[Samba] Unable to ssh to dc

Tue Jun 13 19:58:17 UTC 2023

Just to farwas this to the list....

And it is always f....... DNS

Regards

Christian

Am 13. Juni 2023 21:31:25 MESZ schrieb Rob Campbell <robcampbell08105 at gmail.com>:
>>
>> If kinit isn't working then we need to see your
>> resold.conf
>>
>DING DING DING DING!
>
>cat /etc/resolv.conf
># Generated by NetworkManager
>search home.rob-campbell.lan HOME.ROB-CAMPBELL.LAN
>nameserver 10.0.0.1
>nameserver 2600:4040:4661:9a00::1
>
>I changed first nameserver to 10.0.0.10 and it works. I thought I disabled
>NetworkManager but maybe I just stopped it and rebooted and it started up
>again.
>
>Thanks you guys for your assistance.
>
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>In all things, Be Intentional.
>
>
>On Tue, Jun 13, 2023 at 3:24 PM Christian Naumer <
>christian.naumer at greyfish.net> wrote:
>
>> If kinit isn't working then we need to see your
>> resold.conf
>> Krb5.conf
>>
>> And you could do these tests:
>>
>> https://wiki.samba.org/index.php/Testing_the_DNS_Name_Resolution
>>
>> Regards
>>
>>
>>
>> Am 13. Juni 2023 21:19:00 MESZ schrieb Rob Campbell via samba <
>> samba at lists.samba.org>:
>>
>>>  kinit newtestuser
>>> kinit: Cannot find KDC for realm "HOME.ROB-CAMPBELL.LAN" while getting
>>> initial credentials
>>>
>>> What OS are you running ?
>>>
>>>>
>>>> Debian 11
>>>
>>> Does the directory /home/newtestuser exist ?
>>>>
>>>
>>> It does not
>>>
>>> Or do you need to get your
>>>> distro to create it at the users first logon ?
>>>>
>>>> It is created on first logon.
>>>
>>>
>>>> Also have you checked if winbind is actually running:
>>>> ps ax | grep 'winbind'
>>>>
>>>>  root     3390186  0.0  0.0 132728 27688
>>> <http://voice.google.com/calls?a=nc,%2B13272827688>?        S    14:09
>>> 0:00 samba: task[winbindd] pre-fork master
>>> root     3390193  0.0  0.1 136804 55000 ?        Ss   14:09   0:00
>>> /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
>>> root     3390225  0.0  0.1 137204 43392 ?        S    14:09   0:00
>>> winbindd: domain child [HOME]
>>> root     3390234  0.0  0.1 136804 37376 ?        S    14:09   0:00
>>> winbindd: idmap child
>>> root     3390326  0.0  0.1 136896 39712 ?        S    14:10   0:00
>>> winbindd: domain child [BUILTIN]
>>> root     3403087  0.0  0.0   6372   712 pts/0    S+   15:16   0:00 grep
>>> --color=auto -E winbind
>>>
>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>> In all things, Be Intentional.
>>>
>>>
>>> On Tue, Jun 13, 2023 at 2:47 PM Rowland Penny via samba <
>>> samba at lists.samba.org> wrote:
>>>
>>>
>>>>
>>>> On 13/06/2023 19:08, Rob Campbell via samba wrote:
>>>>
>>>>>
>>>>>> Before we get really involved here, can we just check it isn't something
>>>>>> easy.
>>>>>> By default a Samba AD DC has this default line (it is there, even if it
>>>>>> doesn't show in your smb.conf):
>>>>>>
>>>>>> template shell = /bin/false
>>>>>>
>>>>>> With that, you cannot logon as a domain user
>>>>>>
>>>>>> So you need to set something like:
>>>>>>
>>>>>> template shell = /bin/bash
>>>>>>
>>>>>>
>>>>> Prior to my last email, it didn't have a template shell variable at all
>>>>>
>>>> so
>>>>
>>>>> I added
>>>>> template shell = /bin/bash
>>>>> template homedir = /home/%U
>>>>>
>>>>> I then restarted samba and I was still unable to ssh in. I then added the
>>>>> two packages and I was able to getent passwd newtestuser but still unable
>>>>> to ssh in.  I can ssh in with a local user account but I think I
>>>>>
>>>> mentioned
>>>>
>>>>> that already.
>>>>>
>>>>
>>>> What OS are you running ?
>>>> Does the directory /home/newtestuser exist ? Or do you need to get your
>>>> distro to create it at the users first logon ?
>>>>
>>>> Also have you checked if winbind is actually running:
>>>> ps ax | grep 'winbind'
>>>>
>>>> Rowland
>>>>
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>>