Any interest in setting up ns to serve as an ntp server and administered from the gui?
Now I can’t create a user.
Aug 22 10:11:26 server7c esmith::event[20018]: Event: user-create bob bob /usr/libexec/openssh/sftp-server Aug 22 10:11:26 server7c esmith::event[20018]: Failed to get machine PTY: No such file or directory Aug 22 10:11:26 server7c esmith::event[20018]: Aug 22 10:11:26 server7c esmith::event[20018]: Action: /etc/e-smith/events/user-create/S40nethserver-dc-user-create SUCCESS [0.063924] Aug 22 10:11:26 server7c esmith::event[20018]: Action: /etc/e-smith/events/user-create/S90nethserver-sssd-clear-cache SUCCESS [0.31831] Aug 22 10:11:26 server7c esmith::event[20018]: Event: user-create SUCCESS Aug 22 10:11:27 server7c esmith::event[20032]: Event: password-policy-update bob yes Aug 22 10:11:27 server7c esmith::event[20032]: Action: /etc/e-smith/events/password-policy-update/S10nethserver-sssd-clear-cache SUCCESS [0.084168] Aug 22 10:11:27 server7c esmith::event[20032]: Failed to get machine PTY: No such file or directory Aug 22 10:11:27 server7c esmith::event[20032]: Action: /etc/e-smith/events/password-policy-update/S30nethserver-dc-password-policy SUCCESS [0.098384] Aug 22 10:11:27 server7c esmith::event[20032]: Event: password-policy-update SUCCESS Aug 22 10:11:28 server7c esmith::event[20042]: Event: password-modify bob@ad.stan.local /tmp/ng-aJILrK Aug 22 10:11:28 server7c esmith::event[20042]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.001725] Aug 22 10:11:28 server7c esmith::event[20042]: spawn /usr/bin/systemd-run -M nsdc -q -t /usr/bin/samba-tool user setpassword bob Aug 22 10:11:29 server7c esmith::event[20042]: New Password: Aug 22 10:11:29 server7c esmith::event[20042]: ERROR: Failed to set password for user 'bob': Unable to find user "bob" Aug 22 10:11:30 server7c esmith::event[20042]: Action: /etc/e-smith/events/password-modify/S30nethserver-dc-password-set FAILED: 2 [2.807022] Aug 22 10:11:31 server7c esmith::event[20042]: ERROR: Failed to enable user 'bob': Unable to find account where '(&(objectClass=user)(sAMAccountName=bob))' Aug 22 10:11:31 server7c esmith::event[20042]: Action: /etc/e-smith/events/password-modify/S40nethserver-dc-user-unlock FAILED: 2 [0.71775] Aug 22 10:11:31 server7c esmith::event[20042]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.093477] Aug 22 10:11:31 server7c esmith::event[20042]: Event: password-modify FAILED
Rebooted… still failed.
Aug 22 10:18:10 server7c esmith::event[2139]: Event: user-create tom tom /usr/libexec/openssh/sftp-server Aug 22 10:18:10 server7c esmith::event[2139]: Failed to get machine PTY: No such file or directory Aug 22 10:18:10 server7c esmith::event[2139]: Aug 22 10:18:10 server7c esmith::event[2139]: Action: /etc/e-smith/events/user-create/S40nethserver-dc-user-create SUCCESS [0.023673] Aug 22 10:18:10 server7c chronyd[592]: Source 69.41.163.31 replaced with 108.61.194.85 Aug 22 10:18:10 server7c esmith::event[2139]: Action: /etc/e-smith/events/user-create/S90nethserver-sssd-clear-cache SUCCESS [0.213979] Aug 22 10:18:10 server7c esmith::event[2139]: Event: user-create SUCCESS Aug 22 10:18:11 server7c esmith::event[2154]: Event: password-policy-update tom yes Aug 22 10:18:11 server7c esmith::event[2154]: Action: /etc/e-smith/events/password-policy-update/S10nethserver-sssd-clear-cache SUCCESS [0.073909] Aug 22 10:18:11 server7c esmith::event[2154]: Failed to get machine PTY: No such file or directory Aug 22 10:18:11 server7c esmith::event[2154]: Action: /etc/e-smith/events/password-policy-update/S30nethserver-dc-password-policy SUCCESS [0.099588] Aug 22 10:18:11 server7c esmith::event[2154]: Event: password-policy-update SUCCESS Aug 22 10:18:11 server7c esmith::event[2164]: Event: password-modify tom@ad.stan.local /tmp/ng-4kDbrT Aug 22 10:18:11 server7c esmith::event[2164]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.001939] Aug 22 10:18:11 server7c esmith::event[2164]: spawn /usr/bin/systemd-run -M nsdc -q -t /usr/bin/samba-tool user setpassword tom Aug 22 10:18:12 server7c esmith::event[2164]: New Password: Aug 22 10:18:12 server7c esmith::event[2164]: ERROR: Failed to set password for user 'tom': Unable to find user "tom" Aug 22 10:18:12 server7c esmith::event[2164]: Action: /etc/e-smith/events/password-modify/S30nethserver-dc-password-set FAILED: 2 [1.107705] Aug 22 10:18:12 server7c esmith::event[2164]: ERROR: Failed to enable user 'tom': Unable to find account where '(&(objectClass=user)(sAMAccountName=tom))' Aug 22 10:18:12 server7c esmith::event[2164]: Action: /etc/e-smith/events/password-modify/S40nethserver-dc-user-unlock FAILED: 2 [0.393614] Aug 22 10:18:12 server7c esmith::event[2164]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.127978] Aug 22 10:18:12 server7c esmith::event[2164]: Event: password-modify FAILED
Thanks for notice my blog post and reblogging it. I joined the Nethserver community and I hope I can contribute.
Hei Jeff, happy to see you here! Thanks for accepting my invite.
As I already said you, help us to improve the product and our documentation. We’re all ears.
Let’s tell us something about you, if you don’t mind.
ssh login not possible, even when it ist allow in user panel
“access denied”
I join my machine to the domain and logged in. I accessed a shared folder, but still no home directory.
How to enable ssh for “normal” users? DB command?
ssh should be enabled; at least the checkbox is picked so we’d expect that… Make sure the complete user name is passed to ssh:
ssh -l jeckel@jeckel.loc <hostname>
I haven’t been able to join a machine to the domain and haven’t found anything in the logs as to why, all the sssd logs are empty… not really sure where I should be looking, I’ve been following Gabriel’s post in the first blood thread, I also can see a shared folder I created from a non joined win machine but login fails when trying to open it with a permission’d user, I don’t know if that’s a domain permission thing though.
So, I haven’t had a lot of success with setting up the samba dc and I don’t really know what I’m doing.
I use Putty. At login I gave full username. Which log to check?
Found it in messages:
seems there is somthing wrong with user-auth. I recognized that in /etc/passwd there are no users which were created with GUI. Does ssh authenticate agains ldap or local users?
# ldapsearch -x -h nsdc-newns7.jeckel.loc -b cn=jeckel,cn=users,dc=jeckel,dc=loc -D administrator@jeckel.loc -w xxxxxxxx # # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # jeckel, Users, jeckel.loc dn: CN=jeckel,CN=Users,DC=jeckel,DC=loc cn: jeckel givenName: Ralf Jeckel instanceType: 4 whenCreated: 20160822133812.0Z displayName: Ralf Jeckel uSNCreated: 3724 name: jeckel objectGUID:: FhWDt62hkUG1NsvcR1jw1Q== badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAAP08Gj31qHSAazJI/UAQAAA== logonCount: 0 sAMAccountName: jeckel sAMAccountType: 805306368 userPrincipalName: jeckel@jeckel.loc objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=jeckel,DC=loc loginShell: /bin/bash unixHomeDirectory: /var/lib/nethserver/home/jeckel objectClass: top objectClass: posixAccount objectClass: person objectClass: organizationalPerson objectClass: user userAccountControl: 66048 accountExpires: 0 pwdLastSet: 131163466940000000 lastLogonTimestamp: 131163482300814450 whenChanged: 20160822140350.0Z uSNChanged: 3766 lastLogon: 131164352455258150 distinguishedName: CN=jeckel,CN=Users,DC=jeckel,DC=loc # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
so the administrator works and the user is known.
Did you set a password for user jeckel@..
? Does ssh work at least for administrator@..
?
Yes, password ist set.
No, ssh not working with administrator.
@flatspin, @fasttech I tried on my side. Things to note down:
- when an user account is created we can set ssh (bash) OR sftp as shell
- shell cannot be changed afterwards because we didn’t find a suitable Samba command doing that
- administrator is created with sftp shell
One month ago I created first.user
. This was the log trace:
Jul 25 14:59:48 vm5 esmith::event[11223]: Event: user-create first.user First User /usr/libexec/openssh/sftp-server Jul 25 14:59:50 vm5 esmith::event[11223]: User 'first.user' created successfully Jul 25 14:59:50 vm5 esmith::event[11223]: Action: /etc/e-smith/events/user-create/S40nethserver-dc-user-create SUCCESS [1.92844] Jul 25 14:59:51 vm5 esmith::event[11223]: Action: /etc/e-smith/events/user-create/S90nethserver-sssd-clear-cache SUCCESS [0.992879] Jul 25 14:59:51 vm5 esmith::event[11223]: Event: user-create SUCCESS Jul 25 14:59:54 vm5 esmith::event[11245]: Event: password-policy-update first.user yes Jul 25 14:59:54 vm5 esmith::event[11245]: Action: /etc/e-smith/events/password-policy-update/S10nethserver-sssd-clear-cache SUCCESS [0.355971] Jul 25 14:59:56 vm5 esmith::event[11245]: Expiry for user 'first.user' set to 180 days. Jul 25 14:59:57 vm5 esmith::event[11245]: Action: /etc/e-smith/events/password-policy-update/S30nethserver-dc-password-policy SUCCESS [2.73449] Jul 25 14:59:57 vm5 esmith::event[11245]: Event: password-policy-update SUCCESS Jul 25 14:59:58 vm5 esmith::event[11261]: Event: password-modify first.user@dpnet.nethesis.it /tmp/ng-giCTyE Jul 25 14:59:58 vm5 esmith::event[11261]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.03056] Jul 25 14:59:58 vm5 esmith::event[11261]: spawn /usr/bin/systemd-run -M nsdc -q -t /usr/bin/samba-tool user setpassword first.user Jul 25 14:59:59 vm5 esmith::event[11261]: New Password: Jul 25 15:00:00 vm5 esmith::event[11261]: Changed password OK Jul 25 15:00:00 vm5 esmith::event[11261]: Action: /etc/e-smith/events/password-modify/S30nethserver-dc-password-set SUCCESS [1.604806] Jul 25 15:00:00 vm5 esmith::event[11261]: Enabled user 'first.user' Jul 25 15:00:00 vm5 esmith::event[11261]: Action: /etc/e-smith/events/password-modify/S40nethserver-dc-user-unlock SUCCESS [0.351872] Jul 25 15:00:00 vm5 esmith::event[11261]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.495329] Jul 25 15:00:00 vm5 esmith::event[11261]: Event: password-modify SUCCESS
Today I created second.user
:
Aug 24 10:05:19 vm5 esmith::event[2277]: Event: user-create second.user Second User /bin/bash Aug 24 10:05:19 vm5 esmith::event[2277]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [0.080453] Aug 24 10:05:20 vm5 esmith::event[2277]: Failed to get machine PTY: No such file or directory Aug 24 10:05:20 vm5 esmith::event[2277]: Aug 24 10:05:20 vm5 esmith::event[2277]: Action: /etc/e-smith/events/user-create/S40nethserver-dc-user-create SUCCESS [0.420145] Aug 24 10:05:20 vm5 esmith::event[2277]: Action: /etc/e-smith/events/user-create/S90nethserver-sssd-clear-cache SUCCESS [0.281162] Aug 24 10:05:20 vm5 esmith::event[2277]: Event: user-create SUCCESS Aug 24 10:05:21 vm5 esmith::event[2293]: Event: password-policy-update second.user no Aug 24 10:05:21 vm5 esmith::event[2293]: Action: /etc/e-smith/events/password-policy-update/S10nethserver-sssd-clear-cache SUCCESS [0.244048] Aug 24 10:05:22 vm5 esmith::event[2293]: Failed to get machine PTY: No such file or directory Aug 24 10:05:22 vm5 esmith::event[2293]: Action: /etc/e-smith/events/password-policy-update/S30nethserver-dc-password-policy SUCCESS [0.650434] Aug 24 10:05:22 vm5 esmith::event[2293]: Event: password-policy-update SUCCESS Aug 24 10:05:22 vm5 esmith::event[2303]: Event: password-modify second.user@dpnet.nethesis.it /tmp/ng-AtlHyE Aug 24 10:05:22 vm5 esmith::event[2303]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.01533] Aug 24 10:05:22 vm5 esmith::event[2303]: spawn /usr/bin/systemd-run -M nsdc -q -t /usr/bin/samba-tool user setpassword second.user Aug 24 10:05:24 vm5 esmith::event[2303]: New Password: Aug 24 10:05:24 vm5 esmith::event[2303]: ERROR: Failed to set password for user 'second.user': Unable to find user "second.user" Aug 24 10:05:24 vm5 esmith::event[2303]: Action: /etc/e-smith/events/password-modify/S30nethserver-dc-password-set FAILED: 2 [1.877199] Aug 24 10:05:24 vm5 esmith::event[2303]: ERROR: Failed to enable user 'second.user': Unable to find account where '(&(objectClass=user)(sAMAccountName=second.user))' Aug 24 10:05:24 vm5 esmith::event[2303]: Action: /etc/e-smith/events/password-modify/S40nethserver-dc-user-unlock FAILED: 2 [0.371364] Aug 24 10:05:25 vm5 esmith::event[2303]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.59068] Aug 24 10:05:25 vm5 esmith::event[2303]: Event: password-modify FAILED
…then third.user
without ssh access. But got the same It seems the event succeed but some command is not actually working…
We must investigate further!
tried with sftp (WinSCP), but no access.
Can you run the ldapsearch
command above with Jeckel’s credentials?
yes. same output.
found it. for some reason sssd was stopped and also didn’t start at reboot.
started it manual. now ssh and sftp login works and home directory was created.
sssd.log only shows this:
(Tue Aug 23 17:01:22 2016) [sssd] [monitor_cleanup] (0x0010): Error removing pidfile! (2 [No such file or directory])
This line is the symptom of a problem I’m trying to identify, but I cannot reproduce after restarting nsdc
container. The following command failed with a similar output:
machinectl login nsdc
If everything is fine it should issue a login prompt:
Connected to machine nsdc. Press ^] three times within 1s to exit session.
CentOS Linux 7 (Core)
Kernel 3.10.0-327.22.2.el7.x86_64 on an x86_64
nsdc-vm5 login: