On 28/08/15 11:48, Volker Lendecke wrote:> On Thu, Aug 27, 2015 at 08:17:15AM +0200, L.P.H. van Belle wrote: >> This was a test on debian Jessie with sernet samba 4.2.3. >> and the test was, "login" with a AD user on ssh. >> this worked, fine, but this i noticed later. > Currently recompiling with the attached patch. I haven't > tested it yet, but I am pretty sure this will fix the issue. > > For everyone interested, the comment should be pretty > self-explaining. > > Volker > > >OK, after reading Volkers patch, I got the feeling that the problem wasn't actually a samba problem, so I went googling. If I change these lines in /etc/ssh/sshd_config: ChallengeResponseAuthentication no #PasswordAuthentication yes To: ChallengeResponseAuthentication yes PasswordAuthentication yes restart ssh: 'service ssh restart' on Debian wheezy Now try and login via ssh: root at dc01:~# ssh user3 at 192.168.0.196 Password: Password expired. You must change it now. Enter new password: Enter it again: Warning: Your password will expire in 42 days on Fri Oct 9 13:30:25 2015 Linux debclient 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u3 x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Fri Aug 28 13:23:32 2015 from dc01.example.com user3 at debclient:~$ No spinning winbind PID Have I found the cure ? Rowland
On Fri, Aug 28, 2015 at 01:39:29PM +0100, Rowland Penny wrote:> On 28/08/15 11:48, Volker Lendecke wrote: > >On Thu, Aug 27, 2015 at 08:17:15AM +0200, L.P.H. van Belle wrote: > >>This was a test on debian Jessie with sernet samba 4.2.3. > >>and the test was, "login" with a AD user on ssh. > >>this worked, fine, but this i noticed later. > >Currently recompiling with the attached patch. I haven't > >tested it yet, but I am pretty sure this will fix the issue. > > > >For everyone interested, the comment should be pretty > >self-explaining. > > > >Volker > > > > > > > > OK, after reading Volkers patch, I got the feeling that the problem > wasn't actually a samba problem, so I went googling. > > If I change these lines in /etc/ssh/sshd_config: > > ChallengeResponseAuthentication no > #PasswordAuthentication yes > > To: > > ChallengeResponseAuthentication yes > PasswordAuthentication yes > > restart ssh: 'service ssh restart' on Debian wheezy > > Now try and login via ssh: > > root at dc01:~# ssh user3 at 192.168.0.196 > Password: > Password expired. You must change it now. > Enter new password: > Enter it again: > Warning: Your password will expire in 42 days on Fri Oct 9 13:30:25 2015 > Linux debclient 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u3 x86_64 > > The programs included with the Debian GNU/Linux system are free software; > the exact distribution terms for each program are described in the > individual files in /usr/share/doc/*/copyright. > > Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent > permitted by applicable law. > Last login: Fri Aug 28 13:23:32 2015 from dc01.example.com > user3 at debclient:~$ > > No spinning winbind PID > > Have I found the cure ?Hmm. Weird. This is also with the exact same platform? Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kontakt at sernet.de
On 28/08/15 14:56, Volker Lendecke wrote:> On Fri, Aug 28, 2015 at 01:39:29PM +0100, Rowland Penny wrote: >> On 28/08/15 11:48, Volker Lendecke wrote: >>> On Thu, Aug 27, 2015 at 08:17:15AM +0200, L.P.H. van Belle wrote: >>>> This was a test on debian Jessie with sernet samba 4.2.3. >>>> and the test was, "login" with a AD user on ssh. >>>> this worked, fine, but this i noticed later. >>> Currently recompiling with the attached patch. I haven't >>> tested it yet, but I am pretty sure this will fix the issue. >>> >>> For everyone interested, the comment should be pretty >>> self-explaining. >>> >>> Volker >>> >>> >>> >> OK, after reading Volkers patch, I got the feeling that the problem >> wasn't actually a samba problem, so I went googling. >> >> If I change these lines in /etc/ssh/sshd_config: >> >> ChallengeResponseAuthentication no >> #PasswordAuthentication yes >> >> To: >> >> ChallengeResponseAuthentication yes >> PasswordAuthentication yes >> >> restart ssh: 'service ssh restart' on Debian wheezy >> >> Now try and login via ssh: >> >> root at dc01:~# ssh user3 at 192.168.0.196 >> Password: >> Password expired. You must change it now. >> Enter new password: >> Enter it again: >> Warning: Your password will expire in 42 days on Fri Oct 9 13:30:25 2015 >> Linux debclient 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u3 x86_64 >> >> The programs included with the Debian GNU/Linux system are free software; >> the exact distribution terms for each program are described in the >> individual files in /usr/share/doc/*/copyright. >> >> Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent >> permitted by applicable law. >> Last login: Fri Aug 28 13:23:32 2015 from dc01.example.com >> user3 at debclient:~$ >> >> No spinning winbind PID >> >> Have I found the cure ? > Hmm. Weird. This is also with the exact same platform? > > Volker >root at debclient:~# smbd -V Version 4.2.3-SerNet-Debian-7.wheezy root at debclient:~# uname -a Linux debclient 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u3 x86_64 GNU/Linux root at debclient:~# cat /etc/debian_version 7.8