[Samba] SSH with User in Member Domain

Rowland Penny rpenny at samba.org
Tue Jan 16 19:58:53 UTC 2018 

On Tue, 16 Jan 2018 17:49:16 -0200
Carlos via samba <samba at lists.samba.org> wrote:

> Hi!!
> 
> I dont sucess in ssh with user my domain, in my Filserver(Member)
> 
> Samba 4.7.3 Compilated
> 
> Ubuntu 16.04
> 
> # smb.conf
> 
> [global]
>          workgroup = XXXXX
>          realm = INTERNO.XXX.XXXX.BR
>          security = ADS
>          username map = /usr/local/samba/etc/user.map
> 
>          dedicated keytab file = /etc/krb5.keytab
>          kerberos method = secrets and keytab
>          winbind cache time = 60
> 
>          winbind max clients = 600
>          winbind enum users = Yes
>          winbind enum groups = Yes
>          winbind use default domain = Yes
>          winbind nss info = rfc2307
>          winbind refresh tickets = Yes
>          winbind nss info = template
>          template shell = /bin/bash
> 
>          idmap config * : backend = tdb
>          idmap config * : range = 3000-7999
>          idmap config XXXX : backend = rid
>          idmap config XXXXX : range = 10000-999999
> 
> 
>          # Necessario para Fileserver
>          map acl inherit = Yes
>          store dos attributes = Yes
> 
>          #
>          # Disable Cups
>          load printers = no
>          printing = bsd
>          printcap name = /dev/null
>          disable spoolss = yes
> 
>          # Lixeira + Auditoria
>          vfs objects = recycle,full_audit,acl_xattr
>          recycle:keeptree = yes
>          recycle:versions = yes
>          recycle:repository = /opt/DADOS/Lixeira/%U
>          recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso,
> *.exe recycle:exclude_dir = tmp
>          recycle:touch = yes
>          recycle:touch_mtime = yes
>          full_audit:failure = none
>          full_audit:facility = local5
>          full_audit:priority = notice
>          full_audit:prefix = %u|%I|%S
>          full_audit:success = rename rmdir unlink
> 
> # include
> include = /opt/samba/etc/compartilhamento.conf
> 
> 
> ls -l /lib/x86_64-linux-gnu/libnss_winbind.so*
> lrwxrwxrwx 1 root root 41 Dez  8 18:00 
> /lib/x86_64-linux-gnu/libnss_winbind.so -> 
> /lib/x86_64-linux-gnu/libnss_winbind.so.2
> lrwxrwxrwx 1 root root 40 Dez  8 18:00 
> /lib/x86_64-linux-gnu/libnss_winbind.so.2 -> 
> /usr/local/samba/lib/libnss_winbind.so.2
> 
> 
> /etc/pam.d# cat common-session
> 
> ..
> 
> ....
> 
>   and here are more per-package modules (the "Additional" block)
> session required        pam_unix.so
> session optional        pam_systemd.so
> session optional        pam_winbind.so
> session optional        pam_mkhomedir.so skel=/etc/skel umask=077
> 
> Any ideia ?
> 
> Regards;
> 
> 
> 
> 

If you run 'getent passwd <user you want to use with ssh>' on the
fileserver, do you get any output ?

Rowland

More information about the samba mailing list