Visit Jeremy's Blog.
Go Back > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.


  Search this Thread
Old 06-01-2009, 01:31 PM   #1
Senior Member
Registered: Sep 2003
Posts: 1,091

Rep: Reputation: 41
winbind + AD + sshd allowgroups = unreliable ssh logins.

Im having a nerve racking problem with winbind/sshd and allowed groups. I have read this setup works in many other cases but I have yet to get it to work reliably in our environment.

We have a large AD domain with thousands of groups and users.

My problem lies with sshd and allowing specific AD groups ssh permissions. No matter what I try if I add an AD group to allowgroups in sshd_config remote login performance takes a big hit. And by performance I mean the ability to logon through ssh... sometimes I can logon sometimes I cant other times I am just denied access.

os = SLES 10 SP2
samba versions are 3.0.32

AD is 2008 Mixed Mode/2003 compatibility mode. Here is the relevant section of smb.conf

edit: I also need to add that all the accounts I am working with do have the appropriate primary groups set in AD.

        workgroup = DOMAIN
        netbios name = hostname
        usershare allow guests = No
        idmap gid = 10000-20000
        idmap uid = 10000-20000
        security = ADS
        realm = DOMAIN.COM
        password server =
        domain master = no
        winbind separator = +
        winbind enum users = no
        winbind enum groups = no
        winbind use default domain = yes
        client use spnego = yes
        winbind offline logon = yes
        winbind refresh tickets = yes
        template homedir = /home/%D/%U
        template shell = /bin/bash
Anyone have any ideas?

Last edited by trey85stang; 06-01-2009 at 01:37 PM.
Old 06-03-2009, 04:17 PM   #2
Senior Member
Registered: Sep 2003
Posts: 1,091

Original Poster
Rep: Reputation: 41
hmm.. Does anyone have a similar setup to this that is working? Im really having a hard time figuring out if the problem is samba, ad or ssh? Any feedback would be appreciated.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
password issue winbind + ssh esdeedee Linux - Server 0 11-05-2008 04:32 AM
Starting sshd: /etc/init.d/sshd: line 113: /usr/sbin/sshd: Permission denied sumanc Linux - Server 5 03-28-2008 04:59 AM
sshd_config allowusers allowgroups wolfipa Linux - Software 2 08-02-2007 05:59 AM
Mac OS X ssh client / linux sshd : ssh hangs/disconnects Apollo77 Linux - Networking 1 05-24-2006 11:53 AM
Enabling SSH in mandrake 9.2 - sshd vs. sshd-xinetd DogTags Linux - Newbie 7 11-25-2003 12:17 PM > Forums > Enterprise Linux Forums > Linux - Enterprise

All times are GMT -5. The time now is 10:14 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration