Pam winbind Link: Difference between revisions

From SambaWiki
m (Mmuehlfeld moved page Pam winbind link to Pam winbind Link: Updated title)
m (→‎i686: fix typo 368 -> 386)
 
(3 intermediate revisions by one other user not shown)
Line 1: Line 1:
= Introduction =
= Introduction =


To enable [http://www.linux-pam.org PAM] to authenticate domain accounts via Winbindd, it is necessary that PAM finds "pam_winbind.so". For that, it is recommended to place a symbolic link in the right place instead of copying, so that you don't have to replace the file after every Samba update.
To enable users to authenticate to an NT4 or Active Directory (AD) domain, PAM must be able to locate the <code>pam_winbind.so</code> library provided by Samba. Create a link in the PAM modules directory to enable PAM to use Winbind.


{{Imbox
| type = note
| text = Do not copy the library to the directory. Otherwise you must replace it manually after every Samba update.
}}








= x86_64 vs. i686 =


= Determining the Platform =
The folder, in which the the link needs to be created, differs on the platform you are running. To determine, run

To determine the operating system's platform:


# uname -m
# uname -m
Line 17: Line 22:




= Verifying If PAM Support Is Enabled =
= Locate pam_winbind.so =


To verify if Samba was build with PAM support, enter:
The location of pam_winbind.so is defined by the ./configure parameter --with-pammodulesdir=. The default is "/usr/local/samba/lib/security/". If you don't remember the path, use "find", to locate the file


# find / -type f -name pam_winbind.so
# smbd -b | grep "WITH_PAM"
WITH_PAM
/usr/local/samba/lib/security/pam_winbind.so


If the <code>WITH_PAM</code> option is not shown in the command's output, Samba was built without PAM support, because:
* The <code>configure</code> script failed to locate the PAM headers.
* The <code>--without-pam</code> option was passed to the <code>configure</code> script.


To enable PAM support:
* Install the PAM headers. For example, on Red Hat Enterprise Linux, the headers are provided in the <code>pam-devel</code> package.
* Rebuild Samba without passing the <code>--without-pam</code> option to the <code>configure</code> script. For details about building Samba, see [[Build_Samba_from_Source|Build Samba from Source]].






= Red Hat based Operating Systems =


== x86_64 ==


# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/
= Locating the <code>pam_winbind.so</code> Library =


If you built Samba, the location of the <code>pam_winbind.so</code> library was set using the <code>configure</code> script's <code>--with-pammodulesdir</code> parameter. The default location is <code>/usr/local/samba/lib/security/pam_winbind.so</code>.


To locate the library, run:


# find / -type f -name pam_winbind.so
== i686 ==
/usr/local/samba/lib/security/pam_winbind.so


Link the library from this directory to your operating system's PAM module directory.
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/




Line 44: Line 56:




= Operating System-specific Examples =
= Debian based Operating Systems =


== Red Hat-based Operating Systems ==
== x86_64 ==


=== x86_64 ===
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/x86_64-linux-gnu/security/


# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/




== i686 ==


=== i686 ===
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/i368-linux-gnu/security/

# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/



== Debian-based Operating Systems ==

=== x86_64 ===

# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/x86_64-linux-gnu/security/






=== i686 ===


# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/i386-linux-gnu/security/


= SUSE based Operating Systems =
== SUSE-based Operating Systems ==


== x86_64 ==
=== x86_64 ===


# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/
Line 68: Line 92:




== i686 ==
=== i686 ===


# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/

Latest revision as of 14:01, 29 September 2017

Introduction

To enable users to authenticate to an NT4 or Active Directory (AD) domain, PAM must be able to locate the pam_winbind.so library provided by Samba. Create a link in the PAM modules directory to enable PAM to use Winbind.



Determining the Platform

To determine the operating system's platform:

# uname -m



Verifying If PAM Support Is Enabled

To verify if Samba was build with PAM support, enter:

# smbd -b | grep "WITH_PAM"
   WITH_PAM

If the WITH_PAM option is not shown in the command's output, Samba was built without PAM support, because:

  • The configure script failed to locate the PAM headers.
  • The --without-pam option was passed to the configure script.

To enable PAM support:

  • Install the PAM headers. For example, on Red Hat Enterprise Linux, the headers are provided in the pam-devel package.
  • Rebuild Samba without passing the --without-pam option to the configure script. For details about building Samba, see Build Samba from Source.



Locating the pam_winbind.so Library

If you built Samba, the location of the pam_winbind.so library was set using the configure script's --with-pammodulesdir parameter. The default location is /usr/local/samba/lib/security/pam_winbind.so.

To locate the library, run:

# find / -type f -name pam_winbind.so
/usr/local/samba/lib/security/pam_winbind.so

Link the library from this directory to your operating system's PAM module directory.



Operating System-specific Examples

Red Hat-based Operating Systems

x86_64

# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/


i686

# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/


Debian-based Operating Systems

x86_64

# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/x86_64-linux-gnu/security/


i686

# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/i386-linux-gnu/security/

SUSE-based Operating Systems

x86_64

# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/


i686

# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/