[Samba] Cannot log into Samba4 AD/DC with ssh as domain user
rpenny at samba.org
Sat Dec 1 12:09:18 UTC 2018
On Sat, 01 Dec 2018 06:26:42 -0500
Mark Foley via samba <samba at lists.samba.org> wrote:
> From either a Linux or Mac domain member, I have tried logging into
> the Samba4 AD server as a domain user:
> labmac:~ mark$ ssh mark at mail pwd
> mark at mail's password:
> Permission denied, please try again.
> where 'mail' is the AD/DC.
> It also fails if I am on the AD/DC an try the same ssh.
> I've tried setting either the GSSAPIAuthentication or
> KerberosAuthentication in /etc/ssh/sshd_config, but those don't help.
> I get:
> Dec 1 06:09:19 mail sshd: rexec line 89: Unsupported option
> GSSAPIAuthentication Dec 1 06:09:19 mail sshd: reprocess
> config line 89: Unsupported option GSSAPIAuthentication Dec 1
> 06:09:22 mail sshd: Failed password for mark from 192.168.0.61
> port 55802 ssh2 Dec 1 06:09:24 mail sshd: Connection closed by
> 192.168.0.61 port 55802 [preauth]
> Dec 1 06:16:54 mail sshd: rexec line 83: Unsupported option
> KerberosAuthentication Dec 1 06:16:54 mail sshd: reprocess
> config line 83: Unsupported option KerberosAuthentication Dec 1
> 06:16:57 mail sshd: Failed password for mark from 192.168.0.61
> port 55809 ssh2 Dec 1 06:17:00 mail sshd: Connection closed
> by 192.168.0.61 port 55809 [preauth]
> The AD/DC host is Slackware and does not have PAM.
> Note that I can log in from the AD to the Linux domain member as a
> domain user.
> Is there a way to get domain users to ssh into the the AD? They do
> have home directories on this server?
> THX --Mark
Have you set up the libnss-winbind links ?
Or to put it another way, does 'getent passwd mark' produce output when
run on the DC ?
More information about the samba