Line 52: |
Line 52: |
| Local Authorization is sufficient for local users | | Local Authorization is sufficient for local users |
| Create Home directories on first login | | Create Home directories on first login |
− | Now change back to the 'User Information' tab, press 'Configure Winbind' and then 'Join Domain'. | + | Now change back to the 'User Information' tab, press 'Configure Winbind' and then 'Join Domain'. Save the configuration when prompted. |
| | | |
| Close this application down. | | Close this application down. |
Line 79: |
Line 79: |
| | | |
| Replace <WORKGROUP> above (and below) with the 'Windows workgroup' name of your SME server. Replace <ip of sme server> above with the internal network ip address of your SME server. | | Replace <WORKGROUP> above (and below) with the 'Windows workgroup' name of your SME server. Replace <ip of sme server> above with the internal network ip address of your SME server. |
− |
| |
| {{Note box| If you run the 'System - Administration - Authentication' tool again your amendments will be lost}} | | {{Note box| If you run the 'System - Administration - Authentication' tool again your amendments will be lost}} |
− |
| |
| To check validation of smb.conf, run | | To check validation of smb.conf, run |
| testparm | | testparm |
| | | |
− | The 'Join Domain' above should also have worked, so test with | + | The 'Join Domain' above should also have worked so to list users, groups and available shares respectively from the SME server, test with |
| wbinfo -u | | wbinfo -u |
| wbinfo -g | | wbinfo -g |
| smbtree | | smbtree |
− | to list users, groups and available shares respectively from the SME server.
| |
| | | |
| If it doesn't appear to have worked then run | | If it doesn't appear to have worked then run |
Line 99: |
Line 96: |
| ===Authentication Modifications=== | | ===Authentication Modifications=== |
| {{Warning box| Altering the pam system authentication files can seriously effect your ability to login in to the system. Take a backup of the /etc/pam.d directory and /etc/nsswitch.conf. Have a live CD available to give access and re-apply the backup files if you make a mistake and/or get locked out}} | | {{Warning box| Altering the pam system authentication files can seriously effect your ability to login in to the system. Take a backup of the /etc/pam.d directory and /etc/nsswitch.conf. Have a live CD available to give access and re-apply the backup files if you make a mistake and/or get locked out}} |
− | Open and edit /etc/nsswitch.conf and find the hosts: line. Change it to | + | Open and edit /etc/nsswitch.conf and find the 'hosts:' line. Change it to |
| hosts: files wins dns | | hosts: files wins dns |
| + | Check also |
| + | group: files winbind |
| + | passwd: files winbind |
| + | shadow: files winbind |
| + | Save and close |
| + | cd/etc/pam.d |
| + | Open and edit the system-auth file, and amend as below |
| | | |
− | Change to the auth-client-config tool profile directory
| + | Open and edit the password-auth file, and amend as below |
− | cd /etc/auth-client-config/profile.d
| |
| | | |
− | Create and edit a new file called acc-sme, and enter
| + | |
− | [sme] | |
− | nss_group=group: compat winbind
| |
− | nss_netgroup=netgroup: nis
| |
− | nss_passwd=passwd: compat winbind
| |
− | nss_shadow=shadow: compat
| |
− | pam_account=account [success=2 new_authtok_reqd=done default=ignore] pam_winbind.so
| |
− | account [success=1 default=ignore] pam_unix.so use_first_pass use_authtok
| |
− | account requisite pam_deny.so
| |
− | account required pam_permit.so
| |
− | pam_auth=auth [success=2 default=ignore] pam_winbind.so
| |
− | auth [success=1 default=ignore] pam_unix.so nullok_secure use_first_pass use_authtok
| |
− | auth requisite pam_deny.so
| |
− | auth required pam_permit.so
| |
− | auth required pam_securetty.so
| |
− | auth optional pam_mount.so enable_pam_password
| |
− | pam_password=password [success=2 default=ignore] pam_unix.so obscure sha512
| |
− | password [success=1 default=ignore] pam_winbind.so use_first_pass md5 use_authtok
| |
− | password requisite pam_deny.so
| |
− | password required pam_permit.so
| |
− | password optional pam_gnome_keyring.so
| |
− | pam_session=session [default=1] pam_permit.so
| |
− | session requisite pam_deny.so
| |
− | session required pam_permit.so
| |
− | session optional pam_winbind.so
| |
− | session required pam_unix.so
| |
− | session required pam_mkhomedir.so skel=/etc/skel umask=0022
| |
− | session optional pam_mount.so enable_pam_password
| |
− | session optional pam_ck_connector.so nox11
| |
− | {{Tip box| You can use
| |
− | auth-client-config -S > acc-sme
| |
− | to create the file first, containing the current pam files configuration, and then just modify}}
| |
− | Save the file. Apply the pam authorisation changes
| |
− | auth-client-config -a -p sme
| |
| === Automount User Home Directories at Login=== | | === Automount User Home Directories at Login=== |
| cd /etc/security | | cd /etc/security |