Yes and the permissions are ok too.
getent passwd XXXX
XXXX:*:11109:10513::/home/<DOMAIN>/XXXXX:/bin/bash
I exected comand(simulated ssh):
login XXXX
journalctl |grep login
-------------------
Jan 16 17:33:05 <HOSTNAME> login[2150]: pam_unix(login:auth):
authentication failure; logname=USER-SUDO uid=0 euid=0 tty=/dev/pts/0
ruser= rhost= user=XXXXXXX
Jan 16 17:33:07 <HOSTNAME> login[2150]: FAILED LOGIN (1) on
'/dev/pts/0'
FOR 'XXXXXX', Authentication failure
Jan 16 17:33:26 <HOSTNAME> login[2152]: pam_unix(login:auth):
authentication failure; logname=USER-SUDO uid=0 euid=0 tty=/dev/pts/0
ruser= rhost= user=XXXXXXX
Jan 16 17:33:29 <HOSTNAME> login[2152]: FAILED LOGIN (1) on
'/dev/pts/0'
FOR 'XXX', Authentication failure
--------------------------
My password is correct, login in Windows no problem with password.
Regards;
On 16-01-2018 17:58, Rowland Penny via samba wrote:> On Tue, 16 Jan 2018 17:49:16 -0200
> Carlos via samba <samba at lists.samba.org> wrote:
>
>> Hi!!
>>
>> I dont sucess in ssh with user my domain, in my Filserver(Member)
>>
>> Samba 4.7.3 Compilated
>>
>> Ubuntu 16.04
>>
>> # smb.conf
>>
>> [global]
>> workgroup = XXXXX
>> realm = INTERNO.XXX.XXXX.BR
>> security = ADS
>> username map = /usr/local/samba/etc/user.map
>>
>> dedicated keytab file = /etc/krb5.keytab
>> kerberos method = secrets and keytab
>> winbind cache time = 60
>>
>> winbind max clients = 600
>> winbind enum users = Yes
>> winbind enum groups = Yes
>> winbind use default domain = Yes
>> winbind nss info = rfc2307
>> winbind refresh tickets = Yes
>> winbind nss info = template
>> template shell = /bin/bash
>>
>> idmap config * : backend = tdb
>> idmap config * : range = 3000-7999
>> idmap config XXXX : backend = rid
>> idmap config XXXXX : range = 10000-999999
>>
>>
>> # Necessario para Fileserver
>> map acl inherit = Yes
>> store dos attributes = Yes
>>
>> #
>> # Disable Cups
>> load printers = no
>> printing = bsd
>> printcap name = /dev/null
>> disable spoolss = yes
>>
>> # Lixeira + Auditoria
>> vfs objects = recycle,full_audit,acl_xattr
>> recycle:keeptree = yes
>> recycle:versions = yes
>> recycle:repository = /opt/DADOS/Lixeira/%U
>> recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso,
>> *.exe recycle:exclude_dir = tmp
>> recycle:touch = yes
>> recycle:touch_mtime = yes
>> full_audit:failure = none
>> full_audit:facility = local5
>> full_audit:priority = notice
>> full_audit:prefix = %u|%I|%S
>> full_audit:success = rename rmdir unlink
>>
>> # include
>> include = /opt/samba/etc/compartilhamento.conf
>>
>>
>> ls -l /lib/x86_64-linux-gnu/libnss_winbind.so*
>> lrwxrwxrwx 1 root root 41 Dez 8 18:00
>> /lib/x86_64-linux-gnu/libnss_winbind.so ->
>> /lib/x86_64-linux-gnu/libnss_winbind.so.2
>> lrwxrwxrwx 1 root root 40 Dez 8 18:00
>> /lib/x86_64-linux-gnu/libnss_winbind.so.2 ->
>> /usr/local/samba/lib/libnss_winbind.so.2
>>
>>
>> /etc/pam.d# cat common-session
>>
>> ..
>>
>> ....
>>
>> and here are more per-package modules (the "Additional"
block)
>> session required pam_unix.so
>> session optional pam_systemd.so
>> session optional pam_winbind.so
>> session optional pam_mkhomedir.so skel=/etc/skel umask=077
>>
>> Any ideia ?
>>
>> Regards;
>>
>>
>>
>>
> If you run 'getent passwd <user you want to use with ssh>' on
the
> fileserver, do you get any output ?
>
> Rowland
>