[Samba] SSH with User in Member Domain

Carlos carlos.hollow at gmail.com
Tue Jan 16 19:49:16 UTC 2018


Hi!!

I dont sucess in ssh with user my domain, in my Filserver(Member)

Samba 4.7.3 Compilated

Ubuntu 16.04

# smb.conf

[global]
         workgroup = XXXXX
         realm = INTERNO.XXX.XXXX.BR
         security = ADS
         username map = /usr/local/samba/etc/user.map

         dedicated keytab file = /etc/krb5.keytab
         kerberos method = secrets and keytab
         winbind cache time = 60

         winbind max clients = 600
         winbind enum users = Yes
         winbind enum groups = Yes
         winbind use default domain = Yes
         winbind nss info = rfc2307
         winbind refresh tickets = Yes
         winbind nss info = template
         template shell = /bin/bash

         idmap config * : backend = tdb
         idmap config * : range = 3000-7999
         idmap config XXXX : backend = rid
         idmap config XXXXX : range = 10000-999999


         # Necessario para Fileserver
         map acl inherit = Yes
         store dos attributes = Yes

         #
         # Disable Cups
         load printers = no
         printing = bsd
         printcap name = /dev/null
         disable spoolss = yes

         # Lixeira + Auditoria
         vfs objects = recycle,full_audit,acl_xattr
         recycle:keeptree = yes
         recycle:versions = yes
         recycle:repository = /opt/DADOS/Lixeira/%U
         recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso, *.exe
         recycle:exclude_dir = tmp
         recycle:touch = yes
         recycle:touch_mtime = yes
         full_audit:failure = none
         full_audit:facility = local5
         full_audit:priority = notice
         full_audit:prefix = %u|%I|%S
         full_audit:success = rename rmdir unlink

# include
include = /opt/samba/etc/compartilhamento.conf


ls -l /lib/x86_64-linux-gnu/libnss_winbind.so*
lrwxrwxrwx 1 root root 41 Dez  8 18:00 
/lib/x86_64-linux-gnu/libnss_winbind.so -> 
/lib/x86_64-linux-gnu/libnss_winbind.so.2
lrwxrwxrwx 1 root root 40 Dez  8 18:00 
/lib/x86_64-linux-gnu/libnss_winbind.so.2 -> 
/usr/local/samba/lib/libnss_winbind.so.2


/etc/pam.d# cat common-session

..

....

  and here are more per-package modules (the "Additional" block)
session required        pam_unix.so
session optional        pam_systemd.so
session optional        pam_winbind.so
session optional        pam_mkhomedir.so skel=/etc/skel umask=077

Any ideia ?

Regards;






More information about the samba mailing list