Kaplan, Andrew H.
2016-Jun-13 20:42 UTC
[Samba] Problem with Active Directory authentication
Hello -- I have made considerable progress. When I am at the server console, I am able to enter my domain username and password, and I am able to log into the server. I had several follow-up questions: 1. How can I configure an SSH connection to the server that will utilize the active directory login? 2. When the login completes, I encounter the following error messages: Unknown parameter encountered: "netbios" Ignoring unknown parameter "netbios" Unknown parameter encountered: "winbind allow trusted domains" Ignoring unknown parameter "winbind allow trusted domains" I believe these go back to smb.conf file. The lines in question read as follows: netbios = <hostname> ... winbind allow trusted domains = no I checked the syntax of the two lines within the file, and everything looked fine. Does anyone have any thoughts on this? Thanks. ________________________________________ From: samba [samba-bounces at lists.samba.org] on behalf of Rowland penny [rpenny at samba.org] Sent: Monday, June 13, 2016 11:27 AM To: samba at lists.samba.org Subject: Re: [Samba] Problem with Active Directory authentication On 13/06/16 14:43, Kaplan, Andrew H. wrote:> Hello -- > > We are not running a Samba domain controller, rather we are relying on > our network engineering group. I am not > sure how willing they are in setting up the NIS extensions feature. > > To facilitate matters, would it be better for our either setting up > the current system as a samba domain contoller, > or establishing a separate computer that functions exclusively in that > capacity? > ------------------------------------------------------------------------ >If you cannot use the RFC2307 attributes, then you could use the winbind 'rid' backend, see here for more info: https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member You will need to follow the relevant link and use the 'template' lines. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.
On 13/06/16 21:42, Kaplan, Andrew H. wrote:> Hello -- > > I have made considerable progress. When I am at the server console, I am able to enter my domain username and password, and I am able to log into the server. I had several follow-up questions: > > 1. How can I configure an SSH connection to the server that will utilize the active directory login?If you mean 'user at samdom.example.com', then I don't think you can, but you can use 'user at hostname'> > 2. When the login completes, I encounter the following error messages: > > > Unknown parameter encountered: "netbios" > Ignoring unknown parameter "netbios" > Unknown parameter encountered: "winbind allow trusted domains" > Ignoring unknown parameter "winbind allow trusted domains" > > I believe these go back to smb.conf file. The lines in question read as follows: > > netbios = <hostname>This should be netbios name = <hostname>> ... > winbind allow trusted domains = noI think this should be 'allow trusted domains = no' Rowland> > I checked the syntax of the two lines within the file, and everything looked fine. > > Does anyone have any thoughts on this? > > Thanks. >
Kaplan, Andrew H.
2016-Jun-14 14:53 UTC
[Samba] Problem with Active Directory authentication
Hello -- I was able to get SSH with Active Directory authentication set up on the server. It involved several modifications to the sshd_config file. I am listing the changes that were made for the benefit of the group: # Change to no to disable s/key passwords ChallengeResponseAuthentication no # Kerberos options KerberosAuthentication yes #KerberosOrLocalPasswd yes KerberosTicketCleanup yes KerberosGetAFSToken yes # GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials yes There is one more caveat that I need to overcome. So far, one domain user account is able to log into the server at the console, or through an SSH connection. However, any other user account is not able to do so. When the su - <username> command is entered at the console, the output reads as follows: No passwd entry for <username> The auth.log file has entries that read as follows: Invalid user <username> from <ip address> input_userauth_request: invalid user <username> [preauth] pam_unix(sshd:auth): check pass; user unknown pam_unix(sshd:auth): authentication failure; logname =uid=0 eudi=0 tty=ssh ruser= rhost=<hostname> What step(s) do I need to take in order to get all domain user accounts to be able to log into the server, as opposed to only one? Thanks. ________________________________________ From: samba [samba-bounces at lists.samba.org] on behalf of Rowland penny [rpenny at samba.org] Sent: Monday, June 13, 2016 4:53 PM To: samba at lists.samba.org Subject: Re: [Samba] Problem with Active Directory authentication On 13/06/16 21:42, Kaplan, Andrew H. wrote:> Hello -- > > I have made considerable progress. When I am at the server console, I am able to enter my domain username and password, and I am able to log into the server. I had several follow-up questions: > > 1. How can I configure an SSH connection to the server that will utilize the active directory login?If you mean 'user at samdom.example.com', then I don't think you can, but you can use 'user at hostname'> > 2. When the login completes, I encounter the following error messages: > > > Unknown parameter encountered: "netbios" > Ignoring unknown parameter "netbios" > Unknown parameter encountered: "winbind allow trusted domains" > Ignoring unknown parameter "winbind allow trusted domains" > > I believe these go back to smb.conf file. The lines in question read as follows: > > netbios = <hostname>This should be netbios name = <hostname>> ... > winbind allow trusted domains = noI think this should be 'allow trusted domains = no' Rowland> > I checked the syntax of the two lines within the file, and everything looked fine. > > Does anyone have any thoughts on this? > > Thanks. >-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.