Web lists-archives.com

Re: [Samba] Cannot log into Samba4 AD/DC with ssh as domain user




On Sat, 1 Dec 2018 20:38:58 -0500
Nico Kadel-Garcia <nkadel@xxxxxxxxx> wrote:

> On Sat, Dec 1, 2018 at 4:17 PM Rowland Penny via samba
> <samba@xxxxxxxxxxxxxxx> wrote:
> >
> > On Sat, 01 Dec 2018 15:23:36 -0500
> > Mark Foley <mfoley@xxxxxxxxx> wrote:
> >
> > > On Sat, 1 Dec 2018 12:09:18 Rowland Penny wrote:
> > > >
> > > > On Sat, 01 Dec 2018 06:26:42 -0500
> > > > Mark Foley via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > > >
> > > > > From either a Linux or Mac domain member, I have tried logging
> > > > > into the Samba4 AD server as a domain user:
> > > > >
> > > > > labmac:~ mark$ ssh mark@mail pwd
> > > > > mark@mail's password:
> > > > > Permission denied, please try again.
> > > > >
> > > > > where 'mail' is the AD/DC.
> > > > >
> > > > > It also fails if I am on the AD/DC an try the same ssh.
> > > > >
> > > > > I've tried setting either the GSSAPIAuthentication or
> > > > > KerberosAuthentication in /etc/ssh/sshd_config, but those
> > > > > don't help. I get:
> 
> Stop here. If you have root privileges, add a *local* account on the
> relevant system, and log in using the Kerberos credentials. If those
> don't work, you have other issues.

Just how is that going to work when the KDC is a Samba AD DC and a
local account is just that, a local account that is unknown to
kerberos ?

> 
> Also, just because a host is an AD server does not mean that it is
> configured to allow AD based logins. What is the OS of the AD server
> you are trying to log into?

Did you miss the part where the OP said he could login as an AD user ?

My gut feeling is that he is suffering from an old problem, he is using
Slackware without PAM.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba