API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 27th, 2017
83
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.26 KB | None | 0 0
raw download clone embed print report
  1. [sssd]
  2. domains = ad.domain.com
  3. config_file_version = 2
  4. services = nss, pam
  5.  
  6. [domain/ad.domain.com]
  7. id_provider = ad
  8. auth_provider = ad
  9. access_provider = ad
  10.  
  11. default_shell = /bin/bash
  12. fallback_homedir = /home/%d/%u
  13.  
  14. use_fully_qualified_names = True
  15.  
  16. # Uncomment if you want to use POSIX UIDs and GIDs set on the AD side
  17. ldap_id_mapping = True
  18.  
  19. [global]
  20. workgroup = AD
  21. security = ADS
  22. # WARNING: The setting 'security=ads' should NOT be combined with the 'password server' parameter.
  23. # password server = MACHINENAME.AD.DOMAIN.COM
  24. realm = AD.DOMAIN.COM
  25.  
  26. log file = /var/log/samba/%m.log
  27.  
  28. max log size = 50
  29. template shell = /bin/bash
  30. # 'winbind separator = +' might cause problems with group membership.
  31. # winbind separator = +
  32. winbind enum users = Yes
  33. winbind enum groups = Yes
  34. winbind use default domain = Yes
  35. template homedir = /home/%D/%U
  36. idmap config AD : schema_mode = rfc2307
  37. idmap config AD : range = 10000000-29999999
  38. idmap config AD : default = yes
  39. idmap config AD : backend = rid
  40. idmap config * : range = 20000-29999
  41. idmap config * : backend = tdb
  42.  
  43. passwd: files sss winbind
  44. shadow: files sss winbind
  45. group: files sss winbind
  46. hosts: files dns myhostname
  47.  
  48. bootparams: nisplus [NOTFOUND=return] files
  49.  
  50. ethers: files
  51. netmasks: files
  52. networks: files
  53. protocols: files
  54. rpc: files
  55. services: files sss
  56.  
  57. netgroup: files sss
  58.  
  59. publickey: nisplus
  60.  
  61. automount: files
  62. aliases: files nisplus
  63.  
  64. [...]
  65. AllowGroups root DOMAINallow_ssh_admin
  66.  
  67. login as: DOMAINUser
  68. DOMAINUser@ip password:
  69.  
  70. Mar 27 05:21:13 machine sshd[20175]: User User from IP not allowed because none of user's groups are listed in AllowGroups
  71. Mar 27 05:21:13 machine sshd[20175]: input_userauth_request: invalid user DOMAIN\\User [preauth]
  72. Mar 27 05:21:23 machine sshd[20175]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP user=DOMAINUser
  73. Mar 27 05:21:23 machine sshd[20175]: pam_sss(sshd:auth): received for user DOMAINUser: 10 (User not known to the underlying authentication module)
  74. Mar 27 05:21:23 machine sshd[20175]: Failed password for invalid user DOMAIN\User from IP port 53406 ssh2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!