Pam winbind Link: Difference between revisions
m (minor change 'uname -i' to 'uname -m') |
m (→i686: fix typo 368 -> 386) |
||
(4 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
= Introduction = |
= Introduction = |
||
To enable |
To enable users to authenticate to an NT4 or Active Directory (AD) domain, PAM must be able to locate the <code>pam_winbind.so</code> library provided by Samba. Create a link in the PAM modules directory to enable PAM to use Winbind. |
||
{{Imbox |
|||
| type = note |
|||
| text = Do not copy the library to the directory. Otherwise you must replace it manually after every Samba update. |
|||
}} |
|||
⚫ | |||
= Determining the Platform = |
|||
The folder, in which the the link needs to be created, differs on the platform you are running. To determine, run |
|||
To determine the operating system's platform: |
|||
# uname -m |
# uname -m |
||
Line 17: | Line 22: | ||
= Verifying If PAM Support Is Enabled = |
|||
= Locate pam_winbind.so = |
|||
To verify if Samba was build with PAM support, enter: |
|||
The location of pam_winbind.so is defined by the ./configure parameter --with-pammodulesdir=. The default is "/usr/local/samba/lib/security/". If you don't remember the path, use "find", to locate the file |
|||
# |
# smbd -b | grep "WITH_PAM" |
||
WITH_PAM |
|||
⚫ | |||
If the <code>WITH_PAM</code> option is not shown in the command's output, Samba was built without PAM support, because: |
|||
* The <code>configure</code> script failed to locate the PAM headers. |
|||
* The <code>--without-pam</code> option was passed to the <code>configure</code> script. |
|||
To enable PAM support: |
|||
* Install the PAM headers. For example, on Red Hat Enterprise Linux, the headers are provided in the <code>pam-devel</code> package. |
|||
* Rebuild Samba without passing the <code>--without-pam</code> option to the <code>configure</code> script. For details about building Samba, see [[Build_Samba_from_Source|Build Samba from Source]]. |
|||
⚫ | |||
⚫ | |||
= Locating the <code>pam_winbind.so</code> Library = |
|||
If you built Samba, the location of the <code>pam_winbind.so</code> library was set using the <code>configure</code> script's <code>--with-pammodulesdir</code> parameter. The default location is <code>/usr/local/samba/lib/security/pam_winbind.so</code>. |
|||
To locate the library, run: |
|||
# find / -type f -name pam_winbind.so |
|||
⚫ | |||
⚫ | |||
Link the library from this directory to your operating system's PAM module directory. |
|||
⚫ | |||
Line 44: | Line 56: | ||
= Operating System-specific Examples = |
|||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/ |
|||
== i686 == |
|||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
= SUSE |
== SUSE-based Operating Systems == |
||
== x86_64 == |
=== x86_64 === |
||
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/ |
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/ |
||
Line 68: | Line 92: | ||
== i686 == |
=== i686 === |
||
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/ |
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/ |
Latest revision as of 14:01, 29 September 2017
Introduction
To enable users to authenticate to an NT4 or Active Directory (AD) domain, PAM must be able to locate the pam_winbind.so
library provided by Samba. Create a link in the PAM modules directory to enable PAM to use Winbind.
Do not copy the library to the directory. Otherwise you must replace it manually after every Samba update. |
Determining the Platform
To determine the operating system's platform:
# uname -m
Verifying If PAM Support Is Enabled
To verify if Samba was build with PAM support, enter:
# smbd -b | grep "WITH_PAM" WITH_PAM
If the WITH_PAM
option is not shown in the command's output, Samba was built without PAM support, because:
- The
configure
script failed to locate the PAM headers. - The
--without-pam
option was passed to theconfigure
script.
To enable PAM support:
- Install the PAM headers. For example, on Red Hat Enterprise Linux, the headers are provided in the
pam-devel
package. - Rebuild Samba without passing the
--without-pam
option to theconfigure
script. For details about building Samba, see Build Samba from Source.
Locating the pam_winbind.so
Library
If you built Samba, the location of the pam_winbind.so
library was set using the configure
script's --with-pammodulesdir
parameter. The default location is /usr/local/samba/lib/security/pam_winbind.so
.
To locate the library, run:
# find / -type f -name pam_winbind.so /usr/local/samba/lib/security/pam_winbind.so
Link the library from this directory to your operating system's PAM module directory.
Operating System-specific Examples
Red Hat-based Operating Systems
x86_64
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/
i686
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/
Debian-based Operating Systems
x86_64
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/x86_64-linux-gnu/security/
i686
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/i386-linux-gnu/security/
SUSE-based Operating Systems
x86_64
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/
i686
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/