Hello,
I have done this a number of times, and it works but this time it doesn’t and i have no clue as to why.
I created a new installation and i used the winbindd (through YaST) to add the machine to the AD (2012R2).
Trying to login to SSH using a user from the AD didn’t work. So i decided to setup the Authentication client. Still doesn’t work.
Here is the error:
Postponed keyboard-interactive for invalid user example\user from ::1 port 39707 ssh2 [preauth]pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost
pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=example\user
pam_sss(sshd:auth): received for user clouda-vasileiosg: 10 (User not known to the underlying authentication module)
pam_winbind(sshd:auth): getting password (0x00000390)
pam_winbind(sshd:auth): pam_get_item returned a password
error: PAM: User not known to the underlying authentication module for illegal user example\user from localhost
Failed keyboard-interactive/pam for invalid user example\user from ::1 port 39707 ssh2
Postponed keyboard-interactive for invalid user example\user from ::1 port 39707 ssh2 [preauth]
i tried both ssh
example\\user@localhost
and
ssh user@localhost
Here is my smb.conf
[global]
workgroup = CLOUD
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = No
idmap gid = 10000-20000
idmap uid = 10000-20000
kerberos method = secrets and keytab
realm = EXAMPLE.COM
security = ADS
template homedir = /home/%D/%U
template shell = /bin/bash
winbind offline logon = yes
winbind refresh tickets = yes
and krb5.conf
[libdefaults] clockskew = 300
default_realm = EXAMPLE.COM
[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com
default_domain = example.com
admin_server = kerberos.example.com
}
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[domain_realm]
.cloud.local = EXAMPLE.COM
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
minimum_uid = 1
}
and finally sssd.conf
[sssd]config_file_version = 2
services = nss,pam,ssh
domains = example.com
[domain/example.com]
id_provider = ad
auth_provider = ad
enumerate = true
cache_credentials = true
ad_server = 69.69.69.69
access_provider = ad
chpass_provider = ad
cache_credentials = true
[nss]
filter_users = root
filter_groups = root
[pam]
[ssh]
Any ideas would be appreciated