[Samba] SSH with User in Member Domain
Carlos
carlos.hollow at gmail.com
Tue Jan 16 19:49:16 UTC 2018
Hi!!
I dont sucess in ssh with user my domain, in my Filserver(Member)
Samba 4.7.3 Compilated
Ubuntu 16.04
# smb.conf
[global]
workgroup = XXXXX
realm = INTERNO.XXX.XXXX.BR
security = ADS
username map = /usr/local/samba/etc/user.map
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind cache time = 60
winbind max clients = 600
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind nss info = template
template shell = /bin/bash
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config XXXX : backend = rid
idmap config XXXXX : range = 10000-999999
# Necessario para Fileserver
map acl inherit = Yes
store dos attributes = Yes
#
# Disable Cups
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
# Lixeira + Auditoria
vfs objects = recycle,full_audit,acl_xattr
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = /opt/DADOS/Lixeira/%U
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso, *.exe
recycle:exclude_dir = tmp
recycle:touch = yes
recycle:touch_mtime = yes
full_audit:failure = none
full_audit:facility = local5
full_audit:priority = notice
full_audit:prefix = %u|%I|%S
full_audit:success = rename rmdir unlink
# include
include = /opt/samba/etc/compartilhamento.conf
ls -l /lib/x86_64-linux-gnu/libnss_winbind.so*
lrwxrwxrwx 1 root root 41 Dez 8 18:00
/lib/x86_64-linux-gnu/libnss_winbind.so ->
/lib/x86_64-linux-gnu/libnss_winbind.so.2
lrwxrwxrwx 1 root root 40 Dez 8 18:00
/lib/x86_64-linux-gnu/libnss_winbind.so.2 ->
/usr/local/samba/lib/libnss_winbind.so.2
/etc/pam.d# cat common-session
..
....
and here are more per-package modules (the "Additional" block)
session required pam_unix.so
session optional pam_systemd.so
session optional pam_winbind.so
session optional pam_mkhomedir.so skel=/etc/skel umask=077
Any ideia ?
Regards;
More information about the samba
mailing list