[Samba] pam_winbind fails to authenticate domain users on my debian wheezy domain member servers

[Georg Vorlaufer]

Sorry for the misunderstanding. I try to login to one of my domain members
via ssh using a domain user account (ssh login with root ist working ok).
While this is working for an opensuse 13.1 domain member, it ist not for a
debian wheezy domain member. Right now I am away from home, but I will try
your suggestions as soon as I am back.

Thank you for your effort. Greetings, Georg
Am 03.01.2014 12:53 schrieb "Rowland Penny" <rowlandpenny at googlemail.com>:

>  On 02/01/14 23:55, Georg Vorlaufer wrote:
>
>   Tried the template shell option with no change -- anyway my ad user
> entries have loginshell and unixhomedirectory set.
>
>  I also would say that the tls options only affect the way one can connect
> to the active directory domain controller via ldap(s).
>
>  Furthermore, these options are specified on the ad-dc and not on the
> machine I try to ssh to.
>
>  Greetings
>
>  Georg
>
>
>  2014/1/3 Michael Wood <esiotrot at gmail.com>
>
>> On 02 Jan 2014 10:31 PM, "Rowland Penny" <rowlandpenny at googlemail.com>
>> wrote:
>> >
>> > On 02/01/14 19:54, Georg Vorlaufer wrote:
>>  [...]
>>
>> >>     tls enabled = yes
>> >>     tls keyfile = tls/raspberrypi.key
>> >>     tls certfile = tls/raspberrypi.crt
>> >>     tls cafile = tls/ca.crt
>> >
>> > If adding the line above doesn't work, comment out the four lines
>> above, I do not use tls and ssh works, so it may be failing here.
>> >
>> > Rowland
>>
>> The tls options should not interfere with SSH at all. They allow
>> connecting to Samba over LDAPS and I don't think they have anything to do
>> with Kerberos.
>>
>> --
>> Michael Wood
>>
>
>      OK, I thought that you were trying to login into the samba4 server
> and I do not have/use tls on the server, so I was offering this as a
> possible problem.
>
> So, just where are you trying to login into and where from, as I can also
> login into my LM 15 laptop from another machine via ssh.
>
> Rowland
>