Web lists-archives.com

Re: [Samba] SSH with User in Member Domain




Yes and the permissions are ok too.

getent passwd XXXX
XXXX:*:11109:10513::/home/<DOMAIN>/XXXXX:/bin/bash

I exected comand(simulated ssh):

login XXXX

journalctl |grep login

-------------------

Jan 16 17:33:05 <HOSTNAME> login[2150]: pam_unix(login:auth): authentication failure; logname=USER-SUDO uid=0 euid=0 tty=/dev/pts/0 ruser= rhost= user=XXXXXXX Jan 16 17:33:07 <HOSTNAME> login[2150]: FAILED LOGIN (1) on '/dev/pts/0' FOR 'XXXXXX', Authentication failure Jan 16 17:33:26 <HOSTNAME> login[2152]: pam_unix(login:auth): authentication failure; logname=USER-SUDO uid=0 euid=0 tty=/dev/pts/0 ruser= rhost= user=XXXXXXX Jan 16 17:33:29 <HOSTNAME> login[2152]: FAILED LOGIN (1) on '/dev/pts/0' FOR 'XXX', Authentication failure

--------------------------

My password is correct, login in Windows no problem with password.


Regards;




On 16-01-2018 17:58, Rowland Penny via samba wrote:
On Tue, 16 Jan 2018 17:49:16 -0200
Carlos via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hi!!

I dont sucess in ssh with user my domain, in my Filserver(Member)

Samba 4.7.3 Compilated

Ubuntu 16.04

# smb.conf

[global]
          workgroup = XXXXX
          realm = INTERNO.XXX.XXXX.BR
          security = ADS
          username map = /usr/local/samba/etc/user.map

          dedicated keytab file = /etc/krb5.keytab
          kerberos method = secrets and keytab
          winbind cache time = 60

          winbind max clients = 600
          winbind enum users = Yes
          winbind enum groups = Yes
          winbind use default domain = Yes
          winbind nss info = rfc2307
          winbind refresh tickets = Yes
          winbind nss info = template
          template shell = /bin/bash

          idmap config * : backend = tdb
          idmap config * : range = 3000-7999
          idmap config XXXX : backend = rid
          idmap config XXXXX : range = 10000-999999


          # Necessario para Fileserver
          map acl inherit = Yes
          store dos attributes = Yes

          #
          # Disable Cups
          load printers = no
          printing = bsd
          printcap name = /dev/null
          disable spoolss = yes

          # Lixeira + Auditoria
          vfs objects = recycle,full_audit,acl_xattr
          recycle:keeptree = yes
          recycle:versions = yes
          recycle:repository = /opt/DADOS/Lixeira/%U
          recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso,
*.exe recycle:exclude_dir = tmp
          recycle:touch = yes
          recycle:touch_mtime = yes
          full_audit:failure = none
          full_audit:facility = local5
          full_audit:priority = notice
          full_audit:prefix = %u|%I|%S
          full_audit:success = rename rmdir unlink

# include
include = /opt/samba/etc/compartilhamento.conf


ls -l /lib/x86_64-linux-gnu/libnss_winbind.so*
lrwxrwxrwx 1 root root 41 Dez  8 18:00
/lib/x86_64-linux-gnu/libnss_winbind.so ->
/lib/x86_64-linux-gnu/libnss_winbind.so.2
lrwxrwxrwx 1 root root 40 Dez  8 18:00
/lib/x86_64-linux-gnu/libnss_winbind.so.2 ->
/usr/local/samba/lib/libnss_winbind.so.2


/etc/pam.d# cat common-session

..

....

   and here are more per-package modules (the "Additional" block)
session required        pam_unix.so
session optional        pam_systemd.so
session optional        pam_winbind.so
session optional        pam_mkhomedir.so skel=/etc/skel umask=077

Any ideia ?

Regards;




If you run 'getent passwd <user you want to use with ssh>' on the
fileserver, do you get any output ?

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba