[Samba] getent passwd/group worsk but user authentication does not work (SAMBA4/SSSD) (Urgent request)

Fosiul Alam fosiul at gmail.com
Mon Jan 6 15:56:50 MST 2014

Hi Expert,
I need this help urgently, as  I need implement this ASAP..

I Have installed Samba4 by using this

Specifically, by using this :

/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive

Now I am using bellow link to configure authentication with SSSD


I can do Getent group/password

[root at xxxxx~]# getent group

fosixxx:*:2000:1000:Fosiul Alam:/home/fosixxx:/bin/sh
[root at xxxx ~]#

But when i do authentication its failling

Jan  6 22:50:05 xxx sshd[14134]: pam_sss(sshd:auth): received for user
fosixxx: 4 (System error)
Jan  6 22:50:07 xxxt sshd[14134]: Failed password for xxxx from xxxx port
52212 ssh2
Jan  6 22:50:13 xxx sshd[14134]: pam_sss(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=xxxx
Jan  6 22:50:13 xxxx sshd[14134]: pam_sss(sshd:auth): received for user
xxxx: 9 (Authentication service cannot retrieve authentication info)
Jan  6 22:50:15 xxxx sshd[14134]: Failed password for xxxx from xxxx  port
52212 ssh2

bellow is my sssd.conf


config_file_version = 2


services = nss, pam

debug_level = 10




ldap_referrals = false

enumerate = true

id_provider = ldap

access_provider = ldap

ldap_uri = ldap://xxxxA.companydomain.acc:389

ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=companydomain,dc=acc

ldap_default_authtok_type = password

ldap_default_authtok = 5ER3zx:V

ldap_schema = rfc2307bis

ldap_user_search_base = dc=companydomain,dc=acc

ldap_user_object_class = user

ldap_user_home_directory = unixHomeDirectory

ldap_user_principal = userPrincipalName

ldap_group_search_base = dc=companydomain,dc=acc

ldap_group_object_class = group

Can any one please help me to fix the authentication ??

Kind Regards

More information about the samba mailing list