Attempting to connect SSH to a machine using a domain












3















I am having trouble (only recently) logging into a machine at work.



I have always entered my credentials like username@domain.local. But it doesn't seem to work anymore...



I noticed that after typing the username, and before typing the password it says: username@domain.local@machine.domain.local's password:



Is this normal that the remote machine is "tagged" on to the end of my username? Or is it the root of my login problem?






ssh login domain







share|improve this question























  • Is username@domain.local an Active Directory account? Did the server previously prompt username@domain.local's password? Did you previously have to log on to that server as username rather than username@domain.local?

    – roaima
    Nov 10 '16 at 9:27











  • Yes it is an ad account. Yes and no.

    – Matthew Goulart
    Nov 10 '16 at 13:03


















3















I am having trouble (only recently) logging into a machine at work.



I have always entered my credentials like username@domain.local. But it doesn't seem to work anymore...



I noticed that after typing the username, and before typing the password it says: username@domain.local@machine.domain.local's password:



Is this normal that the remote machine is "tagged" on to the end of my username? Or is it the root of my login problem?






ssh login domain







share|improve this question























  • Is username@domain.local an Active Directory account? Did the server previously prompt username@domain.local's password? Did you previously have to log on to that server as username rather than username@domain.local?

    – roaima
    Nov 10 '16 at 9:27











  • Yes it is an ad account. Yes and no.

    – Matthew Goulart
    Nov 10 '16 at 13:03
















3












3








3








I am having trouble (only recently) logging into a machine at work.



I have always entered my credentials like username@domain.local. But it doesn't seem to work anymore...



I noticed that after typing the username, and before typing the password it says: username@domain.local@machine.domain.local's password:



Is this normal that the remote machine is "tagged" on to the end of my username? Or is it the root of my login problem?






ssh login domain







share|improve this question














I am having trouble (only recently) logging into a machine at work.



I have always entered my credentials like username@domain.local. But it doesn't seem to work anymore...



I noticed that after typing the username, and before typing the password it says: username@domain.local@machine.domain.local's password:



Is this normal that the remote machine is "tagged" on to the end of my username? Or is it the root of my login problem?






ssh login domain




ssh login domain






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 10 '16 at 1:15









Matthew GoulartMatthew Goulart

128125




128125













  • Is username@domain.local an Active Directory account? Did the server previously prompt username@domain.local's password? Did you previously have to log on to that server as username rather than username@domain.local?

    – roaima
    Nov 10 '16 at 9:27











  • Yes it is an ad account. Yes and no.

    – Matthew Goulart
    Nov 10 '16 at 13:03





















  • Is username@domain.local an Active Directory account? Did the server previously prompt username@domain.local's password? Did you previously have to log on to that server as username rather than username@domain.local?

    – roaima
    Nov 10 '16 at 9:27











  • Yes it is an ad account. Yes and no.

    – Matthew Goulart
    Nov 10 '16 at 13:03



















Is username@domain.local an Active Directory account? Did the server previously prompt username@domain.local's password? Did you previously have to log on to that server as username rather than username@domain.local?

– roaima
Nov 10 '16 at 9:27





Is username@domain.local an Active Directory account? Did the server previously prompt username@domain.local's password? Did you previously have to log on to that server as username rather than username@domain.local?

– roaima
Nov 10 '16 at 9:27













Yes it is an ad account. Yes and no.

– Matthew Goulart
Nov 10 '16 at 13:03







Yes it is an ad account. Yes and no.

– Matthew Goulart
Nov 10 '16 at 13:03












2 Answers
2






active

oldest

votes


















4














I can replicate this to a Debian-based system joined to an Active Directory domain, and I get a successful login with the correct password:



ssh -l roaima@domain.local remotehost

roaima@domain.local@remotehost's password:


My guess would be that the remote server has been recently updated from using winbindd to sssd for its AD authentication layer.



Why you are getting a permission denied error is not something that can be easily diagnosed without access to the remote host in question.



I would start by looking at the authentication log files on the server. In a Debian-based environment that would be /var/log/auth.log, the files corresponding to your client in /var/log/samba, and files under /var/log/sssd.



Be aware that the domain usage changed from winbindd to sssd, so any "allowed groups" in /etc/ssh/sshd_config may need adjusting.






share|improve this answer































    0














    Probably is a resolver problem
    Check /etc/resolv.conf on both sides



    yourdomain.yourextension


    or 



    yoursubdomain.yourdomain.yourextension


    can be OK



    yourdomain.yourextension.yourdomain.yourextension


    not.



    Check also the hostname and try to resolve using



    dig hostname.domain





    share|improve this answer























      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "106"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f322203%2fattempting-to-connect-ssh-to-a-machine-using-a-domain%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      4














      I can replicate this to a Debian-based system joined to an Active Directory domain, and I get a successful login with the correct password:



      ssh -l roaima@domain.local remotehost
      
roaima@domain.local@remotehost's password:


      My guess would be that the remote server has been recently updated from using winbindd to sssd for its AD authentication layer.



      Why you are getting a permission denied error is not something that can be easily diagnosed without access to the remote host in question.



      I would start by looking at the authentication log files on the server. In a Debian-based environment that would be /var/log/auth.log, the files corresponding to your client in /var/log/samba, and files under /var/log/sssd.



      Be aware that the domain usage changed from winbindd to sssd, so any "allowed groups" in /etc/ssh/sshd_config may need adjusting.






      share|improve this answer




























        4














        I can replicate this to a Debian-based system joined to an Active Directory domain, and I get a successful login with the correct password:



        ssh -l roaima@domain.local remotehost
        
roaima@domain.local@remotehost's password:


        My guess would be that the remote server has been recently updated from using winbindd to sssd for its AD authentication layer.



        Why you are getting a permission denied error is not something that can be easily diagnosed without access to the remote host in question.



        I would start by looking at the authentication log files on the server. In a Debian-based environment that would be /var/log/auth.log, the files corresponding to your client in /var/log/samba, and files under /var/log/sssd.



        Be aware that the domain usage changed from winbindd to sssd, so any "allowed groups" in /etc/ssh/sshd_config may need adjusting.






        share|improve this answer


























          4












          4








          4







          I can replicate this to a Debian-based system joined to an Active Directory domain, and I get a successful login with the correct password:



          ssh -l roaima@domain.local remotehost
          
roaima@domain.local@remotehost's password:


          My guess would be that the remote server has been recently updated from using winbindd to sssd for its AD authentication layer.



          Why you are getting a permission denied error is not something that can be easily diagnosed without access to the remote host in question.



          I would start by looking at the authentication log files on the server. In a Debian-based environment that would be /var/log/auth.log, the files corresponding to your client in /var/log/samba, and files under /var/log/sssd.



          Be aware that the domain usage changed from winbindd to sssd, so any "allowed groups" in /etc/ssh/sshd_config may need adjusting.






          share|improve this answer













          I can replicate this to a Debian-based system joined to an Active Directory domain, and I get a successful login with the correct password:



          ssh -l roaima@domain.local remotehost
          
roaima@domain.local@remotehost's password:


          My guess would be that the remote server has been recently updated from using winbindd to sssd for its AD authentication layer.



          Why you are getting a permission denied error is not something that can be easily diagnosed without access to the remote host in question.



          I would start by looking at the authentication log files on the server. In a Debian-based environment that would be /var/log/auth.log, the files corresponding to your client in /var/log/samba, and files under /var/log/sssd.



          Be aware that the domain usage changed from winbindd to sssd, so any "allowed groups" in /etc/ssh/sshd_config may need adjusting.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 10 '16 at 14:25









          roaimaroaima

          44.8k755121




          44.8k755121

























              0














              Probably is a resolver problem
              Check /etc/resolv.conf on both sides



              yourdomain.yourextension


              or 



              yoursubdomain.yourdomain.yourextension


              can be OK



              yourdomain.yourextension.yourdomain.yourextension


              not.



              Check also the hostname and try to resolve using



              dig hostname.domain





              share|improve this answer




























                0














                Probably is a resolver problem
                Check /etc/resolv.conf on both sides



                yourdomain.yourextension


                or 



                yoursubdomain.yourdomain.yourextension


                can be OK



                yourdomain.yourextension.yourdomain.yourextension


                not.



                Check also the hostname and try to resolve using



                dig hostname.domain





                share|improve this answer


























                  0












                  0








                  0







                  Probably is a resolver problem
                  Check /etc/resolv.conf on both sides



                  yourdomain.yourextension


                  or 



                  yoursubdomain.yourdomain.yourextension


                  can be OK



                  yourdomain.yourextension.yourdomain.yourextension


                  not.



                  Check also the hostname and try to resolve using



                  dig hostname.domain





                  share|improve this answer













                  Probably is a resolver problem
                  Check /etc/resolv.conf on both sides



                  yourdomain.yourextension


                  or 



                  yoursubdomain.yourdomain.yourextension


                  can be OK



                  yourdomain.yourextension.yourdomain.yourextension


                  not.



                  Check also the hostname and try to resolve using



                  dig hostname.domain






                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 10 '16 at 6:56









                  elbarnaelbarna

                  4,145123684




                  4,145123684






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Unix & Linux Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f322203%2fattempting-to-connect-ssh-to-a-machine-using-a-domain%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      -

                      Popular posts from this blog

                      How to reconfigure Docker Trusted Registry 2.x.x to use CEPH FS mount instead of NFS and other traditional...

                      Image
                      0 I am having trouble trying to reconfigure my DTR container to try and use a CEPH FS mount we created to act as a storage backend for our image repository. The Docs are very vague on this and nothing exactly explains on how to do it. Has anyone yet connected the dots? linux filesystems mount storage docker share | improve this question asked Feb 1 at 6:40 jRapp3r jRapp3r 1 1 add a comment  | 
                      Read more

                      is 'sed' thread safe

                      Image
                      2 If I have a shell/python script that uses sed to modify a file in place based on user inputs, and then two users run the same script at the same time or approx. same time, is 'sed' thread safe ? Or perhaps it is not an issue because the file_descripor that was opened by the first thread will be used to lock the file anyway ? thx linux sed python share | improve this question edited 7 hours ago Jeff Schaller 42.9k 11 59 137 asked 7 hours ago terreys terreys
                      Read more

                      How to make a Squid Proxy server?

                      Image
                      1 I want to set up squid proxy server for monitoring user activity in a network and Internet Web URL filtering for user. I also want to configure the user login, user log, user access group, and block unwanted web sites in my network. Please help me and guide me the full process to do this. server proxy squid share | improve this question edited Jul 31 '12 at 14:45 Jorge Castro 37.1k 107 422 617 asked Jul 31 '12 at 5:16 Goivind Tiwari Goivind Tiwari
                      Read more