Attempting to connect SSH to a machine using a domain
I am having trouble (only recently) logging into a machine at work.
I have always entered my credentials like username@domain.local
. But it doesn't seem to work anymore...
I noticed that after typing the username, and before typing the password it says: username@domain.local@machine.domain.local's password:
Is this normal that the remote machine is "tagged" on to the end of my username? Or is it the root of my login problem?
ssh login domain
add a comment |
I am having trouble (only recently) logging into a machine at work.
I have always entered my credentials like username@domain.local
. But it doesn't seem to work anymore...
I noticed that after typing the username, and before typing the password it says: username@domain.local@machine.domain.local's password:
Is this normal that the remote machine is "tagged" on to the end of my username? Or is it the root of my login problem?
ssh login domain
Isusername@domain.local
an Active Directory account? Did the server previously promptusername@domain.local's password
? Did you previously have to log on to that server asusername
rather thanusername@domain.local
?
– roaima
Nov 10 '16 at 9:27
Yes it is an ad account. Yes and no.
– Matthew Goulart
Nov 10 '16 at 13:03
add a comment |
I am having trouble (only recently) logging into a machine at work.
I have always entered my credentials like username@domain.local
. But it doesn't seem to work anymore...
I noticed that after typing the username, and before typing the password it says: username@domain.local@machine.domain.local's password:
Is this normal that the remote machine is "tagged" on to the end of my username? Or is it the root of my login problem?
ssh login domain
I am having trouble (only recently) logging into a machine at work.
I have always entered my credentials like username@domain.local
. But it doesn't seem to work anymore...
I noticed that after typing the username, and before typing the password it says: username@domain.local@machine.domain.local's password:
Is this normal that the remote machine is "tagged" on to the end of my username? Or is it the root of my login problem?
ssh login domain
ssh login domain
asked Nov 10 '16 at 1:15
Matthew GoulartMatthew Goulart
128125
128125
Isusername@domain.local
an Active Directory account? Did the server previously promptusername@domain.local's password
? Did you previously have to log on to that server asusername
rather thanusername@domain.local
?
– roaima
Nov 10 '16 at 9:27
Yes it is an ad account. Yes and no.
– Matthew Goulart
Nov 10 '16 at 13:03
add a comment |
Isusername@domain.local
an Active Directory account? Did the server previously promptusername@domain.local's password
? Did you previously have to log on to that server asusername
rather thanusername@domain.local
?
– roaima
Nov 10 '16 at 9:27
Yes it is an ad account. Yes and no.
– Matthew Goulart
Nov 10 '16 at 13:03
Is
username@domain.local
an Active Directory account? Did the server previously prompt username@domain.local's password
? Did you previously have to log on to that server as username
rather than username@domain.local
?– roaima
Nov 10 '16 at 9:27
Is
username@domain.local
an Active Directory account? Did the server previously prompt username@domain.local's password
? Did you previously have to log on to that server as username
rather than username@domain.local
?– roaima
Nov 10 '16 at 9:27
Yes it is an ad account. Yes and no.
– Matthew Goulart
Nov 10 '16 at 13:03
Yes it is an ad account. Yes and no.
– Matthew Goulart
Nov 10 '16 at 13:03
add a comment |
2 Answers
2
active
oldest
votes
I can replicate this to a Debian-based system joined to an Active Directory domain, and I get a successful login with the correct password:
ssh -l roaima@domain.local remotehost
roaima@domain.local@remotehost's password:
My guess would be that the remote server has been recently updated from using winbindd
to sssd
for its AD authentication layer.
Why you are getting a permission denied error is not something that can be easily diagnosed without access to the remote host in question.
I would start by looking at the authentication log files on the server. In a Debian-based environment that would be /var/log/auth.log
, the files corresponding to your client in /var/log/samba
, and files under /var/log/sssd
.
Be aware that the domain usage changed from winbindd
to sssd
, so any "allowed groups" in /etc/ssh/sshd_config
may need adjusting.
add a comment |
Probably is a resolver problem
Check /etc/resolv.conf on both sides
yourdomain.yourextension
or
yoursubdomain.yourdomain.yourextension
can be OK
yourdomain.yourextension.yourdomain.yourextension
not.
Check also the hostname and try to resolve using
dig hostname.domain
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f322203%2fattempting-to-connect-ssh-to-a-machine-using-a-domain%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
I can replicate this to a Debian-based system joined to an Active Directory domain, and I get a successful login with the correct password:
ssh -l roaima@domain.local remotehost
roaima@domain.local@remotehost's password:
My guess would be that the remote server has been recently updated from using winbindd
to sssd
for its AD authentication layer.
Why you are getting a permission denied error is not something that can be easily diagnosed without access to the remote host in question.
I would start by looking at the authentication log files on the server. In a Debian-based environment that would be /var/log/auth.log
, the files corresponding to your client in /var/log/samba
, and files under /var/log/sssd
.
Be aware that the domain usage changed from winbindd
to sssd
, so any "allowed groups" in /etc/ssh/sshd_config
may need adjusting.
add a comment |
I can replicate this to a Debian-based system joined to an Active Directory domain, and I get a successful login with the correct password:
ssh -l roaima@domain.local remotehost
roaima@domain.local@remotehost's password:
My guess would be that the remote server has been recently updated from using winbindd
to sssd
for its AD authentication layer.
Why you are getting a permission denied error is not something that can be easily diagnosed without access to the remote host in question.
I would start by looking at the authentication log files on the server. In a Debian-based environment that would be /var/log/auth.log
, the files corresponding to your client in /var/log/samba
, and files under /var/log/sssd
.
Be aware that the domain usage changed from winbindd
to sssd
, so any "allowed groups" in /etc/ssh/sshd_config
may need adjusting.
add a comment |
I can replicate this to a Debian-based system joined to an Active Directory domain, and I get a successful login with the correct password:
ssh -l roaima@domain.local remotehost
roaima@domain.local@remotehost's password:
My guess would be that the remote server has been recently updated from using winbindd
to sssd
for its AD authentication layer.
Why you are getting a permission denied error is not something that can be easily diagnosed without access to the remote host in question.
I would start by looking at the authentication log files on the server. In a Debian-based environment that would be /var/log/auth.log
, the files corresponding to your client in /var/log/samba
, and files under /var/log/sssd
.
Be aware that the domain usage changed from winbindd
to sssd
, so any "allowed groups" in /etc/ssh/sshd_config
may need adjusting.
I can replicate this to a Debian-based system joined to an Active Directory domain, and I get a successful login with the correct password:
ssh -l roaima@domain.local remotehost
roaima@domain.local@remotehost's password:
My guess would be that the remote server has been recently updated from using winbindd
to sssd
for its AD authentication layer.
Why you are getting a permission denied error is not something that can be easily diagnosed without access to the remote host in question.
I would start by looking at the authentication log files on the server. In a Debian-based environment that would be /var/log/auth.log
, the files corresponding to your client in /var/log/samba
, and files under /var/log/sssd
.
Be aware that the domain usage changed from winbindd
to sssd
, so any "allowed groups" in /etc/ssh/sshd_config
may need adjusting.
answered Nov 10 '16 at 14:25
roaimaroaima
44.8k755121
44.8k755121
add a comment |
add a comment |
Probably is a resolver problem
Check /etc/resolv.conf on both sides
yourdomain.yourextension
or
yoursubdomain.yourdomain.yourextension
can be OK
yourdomain.yourextension.yourdomain.yourextension
not.
Check also the hostname and try to resolve using
dig hostname.domain
add a comment |
Probably is a resolver problem
Check /etc/resolv.conf on both sides
yourdomain.yourextension
or
yoursubdomain.yourdomain.yourextension
can be OK
yourdomain.yourextension.yourdomain.yourextension
not.
Check also the hostname and try to resolve using
dig hostname.domain
add a comment |
Probably is a resolver problem
Check /etc/resolv.conf on both sides
yourdomain.yourextension
or
yoursubdomain.yourdomain.yourextension
can be OK
yourdomain.yourextension.yourdomain.yourextension
not.
Check also the hostname and try to resolve using
dig hostname.domain
Probably is a resolver problem
Check /etc/resolv.conf on both sides
yourdomain.yourextension
or
yoursubdomain.yourdomain.yourextension
can be OK
yourdomain.yourextension.yourdomain.yourextension
not.
Check also the hostname and try to resolve using
dig hostname.domain
answered Nov 10 '16 at 6:56
elbarnaelbarna
4,145123684
4,145123684
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f322203%2fattempting-to-connect-ssh-to-a-machine-using-a-domain%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Is
username@domain.local
an Active Directory account? Did the server previously promptusername@domain.local's password
? Did you previously have to log on to that server asusername
rather thanusername@domain.local
?– roaima
Nov 10 '16 at 9:27
Yes it is an ad account. Yes and no.
– Matthew Goulart
Nov 10 '16 at 13:03