[Samba] Trouble in ssh into Windows machines in the Windows/Samba Domain

Rowland penny rpenny at samba.org
Tue Apr 13 09:08:46 UTC 2021

On 13/04/2021 09:54, Nicola Mingotti wrote:
> Hi Rowland,
> first of of all my apologies, I see you already sent me once this 
> config !
> Sorry about that.
> Anyway, I have some issues so I need to ask you some stuff
> 0. I am testing between two linuxes in the domain: [linte] and [beta].
> 1. To make it work is it necessary to change the configuration of 
> smb.conf
> in the domain controller or is it enough to configure these 2 machines 
> ([linte] and [beta]) ?

Apart from Samba (winbind) providing the users ID, there is no 
connection between Samba and ssh, so you need to configure the smb.conf 
on the ssh clients and server. These could be Unix domain members or DC's

> 2. I prefer not to use "winbind user default domain = yes", is it
> strictly necessary?
> RATIO. I don't want to use it because I prefer to have a clean
> distinction between local and domain users. 

There is a sort of distinction between local and domain users, you 
should not attempt to have the same user in /etc/passwd and AD, but any 
users in AD become local users if Samba is set up correctly. I use 
'winbind use default domain = yes' so I cannot be 100% sure, but it 
should work without that line, because it works on a DC as client and 
that line does nothing on a DC.

> So it is good form me
> to have to type WINDOM\foobar when I mean Domain User "foobar".
> 3. I already have /etc/krb5.keytab in both computers do I need
> to run 'sudo net ads keytab create' anyway ?

No you do not need to create the keytab if it already exists.


More information about the samba mailing list