I was forced to change my password when attempting to login using SSH; none of the share drives were accessible until I changed my password in the WebUI.
I’ll revert my “fix” and retest and provide the log info later today. My issue wasn’t so much the inability to change my password using passwd, it’s that a failed login attempt was logged in ‘/var/log/secure’ log file even though the login was successful.