Difference between revisions of "Client Authentication:Ubuntu"

From SME Server
Jump to navigationJump to search
Line 9: Line 9:
  
 
===Additional Packages===
 
===Additional Packages===
Use the package manager to install additional packages
+
Use the System - Administration - Synaptic Package Manager to install additional packages
  
 
  auth_client_config
 
  auth_client_config
 
  winbind
 
  winbind
 +
libpam_mount
 +
smbfs ??
  
 +
===Samba Modifications===
 +
Open a Terminal cli and change to root privileges
 +
sudo su
 +
 +
Open and edit /etc/samba/smb.conf. Find the relevant lines and alter them or uncomment them as below. Some lines may not exist and may need to be added.
 +
workgroup=<WORKGROUP>
 +
wins server=<ip of sme server>
 +
security=domain
 +
password server=<ip of sme server>
 +
winbind use default domain=yes
 +
socket options=TCP_NODELAY
 +
idmap uid=5000-20000
 +
idmap gid=5000-20000
 +
template shell=/bin/bash
 +
 +
Edit
 
===Authentication Modifications===
 
===Authentication Modifications===
 
{{Warning box| Altering the pam system authentication files can seriously effect your ability to login in to the system. Take a backup of the /etc/pam.d directory and /etc/nsswitch.conf. Have a live CD available to give access and re-apply the backup files if you make a mistake and/or get locked out}}
 
{{Warning box| Altering the pam system authentication files can seriously effect your ability to login in to the system. Take a backup of the /etc/pam.d directory and /etc/nsswitch.conf. Have a live CD available to give access and re-apply the backup files if you make a mistake and/or get locked out}}
  
Open a Terminal cli and change to root privileges
+
Open and edit /etc/nsswitch.conf and find the hosts: line. Change it to
sudo su
 
 
 
Using your favourite editor, open /etc/nsswitch.conf and find the hosts: line. Change it to
 
 
  hosts: file wins dns
 
  hosts: file wins dns
  
Line 36: Line 51:
  
 
=== Automount User Home Directories at Login===
 
=== Automount User Home Directories at Login===
 +
cd /etc/security
 +
 +
Using your favourite editor open pam_mount.conf.xml file and find the Volume Information section. Add a volume line below the header
 +
<!-- Volume Information -->
 +
<volume fstype="cifs" server="<SMESERVER>" path="homes" mountpoint="~/nethome" options="nosuid,nodev">
 +
 +
Replace <SMESERVER> above with the samba name of your SME server. This will mount the users 'home' directory from SME into a directory called 'nethome' in their local home directory.

Revision as of 12:59, 5 November 2009

Warning.png Warning:
If your reading this then this page is incomplete. Don't follow the instructions below because they haven't been verified


Warning.png Warning:
This is based upon limited testing and a small number of users via a VirtualBox virtual machine installation of Ubuntu 9.10. YMMV


Ubuntu 9.10 Authentication

Introduction

The following details the setup of Ubuntu 9.10 Karmic Koala as a desktop to authenticate users against SME. The method has been tested using Ubuntu installed in a VirtualBox virtual machine on a Windows XP host.

Install Ubuntu

Download the Ubuntu .iso and install. When prompted for a user name give a non-SME user such as administrator as this first user effectively becomes a local user with sudo root access. Complete install, login and apply all updates.

Additional Packages

Use the System - Administration - Synaptic Package Manager to install additional packages

auth_client_config
winbind
libpam_mount
smbfs ??

Samba Modifications

Open a Terminal cli and change to root privileges

sudo su

Open and edit /etc/samba/smb.conf. Find the relevant lines and alter them or uncomment them as below. Some lines may not exist and may need to be added.

workgroup=<WORKGROUP>
wins server=<ip of sme server>
security=domain
password server=<ip of sme server>
winbind use default domain=yes
socket options=TCP_NODELAY
idmap uid=5000-20000
idmap gid=5000-20000
template shell=/bin/bash

Edit

Authentication Modifications

Warning.png Warning:
Altering the pam system authentication files can seriously effect your ability to login in to the system. Take a backup of the /etc/pam.d directory and /etc/nsswitch.conf. Have a live CD available to give access and re-apply the backup files if you make a mistake and/or get locked out


Open and edit /etc/nsswitch.conf and find the hosts: line. Change it to

hosts: file wins dns

Change to the auth-client-config tool profile directory

cd /etc/auth-client-config/profile.d

Using your favourite editor create a new file called acc-sme and enter

[sme]
users: compat winbind
passwd: compat winbind
shadow: compat

Save and apply the pam authorisation changes

auth-client-config -a -p sme

Automount User Home Directories at Login

cd /etc/security

Using your favourite editor open pam_mount.conf.xml file and find the Volume Information section. Add a volume line below the header

<volume fstype="cifs" server="<SMESERVER>" path="homes" mountpoint="~/nethome" options="nosuid,nodev">

Replace <SMESERVER> above with the samba name of your SME server. This will mount the users 'home' directory from SME into a directory called 'nethome' in their local home directory.