[Samba] pam_winbind fails to authenticate domain users on my debian wheezy domain member servers

Georg Vorlaufer georg.vorlaufer at gmail.com
Tue Jan 7 16:05:07 MST 2014

So I tried all your suggestions but no success.

Just to confirm I set up a new domain member using debian wheezy and the
standard samba packages provided with the distro (I believe is 3.6.6)
Login via ssh and a domain user works absolutely perfect with the smb.conf
and pam settings as described in one of my previous posts.

So that makes me come back to my original question: Are there known with
the combination of samba4.1.3 pam-winbind (and debian wheezy) ?

Thanks again


2014/1/3 Georg Vorlaufer <georg.vorlaufer at gmail.com>

> Sorry for the misunderstanding. I try to login to one of my domain members
> via ssh using a domain user account (ssh login with root ist working ok).
> While this is working for an opensuse 13.1 domain member, it ist not for a
> debian wheezy domain member. Right now I am away from home, but I will try
> your suggestions as soon as I am back.
> Thank you for your effort. Greetings, Georg
> Am 03.01.2014 12:53 schrieb "Rowland Penny" <rowlandpenny at googlemail.com>:
>  On 02/01/14 23:55, Georg Vorlaufer wrote:
>>   Tried the template shell option with no change -- anyway my ad user
>> entries have loginshell and unixhomedirectory set.
>>  I also would say that the tls options only affect the way one can
>> connect to the active directory domain controller via ldap(s).
>>  Furthermore, these options are specified on the ad-dc and not on the
>> machine I try to ssh to.
>>  Greetings
>>  Georg
>>  2014/1/3 Michael Wood <esiotrot at gmail.com>
>>> On 02 Jan 2014 10:31 PM, "Rowland Penny" <rowlandpenny at googlemail.com>
>>> wrote:
>>> >
>>> > On 02/01/14 19:54, Georg Vorlaufer wrote:
>>>  [...]
>>> >>     tls enabled = yes
>>> >>     tls keyfile = tls/raspberrypi.key
>>> >>     tls certfile = tls/raspberrypi.crt
>>> >>     tls cafile = tls/ca.crt
>>> >
>>> > If adding the line above doesn't work, comment out the four lines
>>> above, I do not use tls and ssh works, so it may be failing here.
>>> >
>>> > Rowland
>>> The tls options should not interfere with SSH at all. They allow
>>> connecting to Samba over LDAPS and I don't think they have anything to do
>>> with Kerberos.
>>> --
>>> Michael Wood
>>      OK, I thought that you were trying to login into the samba4 server
>> and I do not have/use tls on the server, so I was offering this as a
>> possible problem.
>> So, just where are you trying to login into and where from, as I can also
>> login into my LM 15 laptop from another machine via ssh.
>> Rowland

More information about the samba mailing list