Difference between revisions of "Client Authentication:Ubuntu"
| Line 9: | Line 9: | ||
===Additional Packages=== | ===Additional Packages=== | ||
| − | Use the | + | Use the System - Administration - Synaptic Package Manager to install additional packages |
auth_client_config | auth_client_config | ||
winbind | winbind | ||
| + | libpam_mount | ||
| + | smbfs ?? | ||
| + | ===Samba Modifications=== | ||
| + | Open a Terminal cli and change to root privileges | ||
| + | sudo su | ||
| + | |||
| + | Open and edit /etc/samba/smb.conf. Find the relevant lines and alter them or uncomment them as below. Some lines may not exist and may need to be added. | ||
| + | workgroup=<WORKGROUP> | ||
| + | wins server=<ip of sme server> | ||
| + | security=domain | ||
| + | password server=<ip of sme server> | ||
| + | winbind use default domain=yes | ||
| + | socket options=TCP_NODELAY | ||
| + | idmap uid=5000-20000 | ||
| + | idmap gid=5000-20000 | ||
| + | template shell=/bin/bash | ||
| + | |||
| + | Edit | ||
===Authentication Modifications=== | ===Authentication Modifications=== | ||
{{Warning box| Altering the pam system authentication files can seriously effect your ability to login in to the system. Take a backup of the /etc/pam.d directory and /etc/nsswitch.conf. Have a live CD available to give access and re-apply the backup files if you make a mistake and/or get locked out}} | {{Warning box| Altering the pam system authentication files can seriously effect your ability to login in to the system. Take a backup of the /etc/pam.d directory and /etc/nsswitch.conf. Have a live CD available to give access and re-apply the backup files if you make a mistake and/or get locked out}} | ||
| − | Open | + | Open and edit /etc/nsswitch.conf and find the hosts: line. Change it to |
| − | |||
| − | |||
| − | |||
hosts: file wins dns | hosts: file wins dns | ||
| Line 36: | Line 51: | ||
=== Automount User Home Directories at Login=== | === Automount User Home Directories at Login=== | ||
| + | cd /etc/security | ||
| + | |||
| + | Using your favourite editor open pam_mount.conf.xml file and find the Volume Information section. Add a volume line below the header | ||
| + | <!-- Volume Information --> | ||
| + | <volume fstype="cifs" server="<SMESERVER>" path="homes" mountpoint="~/nethome" options="nosuid,nodev"> | ||
| + | |||
| + | Replace <SMESERVER> above with the samba name of your SME server. This will mount the users 'home' directory from SME into a directory called 'nethome' in their local home directory. | ||
Revision as of 12:59, 5 November 2009
Ubuntu 9.10 Authentication
Introduction
The following details the setup of Ubuntu 9.10 Karmic Koala as a desktop to authenticate users against SME. The method has been tested using Ubuntu installed in a VirtualBox virtual machine on a Windows XP host.
Install Ubuntu
Download the Ubuntu .iso and install. When prompted for a user name give a non-SME user such as administrator as this first user effectively becomes a local user with sudo root access. Complete install, login and apply all updates.
Additional Packages
Use the System - Administration - Synaptic Package Manager to install additional packages
auth_client_config winbind libpam_mount smbfs ??
Samba Modifications
Open a Terminal cli and change to root privileges
sudo su
Open and edit /etc/samba/smb.conf. Find the relevant lines and alter them or uncomment them as below. Some lines may not exist and may need to be added.
workgroup=<WORKGROUP> wins server=<ip of sme server> security=domain password server=<ip of sme server> winbind use default domain=yes socket options=TCP_NODELAY idmap uid=5000-20000 idmap gid=5000-20000 template shell=/bin/bash
Edit
Authentication Modifications
Open and edit /etc/nsswitch.conf and find the hosts: line. Change it to
hosts: file wins dns
Change to the auth-client-config tool profile directory
cd /etc/auth-client-config/profile.d
Using your favourite editor create a new file called acc-sme and enter
[sme] users: compat winbind passwd: compat winbind shadow: compat
Save and apply the pam authorisation changes
auth-client-config -a -p sme
Automount User Home Directories at Login
cd /etc/security
Using your favourite editor open pam_mount.conf.xml file and find the Volume Information section. Add a volume line below the header
<volume fstype="cifs" server="<SMESERVER>" path="homes" mountpoint="~/nethome" options="nosuid,nodev">
Replace <SMESERVER> above with the samba name of your SME server. This will mount the users 'home' directory from SME into a directory called 'nethome' in their local home directory.
