[Samba] Problem with PAM/SSSD/SAMBA4.1.2
rowlandpenny at googlemail.com
Thu Nov 28 04:41:47 MST 2013
On 28/11/13 11:21, Bernd Schuhmacher wrote:
> I hope that I am not totally wrong when asking this on a Samba list, but
> as I followed a tutorial found at the SAMBA wiki I hope I can find
> someone how is able to help me.
> My goal is to set up a server acting as a SAMBA AD Server with single
> sign on for linux users.
> I use a Ubuntu Server 13.10 as the base. On top of this I installed a
> SAMBA 4.1.2 from GIT, did provisioning, Kerberos installation and so on.
> This part seems to work. I can connect a Windows 7 Client to the domain
> and work with MS rsat tools on the SAMBA server.
> After that I installed SSSD with
> apt-get install sssd sssd-tools
> and configured this package as found on
> getnet passwd and getent group do what they should (after adding posix
> stuff to groups and users with RSAT)
> I did not change anything with any pam configuration as i think that dpk
> should do the job when libpam-sss and libnss-sss were installed.
> Checking /etc/pam.d/* files show more or less the same as shown in the
> When I try to connect with ssh to the server I can not do this
> (Permission denied, please try again.). On the server I found in
> /var/log/auth the following:
> Nov 28 12:17:44 ad-server sshd: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=walhalla-2.fritz.box user=administrator
> Nov 28 12:17:44 ad-server sshd: pam_sss(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=walhalla-2.fritz.box
> Nov 28 12:17:44 ad-server sshd: pam_sss(sshd:auth): received for
> user administrator: 9 (Authentication service cannot retrieve
> authentication info)
> Nov 28 12:17:46 ad-server sshd: Failed password for administrator
> from fd00::ca60:ff:fe14:986f port 57260 ssh2
> Does anybody have an idea.
> Kind regards
This could be a sssd problem rather than a samba one.
I have never tried to login to my S4 server via ssh as Administrator, so
I tried it (note I use winbind on the server)
Nov 28 11:31:10 DC1 sshd: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=thinkpad.home.lan
Nov 28 11:31:10 DC1 sshd: pam_winbind(sshd:auth): getting
Nov 28 11:31:10 DC1 sshd: pam_winbind(sshd:auth): pam_get_item
returned a password
Nov 28 11:31:10 DC1 sshd: pam_winbind(sshd:auth): user
'Administrator' granted access
Nov 28 11:31:10 DC1 sshd: Accepted password for Administrator
from 192.168.0.204 port 40256 ssh2
Nov 28 11:31:10 DC1 sshd: pam_unix(sshd:session): session opened
for user HOME\Administrator by (uid=0)
Try stopping sssd on the server and use winbind instead.
More information about the samba