[Samba] build from source, missing pam integration
Rowland Penny
rpenny at samba.org
Sat Oct 22 20:52:08 UTC 2022
On 22/10/2022 21:33, Peter Carlson via samba wrote:
>
> On 10/22/22 13:26, Michael Tokarev via samba wrote:
>> 22.10.2022 23:08, Peter Carlson via samba wrote:
>> ..
>>> No Option to activate AD pam integration with pam-auth-update, and of
>>> course ssh gives auth failure
>>> PAM profiles to enable:
>>> │ [*] Unix authentication
>>> │ [*] Register user sessions in the systemd control group hierarchy
>>> │ [*] Create home directory on login
>>> │ [*] Inheritable Capabilities Management
>>
>> This is a separate utility to _manage_ pam configs. You can
>> add pam_winbind to your system pam configs manually. Alternatively,
>> here's an example of how it's done in Debian:
>>
>> https://salsa.debian.org/samba-team/samba/-/blob/master/debian/winbind.pam-config
>>
>> this file goes to /usr/share/pam-configs/winbind
>>
>> /mjt
>>
> adding the file did the trick. The wiki is a bit confusing in this area
> as it encourages use of distro tools (like pam-auth-update) and not the
> files directly. A link in the wiki to this file would be super helpful.
The problem is that file is part of Debian, the '.so' files it uses are
part of Samba, but the program/text that adds it to pam comes from
Debian. The wiki does tell you how to get the users and groups from AD,
just not in the same way:
https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC#Libnss_winbind_Links
https://wiki.samba.org/index.php/Authenticating_Domain_Users_Using_PAM
Rowland
More information about the samba
mailing list