[Samba] FW: Problem with Active Directory authentication
Kaplan, Andrew H.
AHKAPLAN at PARTNERS.ORG
Wed Jun 15 12:51:50 UTC 2016
Hello --
When I run the getent passwd <username> for the account that works, I get output listing information
about the user.
When I run the same command for any other account, there is no output.
-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland penny
Sent: Wednesday, June 15, 2016 8:46 AM
To: samba at lists.samba.org
Subject: Re: [Samba] FW: Problem with Active Directory authentication
On 15/06/16 13:29, Kaplan, Andrew H. wrote:
> Sorry about being a pain in the neck about this. The AD authentication
> at the console, and through SSH to the server is working for one
> domain user account, but no others. The problem is outlined in the e-mail that I am forwarding to the mailing list.
>
> How can I correct this?
>
> -----Original Message-----
> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Kaplan, Andrew H.
> Sent: Tuesday, June 14, 2016 10:53 AM
> To: Rowland penny; samba at lists.samba.org
> Subject: Re: [Samba] Problem with Active Directory authentication
>
> Hello --
>
> I was able to get SSH with Active Directory authentication set up on the server. It involved several modifications to the sshd_config file. I am listing the changes that were made for the benefit of the group:
>
>
> # Change to no to disable s/key passwords
> ChallengeResponseAuthentication no
>
> # Kerberos options
> KerberosAuthentication yes
> #KerberosOrLocalPasswd yes
> KerberosTicketCleanup yes
> KerberosGetAFSToken yes
>
> # GSSAPI options
> GSSAPIAuthentication yes
> GSSAPICleanupCredentials yes
>
> There is one more caveat that I need to overcome. So far, one domain
> user account is able to log into the server at the console, or through
> an SSH connection. However, any other user account is not able to do so. When the su - <username> command is entered at the console, the output reads as follows:
>
> No passwd entry for <username>
>
> The auth.log file has entries that read as follows:
>
> Invalid user <username> from <ip address>
> input_userauth_request: invalid user <username> [preauth]
> pam_unix(sshd:auth): check pass; user unknown
> pam_unix(sshd:auth): authentication failure; logname =uid=0 eudi=0
> tty=ssh ruser= rhost=<hostname>
>
> What step(s) do I need to take in order to get all domain user accounts to be able to log into the server, as opposed to only one?
>
> Thanks.
>
>
>
What does 'getent passwd <username>' show when run on the server ?
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
More information about the samba
mailing list