[Samba] Trouble in ssh into Windows machines in the Windows/Samba Domain
Rowland penny
rpenny at samba.org
Tue Apr 13 09:08:46 UTC 2021
On 13/04/2021 09:54, Nicola Mingotti wrote:
>
> Hi Rowland,
>
> first of of all my apologies, I see you already sent me once this
> config !
> Sorry about that.
>
> Anyway, I have some issues so I need to ask you some stuff
>
> 0. I am testing between two linuxes in the domain: [linte] and [beta].
>
> 1. To make it work is it necessary to change the configuration of
> smb.conf
> in the domain controller or is it enough to configure these 2 machines
> ([linte] and [beta]) ?
Apart from Samba (winbind) providing the users ID, there is no
connection between Samba and ssh, so you need to configure the smb.conf
on the ssh clients and server. These could be Unix domain members or DC's
>
> 2. I prefer not to use "winbind user default domain = yes", is it
> strictly necessary?
> RATIO. I don't want to use it because I prefer to have a clean
> distinction between local and domain users.
There is a sort of distinction between local and domain users, you
should not attempt to have the same user in /etc/passwd and AD, but any
users in AD become local users if Samba is set up correctly. I use
'winbind use default domain = yes' so I cannot be 100% sure, but it
should work without that line, because it works on a DC as client and
that line does nothing on a DC.
> So it is good form me
> to have to type WINDOM\foobar when I mean Domain User "foobar".
>
> 3. I already have /etc/krb5.keytab in both computers do I need
> to run 'sudo net ads keytab create' anyway ?
No you do not need to create the keytab if it already exists.
Rowland
More information about the samba
mailing list