689
edits
Changes
From SME Server
Jump to navigationJump to searchClient Authentication:Ubuntu (view source)
Revision as of 01:01, 7 November 2009
, 01:01, 7 November 2009no edit summary
==Ubuntu 9.10 Authentication==
==Ubuntu 9.10 Authentication==
===Introduction===
===Introduction===
The following details the setup of Ubuntu 9.10 Karmic Koala as a desktop to authenticate users against SME. The method has been tested using Ubuntu installed in a VirtualBox virtual machine on a Windows XP host. It assumes login is via the gui interface.
The following details the setup of Ubuntu 9.10 Karmic Koala as a desktop to authenticate users against SME 7.4 using Samba and Winbind. The method has been tested using Ubuntu installed in a VirtualBox virtual machine on a Windows XP host. It assumes login is via the gui interface.
===Install Ubuntu===
===Install Ubuntu===
Download the Ubuntu .iso and install.
*Download the Ubuntu .iso and install.
{{Tip box| When prompted for a user name to log in with, give a non-SME user such as 'administrator', as this first user effectively becomes a local user with sudo root access.
{{Tip box| When prompted for a user name to log in with, give a non-SME user such as 'administrator', as this first user effectively becomes a local user with sudo root access.
Make sure you set the 'Name of this Computer' to something less than 15 characters.}}
Make sure you set the 'Name of this Computer' to something less than 15 characters.}}
Complete install, login and apply all updates.
*Complete install, login and apply all updates.
{{Note box| For VirtualBox VM installation only, install the 'Guest Additions'.}}
{{Note box| For VirtualBox VM installation only, install the 'Guest Additions'.}}
===Additional Packages===
===Additional Packages===
===Samba Modifications===
===Samba Modifications===
Open an 'Applications - Accessories - Terminal' cli and change to root privileges
*Open an 'Applications - Accessories - Terminal' cli and change to root privileges
sudo su
sudo su
*Open and edit /etc/samba/smb.conf. Find the relevant lines and alter them or uncomment them as below. Some lines may not exist and may need to be added.
Open and edit /etc/samba/smb.conf. Find the relevant lines and alter them or uncomment them as below. Some lines may not exist and may need to be added.
:Replace <WORKGROUP> below with the 'Windows workgroup' name of your SME server. Replace <ip of sme server> below with the internal network ip address of your SME server.
workgroup = <WORKGROUP>
workgroup = <WORKGROUP>
wins server = <ip of sme server>
wins server = <ip of sme server>
winbind cache time = 10
winbind cache time = 10
winbind use default domain = yes
winbind use default domain = yes
*To check validation of smb.conf, run
To check validation of smb.conf, run
testparm
testparm
*If all OK, then run
If all OK, then run
net rpc join -D <WORKGROUP> -U admin
net rpc join -D <WORKGROUP> -U admin
Joined domain <WORKGROUP>
Joined domain <WORKGROUP>
{{Note box| Now restart the machine, login, open a Terminal cli and 'sudo su' again. You could miss out this restart step and carry on with the modifications below, but the following commands didn't work and the full join to SME didn't seem to work until the machine has been restarted and reconnected to the server.
{{Note box| Now restart the machine, login, open a Terminal cli and 'sudo su' again. You could miss out this restart step and carry on with the modifications below, but the following commands and the full join to SME didn't seem to work until the machine had been restarted and reconnected to the server.
This may be a timing/delay issue similar to the volume mount (see below) due to NAT traversal. The restart may be unnecessary - can anyone confirm??}}
This may be a timing/delay issue similar to the volume mount (see below) due to NAT traversal. The restart may be unnecessary - can anyone confirm??}}
*The following commands should now list users, groups and available shares respectively from the SME server
The following commands should now list users, groups and available shares respectively from the SME server
wbinfo -u
wbinfo -u
wbinfo -g
wbinfo -g
===Authentication Modifications===
===Authentication Modifications===
{{Warning box| Altering the pam system authentication files can seriously effect your ability to login in to the system. Take a backup of the /etc/pam.d directory and /etc/nsswitch.conf. Have a live CD available to give access and re-apply the backup files if you make a mistake and/or get locked out}}
{{Warning box| Altering the pam system authentication files can seriously effect your ability to login in to the system. Take a backup of the /etc/pam.d directory and /etc/nsswitch.conf. Have a live CD available to give access and re-apply the backup files if you make a mistake and/or get locked out}}
Open and edit /etc/nsswitch.conf and find the hosts: line. Change it to
*Open and edit /etc/nsswitch.conf and find the hosts: line. Change it to
hosts: files wins dns
hosts: files wins dns
*Change to the auth-client-config tool profile directory
Change to the auth-client-config tool profile directory
cd /etc/auth-client-config/profile.d
cd /etc/auth-client-config/profile.d
*Create and edit a new file called acc-sme, and enter
Create and edit a new file called acc-sme, and enter
[sme]
[sme]
nss_group=group: compat winbind
nss_group=group: compat winbind
auth-client-config -S > acc-sme
auth-client-config -S > acc-sme
to create the file first, containing the current pam files configuration, and then just modify}}
to create the file first, containing the current pam files configuration, and then just modify}}
Save the file. Apply the pam authorisation changes
*Save the file. Apply the pam authorisation changes
auth-client-config -a -p sme
auth-client-config -a -p sme
=== Automount User Home Directories at Login===
=== Automount User Home Directories at Login===
cd /etc/security
cd /etc/security
Open and edit pam_mount.conf.xml file. Find the 'Volume Definitions' section. Add a volume line below the header
*Open and edit pam_mount.conf.xml file. Find the 'Volume Definitions' section. Add a volume line below the header
<nowiki><!-- Volume Definitions --> </nowiki>
<nowiki><!-- Volume Definitions --> </nowiki>
<volume fstype="cifs" server="<SMESERVER>" path="homes" mountpoint="~/nethome" options="nosuid,nodev" />
<volume fstype="cifs" server="<SMESERVER>" path="homes" mountpoint="~/nethome" options="nosuid,nodev" />
*Replace <SMESERVER> above with the samba name of your SME server. This will mount the users 'home' directory from SME into a directory called 'nethome' in their local home directory.
Replace <SMESERVER> above with the samba name of your SME server. This will mount the users 'home' directory from SME into a directory called 'nethome' in their local home directory.
===Login and Test===
===Login and Test===
Exit the Terminal cli
*Exit the Terminal cli
*Logout of Ubuntu.
Logout of Ubuntu.
*Login as a valid SME server user on your system, just giving username and password. No need for DOMAIN\user as samba configured above to use the default Windows Workgroup
*Authentication against SME should proceed and the user log in. A home directory on the local machine should be created as /home/DOMAIN/user, and a sub directory to that called 'nethome' mounted to the users home directory on the SME server. The mount point should also appear on the users gui desktop.
Login as a valid SME server user on your system, just giving username and password. No need for DOMAIN\user as samba configured above to use the default Windows Workgroup
Authentication against SME should proceed and the user log in. A home directory on the local machine should be created as /home/DOMAIN/user, and a sub directory to that called 'nethome' mounted to the users home directory on the SME server. The mount point should also appear on the users gui desktop.
===Issues / ToDo===
===Issues / ToDo===
