SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am hoping to replace CentOS 6.x with Slackware sometime this fall.
One thing I must have is Active Directory Integration for Single SignOn ( Linux Logins as well as File/Printer Sharing ).
Windows Users need to log into the Linux Machine via ssh ( Putty ) to run our Terminal-Based App and they need to be able to access file shares, all using their Windows Logins.
This is extremely simple in CentOS 6.x via KRB5 + PAM + WINBIND.
Seems like VBatt's PAM + KRB5 from SlackBuilds would be good places to start.
Has anyone tried VBatt's PAM Package for Slackware on 14.2 ?
This post was marked as solved - does that mean it worked? Could use a little more feedback on the results.
I am facing a similar issue: moving a Ubuntu domain member to Slackware. The setup needs PAM which shipped with Ubuntu, but is nowhere to be found in Slackware (see post http://www.linuxquestions.org/questi...am-4175483168/)
I've looked at the ivandi post referenced in this link, but it appears to install MATE, which I don't want and a different cron. Is there a way to just get PAM?
I probably should not have marked the thread 'solved' but my question was most definitely answered well enough that the next steps are all on me.
I don't want Mate either, only ( samba + winbind + pam ) for AD Authentication / Single Sign-on.
I built and installed PAM in a VM instance of Slackware64 14.2 as ivandi describes here: _README ; Linux-PAM/ ; shadow/ and I got as far as logging in to the VM with local accounts ( they still work )
To continue with the experiment, I need to either set up a Windows AD Domain in my 'lab' or ship a test appliance to one of our more adventurous Customers for testing.
But things are looking VERY promising up to this point.
HTH.
-- kjh
Last edited by kjhambrick; 09-08-2016 at 10:10 AM.
Reason: oops ... forgot shadow
kjhambrick: I've successfully set up AD/Single-sign-on for Ubuntu, including redirected folder which use the same desktop and the Windows workstations. I am now migrating that to Slackware because of systemd issues (see thread http://www.linuxquestions.org/questi...st-4175588181/). If you need help, let me know. I interacted for months with Rowland Penny at the Samba maillist. In particular I have a module to permit AD password changing -- not possible with passwd.
Any idea? Such things are a constant problem with the shifting sands of private repositories. It looks like it fooped out building the docs, so maybe the executables are OK. I'll try installing and see. Next, I'll try your reference link and see if that is any different.
links complains about unknown option '-no-numbering'. links used to generate documentation.
As I can see, probably, options are:
-- patch the Makefile to remove '-no-numbering', or
-- disable making documentation, or
-- install and use elinks as /usr/bin/links (it has '-no-numbering')
....Such things are a constant problem with the shifting sands of private repositories.....
Well, this is not "my" source. This is a copy of the upstream PAM-1.3.0.
Your url points to some systemd related thread.
Before bashing these "private" repositories that are made public for your convinience you could simply look at Linux-PAM.SlackBuild and see the easiest workaround "--disable-regenerate-docu".
Then build the stuff in /virt and use QEMU VMs to test your setup.
There are tagfiles in /extra/tags/server/ for a minimal server setup.
You can also use mkiso.sh to create a Slackware install iso with added SlackMATE.
And a simple install.sh.
Well, this is not "my" source. This is a copy of the upstream PAM-1.3.0.
Before bashing these "private" repositories that are made public for your convinience you could simply look at Linux-PAM.SlackBuild and see the easiest workaround "--disable-regenerate-docu".
Well, I am deeply honored that the actual Keeper Of The Repository has jumped in! My comment wasn't intended as a particularly harsh bash, and I do appreciate the effort that goes into it. It's just that very often I end up bumping my head against little nuances that make things fail. I did re-make with your suggested "--disable-regenerate-docu" and it built just fine, but I'll have to say that neither your referenced link, nor several of my prior readings of ./configure --help made that particular switch jump out as being the solution to the compile problem. But - this is not about the repository per se ...
Quote:
Your url points to some systemd related thread.
Yes, I had everything running nicely under Ubuntu, but found a need to control the shutdown order of various processes -- plus other minor issues. As that other post concludes, systemd is not able to give the user control of shutdown sequence. So, I decided to reimplement using Slackware which, like the OP, I have long familiarity with.
There is also a bunch of config files in /extra/setup/SAMBA_AD_DC to setup AD/DC domain and client.
The Linux-PAM I downloaded and installed had no configs, other than the suggested example, 'other', in README for testing with `make check`. The configs I used from the Ubuntu system didn't work and the example I used from the samba wiki (https://wiki.samba.org/index.php/Set..._Domain_Member) didn't work either. I snagged the system-auth file from your http://www.bisdesign.ca/ivandi/slack....d/system-auth and put it in /etc/pam.d, but that file didn't pass the `make check`.
Quote:
You can easily create a simple host-only network on your workstation by placing something like this in your rc.local:
Then build the stuff in /virt and use QEMU VMs to test your setup.
There are tagfiles in /extra/tags/server/ for a minimal server setup.
You can also use mkiso.sh to create a Slackware install iso with added SlackMATE.
And a simple install.sh.
I'll have to say, most of that seems rather complex. I have a working Samba AD/DC, I just need to get user authentication working on the Slackware domain member. `wbinfo -u` and `getent passwd userid` work, but attempting to log in as a domain user fails.
I'll keep looking at pam.d configs and see if I can get something working.
And, thanks for at least plugging the PAM hole that Slackware needs to eventually bite the bullet and support!
Sorry, I should have pointed you at ivandi's SlackBuild scripts instead of simply dropping you in his pam directory ...
This: Do check out ivandi's SlackBuild scripts !
His SlackBuilds are some of the cleanest scripts of any type that I've seen anywhere.
I used ivandi's SlackBuilds to build the few packages that I installed and played with back in July on that VMWare Instance of Slackware64 14.2 .
Anyhow, like I said in my earlier post, all I've done is the PAM section of his README File.
I was able to log into the console as a local user ( i.e. I got logged in and nothing seemed broken ).
Eventually what I have in mind is this ...
Our Customers need samba for File and Printer Sharing and sshd to log in via an ssh client ( usually Putty-on-Windows ).
So samba and sshd ( and the prerequisites ) will need to be 'pam-enabled' so Users can authenticate using their AD Credentials.
That's about all we will need.
Except ( beware of the exceptions )
Occasionally, a few Windows Admin-Type Users ( the ones that I can't wean away from the clicky-clicky configuration methodology ) will use a GUI Desktop to add or modify System Configs.
On our CentOS 6.x Boxes, those Users wanting access to a GUI presently connect to an NXServer on CentOS via a Windows-Based NXClient for the GUI ( again, this is ssh-based ).
My boss is in town this week for meetings and I've got some prep-work to do so I don't have a lot of time to boot the VM and dig thru my notes and SlackBuild Tree where I built the Packages ...
But before you start, you might want to take a look at ivandi's DEPENDENCIES.SlackMATE File ( watch for circular-refs -- there is a file somewhere in the Tree that recommends rebuilding certain packages to resolve the circular deps ).
And I don't recall where I found it but there is a also 'build-order' file ( something like that ) in the SlackMATE Tree.
These two files could be huge time-savers for building Packages in a piece-meal fashion.
Once you have 'your list' and 'the build order' his SlackBuilds are easily wrapped in a wrapper + logger script to automate the builds and eventually the installs / upgrades.
Finally, HUGE thanks go to ivandi for sharing his excellent work !
kjhambrick: I may have some disappointing news for you ... I was able to build ivandi's PAM successfully. That tip he gave me on using the "--disable-regenerate-docu" parameter on ./configure did work (though it was not obvious to me), and the system-auth file I downloaded from http://www.bisdesign.ca/ivandi/slack....d/system-auth passed the `make check` if I first renamed it to 'other'.
I have successfully joined this Slackware computer to my AD domain and can do `wbinfo -u` and `getent passwd userid` successfully.
HOWEVER!!! I cannot authenticate when logging in as an AD user. Like you, I can log in as a local user (user in /etc/passwd). The problem, I believe, is that PAM is *NOT* being used in Slackware, regardless of it being successfully downloaded and installed.
How can we tell if a particular program uses PAM? Well, one way ... is to see if the program is linked against the PAM library. You can do this with a command such as:
I've tried this with login, su, sshd, samba and others on Slackware. NONE of them have libpam whereas all these programs do have libpam on Ubuntu. I posted a query on the Samaba maillist about this. Rowland Penny, the main list guru wrote, "The only problem is that pretty much every document you will find about authenticating to a Samba AD DC, will rely on PAM."
So, the bottom line is that no matter how good Ivandi's PAM collection is, or how well it works, it's not going to help us AD authenticate with Slackware if the various programs needing PAM for authentication are not PAM-enabled. Perhaps there is some way to make Slackware work anyway -- one possibility is recompiling login etc from sources with PAM enabled. For me, however, such exercises are beyond my job description, if not my skill level.
So, despite my affection for Slackware and my irritations with Ubuntu and systemd, I will return to that platform for my domain member and user workstations since it works just fine for AD authentication.
As an editorial comment, I think it's about time that Slackware reconsider the whole PAM issue. Like you, I am looking for office-environment alternatives to Windows. Our office has secure and private data and this alternative idea is driven by Microsoft's desire to push everything to the Cloud and intrinsic lack of privacy on Windows 10. I believe more and more businesses are going to look for MS alternatives and Linux Samba4 is the only AD/DC alternative out there (that I know of). Slackware is a great server and I will continue to use it as such, but Samba uses PAM to authenticate from Linux workstations and Samba rules at the moment. If Slackware doesn't get on the ball with respect to its future use as an AD workstation it's going to lose out.
You have to recompile a lot of system packages to fully enable PAM. It would probably be best to build his whole SlackMATE system and then just choose your preferred WM/DE. That should allow you to log in using AD credentials.
One followup Q is: Did you also rebuild and install the pam-enabled shadow package ( and each of the prerequisites for the shadow package )?
If so, another Q would be: Did you check that the accompanying rules are installed in /etc/pam.d/ ?
Nevertheless, imagine this will come up again someday so I am unsetting the [SOLVED] Tag for this Thread so I don't mislead anyone else.
I do plan on playing with this some more later down the road and maybe like bassmadrigal said, the best route may be via the full SlackMATE install ...
I did not install the entire SlackMATE system. I'll check into that, but this being a production environment, I'd rather stick with a standard distro. I don't mind downloading a package or two, but I'm not as comfortable with much more that than. But like I said, I'll check into the SlackMATE thing on my own time.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
)
