[Samba] Trouble in ssh into Windows machines in the Windows/Samba Domain

Rowland penny rpenny at samba.org
Sun Apr 11 19:42:32 UTC 2021 

On 11/04/2021 18:11, Rémi PAETA wrote:
> My smb.conf
>
> [global]
>  server role = active directory domain controller


I was using a Unix domain member, you are using a Samba AD DC, so I 
copied the .ssh directory to the home directory of 'username' on the DC 
and attempted to ssh to Win10:

SAMDOM\username at rpidc1:~ $ ssh w10pro -v
OpenSSH_7.9p1 Raspbian-10+deb10u2+rpt1, OpenSSL 1.1.1d  10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to w10pro [192.168.0.143] port 22.
debug1: Connection established.
debug1: identity file /home/SAMDOM/username/.ssh/id_rsa type 0
debug1: identity file /home/SAMDOM/username/.ssh/id_rsa-cert type -1
debug1: identity file /home/SAMDOM/username/.ssh/id_dsa type -1
debug1: identity file /home/SAMDOM/username/.ssh/id_dsa-cert type -1
debug1: identity file /home/SAMDOM/username/.ssh/id_ecdsa type -1
debug1: identity file /home/SAMDOM/username/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/SAMDOM/username/.ssh/id_ed25519 type -1
debug1: identity file /home/SAMDOM/username/.ssh/id_ed25519-cert type -1
debug1: identity file /home/SAMDOM/username/.ssh/id_xmss type -1
debug1: identity file /home/SAMDOM/username/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u2+rpt1
debug1: Remote protocol version 2.0, remote software version 
OpenSSH_for_Windows_7.7
debug1: match: OpenSSH_for_Windows_7.7 pat OpenSSH* compat 0x04000000
debug1: Authenticating to w10pro:22 as 'SAMDOM\\username'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: 
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC: 
<implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 
SHA256:qSWT3I9CDT4jGEcigTyDqBWdtWkoCgpdujEbsPO6DIE
debug1: Host 'w10pro' is known and matches the ECDSA host key.
debug1: Found key in /home/SAMDOM/username/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Will attempt key: /home/SAMDOM/username/.ssh/id_rsa RSA 
SHA256:9/ifFL4MkWO2RCIc3fxx/iWqUuNktreDHyJqTKWC/7g
debug1: Will attempt key: /home/SAMDOM/username/.ssh/id_dsa
debug1: Will attempt key: /home/SAMDOM/username/.ssh/id_ecdsa
debug1: Will attempt key: /home/SAMDOM/username/.ssh/id_ed25519
debug1: Will attempt key: /home/SAMDOM/username/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: 
server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: 
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/SAMDOM/username/.ssh/id_rsa RSA 
SHA256:9/ifFL4MkWO2RCIc3fxx/iWqUuNktreDHyJqTKWC/7g
debug1: Server accepts key: /home/SAMDOM/username/.ssh/id_rsa RSA 
SHA256:9/ifFL4MkWO2RCIc3fxx/iWqUuNktreDHyJqTKWC/7g
debug1: Authentication succeeded (publickey).
Authenticated to w10pro ([192.168.0.143]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00 at openssh.com 
want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_ALL = en_US.UTF-8

Microsoft Windows [Version 10.0.19041.867]
(c) 2020 Microsoft Corporation. All rights reserved.

Success!

This is the DC smb.conf:

[global]
         netbios name = RPIDC1
         realm = SAMDOM.EXAMPLE.COM
         workgroup = SAMDOM
         server role = active directory domain controller
         server services = -dns
         bind interfaces only = Yes
         interfaces = lo eth0
         dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
         idmap_ldb:use rfc2307  = yes
         ldap server require strong auth = no

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No

[netlogon]
         path = /var/lib/samba/sysvol/samdom.example.com/scripts
         read only = No

I do not know what else to say, it just works for myself.

Rowland

More information about the samba mailing list