[Samba] Cannot log into Samba4 AD/DC with ssh as domain user

Mark Foley mfoley at ohprs.org
Sat Dec 1 11:26:42 UTC 2018


>From either a Linux or Mac domain member, I have tried logging into the Samba4 AD server as a
domain user:

labmac:~ mark$ ssh mark at mail pwd
mark at mail's password: 
Permission denied, please try again.

where 'mail' is the AD/DC.

It also fails if I am on the AD/DC an try the same ssh.

I've tried setting either the GSSAPIAuthentication or KerberosAuthentication in
/etc/ssh/sshd_config, but those don't help. I get:

Dec  1 06:09:19 mail sshd[8645]: rexec line 89: Unsupported option GSSAPIAuthentication
Dec  1 06:09:19 mail sshd[8645]: reprocess config line 89: Unsupported option GSSAPIAuthentication
Dec  1 06:09:22 mail sshd[8645]: Failed password for mark from 192.168.0.61 port 55802 ssh2
Dec  1 06:09:24 mail sshd[8645]: Connection closed by 192.168.0.61 port 55802 [preauth]

Dec  1 06:16:54 mail sshd[21898]: rexec line 83: Unsupported option KerberosAuthentication
Dec  1 06:16:54 mail sshd[21898]: reprocess config line 83: Unsupported option KerberosAuthentication
Dec  1 06:16:57 mail sshd[21898]: Failed password for mark from 192.168.0.61 port 55809 ssh2
Dec  1 06:17:00 mail sshd[21898]: Connection closed by 192.168.0.61 port 55809 [preauth]

The AD/DC host is Slackware and does not have PAM.

Note that I can log in from the AD to the Linux domain member as a domain user.

Is there a way to get domain users to ssh into the the AD? They do have home directories on
this server?

THX --Mark



More information about the samba mailing list