Difference between revisions of "Client Authentication:Fedora7"

From SME Server
(Method)
(Method)
Line 23: Line 23:
 
Log in as root.
 
Log in as root.
  
In a terminal type ''yum groupinstall “Windows File Server”'' - a number of Samba-related packages will be installed.
+
In a terminal type ''yum groupinstall "Windows File Server"''.  Press ''Y'' when asked.
  
then type ''yum install pam_mount''
+
Then type ''yum install pam_mount''
  
then type ''system-config-network''
+
Then type ''system-config-network''
  
 
The Network dialog will appear.  Navigate to the DNS tab and enter ''host''.example.com where it asks for hostname and ''host'' is the name you have chosen for your Fedora 7 workstation and ''example.com'' is your primary domain.
 
The Network dialog will appear.  Navigate to the DNS tab and enter ''host''.example.com where it asks for hostname and ''host'' is the name you have chosen for your Fedora 7 workstation and ''example.com'' is your primary domain.
  
 
Close this and type ''system-config-authentication''
 
Close this and type ''system-config-authentication''
user information tab
+
 
tick enable winbind support
+
The Authentication dialog will appear.  Navigate to the User Information tab.
click configure winbind button
+
 
fill in the SME Server domain in capitals
+
Tick Enable Winbind Support
choose domain security model
+
 
add the SME Server's host name to Winbind Domain Controller
+
Click the Configure Winbind button
change the template shell to /bin/bash
+
 
click OK.  Don't join the domain using the join button.
+
Fill in your SME Server workgroup in capitals in the Domain section - put ''DOMAIN'' not example.com, where ''DOMAIN'' is your workgroup in capitals.
Switch to the authentication tab
+
 
tick enable winbind support
+
Choose Domain security model.
click the configure winbind button
+
 
check the settings and click ok
+
Add the SME Server's host name to Winbind Domain Controller textbox.
Don't join the domain using the join button.
+
 
Switch to the options tab
+
Change the template shell to ''/bin/bash''.
tick the use shadow passwords option
+
 
tick the use MD5 passwords option
+
Click OK.  '''Don't''' join the domain using the join button.
tick the Local Authorization option
+
 
click the OK button to save the settings and exit the authentication dialog
+
Switch to the Authentication tab
terminal will show that winbind has started
+
 
If your domain is called DOMAIN,
+
Tick Enable Winbind Support.
mkdir /home/DOMAIN
+
 
On the server...
+
Click the Configure Winbind button.
 +
 
 +
Check the settings and click OK.
 +
 
 +
'''Don't''' join the domain using the join button.
 +
 
 +
Switch to the options tab.
 +
 
 +
Tick the Use Shadow Passwords option.
 +
 
 +
Tick the Use MD5 Passwords option.
 +
 
 +
Tick the Local Authorization option.
 +
 
 +
Click the OK button to save the settings and exit the authentication dialog.
 +
 
 +
The terminal will show that winbind has started.
 +
 
 +
If your workgroup is called DOMAIN, type ''mkdir /home/DOMAIN'' in the terminal.
 +
 
 +
== Section C ==
 +
 
 +
Log in as root on the SME Server and type ...
 +
 
 
signal-event machine-account-create host$
 
signal-event machine-account-create host$
smbpasswd -a -m host$
+
 
On the client ...
+
smbpasswd -a -m ''host''$
net rpc join -D DOMAIN -U admin
+
 
Give the SME Server password when requested.
+
where ''host'' is the hostname of your Fedora 7 workstation, minus the ''example.com'' - i.e. it should be a single word with no fullstops.
Modify /etc/pam.d/system-auth and at the bottom add this line
+
 
session required pam_mkhomedir.so skel=/etc/skel umask=0077
+
== Section D (Back on the Fedora 7 Workstation) ==
add an extra blank line after that for luck
+
 
Modify /etc/samba/smb.conf
+
In the terminal type ''net rpc join -D DOMAIN -U admin'' where ''DOMAIN'' is your workgroup in capitals.
change winbind use default domain from false to true
+
 
/etc/init.d/smb restart
+
Give the SME Server admin password when requested.
/etc/init.d/winbind restart
+
 
 +
You will see a message to the effect that you have joined the domain.
 +
 
 +
== Section E ==
 +
 
 +
In the terminal type  ''gedit /etc/pam.d/system-auth'' and at the '''bottom''' add this line ...
 +
 
 +
''session required pam_mkhomedir.so skel=/etc/skel umask=0077''
 +
 
 +
add an extra blank line after that for luck.  Save it and exit from gedit.
 +
 
 +
In the terminal type ''gedit /etc/samba/smb.conf''
 +
 
 +
and change ''winbind use default domain'' from false to true.  Save it and exit from gedit.
 +
 
 +
In the terminal type ''/etc/init.d/smb restart''and ''/etc/init.d/winbind restart''
 +
The type
 
yum install xdm
 
yum install xdm
 
gedit /etc/pam.d/login
 
gedit /etc/pam.d/login

Revision as of 18:13, 19 November 2007

Introduction

This how-to describes a method to authenticate a Fedora 7 workstation against SME Server, so that when users log in, their documents are available to them in a transparent manner.


Method

Section A

Install Fedora 7 choosing Gnome as the desktop. KDE may work but is untested.

Turn off firewall.

Turn off SE-Linux.

Log in as root.

Update all packages using the update manager.

Reboot.

Section B

Log in as root.

In a terminal type yum groupinstall "Windows File Server". Press Y when asked.

Then type yum install pam_mount

Then type system-config-network

The Network dialog will appear. Navigate to the DNS tab and enter host.example.com where it asks for hostname and host is the name you have chosen for your Fedora 7 workstation and example.com is your primary domain.

Close this and type system-config-authentication

The Authentication dialog will appear. Navigate to the User Information tab.

Tick Enable Winbind Support

Click the Configure Winbind button

Fill in your SME Server workgroup in capitals in the Domain section - put DOMAIN not example.com, where DOMAIN is your workgroup in capitals.

Choose Domain security model.

Add the SME Server's host name to Winbind Domain Controller textbox.

Change the template shell to /bin/bash.

Click OK. Don't join the domain using the join button.

Switch to the Authentication tab

Tick Enable Winbind Support.

Click the Configure Winbind button.

Check the settings and click OK.

Don't join the domain using the join button.

Switch to the options tab.

Tick the Use Shadow Passwords option.

Tick the Use MD5 Passwords option.

Tick the Local Authorization option.

Click the OK button to save the settings and exit the authentication dialog.

The terminal will show that winbind has started.

If your workgroup is called DOMAIN, type mkdir /home/DOMAIN in the terminal.

Section C

Log in as root on the SME Server and type ...

signal-event machine-account-create host$

smbpasswd -a -m host$

where host is the hostname of your Fedora 7 workstation, minus the example.com - i.e. it should be a single word with no fullstops.

Section D (Back on the Fedora 7 Workstation)

In the terminal type net rpc join -D DOMAIN -U admin where DOMAIN is your workgroup in capitals.

Give the SME Server admin password when requested.

You will see a message to the effect that you have joined the domain.

Section E

In the terminal type gedit /etc/pam.d/system-auth and at the bottom add this line ...

session required pam_mkhomedir.so skel=/etc/skel umask=0077

add an extra blank line after that for luck. Save it and exit from gedit.

In the terminal type gedit /etc/samba/smb.conf

and change winbind use default domain from false to true. Save it and exit from gedit.

In the terminal type /etc/init.d/smb restartand /etc/init.d/winbind restart The type yum install xdm gedit /etc/pam.d/login A add an extra line under %PAM-1.0 B auth required pam_mount.so C then on the last line D session optional pam_mount.so E then add an extra line just for luck gedit /etc/pam.d/gdm and repeat A-E and repeat for /etc/pam.d/xdm gedit /etc/security/pam_mount.conf comment out the line options_require nosuid, nodev by placing a # in front of it Go to line 116 and press enter to start a new line without a # in front volume * cifs server & /home/DOMAIN/& uid=& - - where server is your SME Server and DOMAIN is your domain in capitals restart smb and restart winbind just for luck Go to System...Administration...Login Screen...Local and choose a theme without a face browser. Change to the Security tab and untick Deny TCP connections and Only allows logins if user owns their home directory. From the three choices at the bottom, choose Allow login if all write permissions on user's home directory. Restart the computer and log in as an SME Server user.