Changes

From SME Server
Jump to navigationJump to search

Client Authentication:Fedora (view source)

Revision as of 22:19, 8 January 2015

112 bytes added ,  22:19, 8 January 2015
Updated
Line 3: Line 3:  
==Client Configuration==
 
==Client Configuration==
 
===Introduction===
 
===Introduction===
The following  is Fedora 20 ( standard gnome edition) desktop configuration for SME Server 8.x authentication using Samba and Winbind. It allows login via the standard Fedora login screen. Also suitable for Fedora 19 - note that the Firewall and SELinux Administration GUI's may be slightly different.
+
The following  is Fedora 21 (F21) - standard gnome edition desktop configuration for SME Server 9 authentication using Samba and Winbind. It allows login via the standard Fedora login screen. Also suitable for Fedora 19 and 20 (F19 and F20) for SME Server 8 - note that the Firewall and SELinux Administration GUI's may be slightly different.
 
===Install Fedora===
 
===Install Fedora===
 
*Download the Fedora .iso and install. During the install process change the hostname to something of your choice and your domain name.
 
*Download the Fedora .iso and install. During the install process change the hostname to something of your choice and your domain name.
 
  <HOSTNAME>.<yourdomain>.<yourtld>
 
  <HOSTNAME>.<yourdomain>.<yourtld>
 
{{Tip box| Make sure you set the <HOSTNAME> to something less than 15 characters.
 
{{Tip box| Make sure you set the <HOSTNAME> to something less than 15 characters.
 
+
The hostname can be set during the Installation Summary section of the install procedure by selecting Network & Hostname.
The hostname can be set during the Installation Summary section of the install procedure by selecting Network Configuration.
      
When creating a user account, give a non SME Server user such as 'administrator' as this first user effectively becomes a local user for Gnome login. Root is not allowed to login at the Gnome GDM prompt. You can login as this user, open the Terminal (cli) and 'su' to root to carry out most of the authentication setup later.}}
 
When creating a user account, give a non SME Server user such as 'administrator' as this first user effectively becomes a local user for Gnome login. Root is not allowed to login at the Gnome GDM prompt. You can login as this user, open the Terminal (cli) and 'su' to root to carry out most of the authentication setup later.}}
*When the install has finished, remove the media and reboot. A gui welcome startup process then completes the setup and installation.
+
*When the install has finished, remove the media and reboot.
*Complete install, login and apply all updates. Logout and Restart.
+
*Complete the install, login and apply all updates. Logout and Restart.
 
{{Note box| There may be a lot of updates, it is recommended to apply them all but ensure the security fixes are applied as a minimum.}}
 
{{Note box| There may be a lot of updates, it is recommended to apply them all but ensure the security fixes are applied as a minimum.}}
 
===Additional Packages===
 
===Additional Packages===
*Search for the “Software” package or use “yum” at the Terminal to install the additional packages.
+
*Open the Terminal and use "su" to log in as root user.
*The following shows how to install using yum at the Terminal, the package names are the same if you use the gui.
+
*Use "yum" at the Terminal to install the additional packages.
yum groupinstall smb-server
+
*If you prefer to use a graphical package manager then install the "Yum Extender" from the Software" package.
  yum install pam_mount policycoreutils-gui authconfig-gtk samba-winbind samba-winbind-clients
+
*The following shows how to install using yum at the Terminal, the package names are the same if you use the gui. Note: Firewall-config is already installed on F19 & F20.
 +
  yum install pam_mount policycoreutils-gui authconfig-gtk samba samba-winbind samba-winbind-clients system-config-samba firewall-config
 +
===Package Removal===
 +
*A package now has to be removed (not necessary on F19 and F20)
 +
yum remove sssd-libwbclient
 
===Firewall Modifications===
 
===Firewall Modifications===
 
*Search for and open “Firewall” and tick
 
*Search for and open “Firewall” and tick
Line 26: Line 29:  
as trusted services. Do not forget to select “Permanent” in the configuration drop down box first otherwise the changes will apply to the current session only.
 
as trusted services. Do not forget to select “Permanent” in the configuration drop down box first otherwise the changes will apply to the current session only.
 
===SELinux Administration===
 
===SELinux Administration===
*Search for and open “SELinux Management” - note that the screen which opens is titled “SELinux Configuration” (not Management)
+
*Search for and open “SELinux Management” - note that the screen which opens is titled “SELinux Administration” (not Management)
*Open the "Select" drop down box, select "System" and set the system mode to either "Permissive" or "Disabled".
+
*On the "Status" menu select the "System Default Enforcing Mode" to "Disabled".
{{Note box| SELinux now warns against setting the mode to Disabled, choose Permissive if you prefer. Enforcing mode will allow authentication to SME Server, however, Home Directories and ibays will not automount.}}
   
===Samba Modifications===
 
===Samba Modifications===
 
At the Terminal and still as root user, run the following two commands.
 
At the Terminal and still as root user, run the following two commands.
Line 69: Line 71:  
  idmap config DOMAIN : range = 10000-49999       (add this line)
 
  idmap config DOMAIN : range = 10000-49999       (add this line)
 
  idmap config DOMAIN : base_rid = 1000                (add this line)
 
  idmap config DOMAIN : base_rid = 1000                (add this line)
  template shell = /bin/bash  
+
  template shell = /bin/bash
 +
# kerberos method = secrets only                      (comment out if this line exists)
 
  winbind use default domain = yes (change this from false)
 
  winbind use default domain = yes (change this from false)
 
  winbind offline logon = true  
 
  winbind offline logon = true  
Line 98: Line 101:  
===Authentication Modifications===
 
===Authentication Modifications===
 
{{Warning box| Altering the pam system authentication files can seriously effect your ability to login in to the system. Take a backup of the /etc/pam.d directory and /etc/nsswitch.conf. Have a live DVD available to give access and re-apply the backup files if you make a mistake and/or get locked out}}
 
{{Warning box| Altering the pam system authentication files can seriously effect your ability to login in to the system. Take a backup of the /etc/pam.d directory and /etc/nsswitch.conf. Have a live DVD available to give access and re-apply the backup files if you make a mistake and/or get locked out}}
*Open, check and edit as necessary /etc/nsswitch.conf. The first three lines below should already exist and be correct but check, the fourth line requires amendment. Close and Save
+
*Open, check and edit as necessary /etc/nsswitch.conf. On F21 the following 4 lines will require amendment, on F19 and F20 only line 4 should require amendment. Close and Save.
 
  passwd:  files winbind
 
  passwd:  files winbind
 
  shadow: files winbind
 
  shadow: files winbind
Relayer
47

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/27060"

Navigation menu