[Samba] Trouble in ssh into Windows machines in the Windows/Samba Domain
Rowland penny
rpenny at samba.org
Sun Apr 11 19:42:32 UTC 2021
On 11/04/2021 18:11, Rémi PAETA wrote:
> My smb.conf
>
> [global]
> server role = active directory domain controller
I was using a Unix domain member, you are using a Samba AD DC, so I
copied the .ssh directory to the home directory of 'username' on the DC
and attempted to ssh to Win10:
SAMDOM\username at rpidc1:~ $ ssh w10pro -v
OpenSSH_7.9p1 Raspbian-10+deb10u2+rpt1, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to w10pro [192.168.0.143] port 22.
debug1: Connection established.
debug1: identity file /home/SAMDOM/username/.ssh/id_rsa type 0
debug1: identity file /home/SAMDOM/username/.ssh/id_rsa-cert type -1
debug1: identity file /home/SAMDOM/username/.ssh/id_dsa type -1
debug1: identity file /home/SAMDOM/username/.ssh/id_dsa-cert type -1
debug1: identity file /home/SAMDOM/username/.ssh/id_ecdsa type -1
debug1: identity file /home/SAMDOM/username/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/SAMDOM/username/.ssh/id_ed25519 type -1
debug1: identity file /home/SAMDOM/username/.ssh/id_ed25519-cert type -1
debug1: identity file /home/SAMDOM/username/.ssh/id_xmss type -1
debug1: identity file /home/SAMDOM/username/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u2+rpt1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_for_Windows_7.7
debug1: match: OpenSSH_for_Windows_7.7 pat OpenSSH* compat 0x04000000
debug1: Authenticating to w10pro:22 as 'SAMDOM\\username'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256
SHA256:qSWT3I9CDT4jGEcigTyDqBWdtWkoCgpdujEbsPO6DIE
debug1: Host 'w10pro' is known and matches the ECDSA host key.
debug1: Found key in /home/SAMDOM/username/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Will attempt key: /home/SAMDOM/username/.ssh/id_rsa RSA
SHA256:9/ifFL4MkWO2RCIc3fxx/iWqUuNktreDHyJqTKWC/7g
debug1: Will attempt key: /home/SAMDOM/username/.ssh/id_dsa
debug1: Will attempt key: /home/SAMDOM/username/.ssh/id_ecdsa
debug1: Will attempt key: /home/SAMDOM/username/.ssh/id_ed25519
debug1: Will attempt key: /home/SAMDOM/username/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info:
server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/SAMDOM/username/.ssh/id_rsa RSA
SHA256:9/ifFL4MkWO2RCIc3fxx/iWqUuNktreDHyJqTKWC/7g
debug1: Server accepts key: /home/SAMDOM/username/.ssh/id_rsa RSA
SHA256:9/ifFL4MkWO2RCIc3fxx/iWqUuNktreDHyJqTKWC/7g
debug1: Authentication succeeded (publickey).
Authenticated to w10pro ([192.168.0.143]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00 at openssh.com
want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_ALL = en_US.UTF-8
Microsoft Windows [Version 10.0.19041.867]
(c) 2020 Microsoft Corporation. All rights reserved.
Success!
This is the DC smb.conf:
[global]
netbios name = RPIDC1
realm = SAMDOM.EXAMPLE.COM
workgroup = SAMDOM
server role = active directory domain controller
server services = -dns
bind interfaces only = Yes
interfaces = lo eth0
dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
idmap_ldb:use rfc2307 = yes
ldap server require strong auth = no
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/samdom.example.com/scripts
read only = No
I do not know what else to say, it just works for myself.
Rowland
More information about the samba
mailing list