Difference between revisions of "Client Authentication:Mepis"
m |
|||
Line 11: | Line 11: | ||
===Domain Login=== | ===Domain Login=== | ||
+ | apt-get install winbind libpam-mount | ||
+ | or use synaptic to install the two rpms | ||
+ | |||
+ | these files can be edited with nano or graphically, comment out the existing setting and paste the new | ||
+ | |||
+ | your workgroup is probably correct, as you set this during install | ||
+ | nano -w /etc/samba/smb.conf | ||
+ | . | ||
+ | workgroup = MYDOMAIN | ||
+ | idmap uid = 10000-20000 | ||
+ | idmap gid = 10000-20000 | ||
+ | template shell = /bin/bash | ||
+ | template homedir = /home/%U | ||
+ | winbind enum users = yes | ||
+ | winbind enum groups = yes | ||
+ | winbind cache time = 10 | ||
+ | winbind separator = + | ||
+ | security = domain | ||
+ | password server = * | ||
+ | winbind use default domain = yes | ||
+ | |||
+ | |||
+ | nano -w /etc/nsswitch.conf | ||
+ | . | ||
+ | passwd: compat winbind | ||
+ | group: compat winbind | ||
+ | shadow: compat winbind | ||
+ | |||
+ | nano -w /etc/pam.d/common-account | ||
+ | . | ||
+ | account sufficient pam_winbind.so | ||
+ | account required pam_unix.so | ||
+ | |||
+ | nano -w /etc/pam.d/common-auth | ||
+ | . | ||
+ | auth required pam_mount.so | ||
+ | # | ||
+ | ## use the follolwing "auth" line by itself to restrict local access (a bit paranoid) - | ||
+ | ## will validate ONLY off of network | ||
+ | #auth required pam_winbind.so use_first_pass | ||
+ | # | ||
+ | ## use the TWO "auth" lines below for either network or local validation - | ||
+ | ## will validate off of EITHER network or local passwd db | ||
+ | auth sufficient pam_winbind.so use_first_pass | ||
+ | auth required pam_unix.so use_first_pass | ||
+ | |||
+ | nano -w /etc/pam.d/common-session | ||
+ | . | ||
+ | session required pam_unix.so | ||
+ | session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ | ||
+ | session optional pam_mount.so | ||
+ | |||
+ | /etc/init.d/winbind start | ||
+ | |||
+ | |||
+ | This is where SME doesn't support linux clients as well as windows so... logon to your server | ||
+ | signal-event machine-account-create ClientName$ | ||
+ | smbpasswd -a -m ClientName$ | ||
+ | |||
+ | |||
+ | to check your client values > K menu > Setting Configuration > Internet and Networking > Samba <br> | ||
+ | ClientName is the NetBIOS Name, + you must add the trailing $ <br> | ||
+ | Workgroup is Workgroup, your local '''windows''' domain <br> | ||
+ | |||
+ | Now back to mepis and join the workgroup/domain | ||
+ | net rpc join -D WorkGroup -U admin | ||
===Mounting Shares=== | ===Mounting Shares=== |
Revision as of 12:05, 8 April 2007
About Mepis
MEPIS LLC was founded in 2002 by computer industry veteran Warren Woodford, to realize his personal vision for a version of Linux that was complete and secure, while also being easy to try, easy to install, and easy to use. Today MEPIS offers personal computing solutions that are popular with people from 2 to 92 years and of all professions. MEPIS products are also available free of charge to not-for-profits, K-12 schools, and private users not requiring support.
Client configuration for Mepis Client
SME Server's has been and remains focused on serving windows clients, however Linux clients also work well with SME.
Domain Login
apt-get install winbind libpam-mount
or use synaptic to install the two rpms
these files can be edited with nano or graphically, comment out the existing setting and paste the new
your workgroup is probably correct, as you set this during install
nano -w /etc/samba/smb.conf . workgroup = MYDOMAIN idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash template homedir = /home/%U winbind enum users = yes winbind enum groups = yes winbind cache time = 10 winbind separator = + security = domain password server = * winbind use default domain = yes
nano -w /etc/nsswitch.conf . passwd: compat winbind group: compat winbind shadow: compat winbind
nano -w /etc/pam.d/common-account . account sufficient pam_winbind.so account required pam_unix.so
nano -w /etc/pam.d/common-auth . auth required pam_mount.so # ## use the follolwing "auth" line by itself to restrict local access (a bit paranoid) - ## will validate ONLY off of network #auth required pam_winbind.so use_first_pass # ## use the TWO "auth" lines below for either network or local validation - ## will validate off of EITHER network or local passwd db auth sufficient pam_winbind.so use_first_pass auth required pam_unix.so use_first_pass
nano -w /etc/pam.d/common-session . session required pam_unix.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ session optional pam_mount.so
/etc/init.d/winbind start
This is where SME doesn't support linux clients as well as windows so... logon to your server
signal-event machine-account-create ClientName$ smbpasswd -a -m ClientName$
to check your client values > K menu > Setting Configuration > Internet and Networking > Samba
ClientName is the NetBIOS Name, + you must add the trailing $
Workgroup is Workgroup, your local windows domain
Now back to mepis and join the workgroup/domain
net rpc join -D WorkGroup -U admin