I actually spent the entire last day getting 'ad' backend to work. Adding 'idmap config SAMDOM : backend = ad' and related lines in the client's smb.conf results in `getent passwd` ... Use : getent passwd username Check if wbinfo -u works also. As tip, if you try these. id username getent passwd username wbinfo -u | grep username If all work and show your usename, then you should be able to login (sso) on ssh. If your users are only on this server and you dont need to share homedirs. Then you need mk_homedir in pam also. To enable, its simple on ubuntu/debian pam-auth-update --package mkhomedir pam-auth-update And enable mkhomedir ( you can use pam-auth-update --force also ) Greetz, Louis
> ... > Use : getent passwd username > Check if wbinfo -u works also.With and without 'backend : ad', 'wbinfo -u' works fine. However, with 'backend : ad', `getent passwd administrator` doesn't show AD user; hence I'm unable to su or ssh.> As tip, if you try these. > > id username > getent passwd username > wbinfo -u | grep usernameTried all these. Thanks!> If all work and show your usename, then you should be able to login (sso) on ssh. > > If your users are only on this server and you dont need to share homedirs. > Then you need mk_homedir in pam also. > To enable, its simple on ubuntu/debian > > pam-auth-update --package mkhomedir > pam-auth-update > And enable mkhomedir ( you can use pam-auth-update --force also )Got it! Regards, Harp> > > ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > To unsubscribe from this list go to the following URL and read the > instructions: lists.samba.org/mailman/options/samba
Again, Test with a user NOT named : Administrator> -----Oorspronkelijk bericht----- > Van: Harpoon [mailto:harp00n at protonmail.com] > Verzonden: vrijdag 18 januari 2019 11:47 > Aan: L.P.H. van Belle > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] SSH SSO without keytab file > > > ... > > Use : getent passwd username > > Check if wbinfo -u works also. > > With and without 'backend : ad', 'wbinfo -u' works fine. > However, with 'backend : ad', `getent passwd administrator` > doesn't show AD user; hence I'm unable to su or ssh. > > > As tip, if you try these. > > > > id username > > getent passwd username > > wbinfo -u | grep username > Tried all these. > > Thanks! > > > > If all work and show your usename, then you should be able > to login (sso) on ssh. > > > > If your users are only on this server and you dont need to > share homedirs. > > Then you need mk_homedir in pam also. > > To enable, its simple on ubuntu/debian > > > > pam-auth-update --package mkhomedir > > pam-auth-update > > And enable mkhomedir ( you can use pam-auth-update --force also ) > Got it! > > Regards, > Harp > > > > > > > -------------------------------------------------------------- > -------------------------------------------------------------- > -------------------------------------------------------------- > -------------------------------------------------------------- > -------------------------------------------------------------- > -------------------------------------------------------------- > -------------------------------------------------------------- > -------------------------------------------------------------- > -------------------------------------------------------------- > -------------------------------------------------------------- > -------------------------------------------------------------- > ------------------------- > > > > To unsubscribe from this list go to the following URL and read the > > instructions: lists.samba.org/mailman/options/samba > > >
On Fri, 18 Jan 2019 10:46:49 +0000 Harpoon via samba <samba at lists.samba.org> wrote:> > ... > > Use : getent passwd username > > Check if wbinfo -u works also. > > With and without 'backend : ad', 'wbinfo -u' works fine. However, > with 'backend : ad', `getent passwd administrator` doesn't show AD > user; hence I'm unable to su or ssh. >'wbinfo' goes direct to AD, if this doesn't work, you definitely have problems ;-) However, just because wbinfo works, doesn't mean that your Unix OS will know who your AD users are, this is where Samba and the winbind backend comes in, until you get this working, you cannot rely on anything else. Rowland