[Samba] Member server guide broken

Marc Muehlfeld mmuehlfeld at samba.org
Wed Aug 20 10:51:48 MDT 2014 

Am 15.08.2014 14:28, schrieb Ryan Ashley:
> Again, I am using 4.1.11 and since I see 4.2 is stable,

4.2 isn't stable! It's still a development version!
You should not use a development version in production.




> Why does everybody here always assume the new guy is wromg?

But you are, if you're saying that the default of '--with-pam default'
is 'no'!

Have you read my reply to one of your previous posts in this thread
(Attached below again. Please read it. I spend some time to revalidate
the HowTo for you!). There's the proof. :-)




> https://wiki.samba.org/index.php/Build-time_configuration_options#--with-pam

Have you seen, when this page was last time edited?
03:55, 17 March 2006

It is much more than outdated! We should remove this page.





> Do I preally have to start putting videos on YouTube to prove this to
> you people?

I think it would be worth. Otherwise it seems we never find out what you
are doing different than we're saying in the Member HowTo which works
for all others here. Maybe something on your system is really different
and this isn't mentioned there.






-------- Original-Nachricht --------
Betreff: Re: [Samba] Member server guide broken
Datum: Fri, 15 Aug 2014 12:36:34 +0200
Von: Marc Muehlfeld <mmuehlfeld at samba.org>
An: admin at reachtechfp.com, samba at lists.samba.org

Am 15.08.2014 05:26, schrieb Ryan Ashley:
> The guide for PAM fails because, as can be seen on the build-time
> parameters page, PAM IS NOT BUILT BY DEFAULT.

Where did you read that?

At least 'configure' tells me on 4.1.8, that _it is_ enabled by default:

# ./configure --help | grep pam
  --with-pam
            Build with pam support (default=yes)
  --with-pam_smbpass
            Build with pam_smbpass support (default=yes)




> Now, couple that with the
> guide only showing "--with-ads" and "--with-shared-modules=idmap_ad",
> and you do not get PAM. As soon as I figured out PAM wasn't being built
> and I built it, I could login after making those changes to my PAM
> files. So i will say it again, THE MEMBER SERVER GUIDE IS BROKEN. Now I
> have the proof. Next time PLEASE try seeing something from the other
> person's perspective BEFORE chewing them out.
>
> To summarize:
> PAM modules are not built by default

I revalidated the HowTo with 4.1.8 and I don't see any problem!





I setup a new Member on RHEL 6.5, according to the HowTo:

# ./configure --with-ads --with-shared-modules=idmap_ad
# make
# make install


After that, smbd already shows, that it was build with PAM support:
# smbd -b | grep WITH_PAM
   WITH_PAM
   WITH_PAM_MODULES





Then I configured PAM manually (not via the Red Hat tools), like
described in the HowTo
(https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server#Setting_up_PAM_authentication),
and ssh using a Domain user works without any problem

# ssh demo at M1
demo at m1's password:
Last login: Fri Aug 15 12:22:45 2014 from m1.samdom.example.com
[demo at M1 ~]$





I don't see any problem with the HowTo.


If you still think, there's something wrong, then please give more
details than just saying, that "the guide is broken":
- Samba version
- All 'configure' parameters used
- Link to the HowTo you followed
- Output of 'smbd -b | grep WITH_PAM'
- etc.

More information about the samba mailing list