Line 13: |
Line 13: |
| [[User:VIP-ire|Daniel B.]] 08:30, 31 August 2010 | | [[User:VIP-ire|Daniel B.]] 08:30, 31 August 2010 |
| | | |
| + | Good work, thanks. Just some minor edits for consistency of naming of SME Server, See: http://wiki.contribs.org/Help:Wiki_Manual_of_Style. [[User:Trex|Terry Fage]] ([[User talk:Trex|talk]]) 14:48, 17 February 2013 (MST) |
| | | |
| {{WIP box|relayer}} | | {{WIP box|relayer}} |
Line 27: |
Line 28: |
| | | |
| ===Introduction=== | | ===Introduction=== |
− | The following details the setup of Ubuntu 12.04 LTS (Precise Pangolin) as a desktop to authenticate users against SME 8.0 using Samba and Winbind. It assumes login is via Ubuntu's standard GDM login screen. | + | The following details the setup of Ubuntu 12.04 LTS (Precise Pangolin) as a desktop to authenticate users against SME Server 8.0 using Samba and Winbind. It assumes login is via Ubuntu's standard GDM login screen. |
| | | |
| Ubuntu 12.04 is a long term service release, and will be supported on the desktop until April 2017. | | Ubuntu 12.04 is a long term service release, and will be supported on the desktop until April 2017. |
Line 33: |
Line 34: |
| ===Install Ubuntu=== | | ===Install Ubuntu=== |
| *Download the Ubuntu .iso and install. | | *Download the Ubuntu .iso and install. |
− | {{Tip box| When prompted for a user name to log in with, give a non-SME user such as 'localuser', as this first user effectively becomes a local user with sudo root access. | + | {{Tip box| When prompted for a user name to log in with, give a non-SME Server user such as 'localuser', as this first user effectively becomes a local user with sudo root access. |
| | | |
| Make sure you set the 'Name of this Computer' to something less than 15 characters.}} | | Make sure you set the 'Name of this Computer' to something less than 15 characters.}} |
Line 54: |
Line 55: |
| sudo su | | sudo su |
| *Open and edit /etc/samba/smb.conf. Find the relevant lines and alter them or uncomment them as below. Some lines may not exist and may need to be added. | | *Open and edit /etc/samba/smb.conf. Find the relevant lines and alter them or uncomment them as below. Some lines may not exist and may need to be added. |
− | :Replace <WORKGROUP> below with the 'Windows workgroup' name of your SME server. Replace <ip of sme server> below with the internal network ip address of your SME server. | + | :Replace <WORKGROUP> below with the 'Windows workgroup' name of your SME Server. Replace <ip of sme server> below with the internal network ip address of your SME Server. |
| workgroup = <WORKGROUP> | | workgroup = <WORKGROUP> |
| wins server = <ip of sme server> | | wins server = <ip of sme server> |
Line 76: |
Line 77: |
| net rpc join -D <WORKGROUP> -U admin | | net rpc join -D <WORKGROUP> -U admin |
| | | |
− | :Enter the admin password for the SME server when prompted and you should get a message, | + | :Enter the admin password for the SME Server when prompted and you should get a message, |
| Joined domain <WORKGROUP> | | Joined domain <WORKGROUP> |
| | | |
| *Restart the machine to apply the changes. | | *Restart the machine to apply the changes. |
| * Login as the local user, open a Terminal cli and 'sudo su' again | | * Login as the local user, open a Terminal cli and 'sudo su' again |
− | *The following commands should now list users, groups and available shares respectively from the SME server | + | *The following commands should now list users, groups and available shares respectively from the SME Server |
| wbinfo -u | | wbinfo -u |
| wbinfo -g | | wbinfo -g |
Line 135: |
Line 136: |
| <nowiki><!-- Volume Definitions --> </nowiki> | | <nowiki><!-- Volume Definitions --> </nowiki> |
| <volume fstype="cifs" server="<SMESERVER>" path="homes" mountpoint="~/nethome" options="nosuid,nodev" /> | | <volume fstype="cifs" server="<SMESERVER>" path="homes" mountpoint="~/nethome" options="nosuid,nodev" /> |
− | *Replace <SMESERVER> above with the samba name of your SME server. This will mount the users 'home' directory from SME into a directory called 'nethome' in their local home directory. | + | *Replace <SMESERVER> above with the samba name of your SME Server. This will mount the users 'home' directory from SME Server into a directory called 'nethome' in their local home directory. |
| | | |
| | | |
Line 143: |
Line 144: |
| <nowiki><!-- Volume Definitions --> </nowiki> | | <nowiki><!-- Volume Definitions --> </nowiki> |
| <volume sgrp="<GROUPNAME>" fstype="cifs" server="<SMESERVER>" path="<IBAYNAME>" mountpoint="~/<IBAYNAME>" options="user=%(DOMAIN_USER),setuids,acl" /> | | <volume sgrp="<GROUPNAME>" fstype="cifs" server="<SMESERVER>" path="<IBAYNAME>" mountpoint="~/<IBAYNAME>" options="user=%(DOMAIN_USER),setuids,acl" /> |
− | *Replace <SMESERVER> with the samba name of your SME server, <IBAYNAME> with the ibay name, <GROUPNAME> with the '''[[description]]''' of the ibay owner group. The description can be recovered with | + | *Replace <SMESERVER> with the samba name of your SME server, <IBAYNAME> with the ibay name, <GROUPNAME> with the description of the ibay owner group. The description can be recovered with |
| wbinfo -g | | wbinfo -g |
| {{Note box| The sgrp param is optional. If used, ibay will be mounted only if %(DOMAIN_USER) is a member of ibay's owner group}} | | {{Note box| The sgrp param is optional. If used, ibay will be mounted only if %(DOMAIN_USER) is a member of ibay's owner group}} |
Line 151: |
Line 152: |
| *Edit /etc/sudoers and add the following line: | | *Edit /etc/sudoers and add the following line: |
| | | |
− | # Allow "Domain Admins" from the SME domain to run all commands | + | # Allow "Domain Admins" from the SME Server domain to run all commands |
| %<WORKGROUP>\\Domain\ Admins ALL=(ALL) ALL | | %<WORKGROUP>\\Domain\ Admins ALL=(ALL) ALL |
| | | |
− | *Replace <WORKGROUP> with your SME server's Windows workgroup name. | + | *Replace <WORKGROUP> with your SME Server's Windows workgroup name. |
| | | |
| ===Login and Test=== | | ===Login and Test=== |
| *Exit the Terminal cli | | *Exit the Terminal cli |
| *Reboot the machine. | | *Reboot the machine. |
− | *Login as a valid SME server user on your system, just giving username and password. No need for DOMAIN\user as samba configured above to use the default Windows Workgroup | + | *Login as a valid SME Server user on your system, just giving username and password. No need for DOMAIN\user as samba configured above to use the default Windows Workgroup |
− | *Authentication against SME should proceed and the user log in. A home directory on the local machine should be created as /home/DOMAIN/user, and a sub directory to that called 'nethome' mounted to the users home directory on the SME server. | + | *Authentication against SME Server should proceed and the user log in. A home directory on the local machine should be created as /home/DOMAIN/user, and a sub directory to that called 'nethome' mounted to the users home directory on the SME Server. |
| | | |
| ===Login screen security=== | | ===Login screen security=== |
| | | |
− | The list of available users shown at the login screen is cleared after each reboot. Once you have confirmed that everything is working you can, however, optionally configure the graphical login screen to hide the names of both local users and SME users who have recently logged in. This won't stop any serious attempt to break into a machine but is roughly equivalent to similar options available with the Windows XP login screen. Edit /etc/lightdm/lightdm.conf and add the following line | + | The list of available users shown at the login screen is cleared after each reboot. Once you have confirmed that everything is working you can, however, optionally configure the graphical login screen to hide the names of both local users and SME Server users who have recently logged in. This won't stop any serious attempt to break into a machine but is roughly equivalent to similar options available with the Windows XP login screen. Edit /etc/lightdm/lightdm.conf and add the following line |
| greeter-hide-users=true | | greeter-hide-users=true |
| | | |