SSH With Domain Account

Status
Not open for further replies.
F

Fabio Rodrigues

Dabbler
Joined
Oct 20, 2016
Messages
40
Hello,

My FreeNAS is in the domain (at least in the UI) but I would like to know if it is possible to SSH to the FreeNAS server with a domain account.

Thanks.
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
Should be. Public key authentication might require more setup that defeats the whole domain idea, but password authentication should work.
 
F

Fabio Rodrigues

Dabbler
Joined
Oct 20, 2016
Messages
40
Ericloewe said:
Should be. Public key authentication might require more setup that defeats the whole domain idea, but password authentication should work.
Click to expand...
Thanks. Should I configure anything in the UI or in a config file to be able to login with a domain account? I'm getting "Access denied" error message.
 
Last edited:
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
Maybe SSH access is disabled.
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
Fabio Rodrigues said:
It is not, the service is running, I just unchecked "Login as root with password" option.
Click to expand...
I meant the users. I think I remember SSH access being an option in the user configuration. You'll have to set it to activated, if I'm right. If you need to do so for more than a handful of users, you'll want to automate it with the FreeNAS API.
 
F

Fabio Rodrigues

Dabbler
Joined
Oct 20, 2016
Messages
40
Ericloewe said:
I meant the users. I think I remember SSH access being an option in the user configuration. You'll have to set it to activated, if I'm right. If you need to do so for more than a handful of users, you'll want to automate it with the FreeNAS API.
Click to expand...
But the users listed in the "User" configuration are all local users, not domain users.
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
Try checking the box "Use Default Domain" under "Directory Service" -> "Active Directory". Then try SSHing in using your username. I.e., if the domain username is "FOO\bob", then ssh bob@ip.of.server
 
F

Fabio Rodrigues

Dabbler
Joined
Oct 20, 2016
Messages
40
anodos said:
Try checking the box "Use Default Domain" under "Directory Service" -> "Active Directory". Then try SSHing in using your username. I.e., if the domain username is "FOO\bob", then ssh bob@ip.of.server
Click to expand...
Great, it works! Now if I want to restrict SSH to some domain users or groups only, what should I do?
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
Fabio Rodrigues said:
Great, it works! Now if I want to restrict SSH to some domain users or groups only, what should I do?
Click to expand...

Go to "services" -> "SSH" and add the following line under "Extra Options"
Code:
AllowUsers bob larry
AllowGroups Domain\ Admins Stooges

Where "bob" and "larry" are users, and "Domain Admins" and "Stooges" are groups.
 
F

Fabio Rodrigues

Dabbler
Joined
Oct 20, 2016
Messages
40
anodos said:
Go to "services" -> "SSH" and add the following line under "Extra Options"
Code:
AllowUsers bob larry
AllowGroups Domain\ Admins Stooges

Where "bob" and "larry" are users, and "Domain Admins" and "Stooges" are groups.
Click to expand...
Perfect, thanks a lot!
 
F

Fabio Rodrigues

Dabbler
Joined
Oct 20, 2016
Messages
40
anodos said:
Go to "services" -> "SSH" and add the following line under "Extra Options"
Code:
AllowUsers bob larry
AllowGroups Domain\ Admins Stooges

Where "bob" and "larry" are users, and "Domain Admins" and "Stooges" are groups.
Click to expand...
I'm trying to allow two groups, "Domain Admins" and "Linux Admins". Is it correct?

AllowGroups Domain^Admins Linux^Admins

Or should be:

AllowGroups Domain\ Admins Linux\ Admins
 
F

Fabio Rodrigues

Dabbler
Joined
Oct 20, 2016
Messages
40
anodos said:
AllowGroups "Domain Admins" "Linux Admins"

I can't ever remember the syntax for handling spaces in config files.
Click to expand...
Still failing... I tried:

AllowGroups Linux\ Admins
AllowGroups "Linux Admins"
AllowGroups Linux^Admins

I restarted the SSH service and also rebooted the server, no success.
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
Fabio Rodrigues said:
Still failing... I tried:

AllowGroups Linux\ Admins
AllowGroups "Linux Admins"
AllowGroups Linux^Admins

I restarted the SSH service and also rebooted the server, no success.
Click to expand...
Try creating an AD group that does not have a space, then test authentication. For instance "LinuxAdmins" instead of "Linux Admins".
 
Status
Not open for further replies.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "SSH With Domain Account"

Unfortunately, no related topics are found on the New Community Forums.

Similar threads

finsfree
  • Locked
Using SSH with Active Directory Restrictions
Replies
2
Views
1K
anodos
anodos
L
  • Locked
SOLVED SMB Service + Domain Controller
Replies
1
Views
2K
level20peon
L
berrick
  • Locked
SSH Custom folder, active directory user
Replies
8
Views
2K
berrick
berrick
J
How to configure a domain controller (active directory)
Replies
6
Views
11K
anodos
anodos
A
  • Locked
How to set as domain controller on freenas 9.2.1?
Replies
1
Views
2K
Yatti420
Yatti420
Top