[Samba] Member server guide broken

L.P.H. van Belle belle at bazuin.nl
Wed Aug 20 04:00:49 MDT 2014 

hmm samba member guide broken? I think not. 
All my script are someway a copy of the wiki instructions. 

and besides... 
You have a few options to install Samba: 
Build Samba by yourself. ... you needed to configure by yourself. 
or you need to check your OS Build specs..

like this.. 

Ubuntu 14.04 samba 4.0.6 version 
 smbd -b | grep PAM
   HAVE_SECURITY_PAM_APPL_H
   HAVE_SECURITY_PAM_EXT_H
   HAVE_SECURITY_PAM_MODULES_H
   HAVE_SECURITY__PAM_MACROS_H
   HAVE_LIBPAM
   HAVE_PAM_GET_DATA
   HAVE_PAM_RADIO_TYPE
   HAVE_PAM_RHOST
   HAVE_PAM_START
   HAVE_PAM_TTY
   HAVE_PAM_VSYSLOG
   WITH_PAM
   WITH_PAM_MODULES
 

debian wheezy with sernet-samba 4.1.11 
smbd -b | grep PAM
   HAVE_SECURITY_PAM_APPL_H
   HAVE_SECURITY_PAM_EXT_H
   HAVE_SECURITY_PAM_MODULES_H
   HAVE_SECURITY__PAM_MACROS_H
   HAVE_LIBPAM
   HAVE_PAM_GET_DATA
   HAVE_PAM_RADIO_TYPE
   HAVE_PAM_RHOST
   HAVE_PAM_START
   HAVE_PAM_TTY
   HAVE_PAM_VSYSLOG
   WITH_PAM
   WITH_PAM_MODULES

Debian wheezy with samba 4.0.9 from backports 
smbd -b | grep PAM
   HAVE_SECURITY_PAM_APPL_H
   HAVE_SECURITY_PAM_EXT_H
   HAVE_SECURITY_PAM_MODULES_H
   HAVE_SECURITY__PAM_MACROS_H
   HAVE_LIBPAM
   HAVE_PAM_GET_DATA
   HAVE_PAM_RADIO_TYPE
   HAVE_PAM_RHOST
   HAVE_PAM_START
   HAVE_PAM_TTY
   HAVE_PAM_VSYSLOG
   WITH_PAM
   WITH_PAM_MODULES


all with PAM enabled ... 
so maybe something went wrong with your configure.

Greetz, 

Louis


>-----Oorspronkelijk bericht-----
>Van: ryana at reachtechfp.com 
>[mailto:samba-bounces at lists.samba.org] Namens Ryan Ashley
>Verzonden: vrijdag 15 augustus 2014 14:29
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Member server guide broken
>
>Again, I am using 4.1.11 and since I see 4.2 is stable, I may 
>switch and see if it helps. Here is the proof you requested. 
>Why does everybody here always assume the new guy is wromg? 
>Seriously, adding that parameter fixed the PAM login issue! Do 
>I preally have to start putting videos on YouTube to prove 
>this to you people?
>
>
>https://wiki.samba.org/index.php/Build-time_configuration_optio
>ns#--with-pam
>
>Sent from my Verizon Wireless 4G LTE smartphone
>
><div>-------- Original message --------</div><div>From: Marc 
>Muehlfeld <mmuehlfeld at samba.org> </div><div>Date:2014/08/15  
>06:36  (GMT-05:00) </div><div>To: 
>admin at reachtechfp.com,samba at lists.samba.org 
></div><div>Subject: Re: [Samba] Member server guide broken </div><div>
></div>Am 15.08.2014 05:26, schrieb Ryan Ashley:
>> The guide for PAM fails because, as can be seen on the build-time
>> parameters page, PAM IS NOT BUILT BY DEFAULT.
>
>Where did you read that?
>
>At least 'configure' tells me on 4.1.8, that _it is_ enabled 
>by default:
>
># ./configure --help | grep pam
>  --with-pam
>            Build with pam support (default=yes)
>  --with-pam_smbpass
>            Build with pam_smbpass support (default=yes)
>
>
>
>
>> Now, couple that with the
>> guide only showing "--with-ads" and "--with-shared-modules=idmap_ad",
>> and you do not get PAM. As soon as I figured out PAM wasn't 
>being built
>> and I built it, I could login after making those changes to my PAM
>> files. So i will say it again, THE MEMBER SERVER GUIDE IS 
>BROKEN. Now I
>> have the proof. Next time PLEASE try seeing something from the other
>> person's perspective BEFORE chewing them out.
>> 
>> To summarize:
>> PAM modules are not built by default
>
>I revalidated the HowTo with 4.1.8 and I don't see any problem!
>
>
>
>
>
>I setup a new Member on RHEL 6.5, according to the HowTo:
>
># ./configure --with-ads --with-shared-modules=idmap_ad
># make
># make install
>
>
>After that, smbd already shows, that it was build with PAM support:
># smbd -b | grep WITH_PAM
>   WITH_PAM
>   WITH_PAM_MODULES
>
>
>
>
>
>Then I configured PAM manually (not via the Red Hat tools), like
>described in the HowTo
>(https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Serve
>r#Setting_up_PAM_authentication),
>and ssh using a Domain user works without any problem
>
># ssh demo at M1
>demo at m1's password:
>Last login: Fri Aug 15 12:22:45 2014 from m1.samdom.example.com
>[demo at M1 ~]$
>
>
>
>
>
>I don't see any problem with the HowTo.
>
>
>If you still think, there's something wrong, then please give more
>details than just saying, that "the guide is broken":
>- Samba version
>- All 'configure' parameters used
>- Link to the HowTo you followed
>- Output of 'smbd -b | grep WITH_PAM'
>- etc.
>
>
>
>Regards,
>Marc
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list