[Samba] Unable to ssh to dc

Rob Campbell robcampbell08105 at gmail.com
Tue Jun 13 16:23:43 UTC 2023 

Correction/Clarification. I'm now able to do the getent passwd newtestuser
but I am still unable to ssh.

Jun 13 12:22:23 DC01 sshd[3369330]: pam_winbind(sshd:auth): getting
password (0x00000388)
Jun 13 12:22:23 DC01 sshd[3369330]: pam_winbind(sshd:auth): pam_get_item
returned a password
Jun 13 12:22:23 DC01 sshd[3369330]: pam_winbind(sshd:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTHINFO_UNAVAIL
(9), NTSTATUS: NT_STATUS_NO_LOGON_SERVERS, Error message was: No logon
servers are currently available to service the logon request.
Jun 13 12:22:23 DC01 sshd[3369330]: pam_winbind(sshd:auth): internal module
error (retval = PAM_AUTHINFO_UNAVAIL(9), user = 'newtestuser')
Jun 13 12:22:25 DC01 sshd[3369330]: Failed password for newtestuser from
2600:4040:4661:9a00:53e6:7b0d:537e:c233 port 37170 ssh2
Jun 13 12:22:25 DC01 sshd[3369330]: Connection closed by authenticating
user newtestuser 2600:4040:4661:9a00:53e6:7b0d:537e:c233 port 37170
[preauth]
Jun 13 12:22:25 DC01 sshd[3369330]: PAM 2 more authentication failures;
logname= uid=0 euid=0 tty=ssh ruser=
rhost=2600:4040:4661:9a00:53e6:7b0d:537e:c233  user=newtestuser

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.


On Tue, Jun 13, 2023 at 11:59 AM Rob Campbell <robcampbell08105 at gmail.com>
wrote:

> It certainly looks like a lack of the winbind nss links, see here;
>>
>> https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC
>>
>
>  'apt install libpam-winbind libnss-winbind' did the trick
>
> Thanks.
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In all things, Be Intentional.
>
>
> On Sun, Jun 11, 2023 at 1:44 AM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
>>
>>
>> On 10/06/2023 23:15, Rob Campbell via samba wrote:
>> > I can ssh to the dc but only using local accounts. I can ssh to the
>> domain
>> > members using domain or local accounts.
>> >
>>
>> It certainly looks like a lack of the winbind nss links, see here;
>>
>> https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

More information about the samba mailing list