[Samba] Samba winbind on redhat 7
Rowland penny
rpenny at samba.org
Fri Jun 21 15:57:21 UTC 2019
On 21/06/2019 16:49, Edouard Guigné via samba wrote:
> Yes, I have only one domain.
>
> Even after added "winbind use default domain = yes" to smb.cnf, I
> cannot ssh :
>
> /Jun 21 12:43:59 [localhost] sshd[5938]: pam_sss(sshd:auth): Request
> to sssd failed. Connection refused//
> //Jun 21 12:43:59 [localhost] sshd[5938]: pam_krb5[5938]: TGT verified
> using key for 'host/mysambserver at MYDOMAIN.LOCAL'//
> //Jun 21 12:43:59 [localhost] sshd[5938]: pam_krb5[5938]:
> authentication succeeds for 'usertest' (usertest at MYDOMAIN.LOCAL)//
> //Jun 21 12:43:59 [localhost] sshd[5938]: pam_sss(sshd:account):
> Request to sssd failed. Connection refused//
> //Jun 21 12:43:59 [localhost] sshd[5938]: pam_winbind(sshd:account):
> user 'usertest' granted access//
> //Jun 21 12:43:59 [localhost] sshd[5938]: Failed password for usertest
> from x.x.x.x port 44090 ssh2//
> //Jun 21 12:43:59 [localhost] sshd[5938]: fatal: Access denied for
> user usertest by PAM account configuration [preauth]/
>
> The system seem to look first for sssd (pam_sss) and then for
> pam_winbind, even if I perform before :
> # authconfig --enablekrb5 --enablewinbind --enablewinbindauth
> --enablemkhomedir --update
I am not a PAM expert especially on Centos, but reading the authconfig
man page turns up '--disablesssd' & '--disablesssdauth', so try them.
Rowland
More information about the samba
mailing list