Changes

From SME Server
Jump to navigationJump to search
no edit summary
Line 44: Line 44:  
after having installed phpki, go to https://www.domain.tld/phpki and download on the client machine the certificate of authority (ca.crt).
 
after having installed phpki, go to https://www.domain.tld/phpki and download on the client machine the certificate of authority (ca.crt).
   −
Place a copy of it into /etc/phpki/tls/certs/ and give the 644 permissions:
+
Place a copy of it or of another CA into /etc/phpki/tls/certs/ and give the 644 permissions:
 
  cp ~/download/ca.crt /etc/phpki/tls/certs/
 
  cp ~/download/ca.crt /etc/phpki/tls/certs/
 
  chmod 644 /etc/phpki/tls/certs/ca.crt
 
  chmod 644 /etc/phpki/tls/certs/ca.crt
Line 98: Line 98:  
   
 
   
 
  chmod 600 /etc/sssd/sssd.conf
 
  chmod 600 /etc/sssd/sssd.conf
 +
 +
{{Tip box|Make sure that the file /etc/pki/tls/certs/ca.crt contains the CA that has sign the certificate of the SME (if  PHPki is used, a version > 0,82-13 is required).}}
    
===Start and enable the daemon sssd===
 
===Start and enable the daemon sssd===
Line 134: Line 136:  
gpasswd -a <your ldap login> wheel}}
 
gpasswd -a <your ldap login> wheel}}
    +
=== Automount of the ibays and of the user folders ===
 +
* Make sure that  both rpms pam_mount and cifs-utils are installed
 +
sudo dnf install  pam_mount, cifs-utils
 +
* Modify /etc/pam.d/lightdm (can be /etc/pam.d/gdm-password by Gnome instead of XFCE) as follow:
 +
#%PAM-1.0
 +
auth [success=done ignore=ignore default=bad]
 +
dpam_selinux_permit.so
 +
auth required pam_env.so
 +
auth substack system-auth
 +
-auth optional pam_gnome_keyring.so
 +
-auth optional pam_kwallet.so
 +
auth optional pam_mount.so
 +
auth include postlogin
 +
 +
account required pam_nologin.so
 +
account include system-auth
 +
 +
password include system-auth
 +
 +
session required pam_selinux.so close
 +
session required pam_loginuid.so
 +
session optional pam_console.so
 +
-session optional pam_ck_connector.so
 +
session required pam_selinux.so open
 +
session optional pam_keyinit.so force revoke
 +
session required pam_namespace.so
 +
-session optional pam_gnome_keyring.so auto_start
 +
-session optional pam_kwallet.so
 +
session include system-auth
 +
session optional pam_lastlog.so silent
 +
session optional pam_mount.so
 +
session include postlogin
 +
by adding:
 +
session optional pam_mount.so
 +
session include postlogin
 +
at the end of the file. 
 +
* Edit the /etc/security/pam_mount.conf.xml file. Find the 'Volume Definitions' section and add after it:
 +
<volume fstype="cifs" server="192.168.2.5" path="ibay1" mountpoint="/media/sme/ibay1" user="*" options="rw,auto,iocharset=utf8" />
 +
<volume fstype="cifs" server="192.168.2.5" path="ibay2" mountpoint="/media/sme/ibay2" user="*" options="rw,auto,iocharset=utf8" />
 +
<!-- .........etc....etc... -->
 +
<volume fstype="cifs" server="192.168.2.5" path="%(USER)" mountpoint="/media/sme/%(USER)/" user="*" options="rw,auto,iocharset=utf8" />
 +
* Create all the above configured the mount points:
 +
sudo mkdir /media/sme/ibay1
 +
sudo chmod 777 /media/sme/ibay1
 +
sudo mkdir /media/sme/ibay2
 +
sudo chmod 777 /media/sme/ibay2
 +
etc...
 +
 +
sudo mkdir /media/sme/user1
 +
sudo chmod 777 /media/sme/user1
 +
sudo mkdir /media/sme/user2
 +
sudo chmod 777 /media/sme/user2
 +
etc...
 +
 +
{{note box|With Fedora21, it was possible only the create and chmod777 /media/sme. The different mount points (ibay1, ibay2 etc...) have been created automatically by Fedora at the mounting operation. // It seem that this is not possible any more!!
 +
Please inform us, if there is a way to get it again.}}
 +
{{note box|Event if all the mount points are created, the several shares (ibays and user folders) are only mounted according to the permissions of the user.}}
 +
{{note box|The shares are automatically unmounted when the user loggs out.}}
 
That's all.  
 
That's all.  
 
Enjoy!
 
Enjoy!
 
[[Category:Howto]]
 
[[Category:Howto]]
41

edits

Navigation menu