Difference between revisions of "Client Authentication:Ubuntu"
| Line 34: | Line 34: | ||
winbind enum groups=yes | winbind enum groups=yes | ||
winbind cache time=10 | winbind cache time=10 | ||
| + | |||
| + | Replace <WORKGROUP> above with the workgroup name of your SME server | ||
| + | Replace <ip of sme server> above with the internal network ip address of your SME server. | ||
Edit | Edit | ||
| Line 45: | Line 48: | ||
cd /etc/auth-client-config/profile.d | cd /etc/auth-client-config/profile.d | ||
| − | + | Create and edit a new file called acc-sme, and enter | |
[sme-nt4-1] | [sme-nt4-1] | ||
nss_group=group: compat winbind | nss_group=group: compat winbind | ||
| Line 75: | Line 78: | ||
session optional pam_mount.so enable_pam_password | session optional pam_mount.so enable_pam_password | ||
| − | Save | + | Save the file. Apply the pam authorisation changes |
auth-client-config -a -p sme | auth-client-config -a -p sme | ||
| Line 81: | Line 84: | ||
cd /etc/security | cd /etc/security | ||
| − | + | Open and edit pam_mount.conf.xml file. Find the 'Volume Definitions' section. Add a volume line below the header | |
| − | <!-- Volume | + | <!-- Volume Definitions --> |
| − | <volume fstype="cifs" server="<SMESERVER>" path="homes" mountpoint="~/nethome" options="nosuid,nodev"> | + | <volume fstype="cifs" server="<SMESERVER>" path="homes" mountpoint="~/nethome" options="nosuid,nodev" /> |
Replace <SMESERVER> above with the samba name of your SME server. This will mount the users 'home' directory from SME into a directory called 'nethome' in their local home directory. | Replace <SMESERVER> above with the samba name of your SME server. This will mount the users 'home' directory from SME into a directory called 'nethome' in their local home directory. | ||
Revision as of 13:37, 5 November 2009
Ubuntu 9.10 Authentication
Introduction
The following details the setup of Ubuntu 9.10 Karmic Koala as a desktop to authenticate users against SME. The method has been tested using Ubuntu installed in a VirtualBox virtual machine on a Windows XP host.
Install Ubuntu
Download the Ubuntu .iso and install. When prompted for a user name give a non-SME user such as administrator as this first user effectively becomes a local user with sudo root access. Complete install, login and apply all updates.
Additional Packages
Use the System - Administration - Synaptic Package Manager to install additional packages
auth_client_config winbind libpam_mount smbfs ??
Samba Modifications
Open a Terminal cli and change to root privileges
sudo su
Open and edit /etc/samba/smb.conf. Find the relevant lines and alter them or uncomment them as below. Some lines may not exist and may need to be added.
workgroup=<WORKGROUP> wins server=<ip of sme server> security=domain password server=<ip of sme server> winbind use default domain=yes socket options=TCP_NODELAY idmap uid=5000-20000 idmap gid=5000-20000 template shell=/bin/bash template homedir=/home/%D/%U winbind enum user=yes winbind enum groups=yes winbind cache time=10
Replace <WORKGROUP> above with the workgroup name of your SME server Replace <ip of sme server> above with the internal network ip address of your SME server.
Edit
Authentication Modifications
Open and edit /etc/nsswitch.conf and find the hosts: line. Change it to
hosts: file wins dns
Change to the auth-client-config tool profile directory
cd /etc/auth-client-config/profile.d
Create and edit a new file called acc-sme, and enter
[sme-nt4-1]
nss_group=group: compat winbind
nss_netgroup=netgroup: nis
nss_passwd=passwd: compat winbind
nss_shadow=shadow: compat winbind
pam_auth=auth [success=2 default=ignore] pam_winbind.so
auth [success=1 default=ignore] pam_unix.so nullok use_first_pass use_authtok
auth requisite pam_deny.so
auth required pam_permit.so
auth required pam_securetty.so
auth optional pam_mount.so enable_pam_password
pam_account=account [success=2 new_authtok_reqd=done default=ignore] pam_winbind.so
account [success=1 default=ignore] pam_unix.so use_first_pass use_authtok
account requisite pam_deny.so
account required pam_permit.so
pam_password=password [success=2 default=ignore] pam_unix.so obscure sha512
password [success=1 default=ignore] pam_winbind.so use_first_pass md5 use_authtok
password requisite pam_deny.so
password required pam_permit.so
password optional pam_gnome_keyring.so
pam_session=session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session optional pam_winbind.so
session required pam_unix.so
session optional pam_ck_connector.so nox11
session required pam_mkhomedir.so skel=/etc/skel umask=0022
session optional pam_mount.so enable_pam_password
Save the file. Apply the pam authorisation changes
auth-client-config -a -p sme
Automount User Home Directories at Login
cd /etc/security
Open and edit pam_mount.conf.xml file. Find the 'Volume Definitions' section. Add a volume line below the header
<volume fstype="cifs" server="<SMESERVER>" path="homes" mountpoint="~/nethome" options="nosuid,nodev" />
Replace <SMESERVER> above with the samba name of your SME server. This will mount the users 'home' directory from SME into a directory called 'nethome' in their local home directory.
