Pam winbind Link: Difference between revisions
Mmuehlfeld (talk | contribs) (Restructured page) |
m (→i686: fix typo 368 -> 386) |
||
(2 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
= Introduction = |
= Introduction = |
||
To enable users to authenticate to an NT4 or Active Directory (AD) domain, PAM must be able to locate the <code>pam_winbind.so</code> library provided by Samba. Create a link in the PAM modules directory to enable PAM to use Winbind. |
|||
To enable hosts to receive user and group information from a domain using Winbind, you must create two symbolic links in a directory of the operating system's library path. |
|||
{{Imbox |
{{Imbox |
||
Line 16: | Line 16: | ||
To determine the operating system's platform: |
To determine the operating system's platform: |
||
# uname - |
# uname -m |
||
Line 22: | Line 22: | ||
= Verifying If PAM Support Is Enabled = |
|||
⚫ | |||
To verify if Samba was build with PAM support, enter: |
|||
The <code>libnss_winbind.so.2</code> library is installed in the Samba library directory set at compile time. To locate the folder: |
|||
# smbd - |
# smbd -b | grep "WITH_PAM" |
||
WITH_PAM |
|||
LIBDIR: /usr/local/samba/lib/ |
|||
If the <code>WITH_PAM</code> option is not shown in the command's output, Samba was built without PAM support, because: |
|||
⚫ | |||
* The <code>configure</code> script failed to locate the PAM headers. |
|||
* The <code>--without-pam</code> option was passed to the <code>configure</code> script. |
|||
To enable PAM support: |
|||
* Install the PAM headers. For example, on Red Hat Enterprise Linux, the headers are provided in the <code>pam-devel</code> package. |
|||
* Rebuild Samba without passing the <code>--without-pam</code> option to the <code>configure</code> script. For details about building Samba, see [[Build_Samba_from_Source|Build Samba from Source]]. |
|||
⚫ | |||
If you built Samba, the location of the <code>pam_winbind.so</code> library was set using the <code>configure</code> script's <code>--with-pammodulesdir</code> parameter. The default location is <code>/usr/local/samba/lib/security/pam_winbind.so</code>. |
|||
To locate the library, run: |
|||
# find / -type f -name pam_winbind.so |
|||
/usr/local/samba/lib/security/pam_winbind.so |
|||
⚫ | |||
Line 41: | Line 62: | ||
=== x86_64 === |
=== x86_64 === |
||
# ln -s /usr/local/samba/lib/ |
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/ |
||
# ln -s /lib64/libnss_winbind.so.2 /lib64/libnss_winbind.so |
|||
# ldconfig |
|||
Line 49: | Line 68: | ||
=== i686 === |
=== i686 === |
||
# ln -s /usr/local/samba/lib/ |
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/ |
||
# ln -s /lib/libnss_winbind.so.2 /lib/libnss_winbind.so |
|||
# ldconfig |
|||
Line 59: | Line 76: | ||
=== x86_64 === |
=== x86_64 === |
||
# ln -s /usr/local/samba/lib/ |
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/x86_64-linux-gnu/security/ |
||
# ln -s /lib/x86_64-linux-gnu/libnss_winbind.so.2 /lib/x86_64-linux-gnu/libnss_winbind.so |
|||
# ldconfig |
|||
Line 67: | Line 82: | ||
=== i686 === |
=== i686 === |
||
# ln -s /usr/local/samba/lib/ |
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/i386-linux-gnu/security/ |
||
# ln -s /lib/i386-linux-gnu/libnss_winbind.so.2 /lib/i386-linux-gnu/libnss_winbind.so |
|||
# ldconfig |
|||
== SUSE-based Operating Systems == |
== SUSE-based Operating Systems == |
||
Line 77: | Line 88: | ||
=== x86_64 === |
=== x86_64 === |
||
# ln -s /usr/local/samba/lib/ |
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/ |
||
# ln -s /lib64/libnss_winbind.so.2 /lib64/libnss_winbind.so |
|||
# ldconfig |
|||
Line 85: | Line 94: | ||
=== i686 === |
=== i686 === |
||
# ln -s /usr/local/samba/lib/ |
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/ |
||
# ln -s /lib/libnss_winbind.so.2 /lib/libnss_winbind.so |
|||
# ldconfig |
Latest revision as of 14:01, 29 September 2017
Introduction
To enable users to authenticate to an NT4 or Active Directory (AD) domain, PAM must be able to locate the pam_winbind.so
library provided by Samba. Create a link in the PAM modules directory to enable PAM to use Winbind.
Do not copy the library to the directory. Otherwise you must replace it manually after every Samba update. |
Determining the Platform
To determine the operating system's platform:
# uname -m
Verifying If PAM Support Is Enabled
To verify if Samba was build with PAM support, enter:
# smbd -b | grep "WITH_PAM" WITH_PAM
If the WITH_PAM
option is not shown in the command's output, Samba was built without PAM support, because:
- The
configure
script failed to locate the PAM headers. - The
--without-pam
option was passed to theconfigure
script.
To enable PAM support:
- Install the PAM headers. For example, on Red Hat Enterprise Linux, the headers are provided in the
pam-devel
package. - Rebuild Samba without passing the
--without-pam
option to theconfigure
script. For details about building Samba, see Build Samba from Source.
Locating the pam_winbind.so
Library
If you built Samba, the location of the pam_winbind.so
library was set using the configure
script's --with-pammodulesdir
parameter. The default location is /usr/local/samba/lib/security/pam_winbind.so
.
To locate the library, run:
# find / -type f -name pam_winbind.so /usr/local/samba/lib/security/pam_winbind.so
Link the library from this directory to your operating system's PAM module directory.
Operating System-specific Examples
Red Hat-based Operating Systems
x86_64
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/
i686
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/
Debian-based Operating Systems
x86_64
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/x86_64-linux-gnu/security/
i686
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/i386-linux-gnu/security/
SUSE-based Operating Systems
x86_64
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib64/security/
i686
# ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security/