[Samba] getent passwd/group worsk but user authentication does not work (SAMBA4/SSSD) (Urgent request)
Fosiul Alam
fosiul at gmail.com
Mon Jan 6 15:56:50 MST 2014
Hi Expert,
I need this help urgently, as I need implement this ASAP..
I Have installed Samba4 by using this
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Paths
Specifically, by using this :
/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive
Now I am using bellow link to configure authentication with SSSD
https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd
I can do Getent group/password
testgroup:*:1000:fosxxx
[root at xxxxx~]# getent group
fosixxx:*:2000:1000:Fosiul Alam:/home/fosixxx:/bin/sh
[root at xxxx ~]#
But when i do authentication its failling
Jan 6 22:50:05 xxx sshd[14134]: pam_sss(sshd:auth): received for user
fosixxx: 4 (System error)
Jan 6 22:50:07 xxxt sshd[14134]: Failed password for xxxx from xxxx port
52212 ssh2
Jan 6 22:50:13 xxx sshd[14134]: pam_sss(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.254.228.56 user=xxxx
Jan 6 22:50:13 xxxx sshd[14134]: pam_sss(sshd:auth): received for user
xxxx: 9 (Authentication service cannot retrieve authentication info)
Jan 6 22:50:15 xxxx sshd[14134]: Failed password for xxxx from xxxx port
52212 ssh2
bellow is my sssd.conf
[sssd]
config_file_version = 2
domains = COMPANYDOMAIN.ACC
services = nss, pam
debug_level = 10
[nss]
[pam]
[domain/COMPANYDOMAIN.ACC]
ldap_referrals = false
enumerate = true
id_provider = ldap
access_provider = ldap
ldap_uri = ldap://xxxxA.companydomain.acc:389
ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=companydomain,dc=acc
ldap_default_authtok_type = password
ldap_default_authtok = 5ER3zx:V
ldap_schema = rfc2307bis
ldap_user_search_base = dc=companydomain,dc=acc
ldap_user_object_class = user
ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = userPrincipalName
ldap_group_search_base = dc=companydomain,dc=acc
ldap_group_object_class = group
Can any one please help me to fix the authentication ??
Kind Regards
More information about the samba
mailing list