[Samba] Samba4 SSH SSSD-AD Problem
rowlandpenny at googlemail.com
Thu Feb 26 08:40:43 MST 2015
On 26/02/15 15:21, Andreas Hauffe wrote:
> I'm having a problem with ssh and sssd in a samba4 ad environment.
> If I logon a linux client everything works fine. When entering klist I'm able
> to see my ticket. When I try to connect/logon to another linux client with ssh
> it is possible, but klist shows:
> klist: Credentials cache file '/run/user/$UID$/krb5cc/tkt' not found.
> So the ticket cache is not created during logon.
> I'm using sssd with the following sssd.conf:
> services = nss, pam
> config_file_version = 2
> domains = $DOMAINNAME$
> id_provider = ad
> access_provider = ad
> And sshd with to following sshd_config:
> AuthorizedKeysFile .ssh/authorized_keys
> PasswordAuthentication no
> GSSAPIAuthentication yes
> GSSAPICleanupCredentials yes
> GSSAPIStrictAcceptorCheck no
> GSSAPIStoreCredentialsOnRekey yes
> UsePAM yes
> X11Forwarding yes
> UseDNS no
> Subsystem sftp /usr/lib/ssh/sftp-server
> AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
> AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
> AcceptEnv LC_IDENTIFICATION LC_ALL
> /etc/pam.d/sshd directs to the default pam.d configurations.
Hi, neither 'ssh' or 'sssd' have anything to do with samba, but just a
hint, remove 'UseDNS no', kerberos depends on dns. If this doesn't work,
you may get more help on the sssd mailing list.
More information about the samba