LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-16-2017, 02:47 AM   #1
Orangutanklaus
Member
 
Registered: May 2006
Posts: 93

Rep: Reputation: 15
sshd.conf - AllowUsers syntax for Domain Users?


Hello!

I've joined a Debian 8 server to a Windows domain. Nearly everything works as expected - even ssh login with domain authentication.

Nearly because I want to limit ssh access to one local user and only one specific domain user.

So I thought a AllowUsers entry in the sshd.conf file will do the job - fail...

I always get the messages:

PHP Code:
sshd[5400]: User myuser@mydomain.lan from myhost.mydomain.lan not allowed because not listed in AllowUsers
sshd
[5400]: input_userauth_requestinvalid user mydomain\\\\myuser [preauth]
sshd[5400]: debug1PAMinitializing for "mydomain\\myuser" 
My current entry is:

PHP Code:
UsersAllow mylocaluser "myuser@mydomain.lan" 
I've tried nearly any syntax (including sshd restart) I've found on the web but without success. Theres are also no other allow or deny entries in the conf file.

Any suggestions?
 
Old 08-16-2017, 02:59 AM   #2
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,582
Blog Entries: 4

Rep: Reputation: 3878Reputation: 3878Reputation: 3878Reputation: 3878Reputation: 3878Reputation: 3878Reputation: 3878Reputation: 3878Reputation: 3878Reputation: 3878Reputation: 3878
It won't work that way. You'll probably have to go through PAM for that instead, at least if the original Kerberos is anything to go by. I've not had to touch PAM configuration in years, though, so that is just a pointer.
 
Old 08-16-2017, 04:35 AM   #3
Orangutanklaus
Member
 
Registered: May 2006
Posts: 93

Original Poster
Rep: Reputation: 15
K, I did some more research based on your suggestion.

I've enabled the following line in /etc/pam.d/sshd

PHP Code:
account  required     pam_access.so 
and also added the domain user in /etc/security/access.conf

PHP Code:
+ : myuser@mydomain.lan ALL
+ : mylocaluser ALL
- : ALL ALL 
Slightly different error message (here PAM) but same results regardless what syntax I use for the domain user:

PHP Code:
fatalAccess denied for user myuser@mydomain.lan by PAM account configuration [preauth
...and of course removed the AllowUsers line from sshd.conf

Last edited by Orangutanklaus; 08-16-2017 at 04:41 AM. Reason: missing last deny line in access.conf
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS - resolv.conf with custom tld (top level domain) domain directive rubanek Linux - Networking 1 06-04-2013 01:11 PM
Samba4 domain not seeing imported users ,Groups and Machine Accounts from samba3 domain treedstang Linux - Server 0 01-07-2013 12:45 AM
domain users can't access samba shares on domain member server noahbeach Linux - Server 1 11-24-2010 06:16 AM
Starting httpd: httpd: Syntax error on line 209 of /etc/httpd/conf/httpd.conf: Syntax sethukpathi Linux - Networking 6 04-12-2008 12:26 PM
Starting sshd: /etc/init.d/sshd: line 113: /usr/sbin/sshd: Permission denied sumanc Linux - Server 5 03-28-2008 05:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration