[Samba] FW: Samba4 + Winbind + PAM Installation/Configuration

Andreas Krupp andreaskrupp at akrupp.ch
Thu Aug 15 11:05:42 MDT 2013 

Hello,

The steps so far worked:
1) get all of pam installed via "yum install pam*"
2) Then recompile samba with "./configure.developer" followed by "make" and
"make install"
3) Restarted Samba... and great stuff, my domain controller, settings and
users are still there! This is awesome by the way!
4) linked the pam_winbind.so with " ln -s
/usr/local/samba/lib/security/pam_winbind.so /lib/security"
5) Edited /etc/pam.d/system-auth and added the entries as described in the
wiki (http://wiki.samba.org/index.php/Samba4/Winbind)

All the tests but 1 are fine:
Wbinfo -p (Ok)
Wbinfo -u (Ok)
Getent passwd (Ok)
Id [User] (Ok)
Ssh [user]@localhost (Fails) --> Permission denied, please try again

I tried with the Administrator Account and a normal user account, both fail
in the same way.

Any ideas?
Cheers & thx,
Andreas

-----Original Message-----
From: Andreas Krupp [mailto:andreaskrupp at akrupp.ch] 
Sent: jeudi 15 août 2013 14:53
To: 'mueller at tropenklinik.de'
Subject: RE: [Samba] Samba4 + Winbind + PAM Installation/Configuration

Ok I will try that.
Just as a possibly "important" follow up question:
If I run ./configure.developer, then make and make install ... is my current
samba & domain configuration kept or will I have to start setting up the
domain from scratch?

Cheers & thx,
Andreas


-----Original Message-----
From: Daniel Müller [mailto:mueller at tropenklinik.de]
Sent: jeudi 15 août 2013 14:39
To: 'Andreas Krupp'
Subject: AW: [Samba] Samba4 + Winbind + PAM Installation/Configuration

Yes it is pam-devel. To be shure install with yum install pam* to get all
pam packages.
./configure.developer will try all possibilities. It is important to have
all packages installed before compiling.

-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------

-----Ursprüngliche Nachricht-----
Von: Andreas Krupp [mailto:andreaskrupp at akrupp.ch]
Gesendet: Donnerstag, 15. August 2013 14:18
An: mueller at tropenklinik.de; 'samba'
Betreff: RE: [Samba] Samba4 + Winbind + PAM Installation/Configuration

Hello Daniel,

Thx a lot for the quick reply.
Actually I did all these steps already and the tests that you proposed and
that are documented on the wiki are working fine.
http://wiki.samba.org/index.php/Samba4/Winbind

It is the next section "Using pam_winbind" that I cannot get to work.
My goal is that I can log on to the linux box with an AD Account, or run a
service with an AD account or connect via SSH with an AD account.

So where I am stuck is:
-> I do not know which pam files to edit under CentOS and it seems that 
-> I do not have "pam_winbind.so" installed/compiled with
Samba4.1rc2

On the wiki it says:
"Ensure that you built Samba 4 with libpam0g-dev installed on your system.
If not, install the PAM development libraries and re-compile Samba 4 from
the ./configure.developer stage. Install pam_winbind.so in the usual place:"
... and I cannot make much sense out of that.
Is pam-devel = libpam0g-dev?

Would you know the difference between "./configure" and
"./configure.developer"?

Cheers & thx,
Andreas


-----Original Message-----
From: Daniel Müller [mailto:mueller at tropenklinik.de]
Sent: jeudi 15 août 2013 11:35
To: andreaskrupp at akrupp.ch; 'samba'
Subject: AW: [Samba] Samba4 + Winbind + PAM Installation/Configuration

Just install pam and pam-devel
And:
/etc/nsswitch.conf:
passwd:     files winbind 
shadow:     files
group:      files winbind

And:
ln -s  /usr/local/samba/lib/libnss_winbind.so.2  /lib64/libnss_winbind.so ln
-s /lib64/libnss_winbind.so  /lib64/libnss_winbind.so.2

Test now:
[root at s4master lib]# ldconfig -v | grep winbind
ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-358.11.1.el6.x86_64.conf:6:
duplicate hwcap 1 nosegneg
        libnss_winbind.so -> libnss_winbind.so.2
        libnss_winbind.so -> libnss_winbind.so.2 and it should work with
getent group and getenet passwd

-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Andreas Krupp
Gesendet: Donnerstag, 15. August 2013 11:15
An: samba
Betreff: [Samba] Samba4 + Winbind + PAM Installation/Configuration


Hello,  
  
Now that I have my Samba4 DC running great on CentOS6.4 I was wondering if
somebody could help understand better how to install and configure Samba4
with winbind and PAM.  
  
I used the tutorial here:  
[http://wiki.samba.org/index.php/Samba4/Winbind](http://wiki.samba.org/index
.php/Samba4/Winbind)  
  
This got me through to the point where "Using pam_winbind" starts.  
Could anybody help me understand how to do these steps + compile samba4 with
pam_winbind on CentOS 6.4? I am more than willing to update the wiki page
after that ;-)  
  
My questions in detail are:  
- How do I compile/install Samba4 with pam_winbind support and which
prerequisits do I need to install with yum before doing that?  
- Which pam configuration files do I have to change on CentOS6.4?  
  
Cheers & thx,
Andreas
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list