53
edits
Changes
From SME Server
Jump to navigationJump to searchClient Authentication:Fedora7 (view source)
Revision as of 17:49, 19 November 2007
, 17:49, 19 November 2007→Method
== Method ==
== Method ==
'''Section A'''
'''Section A'''
Install Fedora 7 choosing Gnome as the desktop. KDE may work but is untested.
Turn off firewall.
Turn off SE-Linux.
Log in as root.
Update all packages using the update manager.
Reboot.
'''Section B'''
Log in as root.
In a terminal type ''yum groupinstall “Windows File Server”''
yum install pam_mount
system-config-network
dns tab
hostname = host.example.com
close it up
system-config-authentication
user information tab
tick enable winbind support
click configure winbind button
fill in the SME Server domain in capitals
choose domain security model
add the SME Server's host name to Winbind Domain Controller
change the template shell to /bin/bash
click OK. Don't join the domain using the join button.
Switch to the authentication tab
tick enable winbind support
click the configure winbind button
check the settings and click ok
Don't join the domain using the join button.
Switch to the options tab
tick the use shadow passwords option
tick the use MD5 passwords option
tick the Local Authorization option
click the OK button to save the settings and exit the authentication dialog
terminal will show that winbind has started
If your domain is called DOMAIN,
mkdir /home/DOMAIN
On the server...
signal-event machine-account-create host$
smbpasswd -a -m host$
On the client ...
net rpc join -D DOMAIN -U admin
Give the SME Server password when requested.
Modify /etc/pam.d/system-auth and at the bottom add this line
session required pam_mkhomedir.so skel=/etc/skel umask=0077
add an extra blank line after that for luck
Modify /etc/samba/smb.conf
change winbind use default domain from false to true
/etc/init.d/smb restart
/etc/init.d/winbind restart
yum install xdm
gedit /etc/pam.d/login
A add an extra line under %PAM-1.0
B auth required pam_mount.so
C then on the last line
D session optional pam_mount.so
E then add an extra line just for luck
gedit /etc/pam.d/gdm
and repeat A-E
and repeat for /etc/pam.d/xdm
gedit /etc/security/pam_mount.conf
comment out the line options_require nosuid, nodev by placing a # in front of it
Go to line 116 and press enter to start a new line without a # in front
volume * cifs server & /home/DOMAIN/& uid=& - -
where server is your SME Server and DOMAIN is your domain in capitals
restart smb and restart winbind just for luck
Go to System...Administration...Login Screen...Local and choose a theme without a face browser.
Change to the Security tab and untick Deny TCP connections and Only allows logins if user owns their home directory.
From the three choices at the bottom, choose Allow login if all write permissions on user's home directory.
Restart the computer and log in as an SME Server user.
