[Samba] Trouble in ssh into Windows machines in the Windows/Samba Domain

Rémi PAETA sio.paeta at gmail.com
Mon Apr 12 12:22:06 UTC 2021


Do you know what mean this please ?
Kerberos: krb5_verify_checksum failed for S4U2Self: Checksum type 
hmac-md5 is keyed, but the key type aes256-cts-hmac-sha1-96 passed didnt 
have that checksum type as the keyed type

------ Message d'origine ------
De: "Rémi PAETA" <sio.paeta at gmail.com>
À: "Rowland penny" <rpenny at samba.org>
Envoyé : 11/04/2021 23:08:33
Objet : Re[2]: [Samba] Trouble in ssh into Windows machines in the 
Windows/Samba Domain

>I use a samba AD DC.
>But I want to connect by SSH to a WIN10 domain member from another WIN10 which is not a domain member.
>
>------ Message d'origine ------
>De: "Rowland penny via samba" <samba at lists.samba.org>
>À: "sambalist" <samba at lists.samba.org>
>Envoyé : 11/04/2021 21:42:32
>Objet : Re: [Samba] Trouble in ssh into Windows machines in the Windows/Samba Domain
>
>>On 11/04/2021 18:11, Rémi PAETA wrote:
>>>My smb.conf
>>>
>>>[global]
>>>  server role = active directory domain controller
>>
>>
>>I was using a Unix domain member, you are using a Samba AD DC, so I copied the .ssh directory to the home directory of 'username' on the DC and attempted to ssh to Win10:
>>
>>SAMDOM\username at rpidc1:~ $ ssh w10pro -v
>>OpenSSH_7.9p1 Raspbian-10+deb10u2+rpt1, OpenSSL 1.1.1d  10 Sep 2019
>>debug1: Reading configuration data /etc/ssh/ssh_config
>>debug1: Connecting to w10pro [192.168.0.143] port 22.
>>debug1: Connection established.
>>debug1: identity file /home/SAMDOM/username/.ssh/id_rsa type 0
>>debug1: identity file /home/SAMDOM/username/.ssh/id_rsa-cert type -1
>>debug1: identity file /home/SAMDOM/username/.ssh/id_dsa type -1
>>debug1: identity file /home/SAMDOM/username/.ssh/id_dsa-cert type -1
>>debug1: identity file /home/SAMDOM/username/.ssh/id_ecdsa type -1
>>debug1: identity file /home/SAMDOM/username/.ssh/id_ecdsa-cert type -1
>>debug1: identity file /home/SAMDOM/username/.ssh/id_ed25519 type -1
>>debug1: identity file /home/SAMDOM/username/.ssh/id_ed25519-cert type -1
>>debug1: identity file /home/SAMDOM/username/.ssh/id_xmss type -1
>>debug1: identity file /home/SAMDOM/username/.ssh/id_xmss-cert type -1
>>debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u2+rpt1
>>debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_7.7
>>debug1: match: OpenSSH_for_Windows_7.7 pat OpenSSH* compat 0x04000000
>>debug1: Authenticating to w10pro:22 as 'SAMDOM\\username'
>>debug1: SSH2_MSG_KEXINIT sent
>>debug1: SSH2_MSG_KEXINIT received
>>debug1: kex: algorithm: curve25519-sha256
>>debug1: kex: host key algorithm: ecdsa-sha2-nistp256
>>debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
>>debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
>>debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
>>debug1: Server host key: ecdsa-sha2-nistp256 SHA256:qSWT3I9CDT4jGEcigTyDqBWdtWkoCgpdujEbsPO6DIE
>>debug1: Host 'w10pro' is known and matches the ECDSA host key.
>>debug1: Found key in /home/SAMDOM/username/.ssh/known_hosts:1
>>debug1: rekey after 134217728 blocks
>>debug1: SSH2_MSG_NEWKEYS sent
>>debug1: expecting SSH2_MSG_NEWKEYS
>>debug1: SSH2_MSG_NEWKEYS received
>>debug1: rekey after 134217728 blocks
>>debug1: Will attempt key: /home/SAMDOM/username/.ssh/id_rsa RSA SHA256:9/ifFL4MkWO2RCIc3fxx/iWqUuNktreDHyJqTKWC/7g
>>debug1: Will attempt key: /home/SAMDOM/username/.ssh/id_dsa
>>debug1: Will attempt key: /home/SAMDOM/username/.ssh/id_ecdsa
>>debug1: Will attempt key: /home/SAMDOM/username/.ssh/id_ed25519
>>debug1: Will attempt key: /home/SAMDOM/username/.ssh/id_xmss
>>debug1: SSH2_MSG_EXT_INFO received
>>debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
>>debug1: SSH2_MSG_SERVICE_ACCEPT received
>>debug1: Authentications that can continue: publickey,password,keyboard-interactive
>>debug1: Next authentication method: publickey
>>debug1: Offering public key: /home/SAMDOM/username/.ssh/id_rsa RSA SHA256:9/ifFL4MkWO2RCIc3fxx/iWqUuNktreDHyJqTKWC/7g
>>debug1: Server accepts key: /home/SAMDOM/username/.ssh/id_rsa RSA SHA256:9/ifFL4MkWO2RCIc3fxx/iWqUuNktreDHyJqTKWC/7g
>>debug1: Authentication succeeded (publickey).
>>Authenticated to w10pro ([192.168.0.143]:22).
>>debug1: channel 0: new [client-session]
>>debug1: Requesting no-more-sessions at openssh.com
>>debug1: Entering interactive session.
>>debug1: pledge: network
>>debug1: client_input_global_request: rtype hostkeys-00 at openssh.com want_reply 0
>>debug1: Sending environment.
>>debug1: Sending env LANG = en_US.UTF-8
>>debug1: Sending env LC_ALL = en_US.UTF-8
>>
>>Microsoft Windows [Version 10.0.19041.867]
>>(c) 2020 Microsoft Corporation. All rights reserved.
>>
>>Success!
>>
>>This is the DC smb.conf:
>>
>>[global]
>>         netbios name = RPIDC1
>>         realm = SAMDOM.EXAMPLE.COM
>>         workgroup = SAMDOM
>>         server role = active directory domain controller
>>         server services = -dns
>>         bind interfaces only = Yes
>>         interfaces = lo eth0
>>         dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
>>         idmap_ldb:use rfc2307  = yes
>>         ldap server require strong auth = no
>>
>>[sysvol]
>>         path = /var/lib/samba/sysvol
>>         read only = No
>>
>>[netlogon]
>>         path = /var/lib/samba/sysvol/samdom.example.com/scripts
>>         read only = No
>>
>>I do not know what else to say, it just works for myself.
>>
>>Rowland
>>
>>
>>
>>-- To unsubscribe from this list go to the following URL and read the
>>instructions:  https://lists.samba.org/mailman/options/samba
>




More information about the samba mailing list