R: Using winbind to filter ssh or su logins?

Diego Zuccato diego.zuccato at unibo.it
Fri Feb 13 02:55:19 MST 2009

Sorry to bring this thread up again.
Seems I forgot the first part.
Ssh logins work only for local users, not domain ones.

What I find quite strange is that it seems ssh tries to "getent shadow user.name" (and obviously it returns an empty line since AD server won't reveal the password entry, even if encrypted):
[...] sshd[11986]: error: Could not get shadow information for user.name
[...] sshd[11986] Failed password for user.name from ...

In samba/log.wb-PERSONALE I can see lookupname, lookupsid and query_user requests, and in samba/log.winbindd I see the failing getpwnam user.name .

> You could also use the require-membership-of if using
> pam_winbind for auth.
I'm sure this is not filtering out the user: I can login locally, but even with ssh localhost I'm not accepted.

Diego Zuccato
Servizi Informatici
Dip. di Astronomia - Università di Bologna
Via Ranzani, 1 - 40126 Bologna - Italy
tel.: +39 051 20 95786
mail: diego.zuccato at unibo.it 

More information about the samba-technical mailing list