[Samba] Unable to ssh to dc
Rowland Penny
rpenny at samba.org
Tue Jun 13 17:00:44 UTC 2023
On 13/06/2023 17:23, Rob Campbell via samba wrote:
> Correction/Clarification. I'm now able to do the getent passwd newtestuser
> but I am still unable to ssh.
>
> Jun 13 12:22:23 DC01 sshd[3369330]: pam_winbind(sshd:auth): getting
> password (0x00000388)
> Jun 13 12:22:23 DC01 sshd[3369330]: pam_winbind(sshd:auth): pam_get_item
> returned a password
> Jun 13 12:22:23 DC01 sshd[3369330]: pam_winbind(sshd:auth): request
> wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTHINFO_UNAVAIL
> (9), NTSTATUS: NT_STATUS_NO_LOGON_SERVERS, Error message was: No logon
> servers are currently available to service the logon request.
> Jun 13 12:22:23 DC01 sshd[3369330]: pam_winbind(sshd:auth): internal module
> error (retval = PAM_AUTHINFO_UNAVAIL(9), user = 'newtestuser')
> Jun 13 12:22:25 DC01 sshd[3369330]: Failed password for newtestuser from
> 2600:4040:4661:9a00:53e6:7b0d:537e:c233 port 37170 ssh2
> Jun 13 12:22:25 DC01 sshd[3369330]: Connection closed by authenticating
> user newtestuser 2600:4040:4661:9a00:53e6:7b0d:537e:c233 port 37170
> [preauth]
> Jun 13 12:22:25 DC01 sshd[3369330]: PAM 2 more authentication failures;
> logname= uid=0 euid=0 tty=ssh ruser=
> rhost=2600:4040:4661:9a00:53e6:7b0d:537e:c233 user=newtestuser
>
Before we get really involved here, can we just check it isn't something
easy.
By default a Samba AD DC has this default line (it is there, even if it
doesn't show in your smb.conf):
template shell = /bin/false
With that, you cannot logon as a domain user
So you need to set something like:
template shell = /bin/bash
Rowland
More information about the samba
mailing list