Changes

===Introduction===

===Introduction===

The following details the setup of Fedora 11 as a desktop to authenticate users against SME. The method has been tested using Fedora installed in a VirtualBox virtual machine on a Windows XP host. It assumes login is via the gui interface.

The following details the setup of Fedora 11 as a desktop to authenticate users against SME. The method has been tested using Fedora installed in a VirtualBox virtual machine on a Windows XP host. It assumes login is via the gui interface.

===Install Fedora===

===Install Fedora===

*Download the Fedora .iso and install. The initial install process asks for a root password and the hostname (which defaults to localhost.localdomain). Change this to a hostname of your choice and your domain name.

*Download the Fedora .iso and install. The initial install process asks for a root password and the hostname (which defaults to localhost.localdomain). Change this to a hostname of your choice and your domain name.

  pam_mount

  pam_mount

  libtalloc (this needs to be updated if you haven't run all the updates, else samba and the domain join don't work)

  libtalloc (this needs to be updated if you haven't run all the updates, else samba and the domain join don't work)

===Firewall Modifications===

===Firewall Modifications===

Open the 'System - Administration - Firewall' and tick

Open the 'System - Administration - Firewall' and tick

  samba-client

  samba-client

as Trusted Services. Don't forget to 'Apply'

as Trusted Services. Don't forget to 'Apply'

===Samba Modifications===

===Samba Modifications===

* Open 'System - Administration - Services' and enable 'smb'

* Open 'System - Administration - Services' and enable 'smb'

:Enter the admin password for the SME server when prompted and you should get a message,

:Enter the admin password for the SME server when prompted and you should get a message,

  Joined domain <WORKGROUP>

  Joined domain <WORKGROUP>

===Authentication Modifications===

===Authentication Modifications===

{{Warning box| Altering the pam system authentication files can seriously effect your ability to login in to the system. Take a backup of the /etc/pam.d directory and /etc/nsswitch.conf. Have a live CD available to give access and re-apply the backup files if you make a mistake and/or get locked out}}

{{Warning box| Altering the pam system authentication files can seriously effect your ability to login in to the system. Take a backup of the /etc/pam.d directory and /etc/nsswitch.conf. Have a live CD available to give access and re-apply the backup files if you make a mistake and/or get locked out}}

  <volume fstype="cifs" server="<SMESERVER>" path="homes" mountpoint="~/nethome" options="nosuid,nodev" />

  <volume fstype="cifs" server="<SMESERVER>" path="homes" mountpoint="~/nethome" options="nosuid,nodev" />

*Replace <SMESERVER> above with the samba name of your SME server. This will mount the users 'home' directory from SME into a directory called 'nethome' in their local home directory.

*Replace <SMESERVER> above with the samba name of your SME server. This will mount the users 'home' directory from SME into a directory called 'nethome' in their local home directory.

===Login and Test===

===Login and Test===

*Exit the Terminal cli

*Exit the Terminal cli

*Login as a valid SME server user on your system, just giving username and password. No need for DOMAIN\user as samba configured above to use the default Windows Workgroup

*Login as a valid SME server user on your system, just giving username and password. No need for DOMAIN\user as samba configured above to use the default Windows Workgroup

*Authentication against SME should proceed and the user log in. A home directory on the local machine should be created as /home/DOMAIN/user, and a sub directory to that called 'nethome' mounted to the users home directory on the SME server. The mount point should also appear on the users gui desktop.

*Authentication against SME should proceed and the user log in. A home directory on the local machine should be created as /home/DOMAIN/user, and a sub directory to that called 'nethome' mounted to the users home directory on the SME server. The mount point should also appear on the users gui desktop.

===VirtualBox Guest Additions Installation===

===VirtualBox Guest Additions Installation===

{{Note box| This section is only applicable if you have installed Fedora in a VirtualBox Virtual Machine. It should be carried out immediately after installation and before setting up the rest of the authentication features}}

{{Note box| This section is only applicable if you have installed Fedora in a VirtualBox Virtual Machine. It should be carried out immediately after installation and before setting up the rest of the authentication features}}

  sh ./VBoxLinuxAdditions-x86.run

  sh ./VBoxLinuxAdditions-x86.run

*The script should run, build and install the guest additions.

*The script should run, build and install the guest additions.

===Issues / ToDo===

===Issues / ToDo===

The above was tested on a VirtualBox virtual machine. The login appears to stall after username and password entered due to the mount of the home directory, but this does complete after a little while. Appears to be due to NAT traversal and WINS lookup as VM is using NAT and a different subnet. Couldn't get bridged mode to work, and haven't installed on a dedicated machine on the same subnet to confirm. Login is a little slow therefore using the VM. Perhaps someone could confirm its OK when on proper subnet.

The above was tested on a VirtualBox virtual machine. The login appears to stall after username and password entered due to the mount of the home directory, but this does complete after a little while. Appears to be due to NAT traversal and WINS lookup as VM is using NAT and a different subnet. Couldn't get bridged mode to work, and haven't installed on a dedicated machine on the same subnet to confirm. Login is a little slow therefore using the VM. Perhaps someone could confirm its OK when on proper subnet.

Haven't tested the pam password configuration to see if password changes are handled correctly.

Haven't tested the pam password configuration to see if password changes are handled correctly.