[Samba] Member server guide broken

Ryan Ashley ryana at reachtechfp.com
Fri Aug 15 06:28:47 MDT 2014


Again, I am using 4.1.11 and since I see 4.2 is stable, I may switch and see if it helps. Here is the proof you requested. Why does everybody here always assume the new guy is wromg? Seriously, adding that parameter fixed the PAM login issue! Do I preally have to start putting videos on YouTube to prove this to you people?


https://wiki.samba.org/index.php/Build-time_configuration_options#--with-pam

Sent from my Verizon Wireless 4G LTE smartphone

<div>-------- Original message --------</div><div>From: Marc Muehlfeld <mmuehlfeld at samba.org> </div><div>Date:2014/08/15  06:36  (GMT-05:00) </div><div>To: admin at reachtechfp.com,samba at lists.samba.org </div><div>Subject: Re: [Samba] Member server guide broken </div><div>
</div>Am 15.08.2014 05:26, schrieb Ryan Ashley:
> The guide for PAM fails because, as can be seen on the build-time
> parameters page, PAM IS NOT BUILT BY DEFAULT.

Where did you read that?

At least 'configure' tells me on 4.1.8, that _it is_ enabled by default:

# ./configure --help | grep pam
  --with-pam
            Build with pam support (default=yes)
  --with-pam_smbpass
            Build with pam_smbpass support (default=yes)




> Now, couple that with the
> guide only showing "--with-ads" and "--with-shared-modules=idmap_ad",
> and you do not get PAM. As soon as I figured out PAM wasn't being built
> and I built it, I could login after making those changes to my PAM
> files. So i will say it again, THE MEMBER SERVER GUIDE IS BROKEN. Now I
> have the proof. Next time PLEASE try seeing something from the other
> person's perspective BEFORE chewing them out.
> 
> To summarize:
> PAM modules are not built by default

I revalidated the HowTo with 4.1.8 and I don't see any problem!





I setup a new Member on RHEL 6.5, according to the HowTo:

# ./configure --with-ads --with-shared-modules=idmap_ad
# make
# make install


After that, smbd already shows, that it was build with PAM support:
# smbd -b | grep WITH_PAM
   WITH_PAM
   WITH_PAM_MODULES





Then I configured PAM manually (not via the Red Hat tools), like
described in the HowTo
(https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server#Setting_up_PAM_authentication),
and ssh using a Domain user works without any problem

# ssh demo at M1
demo at m1's password:
Last login: Fri Aug 15 12:22:45 2014 from m1.samdom.example.com
[demo at M1 ~]$





I don't see any problem with the HowTo.


If you still think, there's something wrong, then please give more
details than just saying, that "the guide is broken":
- Samba version
- All 'configure' parameters used
- Link to the HowTo you followed
- Output of 'smbd -b | grep WITH_PAM'
- etc.



Regards,
Marc
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list