[SOLVED] Error : account expired when created

Bertatum · September 12, 2017, 3:27pm

Hi,

I am experiencing a very strange issue on UCS DC Master 4.2-1

Sep 12 17:18:03 pdc sshd[37707]: pam_access(sshd:account): access denied for user `Sebastien' from `192.168.1.104'
Sep 12 17:18:03 pdc sshd[37705]: error: PAM: User account has expired for Sebastien from 192.168.1.104

When II tick the box “User has to change his password on openning a new session” I get the following error

You are required to change your password immediately (password aged)
You are required to change your LDAP password immediately.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).

The user has just been created and password are set to no-expiration, the server print correct date…

So, what can I do to correct this ?

Regards

ahrnke · September 12, 2017, 4:10pm

The error message “expired” may be a “red herring” as it apppears also when a user is not permitted to login through SSH (which is the default for everyone beside root and the members of “Domain Admins”, AFAIR).
The behaviour can be changed through the UCR variables “auth/sshd/*”

Bertatum · September 13, 2017, 10:24am

Thanks a lot. I was going into the wrong way to investigate…

The purpose of that issue was the user account can’t log into windows sessions.

Following the error message I thought that the account was “expired” and cannot log in into Windows session against the pdc.

To conclude : I think that the login problem on Windows session was caused by a bad char “é” put into the /home/Sébastien

Account removed without the special char and recreated and the authentication works again

Thanks !