Attempting to connect SSH to a machine using a domain












3















I am having trouble (only recently) logging into a machine at work.



I have always entered my credentials like username@domain.local. But it doesn't seem to work anymore...



I noticed that after typing the username, and before typing the password it says: username@domain.local@machine.domain.local's password:



Is this normal that the remote machine is "tagged" on to the end of my username? Or is it the root of my login problem?










share|improve this question























  • Is username@domain.local an Active Directory account? Did the server previously prompt username@domain.local's password? Did you previously have to log on to that server as username rather than username@domain.local?

    – roaima
    Nov 10 '16 at 9:27











  • Yes it is an ad account. Yes and no.

    – Matthew Goulart
    Nov 10 '16 at 13:03


















3















I am having trouble (only recently) logging into a machine at work.



I have always entered my credentials like username@domain.local. But it doesn't seem to work anymore...



I noticed that after typing the username, and before typing the password it says: username@domain.local@machine.domain.local's password:



Is this normal that the remote machine is "tagged" on to the end of my username? Or is it the root of my login problem?










share|improve this question























  • Is username@domain.local an Active Directory account? Did the server previously prompt username@domain.local's password? Did you previously have to log on to that server as username rather than username@domain.local?

    – roaima
    Nov 10 '16 at 9:27











  • Yes it is an ad account. Yes and no.

    – Matthew Goulart
    Nov 10 '16 at 13:03
















3












3








3








I am having trouble (only recently) logging into a machine at work.



I have always entered my credentials like username@domain.local. But it doesn't seem to work anymore...



I noticed that after typing the username, and before typing the password it says: username@domain.local@machine.domain.local's password:



Is this normal that the remote machine is "tagged" on to the end of my username? Or is it the root of my login problem?










share|improve this question














I am having trouble (only recently) logging into a machine at work.



I have always entered my credentials like username@domain.local. But it doesn't seem to work anymore...



I noticed that after typing the username, and before typing the password it says: username@domain.local@machine.domain.local's password:



Is this normal that the remote machine is "tagged" on to the end of my username? Or is it the root of my login problem?







ssh login domain






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 10 '16 at 1:15









Matthew GoulartMatthew Goulart

128125




128125













  • Is username@domain.local an Active Directory account? Did the server previously prompt username@domain.local's password? Did you previously have to log on to that server as username rather than username@domain.local?

    – roaima
    Nov 10 '16 at 9:27











  • Yes it is an ad account. Yes and no.

    – Matthew Goulart
    Nov 10 '16 at 13:03





















  • Is username@domain.local an Active Directory account? Did the server previously prompt username@domain.local's password? Did you previously have to log on to that server as username rather than username@domain.local?

    – roaima
    Nov 10 '16 at 9:27











  • Yes it is an ad account. Yes and no.

    – Matthew Goulart
    Nov 10 '16 at 13:03



















Is username@domain.local an Active Directory account? Did the server previously prompt username@domain.local's password? Did you previously have to log on to that server as username rather than username@domain.local?

– roaima
Nov 10 '16 at 9:27





Is username@domain.local an Active Directory account? Did the server previously prompt username@domain.local's password? Did you previously have to log on to that server as username rather than username@domain.local?

– roaima
Nov 10 '16 at 9:27













Yes it is an ad account. Yes and no.

– Matthew Goulart
Nov 10 '16 at 13:03







Yes it is an ad account. Yes and no.

– Matthew Goulart
Nov 10 '16 at 13:03












2 Answers
2






active

oldest

votes


















4














I can replicate this to a Debian-based system joined to an Active Directory domain, and I get a successful login with the correct password:



ssh -l roaima@domain.local remotehost
roaima@domain.local@remotehost's password:


My guess would be that the remote server has been recently updated from using winbindd to sssd for its AD authentication layer.



Why you are getting a permission denied error is not something that can be easily diagnosed without access to the remote host in question.



I would start by looking at the authentication log files on the server. In a Debian-based environment that would be /var/log/auth.log, the files corresponding to your client in /var/log/samba, and files under /var/log/sssd.



Be aware that the domain usage changed from winbindd to sssd, so any "allowed groups" in /etc/ssh/sshd_config may need adjusting.






share|improve this answer































    0














    Probably is a resolver problem
    Check /etc/resolv.conf on both sides



    yourdomain.yourextension 


    or



    yoursubdomain.yourdomain.yourextension 


    can be OK



    yourdomain.yourextension.yourdomain.yourextension 


    not.



    Check also the hostname and try to resolve using



    dig hostname.domain





    share|improve this answer























      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "106"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f322203%2fattempting-to-connect-ssh-to-a-machine-using-a-domain%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      4














      I can replicate this to a Debian-based system joined to an Active Directory domain, and I get a successful login with the correct password:



      ssh -l roaima@domain.local remotehost
      roaima@domain.local@remotehost's password:


      My guess would be that the remote server has been recently updated from using winbindd to sssd for its AD authentication layer.



      Why you are getting a permission denied error is not something that can be easily diagnosed without access to the remote host in question.



      I would start by looking at the authentication log files on the server. In a Debian-based environment that would be /var/log/auth.log, the files corresponding to your client in /var/log/samba, and files under /var/log/sssd.



      Be aware that the domain usage changed from winbindd to sssd, so any "allowed groups" in /etc/ssh/sshd_config may need adjusting.






      share|improve this answer




























        4














        I can replicate this to a Debian-based system joined to an Active Directory domain, and I get a successful login with the correct password:



        ssh -l roaima@domain.local remotehost
        roaima@domain.local@remotehost's password:


        My guess would be that the remote server has been recently updated from using winbindd to sssd for its AD authentication layer.



        Why you are getting a permission denied error is not something that can be easily diagnosed without access to the remote host in question.



        I would start by looking at the authentication log files on the server. In a Debian-based environment that would be /var/log/auth.log, the files corresponding to your client in /var/log/samba, and files under /var/log/sssd.



        Be aware that the domain usage changed from winbindd to sssd, so any "allowed groups" in /etc/ssh/sshd_config may need adjusting.






        share|improve this answer


























          4












          4








          4







          I can replicate this to a Debian-based system joined to an Active Directory domain, and I get a successful login with the correct password:



          ssh -l roaima@domain.local remotehost
          roaima@domain.local@remotehost's password:


          My guess would be that the remote server has been recently updated from using winbindd to sssd for its AD authentication layer.



          Why you are getting a permission denied error is not something that can be easily diagnosed without access to the remote host in question.



          I would start by looking at the authentication log files on the server. In a Debian-based environment that would be /var/log/auth.log, the files corresponding to your client in /var/log/samba, and files under /var/log/sssd.



          Be aware that the domain usage changed from winbindd to sssd, so any "allowed groups" in /etc/ssh/sshd_config may need adjusting.






          share|improve this answer













          I can replicate this to a Debian-based system joined to an Active Directory domain, and I get a successful login with the correct password:



          ssh -l roaima@domain.local remotehost
          roaima@domain.local@remotehost's password:


          My guess would be that the remote server has been recently updated from using winbindd to sssd for its AD authentication layer.



          Why you are getting a permission denied error is not something that can be easily diagnosed without access to the remote host in question.



          I would start by looking at the authentication log files on the server. In a Debian-based environment that would be /var/log/auth.log, the files corresponding to your client in /var/log/samba, and files under /var/log/sssd.



          Be aware that the domain usage changed from winbindd to sssd, so any "allowed groups" in /etc/ssh/sshd_config may need adjusting.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 10 '16 at 14:25









          roaimaroaima

          44.8k755121




          44.8k755121

























              0














              Probably is a resolver problem
              Check /etc/resolv.conf on both sides



              yourdomain.yourextension 


              or



              yoursubdomain.yourdomain.yourextension 


              can be OK



              yourdomain.yourextension.yourdomain.yourextension 


              not.



              Check also the hostname and try to resolve using



              dig hostname.domain





              share|improve this answer




























                0














                Probably is a resolver problem
                Check /etc/resolv.conf on both sides



                yourdomain.yourextension 


                or



                yoursubdomain.yourdomain.yourextension 


                can be OK



                yourdomain.yourextension.yourdomain.yourextension 


                not.



                Check also the hostname and try to resolve using



                dig hostname.domain





                share|improve this answer


























                  0












                  0








                  0







                  Probably is a resolver problem
                  Check /etc/resolv.conf on both sides



                  yourdomain.yourextension 


                  or



                  yoursubdomain.yourdomain.yourextension 


                  can be OK



                  yourdomain.yourextension.yourdomain.yourextension 


                  not.



                  Check also the hostname and try to resolve using



                  dig hostname.domain





                  share|improve this answer













                  Probably is a resolver problem
                  Check /etc/resolv.conf on both sides



                  yourdomain.yourextension 


                  or



                  yoursubdomain.yourdomain.yourextension 


                  can be OK



                  yourdomain.yourextension.yourdomain.yourextension 


                  not.



                  Check also the hostname and try to resolve using



                  dig hostname.domain






                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 10 '16 at 6:56









                  elbarnaelbarna

                  4,145123684




                  4,145123684






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Unix & Linux Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f322203%2fattempting-to-connect-ssh-to-a-machine-using-a-domain%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      How to make a Squid Proxy server?

                      Is this a new Fibonacci Identity?

                      19世紀