First question is, should I be able to ssh to the dc? I can ssh to the domain members and the sshd and ssh configs are set up the same as well as nsswitch.conf. When I try to ssh with a domain account I see this error in the auth.log: Jun 10 11:15:45 DC01 sshd[2171041]: Failed password for invalid user newtestuser from 10.0.0.11 port 35044 ssh2 The command I'm running is: ssh newtestuser at 10.0.0.10 HOME or ssh newtestuser at HOME@10.0.0.10 wbinfo -K newtestuser Enter newtestuser's password: plaintext kerberos password authentication for [newtestuser] failed (requesting cctype: FILE) wbcLogonUser(newtestuser): error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e) error message was: No logon servers are currently available to service the logon request. Could not authenticate user [newtestuser] with Kerberos (ccache: FILE) wbinfo -p Ping to winbindd succeeded wbinfo -t checking the trust secret for domain HOME via RPC calls succeeded ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In all things, Be Intentional.
On 10/06/2023 16:39, Rob Campbell via samba wrote:> First question is, should I be able to ssh to the dc?Yes, you should be able to login via SSH> I can ssh to the > domain members and the sshd and ssh configs are set up the same as well as > nsswitch.conf.However, you need to have the winbind nss links set up. Does 'getent passwd newtestuser' produce output ? Rowland