[Samba] Trouble in ssh into Windows machines in the Windows/Samba Domain
Nicola Mingotti
nmingotti at gmail.com
Tue Apr 13 10:26:09 UTC 2021
Hi Rowland,
this is all what I can get, I see some files that are not found with
'strace', nothing more.
. the client does
p at linte> ssh -p 2222 -vv -K 'WINDOM\nicola'@beta
output taken from the command.
p at beta> sudo /usr/sbin/sshd -d -p 2222
It seems the GSSAPI auth is attempted but it fails.
========================
debug1: permanently_set_uid: 105/65534 [preauth]
debug1: list_hostkey_types:
rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g== [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none [preauth]
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none [preauth]
debug1: Doing group exchange [preauth]
debug1: Wait SSH2_MSG_GSSAPI_INIT [preauth]
debug1: Received some client credentials
debug1: rekey after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user WINDOM\\\\nicola service
ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "WINDOM\\nicola"
debug1: PAM: setting PAM_RHOST to "172.16.3.37"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user WINDOM\\\\nicola service
ssh-connection method gssapi-keyex [preauth]
debug1: attempt 1 failures 0 [preauth]
Failed gssapi-with-mic for WINDOM\\nicola from 172.16.3.37 port 33720 ssh2
debug1: userauth-request for user WINDOM\\\\nicola service
ssh-connection method gssapi-with-mic [preauth]
debug1: attempt 2 failures 1 [preauth]
========================
To have an idea why it fails. Same procedure but now output taken from:
p at beta> sudo strace /usr/sbin/sshd -d -p 2222
I stop the process when I am asked the password.
The output is here:
https://www.dropbox.com/s/remttkdvak1h39y/strace-sshd-kerberos.txt?dl=0
. There are visible some missing files as:
/home/WINDOM-nicola/.k5login
/usr/lib/x86_64-linux-gnu/krb5/plugins/authdata
Bye
Nicola
>
>
More information about the samba
mailing list