Web lists-archives.com

Re: [Samba] Cannot log into Samba4 AD/DC with ssh as domain user




On Sat, 01 Dec 2018 06:26:42 -0500
Mark Foley via samba <samba@xxxxxxxxxxxxxxx> wrote:

> From either a Linux or Mac domain member, I have tried logging into
> the Samba4 AD server as a domain user:
> 
> labmac:~ mark$ ssh mark@mail pwd
> mark@mail's password: 
> Permission denied, please try again.
> 
> where 'mail' is the AD/DC.
> 
> It also fails if I am on the AD/DC an try the same ssh.
> 
> I've tried setting either the GSSAPIAuthentication or
> KerberosAuthentication in /etc/ssh/sshd_config, but those don't help.
> I get:
> 
> Dec  1 06:09:19 mail sshd[8645]: rexec line 89: Unsupported option
> GSSAPIAuthentication Dec  1 06:09:19 mail sshd[8645]: reprocess
> config line 89: Unsupported option GSSAPIAuthentication Dec  1
> 06:09:22 mail sshd[8645]: Failed password for mark from 192.168.0.61
> port 55802 ssh2 Dec  1 06:09:24 mail sshd[8645]: Connection closed by
> 192.168.0.61 port 55802 [preauth]
> 
> Dec  1 06:16:54 mail sshd[21898]: rexec line 83: Unsupported option
> KerberosAuthentication Dec  1 06:16:54 mail sshd[21898]: reprocess
> config line 83: Unsupported option KerberosAuthentication Dec  1
> 06:16:57 mail sshd[21898]: Failed password for mark from 192.168.0.61
> port 55809 ssh2 Dec  1 06:17:00 mail sshd[21898]: Connection closed
> by 192.168.0.61 port 55809 [preauth]
> 
> The AD/DC host is Slackware and does not have PAM.
> 
> Note that I can log in from the AD to the Linux domain member as a
> domain user.
> 
> Is there a way to get domain users to ssh into the the AD? They do
> have home directories on this server?
> 
> THX --Mark
> 

Have you set up the libnss-winbind links ?
Or to put it another way, does 'getent passwd mark' produce output when
run on the DC ?

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba