----- Original Message ----- > From: "Marc Jakob" <[email protected]> > To: "Discussion list for OpenIndiana" <[email protected]> > Sent: Wednesday, September 17, 2014 6:10:01 AM > Subject: Re: [OpenIndiana-discuss] AD Authentication and Samba 4 Active > Directory > > Hi Andrew, > > did you put the following in nsswitch.conf: > > passwd: files ad > group: files ad > > having joined to my samba4 AD controller ssh login works using putty and > GSSAPI login (Kerberos token from AD login) using my windows user name - > which has to exist in passwd or you use ldap client bindings to retrieve > shell and so on.
Hi Marc, Yes, I have my nsswitch.conf configured as follows: passwd: files ldap group: files ldap getent passwd <user-in-ad> returns the expected information: aduser:x:10000:10004:aduser:/home/aduser:/bin/sh Moreover, I added the exact lines to /etc/pam.conf as detailed here: http://wiki.openindiana.org/oi/Kerberos+and+LDAP#KerberosandLDAP-PAM When running an sshd instance in debug mode, I am still denied: debug2: input_userauth_request: try method keyboard-interactive debug1: keyboard-interactive devs debug2: Starting PAM service sshd-kbdint for method keyboard-interactive debug2: Calling pam_authenticate() debug2: PAM echo off prompt: Password: debug2: Nesting dispatch_run loop debug1: got 1 responses debug2: Nested dispatch_run loop exited debug1: PAM conv function returns PAM_SUCCESS Keyboard-interactive (PAM) userauth failed[9] while authenticating: Authentication failed What else should I try? Thanks, Andrew _______________________________________________ openindiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
