While diagnosing a server that I couldn’t SSH into using my LDAP account I ran into the below errors. I had seen it before but couldn’t remember what caused it:

Jul 30 22:12:57 serverhost sshd[2195]: SSH: Server;Ltype: Version;Remote:;Protocol: 2.0;Client: OpenSSH_5.8p2 FreeBSD-20110503
Jul 30 22:12:57 serverhost sshd[2195]: SSH: Server;Ltype: Kex;Remote:;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth]
Jul 30 22:12:59 serverhost sshd[2195]: SSH: Server;Ltype: Authname;Remote:;Name: username [preauth]
Jul 30 21:57:33 serverhost sshd[1680]: in _openpam_check_error_code(): pam_sm_acct_mgmt(): unexpected return value 4
Jul 30 21:57:33 serverhost sshd[1680]: fatal: Access denied for user username by PAM account configuration [preauth]

Lots of things can cause this and googling for “_openpam_check_error_code(): pam_sm_acct_mgmt(): unexpected return value 4” brings up a few other causes but in this case the issue was the server’s hostname was set incorrectly. It was a tiny typo but it made it so the server couldn’t resolve it’s own hostname. Under NSS/PAM with FreeBSD that stopped it from being able to do LDAP lookups even when ldapsearch commands worked fine.

Hopefully this saves someone else banging their head into this!

Call 1-877-883-1394 to Work With Professionals Who Truly Understand FreeBSD

A-Team Systems is a proud supporter of the FreeBSD Foundation and many of our administrators are direct project contributors.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.