[Samba] Problem with PAM/SSSD/SAMBA4.1.2

Thu Nov 28 04:41:47 MST 2013

On 28/11/13 11:21, Bernd Schuhmacher wrote:
> Hi
>
> I hope that I am not totally wrong when asking this on a Samba list, but
> as I followed a tutorial found at the SAMBA wiki I hope I can find
> someone how is able to help me.
>
> My goal is to set up a server acting as a SAMBA AD Server with single
> sign on  for linux users.
> I use a Ubuntu Server 13.10 as the base. On top of this I installed a
> SAMBA 4.1.2 from GIT, did provisioning, Kerberos installation and so on.
> This part seems to work. I can connect a Windows 7 Client to the domain
> and work with MS rsat tools on the SAMBA server.
>
> After that I installed SSSD with
> apt-get install sssd sssd-tools
> and configured this package as found on
> https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd
> getnet passwd and getent group do what they should (after adding posix
> stuff to groups and users with RSAT)
>
> I did not change anything with any pam configuration as i think that dpk
> should do the job when libpam-sss and libnss-sss were installed.
> Checking /etc/pam.d/* files show more or less the same as shown in the
> tutorial.
>
> When I try to connect with ssh to the server I can not do this
> (Permission denied, please try again.). On the server I found in
> /var/log/auth the following:
>
> Nov 28 12:17:44 ad-server sshd[1770]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=walhalla-2.fritz.box  user=administrator
> Nov 28 12:17:44 ad-server sshd[1770]: pam_sss(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=walhalla-2.fritz.box
> user=administrator
> Nov 28 12:17:44 ad-server sshd[1770]: pam_sss(sshd:auth): received for
> user administrator: 9 (Authentication service cannot retrieve
> authentication info)
> Nov 28 12:17:46 ad-server sshd[1770]: Failed password for administrator
> from fd00::ca60:ff:fe14:986f port 57260 ssh2
> n
> Does anybody have an idea.
>
> Kind regards
> Bernd
This could be a sssd problem rather than a samba one.
I have never tried to login to my S4 server via ssh as Administrator, so 
I tried it (note I use winbind on the server)

Nov 28 11:31:10 DC1 sshd[25943]: pam_unix(sshd:auth): authentication 
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=thinkpad.home.lan  
user=Administrator
Nov 28 11:31:10 DC1 sshd[25943]: pam_winbind(sshd:auth): getting 
password (0x00000388)
Nov 28 11:31:10 DC1 sshd[25943]: pam_winbind(sshd:auth): pam_get_item 
returned a password
Nov 28 11:31:10 DC1 sshd[25943]: pam_winbind(sshd:auth): user 
'Administrator' granted access
Nov 28 11:31:10 DC1 sshd[25943]: Accepted password for Administrator 
from 192.168.0.204 port 40256 ssh2
Nov 28 11:31:10 DC1 sshd[25943]: pam_unix(sshd:session): session opened 
for user HOME\Administrator by (uid=0)

Try stopping sssd on the server and use winbind instead.

Rowland