Client Authentication:Fedora7

From SME Server
Revision as of 16:51, 19 November 2007 by Steever (talk | contribs) (→‎Method)
Jump to navigation Jump to search

Introduction

This how-to describes a method to authenticate a Fedora 7 workstation against SME Server, so that when users log in, their documents are available to them in a transparent manner.


Method

Section A

Install Fedora 7 choosing Gnome as the desktop. KDE may work but is untested.

Turn off firewall.

Turn off SE-Linux.

Log in as root.

Update all packages using the update manager.

Reboot.

Section B Log in as root. In a terminal type yum groupinstall “Windows File Server” yum install pam_mount system-config-network dns tab hostname = host.example.com close it up system-config-authentication user information tab tick enable winbind support click configure winbind button fill in the SME Server domain in capitals choose domain security model add the SME Server's host name to Winbind Domain Controller change the template shell to /bin/bash click OK. Don't join the domain using the join button. Switch to the authentication tab tick enable winbind support click the configure winbind button check the settings and click ok Don't join the domain using the join button. Switch to the options tab tick the use shadow passwords option tick the use MD5 passwords option tick the Local Authorization option click the OK button to save the settings and exit the authentication dialog terminal will show that winbind has started If your domain is called DOMAIN, mkdir /home/DOMAIN On the server... signal-event machine-account-create host$ smbpasswd -a -m host$ On the client ... net rpc join -D DOMAIN -U admin Give the SME Server password when requested. Modify /etc/pam.d/system-auth and at the bottom add this line session required pam_mkhomedir.so skel=/etc/skel umask=0077 add an extra blank line after that for luck Modify /etc/samba/smb.conf change winbind use default domain from false to true /etc/init.d/smb restart /etc/init.d/winbind restart yum install xdm gedit /etc/pam.d/login A add an extra line under %PAM-1.0 B auth required pam_mount.so C then on the last line D session optional pam_mount.so E then add an extra line just for luck gedit /etc/pam.d/gdm and repeat A-E and repeat for /etc/pam.d/xdm gedit /etc/security/pam_mount.conf comment out the line options_require nosuid, nodev by placing a # in front of it Go to line 116 and press enter to start a new line without a # in front volume * cifs server & /home/DOMAIN/& uid=& - - where server is your SME Server and DOMAIN is your domain in capitals restart smb and restart winbind just for luck Go to System...Administration...Login Screen...Local and choose a theme without a face browser. Change to the Security tab and untick Deny TCP connections and Only allows logins if user owns their home directory. From the three choices at the bottom, choose Allow login if all write permissions on user's home directory. Restart the computer and log in as an SME Server user.