LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-03-2013, 11:09 PM   #1
Stannley
Member
 
Registered: Jul 2010
Posts: 35

Rep: Reputation: 0
How to connect to a Machine in a Different Domain


Hi

I have a machine that is joined to our PFS domain. It is accessed through SSH, telnet and Samba Shares.

How can I connect to this machine via the above methods from a different domain (HQ)?

HQ is a trusted domain and I have set allow trusted domains = yes.

I am able to use wbinfo to authenticate the HQ user as hq+sxt007, however I am unable to SSH or telnet using that user.

Part of the problem is that I don't know the format I should be using for the username when attempting to log on! I have tried hq+sxt007, hq\sxt007, hq\\sxt007 and sxt007@hq.

Thanks

Simon
 
Old 07-03-2013, 11:17 PM   #2
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Hi,

sorry I have no idea what a "PFS domain" is, but this looks to be a question about ssh so this "domain" information may be to be irrelevant.

Syntax for using ssh is:
Code:
ssh username@hostname
where the username is what is listed in /etc/passwd on the machine running sshd. And hostname is the resolvable hostname of the machine running sshd (or its IP address).
What happens if you try to ping the machine?
Code:
ping hostname
If this fails, then you need to address it before moving on to ssh.

Assuming the ping works, what happens if you try to use ssh as described above? If it doesn't work try again with verbose output turned on:
Code:
ssh -vvv username@hostname
And post the output here.

Evo2.

PS. I've assumed here that sshd is really running and listening on port 22.
 
Old 07-04-2013, 12:00 AM   #3
Stannley
Member
 
Registered: Jul 2010
Posts: 35

Original Poster
Rep: Reputation: 0
Hi Evo2,

PFS is the name of the domain that the machine has joined. HQ is the name of the domain containing the user I would like to connect as.

I am able to ssh has the user from PFS using ssh simon.tann@sbvx10603 and pfs+ssh simon.tann@sbvx10603, but am unable to ssh as my HQ user by using ssh sxt007@sbvx10603 or ssh hq+sxt007@sbvx10603.

Heres the debug output:

[simon.tann@sdvx10600 data]$ ssh -vvv hq+sxt007@sbvx10603
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to sbvx10603 [10.0.5.108] port 22.
debug1: Connection established.
debug1: identity file /home/winnt/PFS/simon.tann/.ssh/identity type -1
debug1: identity file /home/winnt/PFS/simon.tann/.ssh/id_rsa type -1
debug1: identity file /home/winnt/PFS/simon.tann/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 813
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 837
debug2: dh_gen_key: priv key bits set: 122/256
debug2: bits set: 512/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 981
debug3: check_host_in_hostfile: filename /home/winnt/PFS/simon.tann/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug3: check_host_in_hostfile: filename /home/winnt/PFS/simon.tann/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'sbvx10603' is known and matches the RSA host key.
debug1: Found key in /home/winnt/PFS/simon.tann/.ssh/known_hosts:2
debug2: bits set: 497/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 997
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1045
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/winnt/PFS/simon.tann/.ssh/identity ((nil))
debug2: key: /home/winnt/PFS/simon.tann/.ssh/id_rsa ((nil))
debug2: key: /home/winnt/PFS/simon.tann/.ssh/id_dsa ((nil))
debug3: Wrote 80 bytes for a total of 1125
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 10.0.5.108.
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_15162' not found

debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_15162' not found

debug1: Unspecified GSS failure. Minor code may provide more information


debug1: Unspecified GSS failure. Minor code may provide more information


debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/winnt/PFS/simon.tann/.ssh/identity
debug3: no such identity: /home/winnt/PFS/simon.tann/.ssh/identity
debug1: Trying private key: /home/winnt/PFS/simon.tann/.ssh/id_rsa
debug3: no such identity: /home/winnt/PFS/simon.tann/.ssh/id_rsa
debug1: Trying private key: /home/winnt/PFS/simon.tann/.ssh/id_dsa
debug3: no such identity: /home/winnt/PFS/simon.tann/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
hq+sxt007@sbvx10603's password:
debug3: packet_send2: adding 48 (len 63 padlen 17 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 144 bytes for a total of 1269
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
 
Old 07-04-2013, 12:12 AM   #4
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Hi,

I still don't understand about "domains".. has this got something to do with microsoft protocols?

Anyway onto the problem. From the output of ssh, things look pretty good. You've been able to connect to the sshd, but your authentication is failing. You seem to be using the username "hq+sxt007": that doesn't look like a legal username to me sinec it contains "+" can you confirm that user really exists on sbv10603? Eg check /etc/passwd on sbvx10603. I suspect you should be using sxt007 as the username.

It is also worth checking the sshd logs on sbvx10603. Exactly which log file depends on what distro you are running. For example on a Debian (or Debian derived machine) you would look in /var/log/auth.log. Anyway please repeat this using sxt007 username.

Cheers,

Evo2.
 
Old 07-04-2013, 01:43 AM   #5
Stannley
Member
 
Registered: Jul 2010
Posts: 35

Original Poster
Rep: Reputation: 0
Hi Evo2

There are no local users set up on the machine - we use AD authentication through winbind. The plus symbol in the username is a replacement character that replaces the '\' (I think) that usually separates the domain name from the username.

We can test the authentication by doing the following:

[root@sbvx10603 PFS]# wbinfo -a hq+sxt007
Enter hq+sxt007's password:
plaintext password authentication succeeded
Enter hq+sxt007's password:
challenge/response password authentication succeeded

So I can tell that the authentication is working and that the machine can see the HQ domain. I just don't know how to log in using those credentials, or if there is any set up that I need to do to make that possible.

Cheers

Simon
 
Old 07-04-2013, 01:54 AM   #6
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Hi,

ok, this is way out of my area of expertise: I have don't ever recall hearing of "AD or "winbind". Hopefully someone else can help you.

Cheers,

Evo2.
 
Old 07-04-2013, 01:57 AM   #7
Stannley
Member
 
Registered: Jul 2010
Posts: 35

Original Poster
Rep: Reputation: 0
Thanks for the attempt anyway!
 
Old 07-04-2013, 02:51 AM   #8
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,260

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
I'm sure evo2 is just having a bad day
AD=Active Directory.
I had a quick google for Linux+ssh+Active Directory; lots of hits, this looks promising http://kadirsert.blogspot.com.au/201...ng-active.html
 
Old 07-04-2013, 02:58 AM   #9
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Hi,
Quote:
Originally Posted by chrism01 View Post
I'm sure evo2 is just having a bad day
AD=Active Directory.
All the talk of "domains" should have indicted to me that it was windows foo: I should never have stuck my nose into this thread.

Evo2, out.
 
Old 07-04-2013, 03:48 AM   #10
Stannley
Member
 
Registered: Jul 2010
Posts: 35

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by chrism01 View Post
I'm sure evo2 is just having a bad day
AD=Active Directory.
I had a quick google for Linux+ssh+Active Directory; lots of hits, this looks promising http://kadirsert.blogspot.com.au/201...ng-active.html
Thanks for that chrismo... the link you provided indicates how to set up winbind to talk to AD which I have already done. It doesnt mention how to allow a user from another domain to talk to it though.

Thanks anyway!
 
  


Reply

Tags
domain, samba, ssh, telnet, winbind


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Unable to connect to Server machine from a client machine using ftp service raosr020 Linux - Newbie 3 03-26-2013 12:14 PM
Samba4 domain not seeing imported users ,Groups and Machine Accounts from samba3 domain treedstang Linux - Server 0 01-07-2013 12:45 AM
Joining a linux machine to a windows domain having a wndows 2003 as domain contoller sukalyan_g SUSE / openSUSE 1 03-28-2008 02:31 AM
Regarding Connect the linux machine with windows domain controller hinetvenkat Linux - Networking 1 03-14-2006 12:50 PM
Joining a machine from another domain to my linux samba domain acummins Linux - Networking 0 09-13-2003 08:07 AM


All times are GMT -5. The time now is 02:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration