[Samba] Cannot log into Samba4 AD/DC with ssh as domain user
Rowland Penny
rpenny at samba.org
Sat Dec 1 12:09:18 UTC 2018
On Sat, 01 Dec 2018 06:26:42 -0500
Mark Foley via samba <samba at lists.samba.org> wrote:
> From either a Linux or Mac domain member, I have tried logging into
> the Samba4 AD server as a domain user:
>
> labmac:~ mark$ ssh mark at mail pwd
> mark at mail's password:
> Permission denied, please try again.
>
> where 'mail' is the AD/DC.
>
> It also fails if I am on the AD/DC an try the same ssh.
>
> I've tried setting either the GSSAPIAuthentication or
> KerberosAuthentication in /etc/ssh/sshd_config, but those don't help.
> I get:
>
> Dec 1 06:09:19 mail sshd[8645]: rexec line 89: Unsupported option
> GSSAPIAuthentication Dec 1 06:09:19 mail sshd[8645]: reprocess
> config line 89: Unsupported option GSSAPIAuthentication Dec 1
> 06:09:22 mail sshd[8645]: Failed password for mark from 192.168.0.61
> port 55802 ssh2 Dec 1 06:09:24 mail sshd[8645]: Connection closed by
> 192.168.0.61 port 55802 [preauth]
>
> Dec 1 06:16:54 mail sshd[21898]: rexec line 83: Unsupported option
> KerberosAuthentication Dec 1 06:16:54 mail sshd[21898]: reprocess
> config line 83: Unsupported option KerberosAuthentication Dec 1
> 06:16:57 mail sshd[21898]: Failed password for mark from 192.168.0.61
> port 55809 ssh2 Dec 1 06:17:00 mail sshd[21898]: Connection closed
> by 192.168.0.61 port 55809 [preauth]
>
> The AD/DC host is Slackware and does not have PAM.
>
> Note that I can log in from the AD to the Linux domain member as a
> domain user.
>
> Is there a way to get domain users to ssh into the the AD? They do
> have home directories on this server?
>
> THX --Mark
>
Have you set up the libnss-winbind links ?
Or to put it another way, does 'getent passwd mark' produce output when
run on the DC ?
Rowland
More information about the samba
mailing list