[Samba] Logging into Linux from Domain-joined Win10 desktop works for hostnames, not VIPs

vincent at cojot.name vincent at cojot.name
Sat Jun 5 20:30:36 UTC 2021


Also,

I just tested this and it's entirely similar:

  I can PuTTY without a password prompt to 
<hostname1.lasthome.solace.krynn> or <hostname1.ad.lasthome.solace.krynn>

If I try to PuTTY to <floating1.lasthome.solace.krynn>, or 
<floating1.ad.lasthome.solace.krynn> it prompts for a password.

The servers are running RHEL8.4.

I probably need to run 'net ads keytab <something>' so I'll be trying to 
figure out the 'something' part.. :)

Sorry again for the noise,

Vincent


On Sat, 5 Jun 2021, Vincent S. Cojot via samba wrote:

>
> Hi Rowland,
>
> You are 100% right and perhaps what I am seeing in only sssd stuff. I've been 
> able to locate a BZ (#1) talking about something similar so perhaps I
> only need to 'net ads keytab add' on the Linux hosts.
>
> Sorry for the noise,
>
> #1: https://bugzilla.redhat.com/show_bug.cgi?id=1529301
>
> Vincent
>
> On Sat, 5 Jun 2021, Rowland penny via samba wrote:
>
>>  On 05/06/2021 20:56, Vincent S. Cojot via samba wrote:
>>>
>>>   Hi All,
>>>
>>>   I've observed some strange thing and I know too little about Windows to
>>>   figure out what's going on so I would love it if someone could shed some
>>>   light..
>>>
>>>   Here's the thing:
>>>
>>>   From a win10 desktop, I PuTTY ssh to a server if I use PuTTY with the
>>>   remote server's hostname but if I use a VIP hosted on the same server,
>>>   my
>>>   user gets prompted for a UNIX password (I'm not using SSH keys in this
>>>   environment, only plain AD with bind).
>>>
>>>   In more detail:
>>>   my RHEL servers are joined to the domain using this:
>>>
>>>   # realm list
>>>   ad.lasthome.solace.krynn
>>>    type: kerberos
>>>    realm-name: AD.LASTHOME.SOLACE.KRYNN
>>>    domain-name: ad.lasthome.solace.krynn
>>>    configured: kerberos-member
>>>    server-software: active-directory
>>>    client-software: sssd
>>>    required-package: oddjob
>>>    required-package: oddjob-mkhomedir
>>>    required-package: sssd
>>>    required-package: adcli
>>>    required-package: samba-common-tools
>>>    login-formats: %U
>>>    login-policy: allow-realm-logins
>>>
>>>   From any Windows10 desktop in the home, I can PuTTY without a password
>>>   prompt to <hostname1.lasthome.solace.krynn>.
>>>
>>>   If I try to PuTTY to <floating1.lasthome.solace.krynn>, my user gets
>>>   prompted for its password.
>>>
>>>   Any ideas? I'm just stumped.. (I don't use Win10 but some of my children
>>>   do and one has a need to ssh from it to a Linux box).
>>>
>>>   Thank you,
>>>
>>>   Vincent
>>> 
>>
>>  you appear to be trying to connect to 'floating1.lasthome.solace.krynn'
>>  but your AD dns domain appears to be 'ad.lasthome.solace.krynn', so of
>>  course you are going to get asked for a password.
>>
>>  Can I ask where Samba comes into this ? If there are shares involved and
>>  the Samba version is >= 4.8.0, then you shouldn't be using sssd etc, but
>>  if you just want authentication, then you don't need Samba, you can just
>>  use sssd.
>>
>>  Rowland
>> 
>> 
>>
>>  --
>>  To unsubscribe from this list go to the following URL and read the
>>  instructions:  https://lists.samba.org/mailman/options/samba
>> 
>> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list