[Samba] Advice on: sshd[28182]: PAM pam_set_item: NULL pamhandlepassed

[Andrew Bartlett]

Andrew Bartlett wrote:
> 
> Mark Cooke wrote:
> >
> > >
> > > > Looking thru the /var/log/secure, Iam getting the error:
> > > >
> > > > Feb 15 10:21:27 yoda sshd[28182]: PAM pam_set_item: NULL pam handle passed
> > > > Feb 15 10:21:27 yoda sshd[28182]: PAM pam_set_item: NULL pam handle passed
> > >
> > >This basic error has now been 'corrected' in OpenSSH (I'm still debating
> > >it a little however).  As to weird behaviour with winbind users - I
> > >wouldn't be supprised if there is some bug in there somewhere, I'm
> > >getting odd behaviour with my LDAP users...
> > >
> > >Andrew Bartlett
> >
> > Hi,
> > So Am I correct in assuming than this is a SSH problem, rather than a
> > winbind one?
> > As Iam now running: Openssh-3.0.2p1-2
> >
> > And the error is still there, is the problem fixed in a newer version? or
> > could it be something else as you mentioned?
> 
> I'm assuming its a OpenSSH problem - as the basic function calls work
> for other applications.  I need to chase this down.

(and once again for the list - sombody will find this useful in the
archives).

OpenSSH rejects as 'invalid' all users with shells not found in
/etc/shells.  It isn't particularly verbose about it either.  Winbind's
default shell is /bin/false, hence this little issue.  Set it to /bin/sh
if you want to allow SSH logins (template shell = /bin/sh)

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net