LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
Reload this Page winbind + AD + sshd allowgroups = unreliable ssh logins.
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices


Reply
  Search this Thread
Old 06-01-2009, 02:31 PM   #1
trey85stang
Senior Member
 
Registered: Sep 2003
Posts: 1,091

Rep: Reputation: 41
winbind + AD + sshd allowgroups = unreliable ssh logins.

Im having a nerve racking problem with winbind/sshd and allowed groups. I have read this setup works in many other cases but I have yet to get it to work reliably in our environment.

We have a large AD domain with thousands of groups and users.

My problem lies with sshd and allowing specific AD groups ssh permissions. No matter what I try if I add an AD group to allowgroups in sshd_config remote login performance takes a big hit. And by performance I mean the ability to logon through ssh... sometimes I can logon sometimes I cant other times I am just denied access.

os = SLES 10 SP2
samba versions are 3.0.32

AD is 2008 Mixed Mode/2003 compatibility mode. Here is the relevant section of smb.conf

edit: I also need to add that all the accounts I am working with do have the appropriate primary groups set in AD.

Code:
[global]
        workgroup = DOMAIN
        netbios name = hostname
        usershare allow guests = No
        idmap gid = 10000-20000
        idmap uid = 10000-20000
        security = ADS
        realm = DOMAIN.COM
        password server = domain.com
        domain master = no
        winbind separator = +
        winbind enum users = no
        winbind enum groups = no
        winbind use default domain = yes
        client use spnego = yes
        winbind offline logon = yes
        winbind refresh tickets = yes
        template homedir = /home/%D/%U
        template shell = /bin/bash
Anyone have any ideas?
Last edited by trey85stang; 06-01-2009 at 02:37 PM.
 
Old 06-03-2009, 05:17 PM   #2
trey85stang
Senior Member
 
Registered: Sep 2003
Posts: 1,091

Original Poster
Rep: Reputation: 41
hmm.. Does anyone have a similar setup to this that is working? Im really having a hard time figuring out if the problem is samba, ad or ssh? Any feedback would be appreciated.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
password issue winbind + ssh esdeedee Linux - Server 0 11-05-2008 05:32 AM
Starting sshd: /etc/init.d/sshd: line 113: /usr/sbin/sshd: Permission denied sumanc Linux - Server 5 03-28-2008 05:59 AM
sshd_config allowusers allowgroups wolfipa Linux - Software 2 08-02-2007 06:59 AM
Mac OS X ssh client / linux sshd : ssh hangs/disconnects Apollo77 Linux - Networking 1 05-24-2006 12:53 PM
Enabling SSH in mandrake 9.2 - sshd vs. sshd-xinetd DogTags Linux - Newbie 7 11-25-2003 01:17 PM

LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise

All times are GMT -5. The time now is 07:27 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration