Client Authentication:Mepis
About Mepis
MEPIS LLC was founded in 2002 by computer industry veteran Warren Woodford, to realize his personal vision for a version of Linux that was complete and secure, while also being easy to try, easy to install, and easy to use. Today MEPIS offers personal computing solutions that are popular with people from 2 to 92 years and of all professions. MEPIS products are also available free of charge to not-for-profits, K-12 schools, and private users not requiring support.
Client configuration
SME Server's has been and remains focused on serving windows clients, however Linux clients also work well with SME.
Domain Login
A Domain login lets users login without admin setting up each user first.
You can use these command line instructions or use your GUI tools.
Comment out the existing setting and paste the new
apt-get install winbind libpam-mount
nano -w /etc/samba/smb.conf . workgroup = MYDOMAIN #your workgroup is probably correct, you set this during install idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash template homedir = /home/%U winbind enum users = yes winbind enum groups = yes winbind cache time = 10 winbind separator = + security = domain password server = * winbind use default domain = yes
nano -w /etc/nsswitch.conf . passwd: compat winbind group: compat winbind shadow: compat winbind
nano -w /etc/pam.d/common-account . account sufficient pam_winbind.so account required pam_unix.so
nano -w /etc/pam.d/common-auth . auth required pam_mount.so # ## use the follolwing "auth" line by itself to restrict local access (a bit paranoid) - ## will validate ONLY off of network #auth required pam_winbind.so use_first_pass # ## use the TWO "auth" lines below for either network or local validation - ## will validate off of EITHER network or local passwd db auth sufficient pam_winbind.so use_first_pass auth required pam_unix.so use_first_pass
nano -w /etc/pam.d/common-session . session required pam_unix.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ session optional pam_mount.so
/etc/init.d/winbind start
This is where SME doesn't support linux clients as well as windows, so... logon to your SME Server
To check your client values > K menu > Setting Configuration > Internet and Networking > Samba
ClientName is the NetBIOS Name, NOTE: you must add the trailing $
Workgroup should be your SME Server Workgroup
signal-event machine-account-create ClientName$ smbpasswd -a -m ClientName$
Now back to mepis and join the workgroup/domain
net rpc join -D WorkGroup -U admin
Ideas borrowed from http://tech.canterburyschool.org/tech/UbuntuWorkstations , Thanks !
You have two options, pam_mount will work if you use domain logins, smb4k will work with or without
pam_mount.conf
edit /etc/security/pam_mount.conf
as per step 5. in the canturbury ubuntu howto
the permissions need work, please update here with better values
smb4k
Mount any Samba share in you local network with smb4k
K menu > Internet > Connection > Smb4k File Browser
Create a password for your Kwallet
Settings > Configure, and configure to suit
Click on your Server and the share you wish to mount
To have smb4k run on startup
Right click, send to desktop, K menu > Internet > Connection > Smb4k File Browser
Open your documents folder, menu > view > show hidden files
Drag the shortcut to the folder /home/stephen/.kde/Autostart, create if neccesary
Printing
Printing to your SME Server depends on your printers being supported by cups
cupsd
When you install mepis, when asked you should elect to run cupsd
check with
ls -la /etc/rc5.d/???cupsys
if necessary
cd /etc/rc5.d mv K19cupsys S19cupsys
configure printer
K menu > Settings > Peripherals > Printers
Administer Mode
Add Printer > SMB Printer > Normal Account and enter your username and password
Enter you workgroup, servername, and printer name as setup in the /server-manager workgroup and printer panels
Select your Printer from the cups database, check settings and print a test page
Enter the rest of wizard details to suit.
You can monitor your cups printers at YourClientIP:631