samba - Aug 2013 - Samba4 + Winbind + PAM Installation/Configuration

Hello,  
  
Now that I have my Samba4 DC running great on CentOS6.4 I was wondering if
somebody could help understand better how to install and configure Samba4 with
winbind and PAM.
  
I used the tutorial here:  
[http://wiki.samba.org/index.php/Samba4/Winbind](http://wiki.samba.org/index.php/Samba4/Winbind)
  
This got me through to the point where "Using pam_winbind" starts.  
Could anybody help me understand how to do these steps + compile samba4 with
pam_winbind on CentOS 6.4? I am more than willing to update the wiki page after
that ;-)
  
My questions in detail are:  
- How do I compile/install Samba4 with pam_winbind support and which
prerequisits do I need to install with yum before doing that?
- Which pam configuration files do I have to change on CentOS6.4?  
  
Cheers & thx,  
Andreas?

Just install pam and pam-devel
And:
/etc/nsswitch.conf:
passwd:     files winbind 
shadow:     files
group:      files winbind

And:
ln -s  /usr/local/samba/lib/libnss_winbind.so.2  /lib64/libnss_winbind.so
ln  -s /lib64/libnss_winbind.so  /lib64/libnss_winbind.so.2

Test now:
[root at s4master lib]# ldconfig -v | grep winbind
ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-358.11.1.el6.x86_64.conf:6:
duplicate hwcap 1 nosegneg
        libnss_winbind.so -> libnss_winbind.so.2
        libnss_winbind.so -> libnss_winbind.so.2
and it should work
with getent group and getenet passwd

-----------------------------------------------
EDV Daniel M?ller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------

-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im
Auftrag von Andreas Krupp
Gesendet: Donnerstag, 15. August 2013 11:15
An: samba
Betreff: [Samba] Samba4 + Winbind + PAM Installation/Configuration


Hello,  
  
Now that I have my Samba4 DC running great on CentOS6.4 I was wondering if
somebody could help understand better how to install and configure Samba4
with winbind and PAM.  
  
I used the tutorial here:  
[http://wiki.samba.org/index.php/Samba4/Winbind](http://wiki.samba.org/index
.php/Samba4/Winbind)  
  
This got me through to the point where "Using pam_winbind" starts.  
Could anybody help me understand how to do these steps + compile samba4 with
pam_winbind on CentOS 6.4? I am more than willing to update the wiki page
after that ;-)  
  
My questions in detail are:  
- How do I compile/install Samba4 with pam_winbind support and which
prerequisits do I need to install with yum before doing that?  
- Which pam configuration files do I have to change on CentOS6.4?  
  
Cheers & thx,  
Andreas?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

On Thu, 2013-08-15 at 11:15 +0200, Andreas Krupp wrote:
>   
> This got me through to the point where "Using pam_winbind"
starts.
Hi
>From that point:
ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security
then:
pam-config -a --winbind

Add:
template shell = /bin/bash
to smb.conf

Do _not_ start winbindd.
Best of luck.
Steve

Hello,

The steps so far worked:
1) get all of pam installed via "yum install pam*"
2) Then recompile samba with "./configure.developer" followed by
"make" and
"make install"
3) Restarted Samba... and great stuff, my domain controller, settings and
users are still there! This is awesome by the way!
4) linked the pam_winbind.so with " ln -s
/usr/local/samba/lib/security/pam_winbind.so /lib/security"
5) Edited /etc/pam.d/system-auth and added the entries as described in the
wiki (http://wiki.samba.org/index.php/Samba4/Winbind)

All the tests but 1 are fine:
Wbinfo -p (Ok)
Wbinfo -u (Ok)
Getent passwd (Ok)
Id [User] (Ok)
Ssh [user]@localhost (Fails) --> Permission denied, please try again

I tried with the Administrator Account and a normal user account, both fail
in the same way.

Any ideas?
Cheers & thx,
Andreas

-----Original Message-----
From: Andreas Krupp [mailto:andreaskrupp at akrupp.ch] 
Sent: jeudi 15 ao?t 2013 14:53
To: 'mueller at tropenklinik.de'
Subject: RE: [Samba] Samba4 + Winbind + PAM Installation/Configuration

Ok I will try that.
Just as a possibly "important" follow up question:
If I run ./configure.developer, then make and make install ... is my current
samba & domain configuration kept or will I have to start setting up the
domain from scratch?

Cheers & thx,
Andreas


-----Original Message-----
From: Daniel M?ller [mailto:mueller at tropenklinik.de]
Sent: jeudi 15 ao?t 2013 14:39
To: 'Andreas Krupp'
Subject: AW: [Samba] Samba4 + Winbind + PAM Installation/Configuration

Yes it is pam-devel. To be shure install with yum install pam* to get all
pam packages.
./configure.developer will try all possibilities. It is important to have
all packages installed before compiling.

-----------------------------------------------
EDV Daniel M?ller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------

-----Urspr?ngliche Nachricht-----
Von: Andreas Krupp [mailto:andreaskrupp at akrupp.ch]
Gesendet: Donnerstag, 15. August 2013 14:18
An: mueller at tropenklinik.de; 'samba'
Betreff: RE: [Samba] Samba4 + Winbind + PAM Installation/Configuration

Hello Daniel,

Thx a lot for the quick reply.
Actually I did all these steps already and the tests that you proposed and
that are documented on the wiki are working fine.
http://wiki.samba.org/index.php/Samba4/Winbind

It is the next section "Using pam_winbind" that I cannot get to work.
My goal is that I can log on to the linux box with an AD Account, or run a
service with an AD account or connect via SSH with an AD account.

So where I am stuck is:
-> I do not know which pam files to edit under CentOS and it seems that 
-> I do not have "pam_winbind.so" installed/compiled with
Samba4.1rc2

On the wiki it says:
"Ensure that you built Samba 4 with libpam0g-dev installed on your system.
If not, install the PAM development libraries and re-compile Samba 4 from
the ./configure.developer stage. Install pam_winbind.so in the usual
place:"
... and I cannot make much sense out of that.
Is pam-devel = libpam0g-dev?

Would you know the difference between "./configure" and
"./configure.developer"?

Cheers & thx,
Andreas


-----Original Message-----
From: Daniel M?ller [mailto:mueller at tropenklinik.de]
Sent: jeudi 15 ao?t 2013 11:35
To: andreaskrupp at akrupp.ch; 'samba'
Subject: AW: [Samba] Samba4 + Winbind + PAM Installation/Configuration

Just install pam and pam-devel
And:
/etc/nsswitch.conf:
passwd:     files winbind 
shadow:     files
group:      files winbind

And:
ln -s  /usr/local/samba/lib/libnss_winbind.so.2  /lib64/libnss_winbind.so ln
-s /lib64/libnss_winbind.so  /lib64/libnss_winbind.so.2

Test now:
[root at s4master lib]# ldconfig -v | grep winbind
ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-358.11.1.el6.x86_64.conf:6:
duplicate hwcap 1 nosegneg
        libnss_winbind.so -> libnss_winbind.so.2
        libnss_winbind.so -> libnss_winbind.so.2 and it should work with
getent group and getenet passwd

-----------------------------------------------
EDV Daniel M?ller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------

-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im
Auftrag von Andreas Krupp
Gesendet: Donnerstag, 15. August 2013 11:15
An: samba
Betreff: [Samba] Samba4 + Winbind + PAM Installation/Configuration


Hello,  
  
Now that I have my Samba4 DC running great on CentOS6.4 I was wondering if
somebody could help understand better how to install and configure Samba4
with winbind and PAM.  
  
I used the tutorial here:  
[http://wiki.samba.org/index.php/Samba4/Winbind](http://wiki.samba.org/index
.php/Samba4/Winbind)  
  
This got me through to the point where "Using pam_winbind" starts.  
Could anybody help me understand how to do these steps + compile samba4 with
pam_winbind on CentOS 6.4? I am more than willing to update the wiki page
after that ;-)  
  
My questions in detail are:  
- How do I compile/install Samba4 with pam_winbind support and which
prerequisits do I need to install with yum before doing that?  
- Which pam configuration files do I have to change on CentOS6.4?  
  
Cheers & thx,
Andreas
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Hi,  
  
I have not set any home var yet in my smb.conf.  
If you're asking for that, I am probably missing a lot of important
parameters.
Below my smb.conf for the moment:  
  
# Global parameters  
[global]  
??????? workgroup =?MYDOMAIN  
??????? realm = MYDOMAIN.HOME  
??????? netbios name =?DC  
??????? server role = active directory domain controller  
??????? dns forwarder = 10.33.66.99  
??????? template shell = /bin/bash  
??????? wins support = yes  
  
[netlogon]  
??????? path = /usr/local/samba/var/locks/sysvol/mydomain.home/scripts  
??????? read only = No  
  
[sysvol]  
??????? path = /usr/local/samba/var/locks/sysvol  
??????? read only = No  
  
  
Otherwise I checked for all the lines during "./configure" that
mention "not found"... I have more than 100 of these. Is that normal?
Among the things missing are e.g. ldap, pam_start, NFS QUOTAS, and lots of other
stuff... I tried to follow the list of packages to install on the Samba4 Wiki
for CentOS but it seems, that is not really enough, is it?
  
Cheers & best,  
Andreas  
  
*On 16 August 2013 08:37, Daniel M?ller  has written: *
?

Save yourself a lot of integraton work and depency resolution. Hop over to
https://github.com/nkadel/samba-4.0.7-srpm and grab my tools for building
RHEL 6.x compatibe RPM's for the full toolsuite. All the necessary
dependencies are in the .spec file, you can use "make build" to build
the
RP{M's locally, and it publishes the RPM information so that other software
with Samba RPM integration, such as "pam" or "authconfig",
know where to
find all the components.

It's backported from Fedora, I updated it a few days ago to Samba 4.0.7,
and it has flags to compile with or without full domain controller
services.