[Samba] Group membership not updating on one DC only
L.P.H. van Belle
belle at bazuin.nl
Tue Mar 9 14:32:30 UTC 2021
ah, now i see, i forgot one user which is using keys, needed that last line.
its running some time already this, totaly forgot abou that one.
the config.
Port 22
ListenAddress 0.0.0.0
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
GSSAPIStrictAcceptorCheck yes
GSSAPIKeyExchange yes
GSSAPIStoreCredentialsOnRekey yes
UsePAM yes
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
PrintMotd no
PrintLastLog yes
UseDNS no
Banner /etc/issue.net
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
AllowGroups sftpCustomers sshLevel1 sshLevel2
Match User customerxxxx
AuthenticationMethods publickey,password
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Matthias Kühne |
> Ellerhold AG via samba
> Verzonden: dinsdag 9 maart 2021 15:18
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Group membership not updating on one DC only
>
> Heyho,
>
> yes all users have uidNumbers and all groups have gidNumbers (thanks to
> adman for that!!)
>
> I could reliably reproduce each of the 3 scenarios below. Thats why
> we're using pam_access now.
>
> Are you using debian buster too? With openssh-server version
> 1:7.9p1-10+deb10u2? For reference this is our (now basic) sshd_conf:
>
> PermitRootLogin no
> PubkeyAuthentication yes
> PasswordAuthentication yes
> PermitEmptyPasswords no
> ChallengeResponseAuthentication no
> UsePAM yes
> AllowAgentForwarding yes
> X11Forwarding no
> PrintMotd no
> AcceptEnv LANG LC_*
> Subsystem sftp /usr/lib/openssh/sftp-server
>
> Anything you've got different in yours?
>
> Overall we're pretty happy with pam_access. Just wanted to share our
> solution to our problem for others that might have the same problem(s).
Offcourse, sharing is caring :-)
always apreciated to see working config passing buy.
Greetz,
Louis
More information about the samba
mailing list