[Samba] Member server guide broken

Ryan Ashley ryana at reachtechfp.com
Wed Aug 20 08:50:24 MDT 2014 

Yeah I already solved this also. I had to use "--with-pam" and it added 
PAM support. I never enabled it in the PAM files though. The file-server 
works flawlessly without it now that the permissions on the directory 
above the share are correct. In fact PAM is only enabled on my Linux 
workstations. It has never been enabled on any server, though they work 
fine.

On 08/20/2014 06:00 AM, L.P.H. van Belle wrote:
> hmm samba member guide broken? I think not.
> All my script are someway a copy of the wiki instructions.
>
> and besides...
> You have a few options to install Samba:
> Build Samba by yourself. ... you needed to configure by yourself.
> or you need to check your OS Build specs..
>
> like this..
>
> Ubuntu 14.04 samba 4.0.6 version
>   smbd -b | grep PAM
>     HAVE_SECURITY_PAM_APPL_H
>     HAVE_SECURITY_PAM_EXT_H
>     HAVE_SECURITY_PAM_MODULES_H
>     HAVE_SECURITY__PAM_MACROS_H
>     HAVE_LIBPAM
>     HAVE_PAM_GET_DATA
>     HAVE_PAM_RADIO_TYPE
>     HAVE_PAM_RHOST
>     HAVE_PAM_START
>     HAVE_PAM_TTY
>     HAVE_PAM_VSYSLOG
>     WITH_PAM
>     WITH_PAM_MODULES
>   
>
> debian wheezy with sernet-samba 4.1.11
> smbd -b | grep PAM
>     HAVE_SECURITY_PAM_APPL_H
>     HAVE_SECURITY_PAM_EXT_H
>     HAVE_SECURITY_PAM_MODULES_H
>     HAVE_SECURITY__PAM_MACROS_H
>     HAVE_LIBPAM
>     HAVE_PAM_GET_DATA
>     HAVE_PAM_RADIO_TYPE
>     HAVE_PAM_RHOST
>     HAVE_PAM_START
>     HAVE_PAM_TTY
>     HAVE_PAM_VSYSLOG
>     WITH_PAM
>     WITH_PAM_MODULES
>
> Debian wheezy with samba 4.0.9 from backports
> smbd -b | grep PAM
>     HAVE_SECURITY_PAM_APPL_H
>     HAVE_SECURITY_PAM_EXT_H
>     HAVE_SECURITY_PAM_MODULES_H
>     HAVE_SECURITY__PAM_MACROS_H
>     HAVE_LIBPAM
>     HAVE_PAM_GET_DATA
>     HAVE_PAM_RADIO_TYPE
>     HAVE_PAM_RHOST
>     HAVE_PAM_START
>     HAVE_PAM_TTY
>     HAVE_PAM_VSYSLOG
>     WITH_PAM
>     WITH_PAM_MODULES
>
>
> all with PAM enabled ...
> so maybe something went wrong with your configure.
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: ryana at reachtechfp.com
>> [mailto:samba-bounces at lists.samba.org] Namens Ryan Ashley
>> Verzonden: vrijdag 15 augustus 2014 14:29
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Member server guide broken
>>
>> Again, I am using 4.1.11 and since I see 4.2 is stable, I may
>> switch and see if it helps. Here is the proof you requested.
>> Why does everybody here always assume the new guy is wromg?
>> Seriously, adding that parameter fixed the PAM login issue! Do
>> I preally have to start putting videos on YouTube to prove
>> this to you people?
>>
>>
>> https://wiki.samba.org/index.php/Build-time_configuration_optio
>> ns#--with-pam
>>
>> Sent from my Verizon Wireless 4G LTE smartphone
>>
>> <div>-------- Original message --------</div><div>From: Marc
>> Muehlfeld <mmuehlfeld at samba.org> </div><div>Date:2014/08/15
>> 06:36  (GMT-05:00) </div><div>To:
>> admin at reachtechfp.com,samba at lists.samba.org
>> </div><div>Subject: Re: [Samba] Member server guide broken </div><div>
>> </div>Am 15.08.2014 05:26, schrieb Ryan Ashley:
>>> The guide for PAM fails because, as can be seen on the build-time
>>> parameters page, PAM IS NOT BUILT BY DEFAULT.
>> Where did you read that?
>>
>> At least 'configure' tells me on 4.1.8, that _it is_ enabled
>> by default:
>>
>> # ./configure --help | grep pam
>>   --with-pam
>>             Build with pam support (default=yes)
>>   --with-pam_smbpass
>>             Build with pam_smbpass support (default=yes)
>>
>>
>>
>>
>>> Now, couple that with the
>>> guide only showing "--with-ads" and "--with-shared-modules=idmap_ad",
>>> and you do not get PAM. As soon as I figured out PAM wasn't
>> being built
>>> and I built it, I could login after making those changes to my PAM
>>> files. So i will say it again, THE MEMBER SERVER GUIDE IS
>> BROKEN. Now I
>>> have the proof. Next time PLEASE try seeing something from the other
>>> person's perspective BEFORE chewing them out.
>>>
>>> To summarize:
>>> PAM modules are not built by default
>> I revalidated the HowTo with 4.1.8 and I don't see any problem!
>>
>>
>>
>>
>>
>> I setup a new Member on RHEL 6.5, according to the HowTo:
>>
>> # ./configure --with-ads --with-shared-modules=idmap_ad
>> # make
>> # make install
>>
>>
>> After that, smbd already shows, that it was build with PAM support:
>> # smbd -b | grep WITH_PAM
>>    WITH_PAM
>>    WITH_PAM_MODULES
>>
>>
>>
>>
>>
>> Then I configured PAM manually (not via the Red Hat tools), like
>> described in the HowTo
>> (https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Serve
>> r#Setting_up_PAM_authentication),
>> and ssh using a Domain user works without any problem
>>
>> # ssh demo at M1
>> demo at m1's password:
>> Last login: Fri Aug 15 12:22:45 2014 from m1.samdom.example.com
>> [demo at M1 ~]$
>>
>>
>>
>>
>>
>> I don't see any problem with the HowTo.
>>
>>
>> If you still think, there's something wrong, then please give more
>> details than just saying, that "the guide is broken":
>> - Samba version
>> - All 'configure' parameters used
>> - Link to the HowTo you followed
>> - Output of 'smbd -b | grep WITH_PAM'
>> - etc.
>>
>>
>>
>> Regards,
>> Marc
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>

More information about the samba mailing list