[Samba] FW: Problem with Active Directory authentication

Rowland penny rpenny at samba.org
Wed Jun 15 12:46:06 UTC 2016 

On 15/06/16 13:29, Kaplan, Andrew H. wrote:
> Sorry about being a pain in the neck about this. The AD authentication at the console, and through
> SSH to the server is working for one domain user account, but no others. The problem is outlined in
> the e-mail that I am forwarding to the mailing list.
>
> How can I correct this?
>
> -----Original Message-----
> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Kaplan, Andrew H.
> Sent: Tuesday, June 14, 2016 10:53 AM
> To: Rowland penny; samba at lists.samba.org
> Subject: Re: [Samba] Problem with Active Directory authentication
>
> Hello --
>
> I was able to get SSH with Active Directory authentication set up on the server. It involved several modifications to the sshd_config file. I am listing the changes that were made for the benefit of the group:
>
>
> # Change to no to disable s/key passwords
> ChallengeResponseAuthentication no
>
> # Kerberos options
> KerberosAuthentication yes
> #KerberosOrLocalPasswd yes
> KerberosTicketCleanup yes
> KerberosGetAFSToken yes
>
> # GSSAPI options
> GSSAPIAuthentication yes
> GSSAPICleanupCredentials yes
>
> There is one more caveat that I need to overcome. So far, one domain user account is able to log into the server at the
> console, or through an SSH connection. However, any other user account is not able to do so. When the su - <username>
> command is entered at the console, the output reads as follows:
>
> No passwd entry for <username>
>
> The auth.log file has entries that read as follows:
>
> Invalid user <username> from <ip address>
> input_userauth_request: invalid user <username> [preauth]
> pam_unix(sshd:auth): check pass; user unknown
> pam_unix(sshd:auth): authentication failure; logname =uid=0 eudi=0 tty=ssh ruser= rhost=<hostname>
>
> What step(s) do I need to take in order to get all domain user accounts to be able to log into the server, as opposed to only one?
>
> Thanks.
>
>
>

What does 'getent passwd <username>' show when run on the server ?

Rowland

More information about the samba mailing list