Line 44: |
Line 44: |
| after having installed phpki, go to https://www.domain.tld/phpki and download on the client machine the certificate of authority (ca.crt). | | after having installed phpki, go to https://www.domain.tld/phpki and download on the client machine the certificate of authority (ca.crt). |
| | | |
− | Place a copy of it into /etc/phpki/tls/certs/ and give the 644 permissions: | + | Place a copy of it or of another CA into /etc/phpki/tls/certs/ and give the 644 permissions: |
| cp ~/download/ca.crt /etc/phpki/tls/certs/ | | cp ~/download/ca.crt /etc/phpki/tls/certs/ |
| chmod 644 /etc/phpki/tls/certs/ca.crt | | chmod 644 /etc/phpki/tls/certs/ca.crt |
Line 98: |
Line 98: |
| | | |
| chmod 600 /etc/sssd/sssd.conf | | chmod 600 /etc/sssd/sssd.conf |
| + | |
| + | {{Tip box|Make sure that the file /etc/pki/tls/certs/ca.crt contains the CA that has sign the certificate of the SME (if PHPki is used, a version > 0,82-13 is required).}} |
| | | |
| ===Start and enable the daemon sssd=== | | ===Start and enable the daemon sssd=== |
Line 134: |
Line 136: |
| gpasswd -a <your ldap login> wheel}} | | gpasswd -a <your ldap login> wheel}} |
| | | |
| + | === Automount of the ibays and of the user folders === |
| + | * Make sure that both rpms pam_mount and cifs-utils are installed |
| + | sudo dnf install pam_mount, cifs-utils |
| + | * Modify /etc/pam.d/lightdm (can be /etc/pam.d/gdm-password by Gnome instead of XFCE) as follow: |
| + | #%PAM-1.0 |
| + | auth [success=done ignore=ignore default=bad] |
| + | dpam_selinux_permit.so |
| + | auth required pam_env.so |
| + | auth substack system-auth |
| + | -auth optional pam_gnome_keyring.so |
| + | -auth optional pam_kwallet.so |
| + | auth optional pam_mount.so |
| + | auth include postlogin |
| + | |
| + | account required pam_nologin.so |
| + | account include system-auth |
| + | |
| + | password include system-auth |
| + | |
| + | session required pam_selinux.so close |
| + | session required pam_loginuid.so |
| + | session optional pam_console.so |
| + | -session optional pam_ck_connector.so |
| + | session required pam_selinux.so open |
| + | session optional pam_keyinit.so force revoke |
| + | session required pam_namespace.so |
| + | -session optional pam_gnome_keyring.so auto_start |
| + | -session optional pam_kwallet.so |
| + | session include system-auth |
| + | session optional pam_lastlog.so silent |
| + | session optional pam_mount.so |
| + | session include postlogin |
| + | by adding: |
| + | session optional pam_mount.so |
| + | session include postlogin |
| + | at the end of the file. |
| + | * Edit the /etc/security/pam_mount.conf.xml file. Find the 'Volume Definitions' section and add after it: |
| + | <volume fstype="cifs" server="192.168.2.5" path="ibay1" mountpoint="/media/sme/ibay1" user="*" options="rw,auto,iocharset=utf8" /> |
| + | <volume fstype="cifs" server="192.168.2.5" path="ibay2" mountpoint="/media/sme/ibay2" user="*" options="rw,auto,iocharset=utf8" /> |
| + | <!-- .........etc....etc... --> |
| + | <volume fstype="cifs" server="192.168.2.5" path="%(USER)" mountpoint="/media/sme/%(USER)/" user="*" options="rw,auto,iocharset=utf8" /> |
| + | * Create all the above configured the mount points: |
| + | sudo mkdir /media/sme/ibay1 |
| + | sudo chmod 777 /media/sme/ibay1 |
| + | sudo mkdir /media/sme/ibay2 |
| + | sudo chmod 777 /media/sme/ibay2 |
| + | etc... |
| + | |
| + | sudo mkdir /media/sme/user1 |
| + | sudo chmod 777 /media/sme/user1 |
| + | sudo mkdir /media/sme/user2 |
| + | sudo chmod 777 /media/sme/user2 |
| + | etc... |
| + | |
| + | {{note box|With Fedora21, it was possible only the create and chmod777 /media/sme. The different mount points (ibay1, ibay2 etc...) have been created automatically by Fedora at the mounting operation. // It seem that this is not possible any more!! |
| + | Please inform us, if there is a way to get it again.}} |
| + | {{note box|Event if all the mount points are created, the several shares (ibays and user folders) are only mounted according to the permissions of the user.}} |
| + | {{note box|The shares are automatically unmounted when the user loggs out.}} |
| That's all. | | That's all. |
| Enjoy! | | Enjoy! |
| [[Category:Howto]] | | [[Category:Howto]] |