[Samba] ssh authentication with AD
Oliver Rath
rath at mglug.de
Wed Nov 4 08:34:50 UTC 2015
Hi LPH & David,
Im also interested in using kerberos authentication and tried your
hints. Im using Ubuntu 14.04.3 Server on this machine.
On 04.11.2015 08:52, L.P.H. van Belle wrote:
> Ok, do the following.
>
> Remove all you modifications from pam so its back to original.
>
> apt-get install krb5-ssh
> restart ssh, try again.
@LPH: krb5-ssh doesnt exist in Ubuntu:
# apt-get install krb5-ssh
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package krb5-ssh
But maybe you mean libpam-krb5?
> Still not working?
>
> Now try correct pam.
> Type : pam-auth-update
> Select kerberos winbind and unix ( and keep other defaults as is )
I didnt found "kerberos" in the selection-list. But with "libpam-krb5"
installed it is shown.
@David: Did you enable Kerberos authentication in /etc/ssh/sshd_config?
I see to select:
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
What should I enable from these?
>
> Type id username
> You see a correct shell and correct and existing homedir?
$ LANG=POSIX id oliver
uid=1000(oliver) gid=1000(oliver)
groups=1000(oliver),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lpadmin),111(sambashare),114(scanner),124(saned),129(kvm),131(lxd)
Where should I see shell and homedir here?
Tfh!
Oliver
More information about the samba
mailing list