Difference between revisions of "Client Authentication:Mepis"

From SME Server
Jump to navigationJump to search
Line 10: Line 10:
  
 
===Domain Login===
 
===Domain Login===
 +
A Domain login lets users login without admin setting up each user first.
 +
 +
You can use these command line instructions or use your GUI tools.<br>
 +
Comment out the existing setting and paste the new
  
 
  apt-get install winbind libpam-mount
 
  apt-get install winbind libpam-mount
 
+
or use synaptic to install the two rpms
 
 
 
these files can be edited with nano or graphically, comment out the existing setting and paste the new
 
 
 
your workgroup is probably correct, as you set this during install
 
 
  nano -w /etc/samba/smb.conf
 
  nano -w /etc/samba/smb.conf
 
  .
 
  .
  workgroup = MYDOMAIN
+
  workgroup = MYDOMAIN #your workgroup is probably correct, you set this during install
 
  idmap uid = 10000-20000
 
  idmap uid = 10000-20000
 
  idmap gid = 10000-20000
 
  idmap gid = 10000-20000
Line 32: Line 31:
 
  password server = *
 
  password server = *
 
  winbind use default domain = yes
 
  winbind use default domain = yes
 
  
 
  nano -w /etc/nsswitch.conf
 
  nano -w /etc/nsswitch.conf
Line 66: Line 64:
 
  /etc/init.d/winbind start
 
  /etc/init.d/winbind start
  
 
+
This is where SME doesn't support linux clients as well as windows, so... logon to your SME Server
This is where SME doesn't support linux clients as well as windows so... logon to your server
 
 
  signal-event machine-account-create  ClientName$
 
  signal-event machine-account-create  ClientName$
 
  smbpasswd -a -m ClientName$
 
  smbpasswd -a -m ClientName$
 
   
 
   
 
+
To check your client values > K menu > Setting Configuration > Internet and Networking > Samba <br>
to check your client values > K menu > Setting Configuration > Internet and Networking > Samba <br>
+
ClientName is the NetBIOS Name, NOTE: you must add the trailing $  <br>
ClientName is the NetBIOS Name, + you must add the trailing $  <br>
 
 
Workgroup is Workgroup, your local '''windows''' domain  <br>
 
Workgroup is Workgroup, your local '''windows''' domain  <br>
  
 
Now back to mepis and join the workgroup/domain
 
Now back to mepis and join the workgroup/domain
 
   net rpc join -D WorkGroup -U admin
 
   net rpc join -D WorkGroup -U admin
 +
 +
Ideas borrowed from http://tech.canterburyschool.org/tech/UbuntuWorkstations , Thanks !
  
 
===Mounting Shares===
 
===Mounting Shares===

Revision as of 12:14, 8 April 2007

About Mepis

http://www.mepis.com

MEPIS LLC was founded in 2002 by computer industry veteran Warren Woodford, to realize his personal vision for a version of Linux that was complete and secure, while also being easy to try, easy to install, and easy to use. Today MEPIS offers personal computing solutions that are popular with people from 2 to 92 years and of all professions. MEPIS products are also available free of charge to not-for-profits, K-12 schools, and private users not requiring support.

Client configuration for Mepis Client

SME Server's has been and remains focused on serving windows clients, however Linux clients also work well with SME.


Domain Login

A Domain login lets users login without admin setting up each user first.

You can use these command line instructions or use your GUI tools.
Comment out the existing setting and paste the new

apt-get install winbind libpam-mount

nano -w /etc/samba/smb.conf
.
workgroup = MYDOMAIN  #your workgroup is probably correct, you set this during install
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%U
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10
winbind separator = +
security = domain
password server = *
winbind use default domain = yes
nano -w /etc/nsswitch.conf
.
passwd: compat winbind 
group: compat winbind
shadow: compat winbind
nano -w /etc/pam.d/common-account
.
account sufficient      pam_winbind.so
account required        pam_unix.so
nano -w /etc/pam.d/common-auth
.
auth    required        pam_mount.so
#
## use the follolwing "auth" line by itself to restrict local access (a bit paranoid) - 
## will validate ONLY off of network
#auth   required        pam_winbind.so use_first_pass
#
## use the TWO "auth" lines below for either network or local validation - 
## will validate off of EITHER network or local passwd db
auth    sufficient      pam_winbind.so use_first_pass
auth    required        pam_unix.so use_first_pass
nano -w /etc/pam.d/common-session
.
session required        pam_unix.so
session required        pam_mkhomedir.so umask=0022 skel=/etc/skel/
session optional        pam_mount.so
/etc/init.d/winbind start

This is where SME doesn't support linux clients as well as windows, so... logon to your SME Server

signal-event machine-account-create  ClientName$
smbpasswd -a -m ClientName$

To check your client values > K menu > Setting Configuration > Internet and Networking > Samba
ClientName is the NetBIOS Name, NOTE: you must add the trailing $
Workgroup is Workgroup, your local windows domain

Now back to mepis and join the workgroup/domain

 net rpc join -D WorkGroup -U admin

Ideas borrowed from http://tech.canterburyschool.org/tech/UbuntuWorkstations , Thanks !

Mounting Shares

Printing