[Samba] Trouble in ssh into Windows machines in the Windows/Samba Domain

Nicola Mingotti nmingotti at gmail.com
Wed Apr 14 08:50:46 UTC 2021



Installed "libpam-krb5" but "python3-samba" is missing in my repository.
I have installed already "python-samba".

I removed /etc/krb5.keytab and made it again with the 'net' command.

Still no luck :/

Is ".k5login" an important file? I don't have it.

==== sudo /usr/sbin/sshd -p 2222 -d  ===========
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user WINDOM\\\\nicola service 
ssh-connection method gssapi-keyex [preauth]
debug1: attempt 1 failures 0 [preauth]
Failed gssapi-with-mic for WINDOM\\nicola from 172.16.3.37 port 51166 ssh2
debug1: userauth-request for user WINDOM\\\\nicola service 
ssh-connection method gssapi-with-mic [preauth]
debug1: attempt 2 failures 1 [preauth]
Postponed gssapi-with-mic for WINDOM\\\\nicola from 172.16.3.37 port 
51166 ssh2 [preauth]
debug1: Received some client credentials
Failed gssapi-with-mic for WINDOM\\nicola from 172.16.3.37 port 51166 ssh2
====================

==== sudo strace /usr/sbin/sshd -p 2222 -d ==========
... only a tiny bit of it ...
poll([{fd=7, events=POLLIN|POLLOUT|POLLHUP}], 1, -1) = 1 ([{fd=7, 
revents=POLLOUT}])
write(7, 
"0\10\0\0\1\0\0\0\0\0\0\0\262\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 
2096) = 2096
getpid()                                = 1202
poll([{fd=7, events=POLLIN|POLLHUP}], 1, 5000) = 1 ([{fd=7, 
revents=POLLIN}])
read(7, "\250\17\0\0\2\0\0\0WINDOM\\nicola\0\0\0\0\0\0\0\0\0\0\0"..., 
4008) = 4008
access("/home/WINDOM-nicola/.k5login", F_OK) = -1 ENOENT (No such file 
or directory)
access("/etc/krb5.conf", R_OK)          = 0
stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=284, ...}) = 0
getrandom("\x8d\xd3\x52\x95\xf9\x26\xe6\x6c\xf8\xe5\xe3\x1b\x57\xbe\x05\x43\x02\xcc\xdc\x3b\x26\x9f\x58\x59\x9c\x42\x87\xad\x9c\xb1\xf9\xcd"..., 
64, 0) = 64
getpid()                                = 1202
write(5, "\0\0\0\5/", 5)                = 5
write(5, "\0\0\0\0", 4)                 = 4
write(2, "Failed gssapi-with-mic for WINDO"..., 76Failed gssapi-with-mic 
for WINDOM\\nicola from 172.16.3.37 port 51172 ssh2
) = 76
socket(AF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = 8
fcntl(8, F_SETFD, FD_CLOEXEC)           = 0
...
===================


On 4/13/21 7:43 PM, Rowland penny via samba wrote:
> On 13/04/2021 17:34, Nicola Mingotti wrote:
>>
>> Ok, I corrected all what you found. Except for the name ".lan", which 
>> I can' change in short time.
>>
>> Still, ssh -K is not working unfortunately.
>
>
> I have a couple of packages you haven't, one I think you need: 
> libpam-krb5 python3-samba
>
> Please Install them.
>
> When you left the domain, did you delete /etc/krb5.keytab ?
>
> If you didn't, try deleting it and creating a new one with the 'net' 
> command I posted earlier.
>
> Rowland
>
>
>
>




More information about the samba mailing list