Changes

From SME Server
Jump to navigationJump to search
Reformatted to match other wiki pages, minor text corrections and placed some screenshots at the proper place in the text
Line 6: Line 6:  
== Method ==
 
== Method ==
   −
'''Section A - Install Fedora 7'''
+
===Install Fedora 7===
    
# Install Fedora 7 choosing Gnome as the desktop.  KDE may work but is untested.
 
# Install Fedora 7 choosing Gnome as the desktop.  KDE may work but is untested.
Line 15: Line 15:  
# Reboot.
 
# Reboot.
   −
'''Section B - Setting up Samba and Winbind on Fedora'''
+
===Setting up Samba and Winbind on Fedora===
 
  −
# Log in as root.
  −
# In a terminal type ''yum groupinstall "Windows File Server"''.  Press ''Y'' when asked.
  −
# Then type ''yum install pam_mount''
  −
# Then type ''system-config-network''
  −
# The Network dialog will appear.  Navigate to the DNS tab and enter ''host''.example.com where it asks for hostname and ''host'' is the name you have chosen for your Fedora 7 workstation and ''example.com'' is your primary domain.
  −
# Close this and type ''system-config-authentication''
  −
# The Authentication dialog will appear.  Navigate to the User Information tab.
  −
# Tick Enable Winbind Support
  −
# Click the Configure Winbind button
  −
# Fill in your SME Server workgroup in capitals in the Domain section - put ''DOMAIN'' not example.com, where ''DOMAIN'' is your workgroup in capitals.
  −
# Choose Domain security model.
  −
# Add the SME Server's host name to Winbind Domain Controller textbox.
  −
# Change the template shell to ''/bin/bash''.
  −
# Click OK.  '''Don't''' join the domain using the join button.
  −
# Switch to the Authentication tab
  −
# Tick Enable Winbind Support.
  −
# Click the Configure Winbind button.
  −
# Check the settings and click OK.
  −
# '''Don't''' join the domain using the join button.
  −
# Switch to the options tab.
  −
# Tick the Use Shadow Passwords option.
  −
# Tick the Use MD5 Passwords option.
  −
# Tick the Local Authorization option.
  −
# Click the OK button to save the settings and exit the authentication dialog.
  −
# The terminal will show that winbind has started.
  −
# If your workgroup is called DOMAIN, type ''mkdir /home/DOMAIN'' in the terminal.
  −
 
  −
[[Image:network.jpg]]
  −
 
  −
In the above example the host name for my Fedora 7 workstation is "fedora".
      +
<ol></li><li>Log in as root.
 +
</li><li>In a terminal type
 +
yum groupinstall "Windows File Server" -y
 +
</li><li>Then type
 +
yum install pam_mount
 +
</li><li>Then type
 +
system-config-network
 +
</li><li>The Network dialog will appear.<br>[[Image:network.jpg]]
 +
Navigate to the DNS tab and enter ''host''.example.com where it asks for hostname and ''host'' is the name you have chosen for your Fedora 7 workstation and ''example.com'' is your primary domain.
 +
</li><li>Close this and type
 +
system-config-authentication
 +
</li><li>The Authentication dialog will appear. Navigate to the User Information tab.
 +
</li><li>Tick Enable Winbind Support
 
[[Image:auth1.jpg]]
 
[[Image:auth1.jpg]]
 
+
</li><li>Click the Configure Winbind button
 +
</li><li>Fill in your SME Server workgroup in capitals in the Domain section - put ''DOMAIN'' not example.com, where ''DOMAIN'' is your workgroup in capitals.
 
[[Image:auth2.jpg]]
 
[[Image:auth2.jpg]]
 
+
</li><li>Choose Domain security model.
 +
</li><li>Add the SME Server's host name to Winbind Domain Controller textbox.
 +
</li><li>Change the template shell to ''/bin/bash''.
 +
</li><li>Click OK.  '''Don't''' join the domain using the join button.
 +
</li><li>Switch to the Authentication tab
 
[[Image:auth3.jpg]]
 
[[Image:auth3.jpg]]
 
+
</li><li>Tick Enable Winbind Support.
 +
</li><li>Click the Configure Winbind button.
 +
</li><li>Check the settings and click OK.
 +
</li><li>'''Don't''' join the domain using the join button.
 +
</li><li>Switch to the options tab.
 
[[Image:auth4.jpg]]
 
[[Image:auth4.jpg]]
 +
</li><li>Tick the Use Shadow Passwords option.
 +
</li><li>Tick the Use MD5 Passwords option.
 +
</li><li>Tick the Local Authorization option.
 +
</li><li>Click the OK button to save the settings and exit the authentication dialog.
 +
</li><li>The terminal will show that winbind has started.
 +
</li><li>If your workgroup is called DOMAIN, in the terminal type
 +
mkdir /home/DOMAIN
 +
</li></ol>
 +
In the above example the host name for my Fedora 7 workstation is "fedora". In the above examples my workgroup's name is ''SCHOOL'' and the PDC is imaginatively ''server''.
   −
In the above examples my workgroup's name is ''SCHOOL'' and the PDC is imaginatively ''server''.
+
===Prep the SME Server===
 
  −
'''Section C - Prep the SME Server'''
      
Log in as root on the SME Server and type ''signal-event machine-account-create host$'' and ''smbpasswd -a -m ''host''$'' where ''host'' is the hostname of your Fedora 7 workstation, minus the ''example.com'' - i.e. it should be a single word with no fullstops.
 
Log in as root on the SME Server and type ''signal-event machine-account-create host$'' and ''smbpasswd -a -m ''host''$'' where ''host'' is the hostname of your Fedora 7 workstation, minus the ''example.com'' - i.e. it should be a single word with no fullstops.
   −
In the example, I typed ''signal-event machine-account-create fedora$'' and ''smbpasswd -a -m fedora$'' because my Fedora 7's host name is ''fedora''.
+
In the example, I typed  
 +
signal-event machine-account-create fedora$
 +
smbpasswd -a -m fedora$
 +
because my Fedora 7's host name is ''fedora''.
   −
'''Section D - Joining the Domain'''
+
===Joining the Domain===
    
Back on the Fedora 7 Workstation:
 
Back on the Fedora 7 Workstation:
   −
# In the terminal type ''net rpc join -D DOMAIN -U admin'' where ''DOMAIN'' is your workgroup in capitals.  Following the example, I typed ''net rpc join -D SCHOOL -U admin''.
+
<ol></li><li>In the terminal type  
# Give the SME Server admin password when requested.
+
net rpc join -D DOMAIN -U admin
# You will see a message to the effect that you have joined the domain.
+
where ''DOMAIN'' is your workgroup in capitals.  Following the example, I typed  
# Go to System...Administration...Services.
+
net rpc join -D SCHOOL -U admin.
# Scroll down to ''smb'', make sure the service is started and then tick it to make it start automatically.
+
</li><li>Give the SME Server admin password when requested.
# Save and exit.
+
</li><li>You will see a message to the effect that you have joined the domain.
 
+
</li><li>Go to System...Administration...Services.
 
[[Image:services.jpg]]
 
[[Image:services.jpg]]
 +
</li><li>Scroll down to ''smb'', make sure the service is started and then tick it to make it start automatically.
 +
</li><li>Save and exit.</li></ol>
   −
'''Section E - Setting up Fedora to Authenticate'''
+
===Setting up Fedora to Authenticate===
   −
# In the terminal type  ''gedit /etc/pam.d/system-auth'' and at the '''bottom''' add this line ...
+
<ol></li><li>In the terminal type   
# ''session required pam_mkhomedir.so skel=/etc/skel umask=0077''
+
gedit /etc/pam.d/system-auth
# add an extra blank line after that for luck.  Save it and exit from gedit.
+
and at the '''bottom''' add this line
# In the terminal type ''gedit /etc/samba/smb.conf''
+
session required pam_mkhomedir.so skel=/etc/skel umask=0077
# and change ''winbind use default domain'' from false to true.  Save it and exit from gedit.
+
</li><li>add an extra blank line after that for luck.  Save it and exit from gedit.
# In the terminal type ''/etc/init.d/smb restart'' and ''/etc/init.d/winbind restart''
+
</li><li>In the terminal type  
# Then type ''yum install xdm''
+
gedit /etc/samba/smb.conf
# Then type ''gedit /etc/pam.d/login''
+
</li><li>and change ''winbind use default domain'' from false to true.  Save it and exit from gedit.
# A. add an extra line under %PAM-1.0
+
</li><li>In the terminal type  
# B. Type ''auth      required    pam_mount.so'' so that it lines up with the other entries.
+
/etc/init.d/smb restart
# C. Then on the last line (add a line if necessary) type ''session    optional    pam_mount.so'' so that it lines up.
+
/etc/init.d/winbind restart
# D. Then add an extra line just for luck
+
</li><li>Then type  
# E. Save and exit from gedit.
+
yum install xdm
# Then repeat A - E for ''/etc/pam.d/gdm'' and ''/etc/pam.d/xdm''
+
</li><li>Then type  
# If you installed KDE, you should probably modify the kdm entry the same way, but I did not try this.
+
gedit /etc/pam.d/login
 +
<ol></li><li>A. add an extra line under %PAM-1.0
 +
</li><li>B. Type  
 +
auth      required    pam_mount.so
 +
so that it lines up with the other entries.
 +
</li><li>C. Then on the last line (add a line if necessary) type  
 +
session    optional    pam_mount.so
 +
so that it lines up.
 +
</li><li>D. Then add an extra line just for luck
 +
</li><li>E. Save and exit from gedit.</li></ol>
 +
</li><li>Then repeat A - E for ''/etc/pam.d/gdm'' and ''/etc/pam.d/xdm''
 +
</li><li>If you installed KDE, you should probably modify the kdm entry the same way, but I did not try this.</li></ol>
    
[[Image:system-auth.jpg]]
 
[[Image:system-auth.jpg]]
Line 107: Line 121:  
Above is my ''/etc/pam.d/login'' file showing the added lines in red, plus an additional empty line at the bottom.  You need to do the same for ''/etc/pam.d/gdm'' and ''/etc/pam.d/xdm'' and even the ''kdm'' one if you lean that way.
 
Above is my ''/etc/pam.d/login'' file showing the added lines in red, plus an additional empty line at the bottom.  You need to do the same for ''/etc/pam.d/gdm'' and ''/etc/pam.d/xdm'' and even the ''kdm'' one if you lean that way.
   −
'''Section F - Setting Up Automount'''
+
===Setting Up Automount===
 
  −
# In the terminal type ''gedit /etc/security/pam_mount.conf''
  −
# Comment out the line  ''options_require      nosuid, nodev'' by placing a # in front of it.
  −
# Go to line 116 and press enter to start a new line without a # in front
  −
# Type ''volume * cifs server & /home/DOMAIN/& uid=& - -''  where ''server'' is your SME Server's host name and ''DOMAIN'' is your workgroup in capitals.  Save and exit from gedit.
      +
<ol></li><li>In the terminal type
 +
gedit /etc/security/pam_mount.conf
 +
</li><li>Comment out the line 
 +
options_require      nosuid, nodev
 +
by placing a # in front of it.
 +
</li><li>Go to line 116 and press enter to start a new line without a # in front
 +
</li><li>Type
 +
volume * cifs server & /home/DOMAIN/& uid=& - -
 +
where ''server'' is your SME Server's host name and ''DOMAIN'' is your workgroup in capitals.  Save and exit from gedit.
 +
</li></ol>
 
[[Image:pam_mounta.jpg]]
 
[[Image:pam_mounta.jpg]]
   Line 122: Line 141:  
Here's my ''/etc/security/pam_mount.conf'' file showing the line that mounts the user's home folder automagically.
 
Here's my ''/etc/security/pam_mount.conf'' file showing the line that mounts the user's home folder automagically.
   −
'''Section G - Setting up the Display Manager'''
+
===Section G - Setting up the Display Manager===
   −
#Restart smb and restart winbind just for luck.
+
<ol></li><li>Restart smb and restart winbind just for luck.
#Go to System...Administration...Login Screen...Local and choose a theme without a face browser.
+
</li><li>Go to System...Administration...Login Screen...Local and choose a theme without a face browser.
#Change to the Security tab and untick Deny TCP connections and Only allows logins if user owns their home directory.
+
</li><li>Change to the Security tab and untick Deny TCP connections and Only allows logins if user owns their home directory.
#From the three choices at the bottom, choose Allow login if all write permissions on user's home directory.
+
</li><li>From the three choices at the bottom, choose Allow login if all write permissions on user's home directory.
#Restart the computer and log in as an SME Server user.
+
</li><li>Restart the computer and log in as an SME Server user.</li></ol>
    
[[Image:loginscreen1.jpg]]
 
[[Image:loginscreen1.jpg]]

Navigation menu