[Samba] FW: Problem with Active Directory authentication
Kaplan, Andrew H.
AHKAPLAN at PARTNERS.ORG
Wed Jun 15 12:29:40 UTC 2016
Sorry about being a pain in the neck about this. The AD authentication at the console, and through
SSH to the server is working for one domain user account, but no others. The problem is outlined in
the e-mail that I am forwarding to the mailing list.
How can I correct this?
-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Kaplan, Andrew H.
Sent: Tuesday, June 14, 2016 10:53 AM
To: Rowland penny; samba at lists.samba.org
Subject: Re: [Samba] Problem with Active Directory authentication
Hello --
I was able to get SSH with Active Directory authentication set up on the server. It involved several modifications to the sshd_config file. I am listing the changes that were made for the benefit of the group:
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no
# Kerberos options
KerberosAuthentication yes
#KerberosOrLocalPasswd yes
KerberosTicketCleanup yes
KerberosGetAFSToken yes
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
There is one more caveat that I need to overcome. So far, one domain user account is able to log into the server at the
console, or through an SSH connection. However, any other user account is not able to do so. When the su - <username>
command is entered at the console, the output reads as follows:
No passwd entry for <username>
The auth.log file has entries that read as follows:
Invalid user <username> from <ip address>
input_userauth_request: invalid user <username> [preauth]
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname =uid=0 eudi=0 tty=ssh ruser= rhost=<hostname>
What step(s) do I need to take in order to get all domain user accounts to be able to log into the server, as opposed to only one?
Thanks.
________________________________________
From: samba [samba-bounces at lists.samba.org] on behalf of Rowland penny [rpenny at samba.org]
Sent: Monday, June 13, 2016 4:53 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Problem with Active Directory authentication
On 13/06/16 21:42, Kaplan, Andrew H. wrote:
> Hello --
>
> I have made considerable progress. When I am at the server console, I am able to enter my domain username and password, and I am able to log into the server. I had several follow-up questions:
>
> 1. How can I configure an SSH connection to the server that will utilize the active directory login?
If you mean 'user at samdom.example.com', then I don't think you can, but
you can use 'user at hostname'
>
> 2. When the login completes, I encounter the following error messages:
>
>
> Unknown parameter encountered: "netbios"
> Ignoring unknown parameter "netbios"
> Unknown parameter encountered: "winbind allow trusted domains"
> Ignoring unknown parameter "winbind allow trusted domains"
>
> I believe these go back to smb.conf file. The lines in question read as follows:
>
> netbios = <hostname>
This should be netbios name = <hostname>
> ...
> winbind allow trusted domains = no
I think this should be 'allow trusted domains = no'
Rowland
>
> I checked the syntax of the two lines within the file, and everything looked fine.
>
> Does anyone have any thoughts on this?
>
> Thanks.
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list