[Samba] SSH with User in Member Domain
Rowland Penny
rpenny at samba.org
Tue Jan 16 19:58:53 UTC 2018
On Tue, 16 Jan 2018 17:49:16 -0200
Carlos via samba <samba at lists.samba.org> wrote:
> Hi!!
>
> I dont sucess in ssh with user my domain, in my Filserver(Member)
>
> Samba 4.7.3 Compilated
>
> Ubuntu 16.04
>
> # smb.conf
>
> [global]
> workgroup = XXXXX
> realm = INTERNO.XXX.XXXX.BR
> security = ADS
> username map = /usr/local/samba/etc/user.map
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> winbind cache time = 60
>
> winbind max clients = 600
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind nss info = rfc2307
> winbind refresh tickets = Yes
> winbind nss info = template
> template shell = /bin/bash
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config XXXX : backend = rid
> idmap config XXXXX : range = 10000-999999
>
>
> # Necessario para Fileserver
> map acl inherit = Yes
> store dos attributes = Yes
>
> #
> # Disable Cups
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> # Lixeira + Auditoria
> vfs objects = recycle,full_audit,acl_xattr
> recycle:keeptree = yes
> recycle:versions = yes
> recycle:repository = /opt/DADOS/Lixeira/%U
> recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso,
> *.exe recycle:exclude_dir = tmp
> recycle:touch = yes
> recycle:touch_mtime = yes
> full_audit:failure = none
> full_audit:facility = local5
> full_audit:priority = notice
> full_audit:prefix = %u|%I|%S
> full_audit:success = rename rmdir unlink
>
> # include
> include = /opt/samba/etc/compartilhamento.conf
>
>
> ls -l /lib/x86_64-linux-gnu/libnss_winbind.so*
> lrwxrwxrwx 1 root root 41 Dez 8 18:00
> /lib/x86_64-linux-gnu/libnss_winbind.so ->
> /lib/x86_64-linux-gnu/libnss_winbind.so.2
> lrwxrwxrwx 1 root root 40 Dez 8 18:00
> /lib/x86_64-linux-gnu/libnss_winbind.so.2 ->
> /usr/local/samba/lib/libnss_winbind.so.2
>
>
> /etc/pam.d# cat common-session
>
> ..
>
> ....
>
> and here are more per-package modules (the "Additional" block)
> session required pam_unix.so
> session optional pam_systemd.so
> session optional pam_winbind.so
> session optional pam_mkhomedir.so skel=/etc/skel umask=077
>
> Any ideia ?
>
> Regards;
>
>
>
>
If you run 'getent passwd <user you want to use with ssh>' on the
fileserver, do you get any output ?
Rowland
More information about the samba
mailing list