[Samba] Trouble in ssh into Windows machines in the Windows/Samba Domain

Nicola Mingotti nmingotti at gmail.com
Sun Apr 11 10:12:51 UTC 2021

Interlining answers:

On 4/10/21 8:20 PM, Rowland penny via samba wrote:
> It is Samba 14.4.2 , but this shouldn't matter, ssh has nothing to do 
> with Samba unless you are using kerberos, and I am not.
Umm, Rowland you are at least 10 times more knowledgeable then me about 
Samba and Windows.
I wouldn't rule out Samba is involved for this argument (it may be 
bullshit, you know better).  "Take the case of Linux, for example,
my domain users aren't definied in /etc/passwd, but are visible by 
'getent passwd', which means
that every time somebody logs into a Linux box as domain user my system has
to talk to AD to understand what that user can do. That is the reason 
why I suppose
Samba is involved anytime I am talking about Domain Users.

>> 2] Your domain configuration is different, in the smb.conf or a GPO
> Fairly stock smb.conf, no GPO's that have anything to do with ssh (are 
> there any ?)
About 6 months ago I tried to achieve the same result I am trying now 
with Cygwin.
It was a failure. After about a week of deep testing and searching I 
have given up.
In that occasion GPO were fundamental, if I remember well, to let a user 
another user. (sudo basically). I can look up details if you whish, it 
should be in my notes.

Another little difference between our configuration is that my 
administrators in
the domain are called "adam1", "adam2" etc. I never use "Administator". That
can cause some different outcomes.

>> 3] If you didn't install SSH in the last two days you may be using a 
>> blessed
>> release from the past which does not contain a bug.
> I am using the standard ssh you get by installing it via 'settings'

I think it would be better if we standardize our tests. For at least 
these reasons:
1] Nobody knows what Microsoft did to OpenSSH
2] There isn't a Windows version of OpenSSH for Server 2016
3] There are now scripts to check user permissions in the new releases
=> In propose to use the latest OpenSSH from gitHub for further analysis.

>> The error I see i luckily reported by other people here:
>> https://github.com/PowerShell/Win32-OpenSSH/issues/1543#issuecomment-816787269 
> That is trying to use kerberos (That isn't publickey, it isn't any 
> key) and I haven't troubleshooted that yet, perhaps tomorrow. One 
> question I do have, does Windows use GSSAPI ?
I can't help you here, i am ignorant on this subject at the moment. I 
may  know more after some reaserch ;)


More information about the samba mailing list