[Samba] pam_winbind fails to authenticate domain users on my debian wheezy domain member servers

Thiago Crepaldi thiago at thiagocrepaldi.com
Tue Jan 7 17:29:50 MST 2014


Georg, I havent read your previous messages, but I do have a samba 4.1.3 +
pam_winbind running on a debian wheezy in my company as our base product
and it works very well


On Tue, Jan 7, 2014 at 9:05 PM, Georg Vorlaufer
<georg.vorlaufer at gmail.com>wrote:

> So I tried all your suggestions but no success.
>
> Just to confirm I set up a new domain member using debian wheezy and the
> standard samba packages provided with the distro (I believe is 3.6.6)
> .
> Login via ssh and a domain user works absolutely perfect with the smb.conf
> and pam settings as described in one of my previous posts.
>
> So that makes me come back to my original question: Are there known with
> the combination of samba4.1.3 pam-winbind (and debian wheezy) ?
>
> Thanks again
>
> Georg
>
>
>
>
> 2014/1/3 Georg Vorlaufer <georg.vorlaufer at gmail.com>
>
> > Sorry for the misunderstanding. I try to login to one of my domain
> members
> > via ssh using a domain user account (ssh login with root ist working ok).
> > While this is working for an opensuse 13.1 domain member, it ist not for
> a
> > debian wheezy domain member. Right now I am away from home, but I will
> try
> > your suggestions as soon as I am back.
> >
> > Thank you for your effort. Greetings, Georg
> > Am 03.01.2014 12:53 schrieb "Rowland Penny" <rowlandpenny at googlemail.com
> >:
> >
> >  On 02/01/14 23:55, Georg Vorlaufer wrote:
> >>
> >>   Tried the template shell option with no change -- anyway my ad user
> >> entries have loginshell and unixhomedirectory set.
> >>
> >>  I also would say that the tls options only affect the way one can
> >> connect to the active directory domain controller via ldap(s).
> >>
> >>  Furthermore, these options are specified on the ad-dc and not on the
> >> machine I try to ssh to.
> >>
> >>  Greetings
> >>
> >>  Georg
> >>
> >>
> >>  2014/1/3 Michael Wood <esiotrot at gmail.com>
> >>
> >>> On 02 Jan 2014 10:31 PM, "Rowland Penny" <rowlandpenny at googlemail.com>
> >>> wrote:
> >>> >
> >>> > On 02/01/14 19:54, Georg Vorlaufer wrote:
> >>>  [...]
> >>>
> >>> >>     tls enabled = yes
> >>> >>     tls keyfile = tls/raspberrypi.key
> >>> >>     tls certfile = tls/raspberrypi.crt
> >>> >>     tls cafile = tls/ca.crt
> >>> >
> >>> > If adding the line above doesn't work, comment out the four lines
> >>> above, I do not use tls and ssh works, so it may be failing here.
> >>> >
> >>> > Rowland
> >>>
> >>> The tls options should not interfere with SSH at all. They allow
> >>> connecting to Samba over LDAPS and I don't think they have anything to
> do
> >>> with Kerberos.
> >>>
> >>> --
> >>> Michael Wood
> >>>
> >>
> >>      OK, I thought that you were trying to login into the samba4 server
> >> and I do not have/use tls on the server, so I was offering this as a
> >> possible problem.
> >>
> >> So, just where are you trying to login into and where from, as I can
> also
> >> login into my LM 15 laptop from another machine via ssh.
> >>
> >> Rowland
> >>
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Thiago


More information about the samba mailing list