I use Putty. At login I gave full username. Which log to check?
Found it in messages:
seems there is somthing wrong with user-auth. I recognized that in /etc/passwd there are no users which were created with GUI. Does ssh authenticate agains ldap or local users?
# ldapsearch -x -h nsdc-newns7.jeckel.loc -b cn=jeckel,cn=users,dc=jeckel,dc=loc -D administrator@jeckel.loc -w xxxxxxxx
#
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# jeckel, Users, jeckel.loc
dn: CN=jeckel,CN=Users,DC=jeckel,DC=loc
cn: jeckel
givenName: Ralf Jeckel
instanceType: 4
whenCreated: 20160822133812.0Z
displayName: Ralf Jeckel
uSNCreated: 3724
name: jeckel
objectGUID:: FhWDt62hkUG1NsvcR1jw1Q==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAP08Gj31qHSAazJI/UAQAAA==
logonCount: 0
sAMAccountName: jeckel
sAMAccountType: 805306368
userPrincipalName: jeckel@jeckel.loc
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=jeckel,DC=loc
loginShell: /bin/bash
unixHomeDirectory: /var/lib/nethserver/home/jeckel
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: user
userAccountControl: 66048
accountExpires: 0
pwdLastSet: 131163466940000000
lastLogonTimestamp: 131163482300814450
whenChanged: 20160822140350.0Z
uSNChanged: 3766
lastLogon: 131164352455258150
distinguishedName: CN=jeckel,CN=Users,DC=jeckel,DC=loc
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
so the administrator works and the user is known.
1 Like
Did you set a password for user jeckel@..? Does ssh work at least for administrator@..?
Yes, password ist set.
No, ssh not working with administrator.
@flatspin, @fasttech I tried on my side. Things to note down:
- when an user account is created we can set ssh (bash) OR sftp as shell
- shell cannot be changed afterwards because we didnât find a suitable Samba command doing that
- administrator is created with sftp shell
One month ago I created first.user. This was the log trace:
Jul 25 14:59:48 vm5 esmith::event[11223]: Event: user-create first.user First User /usr/libexec/openssh/sftp-server Jul 25 14:59:50 vm5 esmith::event[11223]: User 'first.user' created successfully Jul 25 14:59:50 vm5 esmith::event[11223]: Action: /etc/e-smith/events/user-create/S40nethserver-dc-user-create SUCCESS [1.92844] Jul 25 14:59:51 vm5 esmith::event[11223]: Action: /etc/e-smith/events/user-create/S90nethserver-sssd-clear-cache SUCCESS [0.992879] Jul 25 14:59:51 vm5 esmith::event[11223]: Event: user-create SUCCESS Jul 25 14:59:54 vm5 esmith::event[11245]: Event: password-policy-update first.user yes Jul 25 14:59:54 vm5 esmith::event[11245]: Action: /etc/e-smith/events/password-policy-update/S10nethserver-sssd-clear-cache SUCCESS [0.355971] Jul 25 14:59:56 vm5 esmith::event[11245]: Expiry for user 'first.user' set to 180 days. Jul 25 14:59:57 vm5 esmith::event[11245]: Action: /etc/e-smith/events/password-policy-update/S30nethserver-dc-password-policy SUCCESS [2.73449] Jul 25 14:59:57 vm5 esmith::event[11245]: Event: password-policy-update SUCCESS Jul 25 14:59:58 vm5 esmith::event[11261]: Event: password-modify first.user@dpnet.nethesis.it /tmp/ng-giCTyE Jul 25 14:59:58 vm5 esmith::event[11261]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.03056] Jul 25 14:59:58 vm5 esmith::event[11261]: spawn /usr/bin/systemd-run -M nsdc -q -t /usr/bin/samba-tool user setpassword first.user Jul 25 14:59:59 vm5 esmith::event[11261]: New Password: Jul 25 15:00:00 vm5 esmith::event[11261]: Changed password OK Jul 25 15:00:00 vm5 esmith::event[11261]: Action: /etc/e-smith/events/password-modify/S30nethserver-dc-password-set SUCCESS [1.604806] Jul 25 15:00:00 vm5 esmith::event[11261]: Enabled user 'first.user' Jul 25 15:00:00 vm5 esmith::event[11261]: Action: /etc/e-smith/events/password-modify/S40nethserver-dc-user-unlock SUCCESS [0.351872] Jul 25 15:00:00 vm5 esmith::event[11261]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.495329] Jul 25 15:00:00 vm5 esmith::event[11261]: Event: password-modify SUCCESS
Today I created second.user:
Aug 24 10:05:19 vm5 esmith::event[2277]: Event: user-create second.user Second User /bin/bash Aug 24 10:05:19 vm5 esmith::event[2277]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [0.080453] Aug 24 10:05:20 vm5 esmith::event[2277]: Failed to get machine PTY: No such file or directory Aug 24 10:05:20 vm5 esmith::event[2277]: Aug 24 10:05:20 vm5 esmith::event[2277]: Action: /etc/e-smith/events/user-create/S40nethserver-dc-user-create SUCCESS [0.420145] Aug 24 10:05:20 vm5 esmith::event[2277]: Action: /etc/e-smith/events/user-create/S90nethserver-sssd-clear-cache SUCCESS [0.281162] Aug 24 10:05:20 vm5 esmith::event[2277]: Event: user-create SUCCESS Aug 24 10:05:21 vm5 esmith::event[2293]: Event: password-policy-update second.user no Aug 24 10:05:21 vm5 esmith::event[2293]: Action: /etc/e-smith/events/password-policy-update/S10nethserver-sssd-clear-cache SUCCESS [0.244048] Aug 24 10:05:22 vm5 esmith::event[2293]: Failed to get machine PTY: No such file or directory Aug 24 10:05:22 vm5 esmith::event[2293]: Action: /etc/e-smith/events/password-policy-update/S30nethserver-dc-password-policy SUCCESS [0.650434] Aug 24 10:05:22 vm5 esmith::event[2293]: Event: password-policy-update SUCCESS Aug 24 10:05:22 vm5 esmith::event[2303]: Event: password-modify second.user@dpnet.nethesis.it /tmp/ng-AtlHyE Aug 24 10:05:22 vm5 esmith::event[2303]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.01533] Aug 24 10:05:22 vm5 esmith::event[2303]: spawn /usr/bin/systemd-run -M nsdc -q -t /usr/bin/samba-tool user setpassword second.user Aug 24 10:05:24 vm5 esmith::event[2303]: New Password: Aug 24 10:05:24 vm5 esmith::event[2303]: ERROR: Failed to set password for user 'second.user': Unable to find user "second.user" Aug 24 10:05:24 vm5 esmith::event[2303]: Action: /etc/e-smith/events/password-modify/S30nethserver-dc-password-set FAILED: 2 [1.877199] Aug 24 10:05:24 vm5 esmith::event[2303]: ERROR: Failed to enable user 'second.user': Unable to find account where '(&(objectClass=user)(sAMAccountName=second.user))' Aug 24 10:05:24 vm5 esmith::event[2303]: Action: /etc/e-smith/events/password-modify/S40nethserver-dc-user-unlock FAILED: 2 [0.371364] Aug 24 10:05:25 vm5 esmith::event[2303]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.59068] Aug 24 10:05:25 vm5 esmith::event[2303]: Event: password-modify FAILED
âŚthen third.user without ssh access. But got the same 
It seems the event succeed but some command is not actually workingâŚ
We must investigate further!
tried with sftp (WinSCP), but no access.
Can you run the ldapsearch command above with Jeckelâs credentials?
yes. same output.
1 Like
found it. for some reason sssd was stopped and also didnât start at reboot.
started it manual. now ssh and sftp login works and home directory was created.
sssd.log only shows this:
(Tue Aug 23 17:01:22 2016) [sssd] [monitor_cleanup] (0x0010): Error removing pidfile! (2 [No such file or directory])
4 Likes
This line is the symptom of a problem Iâm trying to identify, but I cannot reproduce after restarting nsdc container. The following command failed with a similar output:
machinectl login nsdc
If everything is fine it should issue a login prompt:
Connected to machine nsdc. Press ^] three times within 1s to exit session.
CentOS Linux 7 (Core)
Kernel 3.10.0-327.22.2.el7.x86_64 on an x86_64
nsdc-vm5 login:
it does issue the prompt;
`[root@server7c ~]# machinectl login nsdc
Connected to machine nsdc. Press ^] three times within 1s to exit session.
CentOS Linux 7 (Core)
Kernel 3.10.0-327.28.2.el7.x86_64 on an x86_64
nsdc-server7c login:
`
a search through the logs I see these entries that may be of interest.
`
Aug 16 14:49:47 server7c systemd-machined: New machine nsdc.
Aug 16 14:49:47 server7c systemd-nspawn: Failed to create directory /var/lib/machines/nsdc//sys/fs/selinux: No such file or directory
Aug 16 14:49:47 server7c systemd-nspawn: Failed to create directory /var/lib/machines/nsdc//sys/fs/selinux: No such file or directory
`
I have the same lines on my VM, anyway the user-create event works correctly.
We have SELinux disabled: perhaps systemd is just complaining of it.
Thank you for your hint!
Now the label is fixed and can be localized from Transifex
1 Like
Well, I just tried it on NS7 and next cloud as the base of the chat server and it works wellâŚ
1 Like
So, any suggestions for the install at this point? Reset samba? Reinstall?
You could give a try to the Factory reset procedure before reinstall, just to see how it goes.
You said you installed nethserver-nextcloud: which package version? Was it from Software Center or command line? Did you install any other module?
Hi,
for testing Iâve installed NethServer 7 beta 1 with samba active directory as DC. After testing that I tried to bind to another Windows-AD Server, but I donât find the option anymore. So I uninstalled samba and reinstalled it. After that the dc service is not running and every menu button has to do with samba kills the webinterface.
I tried to reinstall samba again but then I get the message âResolving RPM dependenciesâ. Clear YUM cache dosnât help.
ns7b - create a couple users - install backup module from gui - install and setup samba from gui - install nextcloud⌠will be interesting to see what a factory reset of samba does to nextcould⌠lol