winbind + AD + sshd allowgroups = unreliable ssh logins.
Im having a nerve racking problem with winbind/sshd and allowed groups. I have read this setup works in many other cases but I have yet to get it to work reliably in our environment.
We have a large AD domain with thousands of groups and users. My problem lies with sshd and allowing specific AD groups ssh permissions. No matter what I try if I add an AD group to allowgroups in sshd_config remote login performance takes a big hit. And by performance I mean the ability to logon through ssh... sometimes I can logon sometimes I cant other times I am just denied access. os = SLES 10 SP2 samba versions are 3.0.32 AD is 2008 Mixed Mode/2003 compatibility mode. Here is the relevant section of smb.conf edit: I also need to add that all the accounts I am working with do have the appropriate primary groups set in AD. Code:
[global] |
hmm.. Does anyone have a similar setup to this that is working? Im really having a hard time figuring out if the problem is samba, ad or ssh? Any feedback would be appreciated.
|
All times are GMT -5. The time now is 11:31 PM. |