Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 01-02-2013, 10:52 AM   #1
LQ Newbie
Registered: Jan 2013
Posts: 6

Rep: Reputation: Disabled
Winbind and SSH

Hi, I am a bit of a linux newbie but I am trying to go over some systems that I have been left with. I have installed winbind, samba and ssh on a fresh debian server but I am having some problems give Active Directory users ssh access.

When I look in /etc/ssh/sshd_config I see that root and the user I created during install are added to AllowGroups line. Having a quick look around it seems to me that users should be added with AllowUsers, but when I try and change it I lose ssh access for root so I kept it as AllowGroups.

The previous admin set up a windows group, linuxusers, when I add this to sshd_config AllowGroups I am able to ssh to the server. When I then remove the group from sshd_config I am still able ssh to the server. I restart ssh with /etc/init.d/ssh reload. How do I remove access from users/groups?

I created a new windows group, websixssh, when I add to the AllowGroups in sshd_config users are not able to ssh to the server. Also if I add a new user to the old group, linuxusers, they cant ssh to the server.

The user gets a access is denied message, and in /var/log/auth.log
Jan 2 15:26:13 EUKWeb6 sshd[8090]: User masum.islam from euk-sb34110. not allowed because none of user's groups are listed in AllowGroups
Jan 2 15:26:13 EUKWeb6 sshd[8090]: Failed none for invalid user masum.islam from port 57116 ssh2

Does anyone have an idea what I am doing wrong?

Winbind can return the group and user details with wbinfo

Old 01-02-2013, 03:33 PM   #2
Registered: Sep 2007
Location: Canada
Distribution: RHEL, Debian, SUSE
Posts: 34

Rep: Reputation: 1
You want to get it done quickly, try and use

easy integration and get it done in minutes, have used them before, its free and never had any issues.
Old 01-04-2013, 04:27 AM   #3
LQ Newbie
Registered: Jan 2013
Posts: 6

Original Poster
Rep: Reputation: Disabled
Hi amlife,
I will look into Centrify as I am still unable to resolve.
Old 01-04-2013, 11:24 PM   #4
Registered: Sep 2009
Location: Perth, W.A.
Distribution: Slackware 14, Debian 8, FreeBSD 10, OpenBSD
Posts: 189

Rep: Reputation: 35
The keyword is kerberos. Try googling "debian ssh activedirectory". These links all seem worthwhile, with the first one quite recent:


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh and winbind seem to die after log out bino_linux Linux - Desktop 1 09-23-2010 07:02 AM
winbind + AD + sshd allowgroups = unreliable ssh logins. trey85stang Linux - Enterprise 1 06-03-2009 05:17 PM
password issue winbind + ssh esdeedee Linux - Server 0 11-05-2008 05:32 AM
SSH + Winbind Group Authentication Question ericspreher Linux - Security 2 08-29-2007 01:52 PM
winbind --with-winbind-auth-challenge paul_mat Linux - Networking 0 09-27-2005 02:19 AM

All times are GMT -5. The time now is 12:55 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration