[Samba] Samba winbind on redhat 7

Edouard Guigné eguigne at pasteur-cayenne.fr
Fri Jun 21 15:49:16 UTC 2019 

Yes, I have only one domain.

Even after added "winbind use default domain = yes" to smb.cnf, I cannot 
ssh :

/Jun 21 12:43:59 [localhost] sshd[5938]: pam_sss(sshd:auth): Request to 
sssd failed. Connection refused//
//Jun 21 12:43:59 [localhost] sshd[5938]: pam_krb5[5938]: TGT verified 
using key for 'host/mysambserver at MYDOMAIN.LOCAL'//
//Jun 21 12:43:59 [localhost] sshd[5938]: pam_krb5[5938]: authentication 
succeeds for 'usertest' (usertest at MYDOMAIN.LOCAL)//
//Jun 21 12:43:59 [localhost] sshd[5938]: pam_sss(sshd:account): Request 
to sssd failed. Connection refused//
//Jun 21 12:43:59 [localhost] sshd[5938]: pam_winbind(sshd:account): 
user 'usertest' granted access//
//Jun 21 12:43:59 [localhost] sshd[5938]: Failed password for usertest 
from x.x.x.x port 44090 ssh2//
//Jun 21 12:43:59 [localhost] sshd[5938]: fatal: Access denied for user 
usertest by PAM account configuration [preauth]/

The system seem to look first for sssd (pam_sss) and then for 
pam_winbind, even if I perform before :
# authconfig --enablekrb5 --enablewinbind --enablewinbindauth 
--enablemkhomedir --update

Edouard

Le 21/06/2019 à 12:21, Rowland penny via samba a écrit :
> On 21/06/2019 15:39, Edouard Guigné via samba wrote:
>> Hello,
>>
>> I am facing 2 issues now.
>> The first one is the more critical for me...
>>
>> 1. When I switch from sssd to winbind with :
>> # authconfig --enablekrb5 --enablewinbind --enablewinbindauth 
>> --enablemkhomedir --update
>>
>> My sftp access did not work. Does it change the way to pass the login ?
>> I used to connect in sftp with userlogin / userpassword
>>
>> //var/log/secure ://
>> /
>>
>> /Jun 21 11:08:31 [localhost] sshd[17379]: Invalid user sftpuser from 
>> x.x.x.x port 50187//
>> //Jun 21 11:08:31 [localhost] sshd[17379]: input_userauth_request: 
>> invalid user sftpuser [preauth]//
>> //Jun 21 11:08:31 [localhost] sshd[17379]: pam_unix(sshd:auth): check 
>> pass; user unknown//
>> //Jun 21 11:08:31 [localhost] sshd[17379]: pam_unix(sshd:auth): 
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser= 
>> rhost=myhost.mydomain.fr//
>> //Jun 21 11:08:32 [localhost] sshd[17379]: Failed password for 
>> invalid user sftpusert from x.x.x.x port 50187 ssh2/
>>
>> Do I need now to pass MYDOMAIN\userlogin / userpassword or something 
>> like that ?
>> How can I check the correct syntax ?
>> I would like to use userlogin / userpassword for sftp access.
>>
> Do you only have one domain and no trusted domains ?
>
> If so add this line to smb.conf and restart Samba:
>
> winbind use default domain = yes
>
> This will change 'MYDOMAIN\userlogin' to just 'userlogin'
>
> There is one gotcha though, it does not work on a Samba AD DC.
>
> Rowland
>
>
>

More information about the samba mailing list