Client Authentication:Mepis
About Mepis
MEPIS LLC was founded in 2002 by computer industry veteran Warren Woodford, to realize his personal vision for a version of Linux that was complete and secure, while also being easy to try, easy to install, and easy to use. Today MEPIS offers personal computing solutions that are popular with people from 2 to 92 years and of all professions. MEPIS products are also available free of charge to not-for-profits, K-12 schools, and private users not requiring support.
Client configuration
SME Server's has been and remains focused on serving windows clients, however Linux clients also work well with SME.
These instructions work for Mepis 6.5 and 7.0
They are based on http://tech.canterburyschool.org/tech/UbuntuWorkstations, there may be other tweaks here.
Domain Login
A Domain login lets users login without admin setting up each user first.
apt-get install winbind libpam-mount
nano -w /etc/samba/smb.conf workgroup = 'Your Windows workgroup' # probably correct, you set this during install security = domain # may be set to user idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash template homedir = /home/%U winbind enum users = yes winbind enum groups = yes winbind cache time = 10 winbind separator = + password server = * winbind use default domain = yes
nano -w /etc/nsswitch.conf passwd: compat winbind group: compat winbind shadow: compat winbind hosts: files wins dns
nano -w /etc/pam.d/common-account account sufficient pam_winbind.so account required pam_unix.so
nano -w /etc/pam.d/common-auth auth required pam_mount.so ## will validate ONLY off of network #auth required pam_winbind.so use_first_pass ## will validate off of EITHER network or local passwd db auth sufficient pam_winbind.so use_first_pass auth required pam_unix.so use_first_pass
nano -w /etc/pam.d/common-session session required pam_unix.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ session optional pam_mount.so
This is where SME doesn't support linux clients as well as windows, so... logon to your SME Server
To check your client values > K menu > Setting Configuration > Internet and Networking > Samba
ClientName is the NetBIOS Name, NOTE: you must add the trailing $
Workgroup should be your SME Server Workgroup
signal-event machine-account-create ClientName$ smbpasswd -a -m ClientName$
Now back to mepis and join the workgroup/domain
net rpc join -D WorkGroup -U admin
If you misconfigure a file and lock yourself out of the workstation
hit spacebar at the grub prompt
change to root=(leave as is) single
login as root and check your config files
pam_mount works well if you use domain logins, other methods are too much trouble.
mount your server home directory (&) and ibays
nano -w /etc/security/pam_mount.conf volume * smbfs servername & /home/&/Desktop/& uid=&,gid=10000,dmask=0700 - - volume * smbfs servername ibay1 /home/&/Desktop/ibay1 uid=&,gid=10000,dmask=0700 - -
Printing
Printing to your SME Server depends on your printers being supported by cups
cupsd
When you install mepis, when asked you should elect to run cupsd
check with
ls -la /etc/rc5.d/???cupsys
if necessary
cd /etc/rc5.d mv K19cupsys S19cupsys
Configure printer
K menu > Settings > Peripherals > Printers
Administrator Mode
Add Printer > SMB Printer > Normal Account, and enter your SME username and password
Enter your workgroup, servername, and printer name as setup in the /server-manager workgroup and printer panels
Select your Printer from the cups database, check settings and print a test page
Enter the rest of wizard details to suit.
You can monitor your cups printers at YourClientIP:631
Ident
If using Ident Authentication for browsing install 'ident2'