[Samba] SSH with User in Member Domain

Carlos carlos.hollow at gmail.com
Tue Jan 16 20:10:00 UTC 2018


Yes and the permissions are ok too.

getent passwd XXXX
XXXX:*:11109:10513::/home/<DOMAIN>/XXXXX:/bin/bash

I exected comand(simulated ssh):

login XXXX

journalctl |grep login

-------------------

Jan 16 17:33:05 <HOSTNAME> login[2150]: pam_unix(login:auth): 
authentication failure; logname=USER-SUDO uid=0 euid=0 tty=/dev/pts/0 
ruser= rhost= user=XXXXXXX
Jan 16 17:33:07 <HOSTNAME> login[2150]: FAILED LOGIN (1) on '/dev/pts/0' 
FOR 'XXXXXX', Authentication failure
Jan 16 17:33:26 <HOSTNAME> login[2152]: pam_unix(login:auth): 
authentication failure; logname=USER-SUDO uid=0 euid=0 tty=/dev/pts/0 
ruser= rhost= user=XXXXXXX
Jan 16 17:33:29 <HOSTNAME> login[2152]: FAILED LOGIN (1) on '/dev/pts/0' 
FOR 'XXX', Authentication failure

--------------------------

My password is correct, login in Windows no problem with password.


Regards;




On 16-01-2018 17:58, Rowland Penny via samba wrote:
> On Tue, 16 Jan 2018 17:49:16 -0200
> Carlos via samba <samba at lists.samba.org> wrote:
>
>> Hi!!
>>
>> I dont sucess in ssh with user my domain, in my Filserver(Member)
>>
>> Samba 4.7.3 Compilated
>>
>> Ubuntu 16.04
>>
>> # smb.conf
>>
>> [global]
>>           workgroup = XXXXX
>>           realm = INTERNO.XXX.XXXX.BR
>>           security = ADS
>>           username map = /usr/local/samba/etc/user.map
>>
>>           dedicated keytab file = /etc/krb5.keytab
>>           kerberos method = secrets and keytab
>>           winbind cache time = 60
>>
>>           winbind max clients = 600
>>           winbind enum users = Yes
>>           winbind enum groups = Yes
>>           winbind use default domain = Yes
>>           winbind nss info = rfc2307
>>           winbind refresh tickets = Yes
>>           winbind nss info = template
>>           template shell = /bin/bash
>>
>>           idmap config * : backend = tdb
>>           idmap config * : range = 3000-7999
>>           idmap config XXXX : backend = rid
>>           idmap config XXXXX : range = 10000-999999
>>
>>
>>           # Necessario para Fileserver
>>           map acl inherit = Yes
>>           store dos attributes = Yes
>>
>>           #
>>           # Disable Cups
>>           load printers = no
>>           printing = bsd
>>           printcap name = /dev/null
>>           disable spoolss = yes
>>
>>           # Lixeira + Auditoria
>>           vfs objects = recycle,full_audit,acl_xattr
>>           recycle:keeptree = yes
>>           recycle:versions = yes
>>           recycle:repository = /opt/DADOS/Lixeira/%U
>>           recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso,
>> *.exe recycle:exclude_dir = tmp
>>           recycle:touch = yes
>>           recycle:touch_mtime = yes
>>           full_audit:failure = none
>>           full_audit:facility = local5
>>           full_audit:priority = notice
>>           full_audit:prefix = %u|%I|%S
>>           full_audit:success = rename rmdir unlink
>>
>> # include
>> include = /opt/samba/etc/compartilhamento.conf
>>
>>
>> ls -l /lib/x86_64-linux-gnu/libnss_winbind.so*
>> lrwxrwxrwx 1 root root 41 Dez  8 18:00
>> /lib/x86_64-linux-gnu/libnss_winbind.so ->
>> /lib/x86_64-linux-gnu/libnss_winbind.so.2
>> lrwxrwxrwx 1 root root 40 Dez  8 18:00
>> /lib/x86_64-linux-gnu/libnss_winbind.so.2 ->
>> /usr/local/samba/lib/libnss_winbind.so.2
>>
>>
>> /etc/pam.d# cat common-session
>>
>> ..
>>
>> ....
>>
>>    and here are more per-package modules (the "Additional" block)
>> session required        pam_unix.so
>> session optional        pam_systemd.so
>> session optional        pam_winbind.so
>> session optional        pam_mkhomedir.so skel=/etc/skel umask=077
>>
>> Any ideia ?
>>
>> Regards;
>>
>>
>>
>>
> If you run 'getent passwd <user you want to use with ssh>' on the
> fileserver, do you get any output ?
>
> Rowland
>



More information about the samba mailing list