SSH winbind Active Directory logon

Hi all,

This is my first post on the forum so plz do not shoot me if I break some rules.
I have a question.

I have configured a new samba server and also AD authentication.
Everything works how it should be.

There is a tiny little issue when logging on to the server itself (SSH).
Logging on works but only with userid@domain.local and not when using

I have searched a lot but i cannot find a solution.
Ow and by the way, the Active Directory authentication is based on winbind and not sssd because of samba.

So does anyone know how to remedy this?

Best regards and much appreciated,

Hi bassie,

I have almost non-existent experience with AD, so take my words with a grain of salt.

What’s the output when you ssh -vv

From what you describe, it looks like that your system can resolve @domain.local because there is some kind of local-network DNS server running somewhere, but it is unable to either resolve, or there’s nothing listening to default port 22 on that domain.



Thanks for your reply.
Executing the command will try to attempt a connection to the public address.

The Active directory domain is setup with the fqdn domain dot local but most users have a different upn, userid@domain dot com.
I would like the authentication to work when logging on with the domain dot com upn for the user.

From windows machines, logged in with, using samba to the same linux server it works.
But logging on locally it only works with userID@domain.local

I was searching if something needs to be done in the realmd dot conf or winbind but no luck there.
Perhaps there are more ideas, I am really not that good with linux

Sorry for all the dots but since i am a new server i am not allowed to add links… fqdn names…

more than two links so i see :slight_smile:
anyway, thanks for your reply, was much appreciated!!

Happy new year everyone

This is a huge mistake as the .local domain is reserved for mDNS.

1 Like

lol that sucks
Never thought of it, just read about it
Going to be a lot of work to adjust this
Thanks for mentioning it