thr3ads.net - samba - [Samba] build from source, missing pam integration [Oct 2022]

If this information is useful, please help other people find it:
Share via:

Peter Carlson

2022-Oct-22 20:08 UTC

[Samba] build from source, missing pam integration

built 4.17 from source on ubuntu 22.04

./configure \
 ?? ?--prefix=/usr \
 ?? ?--enable-fhs \
 ?? ?--sysconfdir=/etc \
 ?? ?--localstatedir=/var \
 ?? ?--with-privatedir=/var/lib/samba/private \
 ?? ?--with-smbpasswd-file=/etc/samba/smbpasswd \
 ?? ?--with-piddir=/var/run/samba \
 ?? ?--with-pammodulesdir=/lib/x86_64-linux-gnu/security \
 ?? ?--libdir=/usr/lib/x86_64-linux-gnu \
 ?? ?--with-modulesdir=/usr/lib/x86_64-linux-gnu/samba \
 ?? ?--datadir=/usr/share \
 ?? ?--with-lockdir=/run/samba \
 ?? ?--with-piddir=/run/samba \
 ?? ?--with-statedir=/var/lib/samba \
 ?? ?--with-cachedir=/var/cache/samba \
 ?? ?--with-socketpath=/var/run/ctdb/ctdbd.socket \
 ?? ?--with-logdir=/var/log/ctdb \
 ?? ?--systemd-install-services

domain joined fine:
root at fs1:/etc/pam.d# wbinfo --ping-dc
checking the NETLOGON for domain[CARLSON] dc connection to 
"nc1.carlson.lab" succeeded
root at fs1:/etc/pam.d# getent passwd CARLSON\\administrator
CARLSON\administrator:*:2000500:2000513::/home/administrator at
CARLSON:/bin/bash

File share setup looks good:
root at fs1:/etc/pam.d# smbclient -L localhost -N
Anonymous login successful

 ?? ?Sharename?????? Type????? Comment
 ?? ?---------?????? ----????? -------
 ?? ?Test??????????? Disk????? test
 ?? ?IPC$??????????? IPC?????? IPC Service (fs1 server (Samba, Ubuntu))
SMB1 disabled -- no workgroup available

root at fs1:/etc/pam.d# ls -l /lib/x86_64-linux-gnu/security/pam_win*
-rwxr-xr-x 1 root root 172480 Oct 22 18:58 
/lib/x86_64-linux-gnu/security/pam_winbind.so

No Option to activate AD pam integration with pam-auth-update, and of 
course ssh gives auth failure
 ?PAM profiles to enable:
 ????? [*] Unix authentication
 ????? [*] Register user sessions in the systemd control group hierarchy
 ????? [*] Create home directory on login
 ????? [*] Inheritable Capabilities Management

Michael Tokarev

2022-Oct-22 20:26 UTC

head link

[Samba] build from source, missing pam integration

22.10.2022 23:08, Peter Carlson via samba wrote:
..> No Option to activate AD pam integration with pam-auth-update, and of
course ssh gives auth failure
>  ?PAM profiles to enable:
>  ????? [*] Unix authentication
>  ????? [*] Register user sessions in the systemd control group hierarchy
>  ????? [*] Create home directory on login
>  ????? [*] Inheritable Capabilities Management
This is a separate utility to _manage_ pam configs. You can
add pam_winbind to your system pam configs manually. Alternatively,
here's an example of how it's done in Debian:

https://salsa.debian.org/samba-team/samba/-/blob/master/debian/winbind.pam-config

this file goes to /usr/share/pam-configs/winbind

/mjt

samba - Oct 2022 - build from source, missing pam integration

[Samba] build from source, missing pam integration

[Samba] build from source, missing pam integration