[Samba] pam doesn't work.

Rowland penny rpenny at samba.org
Sun Mar 8 08:14:38 UTC 2020 

On 08/03/2020 02:13, Edson Wolf wrote:
> Em 2020-03-02 06:46, Rowland penny via samba escreveu:
>> On 02/03/2020 09:54, Edson Wolf via samba wrote:
>>> pam doesn't work.
>>>
>>> Samba Version 4.12.0rc4
> Samba version: 4.12.0
> Build environment:
> Paths:
>    BINDIR: /opt/samba4/bin

If you didn't set '--prefix' on the 'configure' line why has Samba ended 
up in '/opt/samba' ??

if you run './configure --help', amongst the output is this:

   Installation prefix:
     By default, "waf install" will put the files in "/usr/local/bin", 
"/usr/local/lib" etc. An installation prefix other than "/usr/local" can 
be given using "--prefix", for example "--
     prefix=$HOME"

     --prefix=PREFIX
             installation prefix [default: '/usr/local/samba']

> ln -s /op/samba/lib/libnss_winbind.so.2 /lib64/
>>> ln -s /lib64/libnss_winbind.so.2 /lib64/libnss_winbind.so
>>> ldconfig
>>
>> You missed one:
>>
>> ln -s /opt/samba4/lib/security/pam_winbind.so /lib64/security/
>>
>> Is 'ln -s /op/samba/' a typo ?
>>
> cp /opt/samba4/lib/security/pam_winbind.so /lib64/security/
>
> cp  /opt/samba4/lib/libnss_winbind.so.2 /lib64/
> cp  /opt/samba4/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so
You should create symlinks, this will save you having to copy the files 
again if/when you upgrade Samba.
>
> ldconfig -v|grep pam
>     libpamc.so.0 -> libpamc.so.0.82.1
>     libpam_misc.so.0 -> libpam_misc.so.0.82.1
>     libpam.so.0 -> libpam.so.0.84.2
>
> pam_winbind == NO OK
I wouldn't worry about that, it doesn't work on my DC, yet 'getent' 
produces output.
>
> wnetin:/build/samba-4.12.0 # getent group "WNETINFO\\Domain Users"
> wnetin:/build/samba-4.12.0 #
> wnetin:/build/samba-4.12.0 # It shows nothing
>
> wnetin:/build/samba-4.12.0 # getent passwd "WNETINFO\\edson"
> wnetin:/build/samba-4.12.0 # It shows nothing

This is very strange, does 'wbinfo -i edson' produce output and does ' 
wbinfo --group-info=Domain\ Users' produce output ?

> getent passwd
> root:x:0:0:root:/root:/bin/bash
> ...................................
> dnsmasq:x:496:65533:dnsmasq:/var/lib/empty:/bin/false
You shouldn't run dnsmasq on a DC, only one dns server.
> nscd:x:477:478:User for nscd:/run/nscd:/sbin/nologin
Winbind has its own cache, remove nscd
> ldap:x:76:70:User for OpenLDAP:/var/lib/ldap:/bin/false
Is ldap running on the DC ? If so, stop it immediately, you cannot run 
an ldap server on a Samba DC, it interferes with DC's ldap.

Rowland

More information about the samba mailing list