oups.. that was the reason
# authconfig --disablesssd --disablesssdauth --enablekrb5
--enablewinbind --enablewinbindauth --enablemkhomedir --update
ssh sftp works now
Thank you very much Rowland.
Le 21/06/2019 ? 12:57, Rowland penny via samba a ?crit?:> On 21/06/2019 16:49, Edouard Guign? via samba wrote:
>> Yes, I have only one domain.
>>
>> Even after added "winbind use default domain = yes" to
smb.cnf, I
>> cannot ssh :
>>
>> /Jun 21 12:43:59 [localhost] sshd[5938]: pam_sss(sshd:auth): Request
>> to sssd failed. Connection refused//
>> //Jun 21 12:43:59 [localhost] sshd[5938]: pam_krb5[5938]: TGT
>> verified using key for 'host/mysambserver at MYDOMAIN.LOCAL'//
>> //Jun 21 12:43:59 [localhost] sshd[5938]: pam_krb5[5938]:
>> authentication succeeds for 'usertest' (usertest at
MYDOMAIN.LOCAL)//
>> //Jun 21 12:43:59 [localhost] sshd[5938]: pam_sss(sshd:account):
>> Request to sssd failed. Connection refused//
>> //Jun 21 12:43:59 [localhost] sshd[5938]: pam_winbind(sshd:account):
>> user 'usertest' granted access//
>> //Jun 21 12:43:59 [localhost] sshd[5938]: Failed password for
>> usertest from x.x.x.x port 44090 ssh2//
>> //Jun 21 12:43:59 [localhost] sshd[5938]: fatal: Access denied for
>> user usertest by PAM account configuration [preauth]/
>>
>> The system seem to look first for sssd (pam_sss) and then for
>> pam_winbind, even if I perform before :
>> # authconfig --enablekrb5 --enablewinbind --enablewinbindauth
>> --enablemkhomedir --update
>
> I am not a PAM expert especially on Centos, but reading the authconfig
> man page turns up '--disablesssd' &
'--disablesssdauth', so try them.
>
> Rowland
>
>
>
