Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [sssd]
- domains = ad.domain.com
- config_file_version = 2
- services = nss, pam
- [domain/ad.domain.com]
- id_provider = ad
- auth_provider = ad
- access_provider = ad
- default_shell = /bin/bash
- fallback_homedir = /home/%d/%u
- use_fully_qualified_names = True
- # Uncomment if you want to use POSIX UIDs and GIDs set on the AD side
- ldap_id_mapping = True
- [global]
- workgroup = AD
- security = ADS
- # WARNING: The setting 'security=ads' should NOT be combined with the 'password server' parameter.
- # password server = MACHINENAME.AD.DOMAIN.COM
- realm = AD.DOMAIN.COM
- log file = /var/log/samba/%m.log
- max log size = 50
- template shell = /bin/bash
- # 'winbind separator = +' might cause problems with group membership.
- # winbind separator = +
- winbind enum users = Yes
- winbind enum groups = Yes
- winbind use default domain = Yes
- template homedir = /home/%D/%U
- idmap config AD : schema_mode = rfc2307
- idmap config AD : range = 10000000-29999999
- idmap config AD : default = yes
- idmap config AD : backend = rid
- idmap config * : range = 20000-29999
- idmap config * : backend = tdb
- passwd: files sss winbind
- shadow: files sss winbind
- group: files sss winbind
- hosts: files dns myhostname
- bootparams: nisplus [NOTFOUND=return] files
- ethers: files
- netmasks: files
- networks: files
- protocols: files
- rpc: files
- services: files sss
- netgroup: files sss
- publickey: nisplus
- automount: files
- aliases: files nisplus
- [...]
- AllowGroups root DOMAINallow_ssh_admin
- login as: DOMAINUser
- DOMAINUser@ip password:
- Mar 27 05:21:13 machine sshd[20175]: User User from IP not allowed because none of user's groups are listed in AllowGroups
- Mar 27 05:21:13 machine sshd[20175]: input_userauth_request: invalid user DOMAIN\\User [preauth]
- Mar 27 05:21:23 machine sshd[20175]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP user=DOMAINUser
- Mar 27 05:21:23 machine sshd[20175]: pam_sss(sshd:auth): received for user DOMAINUser: 10 (User not known to the underlying authentication module)
- Mar 27 05:21:23 machine sshd[20175]: Failed password for invalid user DOMAIN\User from IP port 53406 ssh2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement