I've successfully set up a single-sign-on for a domain member using Ubuntu. Now I'm trying to do the same for Slackware. I've and installed kerberos and PAM and followed the instructions in https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member. I can successfully do `wbinfo -u` and `getent passwd userID`. But, when I try to log I get: $ su - mark Password: su: Authentication failure In my /var/log/secure I have: Sep 8 22:59:34 labrat su[1396]: Authentication failed for mark Sep 8 22:59:34 labrat su[1396]: FAILED su for mark by mfoley Sep 8 22:59:34 labrat su[1396]: - /dev/pts/0 mfoley:mark I'm suspecting PAM. The Slackware PAM did not ship with a /etc/pam.d directory so I used the one from the wiki website. That one did pass all the `make check` tests in the pam build folder. What can I do to get more information on figuring this out? I can rebuild pam with debugging if that seems the likely culprit. Thanks --Mark
I've found that in Slackware none of the programs are built for PAM. For example ldd /bin/login shows no libpam.so.0. Likewise for su, samba, sshd, and basically everything. For whatever reason, Slackware doesn't believe in PAM. Does AD login/authentication from a domain member absolutely *require* PAM? --Mark -----Original Message----- Date: Fri, 09 Sep 2016 00:23:24 -0400 Organization: Ohio Highway Patrol Retirement System To: samba at lists.samba.org Subject: [Samba] Not authentication on Slackware domain member From: Mark Foley via samba <samba at lists.samba.org> I've successfully set up a single-sign-on for a domain member using Ubuntu. Now I'm trying to do the same for Slackware. I've and installed kerberos and PAM and followed the instructions in https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member. I can successfully do `wbinfo -u` and `getent passwd userID`. But, when I try to log I get: $ su - mark Password: su: Authentication failure In my /var/log/secure I have: Sep 8 22:59:34 labrat su[1396]: Authentication failed for mark Sep 8 22:59:34 labrat su[1396]: FAILED su for mark by mfoley Sep 8 22:59:34 labrat su[1396]: - /dev/pts/0 mfoley:mark I'm suspecting PAM. The Slackware PAM did not ship with a /etc/pam.d directory so I used the one from the wiki website. That one did pass all the `make check` tests in the pam build folder. What can I do to get more information on figuring this out? I can rebuild pam with debugging if that seems the likely culprit. Thanks --Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On Fri, 09 Sep 2016 09:44:23 -0400 Mark Foley via samba <samba at lists.samba.org> wrote:> > I've found that in Slackware none of the programs are built for PAM. > For example > > ldd /bin/login > > shows no libpam.so.0. Likewise for su, samba, sshd, and basically > everything. > > For whatever reason, Slackware doesn't believe in PAM. Does AD > login/authentication from a domain member absolutely *require* PAM? >Well, this is Linux and anything is possible. The only problem is that pretty much every document you will find about authenticating to a Samba AD DC, will rely on PAM. I always thought the whole idea behind distros, is to make things easier for the users of the distro, Slackware seems take another view, without, it would seem, providing documentation on how to do (for instance) what PAM does without PAM. Rowland