[Samba] Member server guide broken

[Marc Muehlfeld]

Am 15.08.2014 05:26, schrieb Ryan Ashley:
> The guide for PAM fails because, as can be seen on the build-time
> parameters page, PAM IS NOT BUILT BY DEFAULT.

Where did you read that?

At least 'configure' tells me on 4.1.8, that _it is_ enabled by default:

# ./configure --help | grep pam
  --with-pam
            Build with pam support (default=yes)
  --with-pam_smbpass
            Build with pam_smbpass support (default=yes)




> Now, couple that with the
> guide only showing "--with-ads" and "--with-shared-modules=idmap_ad",
> and you do not get PAM. As soon as I figured out PAM wasn't being built
> and I built it, I could login after making those changes to my PAM
> files. So i will say it again, THE MEMBER SERVER GUIDE IS BROKEN. Now I
> have the proof. Next time PLEASE try seeing something from the other
> person's perspective BEFORE chewing them out.
> 
> To summarize:
> PAM modules are not built by default

I revalidated the HowTo with 4.1.8 and I don't see any problem!





I setup a new Member on RHEL 6.5, according to the HowTo:

# ./configure --with-ads --with-shared-modules=idmap_ad
# make
# make install


After that, smbd already shows, that it was build with PAM support:
# smbd -b | grep WITH_PAM
   WITH_PAM
   WITH_PAM_MODULES





Then I configured PAM manually (not via the Red Hat tools), like
described in the HowTo
(https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server#Setting_up_PAM_authentication),
and ssh using a Domain user works without any problem

# ssh demo at M1
demo at m1's password:
Last login: Fri Aug 15 12:22:45 2014 from m1.samdom.example.com
[demo at M1 ~]$





I don't see any problem with the HowTo.


If you still think, there's something wrong, then please give more
details than just saying, that "the guide is broken":
- Samba version
- All 'configure' parameters used
- Link to the HowTo you followed
- Output of 'smbd -b | grep WITH_PAM'
- etc.



Regards,
Marc