[Samba] pam_winbind fails to authenticate domain users on my debian wheezy domain member servers

Rowland Penny rowlandpenny at googlemail.com
Fri Jan 3 04:53:12 MST 2014


On 02/01/14 23:55, Georg Vorlaufer wrote:
> Tried the template shell option with no change -- anyway my ad user 
> entries have loginshell and unixhomedirectory set.
>
> I also would say that the tls options only affect the way one can 
> connect to the active directory domain controller via ldap(s).
>
> Furthermore, these options are specified on the ad-dc and not on the 
> machine I try to ssh to.
>
> Greetings
>
> Georg
>
>
> 2014/1/3 Michael Wood <esiotrot at gmail.com <mailto:esiotrot at gmail.com>>
>
>     On 02 Jan 2014 10:31 PM, "Rowland Penny"
>     <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>>
>     wrote:
>     >
>     > On 02/01/14 19:54, Georg Vorlaufer wrote:
>     [...]
>
>     >>     tls enabled = yes
>     >>     tls keyfile = tls/raspberrypi.key
>     >>     tls certfile = tls/raspberrypi.crt
>     >>     tls cafile = tls/ca.crt
>     >
>     > If adding the line above doesn't work, comment out the four
>     lines above, I do not use tls and ssh works, so it may be failing
>     here.
>     >
>     > Rowland
>
>     The tls options should not interfere with SSH at all. They allow
>     connecting to Samba over LDAPS and I don't think they have
>     anything to do with Kerberos.
>
>     -- 
>     Michael Wood
>
>
OK, I thought that you were trying to login into the samba4 server and I 
do not have/use tls on the server, so I was offering this as a possible 
problem.

So, just where are you trying to login into and where from, as I can 
also login into my LM 15 laptop from another machine via ssh.

Rowland


More information about the samba mailing list