Hi!! I dont sucess in ssh with user my domain, in my Filserver(Member) Samba 4.7.3 Compilated Ubuntu 16.04 # smb.conf [global] workgroup = XXXXX realm = INTERNO.XXX.XXXX.BR security = ADS username map = /usr/local/samba/etc/user.map dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind cache time = 60 winbind max clients = 600 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 winbind refresh tickets = Yes winbind nss info = template template shell = /bin/bash idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config XXXX : backend = rid idmap config XXXXX : range = 10000-999999 # Necessario para Fileserver map acl inherit = Yes store dos attributes = Yes # # Disable Cups load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes # Lixeira + Auditoria vfs objects = recycle,full_audit,acl_xattr recycle:keeptree = yes recycle:versions = yes recycle:repository = /opt/DADOS/Lixeira/%U recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso, *.exe recycle:exclude_dir = tmp recycle:touch = yes recycle:touch_mtime = yes full_audit:failure = none full_audit:facility = local5 full_audit:priority = notice full_audit:prefix = %u|%I|%S full_audit:success = rename rmdir unlink # include include = /opt/samba/etc/compartilhamento.conf ls -l /lib/x86_64-linux-gnu/libnss_winbind.so* lrwxrwxrwx 1 root root 41 Dez 8 18:00 /lib/x86_64-linux-gnu/libnss_winbind.so -> /lib/x86_64-linux-gnu/libnss_winbind.so.2 lrwxrwxrwx 1 root root 40 Dez 8 18:00 /lib/x86_64-linux-gnu/libnss_winbind.so.2 -> /usr/local/samba/lib/libnss_winbind.so.2 /etc/pam.d# cat common-session .. .... and here are more per-package modules (the "Additional" block) session required pam_unix.so session optional pam_systemd.so session optional pam_winbind.so session optional pam_mkhomedir.so skel=/etc/skel umask=077 Any ideia ? Regards;
On Tue, 16 Jan 2018 17:49:16 -0200 Carlos via samba <samba at lists.samba.org> wrote:> Hi!! > > I dont sucess in ssh with user my domain, in my Filserver(Member) > > Samba 4.7.3 Compilated > > Ubuntu 16.04 > > # smb.conf > > [global] > workgroup = XXXXX > realm = INTERNO.XXX.XXXX.BR > security = ADS > username map = /usr/local/samba/etc/user.map > > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > winbind cache time = 60 > > winbind max clients = 600 > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > winbind nss info = rfc2307 > winbind refresh tickets = Yes > winbind nss info = template > template shell = /bin/bash > > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > idmap config XXXX : backend = rid > idmap config XXXXX : range = 10000-999999 > > > # Necessario para Fileserver > map acl inherit = Yes > store dos attributes = Yes > > # > # Disable Cups > load printers = no > printing = bsd > printcap name = /dev/null > disable spoolss = yes > > # Lixeira + Auditoria > vfs objects = recycle,full_audit,acl_xattr > recycle:keeptree = yes > recycle:versions = yes > recycle:repository = /opt/DADOS/Lixeira/%U > recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso, > *.exe recycle:exclude_dir = tmp > recycle:touch = yes > recycle:touch_mtime = yes > full_audit:failure = none > full_audit:facility = local5 > full_audit:priority = notice > full_audit:prefix = %u|%I|%S > full_audit:success = rename rmdir unlink > > # include > include = /opt/samba/etc/compartilhamento.conf > > > ls -l /lib/x86_64-linux-gnu/libnss_winbind.so* > lrwxrwxrwx 1 root root 41 Dez 8 18:00 > /lib/x86_64-linux-gnu/libnss_winbind.so -> > /lib/x86_64-linux-gnu/libnss_winbind.so.2 > lrwxrwxrwx 1 root root 40 Dez 8 18:00 > /lib/x86_64-linux-gnu/libnss_winbind.so.2 -> > /usr/local/samba/lib/libnss_winbind.so.2 > > > /etc/pam.d# cat common-session > > .. > > .... > > and here are more per-package modules (the "Additional" block) > session required pam_unix.so > session optional pam_systemd.so > session optional pam_winbind.so > session optional pam_mkhomedir.so skel=/etc/skel umask=077 > > Any ideia ? > > Regards; > > > >If you run 'getent passwd <user you want to use with ssh>' on the fileserver, do you get any output ? Rowland
Yes and the permissions are ok too. getent passwd XXXX XXXX:*:11109:10513::/home/<DOMAIN>/XXXXX:/bin/bash I exected comand(simulated ssh): login XXXX journalctl |grep login ------------------- Jan 16 17:33:05 <HOSTNAME> login[2150]: pam_unix(login:auth): authentication failure; logname=USER-SUDO uid=0 euid=0 tty=/dev/pts/0 ruser= rhost= user=XXXXXXX Jan 16 17:33:07 <HOSTNAME> login[2150]: FAILED LOGIN (1) on '/dev/pts/0' FOR 'XXXXXX', Authentication failure Jan 16 17:33:26 <HOSTNAME> login[2152]: pam_unix(login:auth): authentication failure; logname=USER-SUDO uid=0 euid=0 tty=/dev/pts/0 ruser= rhost= user=XXXXXXX Jan 16 17:33:29 <HOSTNAME> login[2152]: FAILED LOGIN (1) on '/dev/pts/0' FOR 'XXX', Authentication failure -------------------------- My password is correct, login in Windows no problem with password. Regards; On 16-01-2018 17:58, Rowland Penny via samba wrote:> On Tue, 16 Jan 2018 17:49:16 -0200 > Carlos via samba <samba at lists.samba.org> wrote: > >> Hi!! >> >> I dont sucess in ssh with user my domain, in my Filserver(Member) >> >> Samba 4.7.3 Compilated >> >> Ubuntu 16.04 >> >> # smb.conf >> >> [global] >> workgroup = XXXXX >> realm = INTERNO.XXX.XXXX.BR >> security = ADS >> username map = /usr/local/samba/etc/user.map >> >> dedicated keytab file = /etc/krb5.keytab >> kerberos method = secrets and keytab >> winbind cache time = 60 >> >> winbind max clients = 600 >> winbind enum users = Yes >> winbind enum groups = Yes >> winbind use default domain = Yes >> winbind nss info = rfc2307 >> winbind refresh tickets = Yes >> winbind nss info = template >> template shell = /bin/bash >> >> idmap config * : backend = tdb >> idmap config * : range = 3000-7999 >> idmap config XXXX : backend = rid >> idmap config XXXXX : range = 10000-999999 >> >> >> # Necessario para Fileserver >> map acl inherit = Yes >> store dos attributes = Yes >> >> # >> # Disable Cups >> load printers = no >> printing = bsd >> printcap name = /dev/null >> disable spoolss = yes >> >> # Lixeira + Auditoria >> vfs objects = recycle,full_audit,acl_xattr >> recycle:keeptree = yes >> recycle:versions = yes >> recycle:repository = /opt/DADOS/Lixeira/%U >> recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso, >> *.exe recycle:exclude_dir = tmp >> recycle:touch = yes >> recycle:touch_mtime = yes >> full_audit:failure = none >> full_audit:facility = local5 >> full_audit:priority = notice >> full_audit:prefix = %u|%I|%S >> full_audit:success = rename rmdir unlink >> >> # include >> include = /opt/samba/etc/compartilhamento.conf >> >> >> ls -l /lib/x86_64-linux-gnu/libnss_winbind.so* >> lrwxrwxrwx 1 root root 41 Dez 8 18:00 >> /lib/x86_64-linux-gnu/libnss_winbind.so -> >> /lib/x86_64-linux-gnu/libnss_winbind.so.2 >> lrwxrwxrwx 1 root root 40 Dez 8 18:00 >> /lib/x86_64-linux-gnu/libnss_winbind.so.2 -> >> /usr/local/samba/lib/libnss_winbind.so.2 >> >> >> /etc/pam.d# cat common-session >> >> .. >> >> .... >> >> and here are more per-package modules (the "Additional" block) >> session required pam_unix.so >> session optional pam_systemd.so >> session optional pam_winbind.so >> session optional pam_mkhomedir.so skel=/etc/skel umask=077 >> >> Any ideia ? >> >> Regards; >> >> >> >> > If you run 'getent passwd <user you want to use with ssh>' on the > fileserver, do you get any output ? > > Rowland >