Vieri l33t
Joined: 18 Dec 2005 Posts: 877
|
Posted: Mon Aug 01, 2016 8:25 am Post subject: Samba4 + pam + winbind + mit-krb5 |
|
|
Hi,
I've been using Samba3 and pam + winbind for several years now.
Now I'm installing a new Gentoo server and emerged pulled in Samba4.
The whole pamd + winbind part changed and I'm a bit confused.
Gentoo's Samba3 ebuilds used to setup:
/etc/pam.d/{samba,system-auth-winbind}
/etc/security/pam_winbind.conf
The file /etc/pam.d/samba would "include" system-auth-winbind. Then I would "include" system-auth-winbind or other custom variants based on it, in services of my liking (eg. /etc/pam.d/sshd would include a custom system-auth-winbind-sshd, etc.).
I would also use /etc/security/pam_winbind.conf for krb5 authentication.
All of this vanished with Samba4 and Gentoo's ebuilds don't seem to suggest anything with respect to pam and krb5.
I emerged samba with these flags:
net-fs/samba-4.2.11::gentoo USE="acl ads cluster gnutls ldap pam system-mitkrb5 winbind -addc -addns -aio -avahi -client -cups -dmapi -fam -iprint -quota (-selinux) -syslog -systemd {-test}" ABI_X86="(64) -32 (-x32)" PYTHON_TARGETS="python2_7"
Note that system-mitkrb5 should use mit-krb5 instead of heimdal.
I searched for a guide on Samba4 + pam + winbind + krb5 but only found this related to Gentoo:
https://wiki.gentoo.org/wiki/Samba/Samba_4_Migration#Getting_ready_before_Samba_4
It doesn't really help as far as what I want to do.
1) can I re-use Samba3's /etc/pam.d/samba with Samba4? What pam file does Samba4 use? system-auth? If so, I would consider it a drawback because by default I don't want other services to use it (eg. ftp, shadow, etc.).
2) how can I use Samba4 with mit-krb5? Where is the equivalent to /etc/security/pam_winbind.conf?
Thanks,
Vieri
[EDIT] bug report https://bugs.gentoo.org/show_bug.cgi?id=590374. |
|