[Samba] getent passwd/group worsk but user authentication does not work (SAMBA4/SSSD) (Urgent request)

Fosiul Alam fosiul at gmail.com
Mon Jan 6 15:56:50 MST 2014


Hi Expert,
I need this help urgently, as  I need implement this ASAP..

I Have installed Samba4 by using this
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Paths

Specifically, by using this :

/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive


Now I am using bellow link to configure authentication with SSSD

https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd

I can do Getent group/password

testgroup:*:1000:fosxxx
[root at xxxxx~]# getent group

fosixxx:*:2000:1000:Fosiul Alam:/home/fosixxx:/bin/sh
[root at xxxx ~]#


But when i do authentication its failling

Jan  6 22:50:05 xxx sshd[14134]: pam_sss(sshd:auth): received for user
fosixxx: 4 (System error)
Jan  6 22:50:07 xxxt sshd[14134]: Failed password for xxxx from xxxx port
52212 ssh2
Jan  6 22:50:13 xxx sshd[14134]: pam_sss(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.254.228.56 user=xxxx
Jan  6 22:50:13 xxxx sshd[14134]: pam_sss(sshd:auth): received for user
xxxx: 9 (Authentication service cannot retrieve authentication info)
Jan  6 22:50:15 xxxx sshd[14134]: Failed password for xxxx from xxxx  port
52212 ssh2



bellow is my sssd.conf


[sssd]

config_file_version = 2

domains = COMPANYDOMAIN.ACC

services = nss, pam

debug_level = 10





[nss]





[pam]





[domain/COMPANYDOMAIN.ACC]

ldap_referrals = false

enumerate = true



id_provider = ldap

access_provider = ldap



ldap_uri = ldap://xxxxA.companydomain.acc:389

ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=companydomain,dc=acc

ldap_default_authtok_type = password

ldap_default_authtok = 5ER3zx:V



ldap_schema = rfc2307bis



ldap_user_search_base = dc=companydomain,dc=acc

ldap_user_object_class = user

ldap_user_home_directory = unixHomeDirectory

ldap_user_principal = userPrincipalName

ldap_group_search_base = dc=companydomain,dc=acc

ldap_group_object_class = group




Can any one please help me to fix the authentication ??


Kind Regards


More information about the samba mailing list