Line 36: |
Line 36: |
| {{Tip box| Do not press the 'Join Domain' button until you have completed the changes below on all three of the dialogue tabs}} | | {{Tip box| Do not press the 'Join Domain' button until you have completed the changes below on all three of the dialogue tabs}} |
| On the 'User Information' tab tick 'Enable Winbind Support' and press the 'Configure Winbind ' button. | | On the 'User Information' tab tick 'Enable Winbind Support' and press the 'Configure Winbind ' button. |
− | A 'Winbind Configuration' dialogue opens. | + | |
− | Complete the boxes with the relevant information | + | A 'Winbind Configuration' dialogue opens. Complete the boxes with the relevant information |
| Winbind Domain - this is the Windows Workgroup name for your SME Server | | Winbind Domain - this is the Windows Workgroup name for your SME Server |
| Security - set this to domain | | Security - set this to domain |
| Winbind Domain Controllers - this is the ip address of your SME server | | Winbind Domain Controllers - this is the ip address of your SME server |
| Template Shell - set this to /bin/bash | | Template Shell - set this to /bin/bash |
| + | Allow Offline Login - tick |
| Press OK and change to the 'Authentication' tab. Check 'Enable Winbind Support' is ticked and press the 'Configure Winbind' button. | | Press OK and change to the 'Authentication' tab. Check 'Enable Winbind Support' is ticked and press the 'Configure Winbind' button. |
| + | |
| A 'Winbind Settings' dialogue opens. Check the values are the same as above and press OK. | | A 'Winbind Settings' dialogue opens. Check the values are the same as above and press OK. |
| + | |
| Change to the Options tab and check the following are ticked or set | | Change to the Options tab and check the following are ticked or set |
| Use Shadow Passwords | | Use Shadow Passwords |
Line 49: |
Line 52: |
| Local Authorization is sufficient for local users | | Local Authorization is sufficient for local users |
| Create Home directories on first login | | Create Home directories on first login |
− | Now change back to the 'User Information' tab, press 'Configure Winbind' and then 'Join Domain' | + | Now change back to the 'User Information' tab, press 'Configure Winbind' and then 'Join Domain'. |
| + | |
| Close this application down. | | Close this application down. |
| | | |
− | Open an 'Applications - Accessories - Terminal' cli and change 'su' to root | + | Open an 'Applications - Accessories - Terminal' cli and 'su' to root |
| | | |
− | Open and edit /etc/samba/smb.conf. Find the relevant lines and alter them or uncomment them as below. Some lines may not exist and may need to be added. | + | Open and edit /etc/samba/smb.conf. Under [global] there will be a section commented as having been generated by authconfig. Check this section is as below. Some lines may not exist and may need to be added. |
| workgroup = <WORKGROUP> | | workgroup = <WORKGROUP> |
| + | password server = <ip of sme server> |
| + | security = domain |
| + | idmap uid = <whatever range is set> |
| + | idmap gid = <whatever range is set> |
| + | template shell = /bin/bash |
| + | winbind use default domain = yes (you will probably need to change this from false) |
| + | winbind offline logo n = true |
| wins server = <ip of sme server> | | wins server = <ip of sme server> |
| name resolve order = wins host lmhosts bcast | | name resolve order = wins host lmhosts bcast |
− | security = domainsu
| |
− | password server = <ip of sme server>
| |
| socket options = TCP_NODELAY | | socket options = TCP_NODELAY |
− | idmap uid = 5000-20000
| |
− | idmap gid = 5000-20000
| |
− | template shell = /bin/bash
| |
| template homedir = /home/%D/%U | | template homedir = /home/%D/%U |
| winbind enum users = yes | | winbind enum users = yes |
| winbind enum groups = yes | | winbind enum groups = yes |
| winbind cache time = 10 | | winbind cache time = 10 |
− | winbind use default domain = yes | + | obey pam restrictions = yes |
| + | pam password change = yes |
| + | hostname lookup = yes |
| | | |
| Replace <WORKGROUP> above (and below) with the 'Windows workgroup' name of your SME server. Replace <ip of sme server> above with the internal network ip address of your SME server. | | Replace <WORKGROUP> above (and below) with the 'Windows workgroup' name of your SME server. Replace <ip of sme server> above with the internal network ip address of your SME server. |
| + | |
| + | {{Note box| If you run the 'System - Administration - Authentication' tool again your amendments will be lost}} |
| | | |
| To check validation of smb.conf, run | | To check validation of smb.conf, run |
| testparm | | testparm |
| | | |
− | If all OK, then run | + | The 'Join Domain' above should also have worked, so test with |
| + | wbinfo -u |
| + | wbinfo -g |
| + | smbtree |
| + | to list users, groups and available shares respectively from the SME server. |
| + | |
| + | If it doesn't appear to have worked then run |
| net rpc join -D <WORKGROUP> -U admin | | net rpc join -D <WORKGROUP> -U admin |
| | | |
| Enter the admin password for the SME server when prompted and you should get a message, | | Enter the admin password for the SME server when prompted and you should get a message, |
| Joined domain <WORKGROUP> | | Joined domain <WORKGROUP> |
− |
| |
− | {{Note box| Now restart the machine, login, open a Terminal cli and 'sudo su' again. You could miss out this restart step and carry on with the modifications below, but the following commands didn't work and the full join to SME didn't seem to work until the machine has been restarted and reconnected to the server.
| |
− |
| |
− | This may be a timing/delay issue similar to the volume mount (see below) due to NAT traversal. The restart may be unnecessary - can anyone confirm??}}
| |
− |
| |
− | The following commands should now list users, groups and available shares respectively from the SME server
| |
− | wbinfo -u
| |
− | wbinfo -g
| |
− | smbtree
| |
| | | |
| ===Authentication Modifications=== | | ===Authentication Modifications=== |