[Samba] pam doesn't work.

Rowland penny rpenny at samba.org
Mon Mar 2 10:46:30 UTC 2020 

On 02/03/2020 09:54, Edson Wolf via samba wrote:
> pam doesn't work.
>
> Samba Version 4.12.0rc4
>
> openSUSE Leap 15.2
>
> ./configure --with-ads --systemd-install-services
> --with-shared-modules=idmap_ad --enable-debug --enable-selftest
> --with-systemd
If that was your configure line, why did Samba end up in /opt/samba4 and 
not in the default /usr/local/samba ?
> # Global parameters
> [global]
>          dns forwarder = 172.16.0.1
>          netbios name = WNETIN
>          realm = WNETINFO.LAN
>          server role = active directory domain controller
>          workgroup = WNETINFO
>          idmap_ldb:use rfc2307 = yes
>
> ###Winbind
>          template shell = /bin/bash
>          template homedir = /home/%U
>          winbind use default domain = true
>          winbind offline logon = false
>          winbind nss info = rfc2307
>          winbind enum users = yes
>          winbind enum groups = yes
Remove the winbind lines, they do nothing on a DC or just slow things 
down. You can temporarily leave the last two until you are sure 
everything works, then remove them.
> passwd: compat winbind
> group:  compat winbind
> shadow: compat
> hosts:          files mdns_minimal [NOTFOUND=return] dns

Try it like this:

hosts: files dns

> ln -s /op/samba/lib/libnss_winbind.so.2 /lib64/
> ln -s /lib64/libnss_winbind.so.2 /lib64/libnss_winbind.so
> ldconfig

You missed one:

ln -s /opt/samba4/lib/security/pam_winbind.so /lib64/security/

Is 'ln -s /op/samba/' a typo ?

>
> Tests
>
>
> wnetin:~ # getent group "WNETINFO\\Domain Users"
> wnetin:~ # getent passwd "WNETINFO\\user"
No, either "WNETINFO\Domain Users" or WBNETINFO\\Domain\ Users
> wnetin:~ # getent passwd
> root:x:0:0:root:/root:/bin/bash
> ......
> WNETINFO\administrator:*:0:100::/home/administrator:/bin/bash
> WNETINFO\guest:*:3000012:100::/home/guest:/bin/bash
> WNETINFO\krbtgt:*:3000018:100::/home/krbtgt:/bin/bash
> WNETINFO\jose:*:3000019:100::/home/jose:/bin/bash
> WNETINFO\user:*:3000021:100::/home/user:/bin/bash
Am I missing something here, that shows that getent works.
> wnetin:~ # getent group
> root:x:0:
> .......
> BUILTIN\administrators:x:3000000:
> BUILTIN\users:x:3000009:
> BUILTIN\guests:x:3000011:
Again, it works
> wnetin:~ # id user
>   id: "user": usuário inexistente
How did you create the user 'user'

Rowland

More information about the samba mailing list