[Samba] Logging into Linux from Domain-joined Win10 desktop works for hostnames, not VIPs

vincent at cojot.name vincent at cojot.name
Sat Jun 5 20:20:40 UTC 2021


Hi Rowland,

You are 100% right and perhaps what I am seeing in only sssd stuff. I've 
been able to locate a BZ (#1) talking about something similar so perhaps I
only need to 'net ads keytab add' on the Linux hosts.

Sorry for the noise,

#1: https://bugzilla.redhat.com/show_bug.cgi?id=1529301

Vincent

On Sat, 5 Jun 2021, Rowland penny via samba wrote:

> On 05/06/2021 20:56, Vincent S. Cojot via samba wrote:
>>
>>  Hi All,
>>
>>  I've observed some strange thing and I know too little about Windows to
>>  figure out what's going on so I would love it if someone could shed some
>>  light..
>>
>>  Here's the thing:
>>
>>  From a win10 desktop, I PuTTY ssh to a server if I use PuTTY with the
>>  remote server's hostname but if I use a VIP hosted on the same server, my
>>  user gets prompted for a UNIX password (I'm not using SSH keys in this
>>  environment, only plain AD with bind).
>>
>>  In more detail:
>>  my RHEL servers are joined to the domain using this:
>>
>>  # realm list
>>  ad.lasthome.solace.krynn
>>   type: kerberos
>>   realm-name: AD.LASTHOME.SOLACE.KRYNN
>>   domain-name: ad.lasthome.solace.krynn
>>   configured: kerberos-member
>>   server-software: active-directory
>>   client-software: sssd
>>   required-package: oddjob
>>   required-package: oddjob-mkhomedir
>>   required-package: sssd
>>   required-package: adcli
>>   required-package: samba-common-tools
>>   login-formats: %U
>>   login-policy: allow-realm-logins
>>
>>  From any Windows10 desktop in the home, I can PuTTY without a password
>>  prompt to <hostname1.lasthome.solace.krynn>.
>>
>>  If I try to PuTTY to <floating1.lasthome.solace.krynn>, my user gets
>>  prompted for its password.
>>
>>  Any ideas? I'm just stumped.. (I don't use Win10 but some of my children
>>  do and one has a need to ssh from it to a Linux box).
>>
>>  Thank you,
>>
>>  Vincent
>> 
>
> you appear to be trying to connect to 'floating1.lasthome.solace.krynn' but 
> your AD dns domain appears to be 'ad.lasthome.solace.krynn', so of course you 
> are going to get asked for a password.
>
> Can I ask where Samba comes into this ? If there are shares involved and the 
> Samba version is >= 4.8.0, then you shouldn't be using sssd etc, but if you 
> just want authentication, then you don't need Samba, you can just use sssd.
>
> Rowland
>
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>


More information about the samba mailing list