Difference between revisions of "Pam winbind Link"

(Restructured page)
m (i686: fix typo 368 -> 386)
 
(2 intermediate revisions by one other user not shown)
Line 1: Line 1:
 
= Introduction =
 
= Introduction =
  
To enable hosts to receive user and group information from a domain using Winbind, you must create two symbolic links in a directory of the operating system's library path.
+
To enable users to authenticate to an NT4 or Active Directory (AD) domain, PAM must be able to locate the <code>pam_winbind.so</code> library provided by Samba. Create a link in the PAM modules directory to enable PAM to use Winbind.
  
 
{{Imbox
 
{{Imbox
Line 16: Line 16:
 
To determine the operating system's platform:
 
To determine the operating system's platform:
  
  # uname -i
+
  # uname -m
  
  
Line 22: Line 22:
  
  
= Locating the libnss_winbind.so.2 Library =
+
= Verifying If PAM Support Is Enabled =
  
The <code>libnss_winbind.so.2</code> library is installed in the Samba library directory set at compile time. To locate the folder:
+
To verify if Samba was build with PAM support, enter:
  
  # smbd -B | grep LIBDIR
+
  # smbd -b | grep "WITH_PAM"
     LIBDIR: /usr/local/samba/lib/
+
     WITH_PAM
  
Link the library from this directory to your operating system's library directory.
+
If the <code>WITH_PAM</code> option is not shown in the command's output, Samba was built without PAM support, because:
 +
* The <code>configure</code> script failed to locate the PAM headers.
 +
* The <code>--without-pam</code> option was passed to the <code>configure</code> script.
 +
 
 +
To enable PAM support:
 +
* Install the PAM headers. For example, on Red Hat Enterprise Linux, the headers are provided in the <code>pam-devel</code> package.
 +
* Rebuild Samba without passing the <code>--without-pam</code> option to the <code>configure</code> script. For details about building Samba, see [[Build_Samba_from_Source|Build Samba from Source]].
 +
 
 +
 
 +
 
 +
 
 +
 
 +
= Locating the <code>pam_winbind.so</code> Library =
 +
 
 +
If you built Samba, the location of the <code>pam_winbind.so</code> library was set using the <code>configure</code> script's <code>--with-pammodulesdir</code> parameter. The default location is <code>/usr/local/samba/lib/security/pam_winbind.so</code>.
 +
 
 +
To locate the library, run:
 +
 
 +
# find / -type f -name pam_winbind.so
 +
/usr/local/samba/lib/security/pam_winbind.so
 +
 
 +
Link the library from this directory to your operating system's PAM module directory.
  
  
Line 41: Line 62:
 
=== x86_64 ===
 
=== x86_64 ===
  
  # ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/
+
  # ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/
# ln -s /lib64/libnss_winbind.so.2 /lib64/libnss_winbind.so
 
# ldconfig
 
  
  
Line 49: Line 68:
 
=== i686 ===
 
=== i686 ===
  
  # ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/
+
  # ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/
# ln -s /lib/libnss_winbind.so.2 /lib/libnss_winbind.so
 
# ldconfig
 
  
  
Line 59: Line 76:
 
=== x86_64 ===
 
=== x86_64 ===
  
  # ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/x86_64-linux-gnu/
+
  # ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/x86_64-linux-gnu/security/
# ln -s /lib/x86_64-linux-gnu/libnss_winbind.so.2 /lib/x86_64-linux-gnu/libnss_winbind.so
 
# ldconfig
 
  
  
Line 67: Line 82:
 
=== i686 ===
 
=== i686 ===
  
  # ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/i386-linux-gnu/
+
  # ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/i386-linux-gnu/security/
# ln -s /lib/i386-linux-gnu/libnss_winbind.so.2 /lib/i386-linux-gnu/libnss_winbind.so
 
# ldconfig
 
 
 
 
 
  
 
== SUSE-based Operating Systems ==
 
== SUSE-based Operating Systems ==
Line 77: Line 88:
 
=== x86_64 ===
 
=== x86_64 ===
  
  # ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/
+
  # ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/
# ln -s /lib64/libnss_winbind.so.2 /lib64/libnss_winbind.so
 
# ldconfig
 
  
  
Line 85: Line 94:
 
=== i686 ===
 
=== i686 ===
  
  # ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/
+
  # ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/
# ln -s /lib/libnss_winbind.so.2 /lib/libnss_winbind.so
 
# ldconfig
 

Latest revision as of 14:01, 29 September 2017

Introduction

To enable users to authenticate to an NT4 or Active Directory (AD) domain, PAM must be able to locate the pam_winbind.so library provided by Samba. Create a link in the PAM modules directory to enable PAM to use Winbind.



Determining the Platform

To determine the operating system's platform:

# uname -m



Verifying If PAM Support Is Enabled

To verify if Samba was build with PAM support, enter:

# smbd -b | grep "WITH_PAM"
   WITH_PAM

If the WITH_PAM option is not shown in the command's output, Samba was built without PAM support, because:

  • The configure script failed to locate the PAM headers.
  • The --without-pam option was passed to the configure script.

To enable PAM support:

  • Install the PAM headers. For example, on Red Hat Enterprise Linux, the headers are provided in the pam-devel package.
  • Rebuild Samba without passing the --without-pam option to the configure script. For details about building Samba, see Build Samba from Source.



Locating the pam_winbind.so Library

If you built Samba, the location of the pam_winbind.so library was set using the configure script's --with-pammodulesdir parameter. The default location is /usr/local/samba/lib/security/pam_winbind.so.

To locate the library, run:

# find / -type f -name pam_winbind.so
/usr/local/samba/lib/security/pam_winbind.so

Link the library from this directory to your operating system's PAM module directory.



Operating System-specific Examples

Red Hat-based Operating Systems

x86_64

# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/


i686

# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/


Debian-based Operating Systems

x86_64

# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/x86_64-linux-gnu/security/


i686

# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/i386-linux-gnu/security/

SUSE-based Operating Systems

x86_64

# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/


i686

# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/