Changes

From SME Server
Jump to navigationJump to search

Client Authentication:Fedora (view source)

Revision as of 23:36, 6 November 2009

14 bytes removed ,  23:36, 6 November 2009
no edit summary
Line 36: Line 36:  
{{Tip box| Do not press the 'Join Domain' button until you have completed the changes below on all three of the dialogue tabs}}
 
{{Tip box| Do not press the 'Join Domain' button until you have completed the changes below on all three of the dialogue tabs}}
 
On the 'User Information' tab tick 'Enable Winbind Support' and press the 'Configure Winbind ' button.
 
On the 'User Information' tab tick 'Enable Winbind Support' and press the 'Configure Winbind ' button.
A 'Winbind Configuration' dialogue opens.
+
 
Complete the boxes with the relevant information
+
A 'Winbind Configuration' dialogue opens. Complete the boxes with the relevant information
 
  Winbind Domain            - this is the Windows Workgroup name for your SME Server
 
  Winbind Domain            - this is the Windows Workgroup name for your SME Server
 
  Security                  - set this to domain
 
  Security                  - set this to domain
 
  Winbind Domain Controllers - this is the ip address of your SME server
 
  Winbind Domain Controllers - this is the ip address of your SME server
 
  Template Shell            - set this to /bin/bash
 
  Template Shell            - set this to /bin/bash
 +
Allow Offline Login        - tick
 
Press OK and change to the 'Authentication' tab. Check 'Enable Winbind Support' is ticked and press the 'Configure Winbind' button.
 
Press OK and change to the 'Authentication' tab. Check 'Enable Winbind Support' is ticked and press the 'Configure Winbind' button.
 +
 
A 'Winbind Settings' dialogue opens. Check the values are the same as above and press OK.
 
A 'Winbind Settings' dialogue opens. Check the values are the same as above and press OK.
 +
 
Change to the Options tab and check the following are ticked or set
 
Change to the Options tab and check the following are ticked or set
 
  Use Shadow Passwords
 
  Use Shadow Passwords
Line 49: Line 52:  
  Local Authorization is sufficient for local users
 
  Local Authorization is sufficient for local users
 
  Create Home directories on first login
 
  Create Home directories on first login
Now change back to the 'User Information' tab, press 'Configure Winbind' and then 'Join Domain'
+
Now change back to the 'User Information' tab, press 'Configure Winbind' and then 'Join Domain'.
 +
 
 
Close this application down.
 
Close this application down.
   −
Open an 'Applications - Accessories - Terminal' cli and change 'su' to root
+
Open an 'Applications - Accessories - Terminal' cli and 'su' to root
   −
Open and edit /etc/samba/smb.conf. Find the relevant lines and alter them or uncomment them as below. Some lines may not exist and may need to be added.
+
Open and edit /etc/samba/smb.conf. Under [global] there will be a section commented as having been generated by authconfig. Check this section is as below. Some lines may not exist and may need to be added.
 
  workgroup = <WORKGROUP>
 
  workgroup = <WORKGROUP>
 +
password server = <ip of sme server>
 +
security = domain
 +
idmap uid = <whatever range is set>
 +
idmap gid = <whatever range is set>
 +
template shell = /bin/bash
 +
winbind use default domain = yes            (you will probably need to change this from false)
 +
winbind offline logo n = true
 
  wins server = <ip of sme server>
 
  wins server = <ip of sme server>
 
  name resolve order = wins host lmhosts bcast
 
  name resolve order = wins host lmhosts bcast
security = domainsu
  −
password server = <ip of sme server>
   
  socket options = TCP_NODELAY
 
  socket options = TCP_NODELAY
idmap uid = 5000-20000
  −
idmap gid = 5000-20000
  −
template shell = /bin/bash
   
  template homedir = /home/%D/%U
 
  template homedir = /home/%D/%U
 
  winbind enum users = yes
 
  winbind enum users = yes
 
  winbind enum groups = yes
 
  winbind enum groups = yes
 
  winbind cache time = 10
 
  winbind cache time = 10
  winbind use default domain = yes
+
  obey pam restrictions = yes
 +
pam password change = yes
 +
hostname lookup = yes  
    
Replace <WORKGROUP> above (and below) with the 'Windows workgroup' name of your SME server. Replace <ip of sme server> above with the internal network ip address of your SME server.
 
Replace <WORKGROUP> above (and below) with the 'Windows workgroup' name of your SME server. Replace <ip of sme server> above with the internal network ip address of your SME server.
 +
 +
{{Note box| If you run the 'System - Administration - Authentication' tool again your amendments will be lost}}
    
To check validation of smb.conf, run
 
To check validation of smb.conf, run
 
  testparm
 
  testparm
   −
If all OK, then run
+
The 'Join Domain' above should also have worked, so test with
 +
wbinfo -u
 +
wbinfo -g
 +
smbtree
 +
to list users, groups and available shares respectively from the SME server.
 +
 
 +
If it doesn't appear to have worked then run
 
  net rpc join -D <WORKGROUP> -U admin
 
  net rpc join -D <WORKGROUP> -U admin
    
Enter the admin password for the SME server when prompted and you should get a message,
 
Enter the admin password for the SME server when prompted and you should get a message,
 
  Joined domain <WORKGROUP>
 
  Joined domain <WORKGROUP>
  −
{{Note box| Now restart the machine, login, open a Terminal cli and 'sudo su' again. You could miss out this restart step and carry on with the modifications below, but the following commands didn't work and the full join to SME didn't seem to work until the machine has been restarted and reconnected to the server.
  −
  −
This may be a timing/delay issue similar to the volume mount (see below) due to NAT traversal. The restart may be unnecessary - can anyone confirm??}}
  −
  −
The following commands should now list users, groups and available shares respectively from the SME server
  −
wbinfo -u
  −
wbinfo -g
  −
smbtree
      
===Authentication Modifications===
 
===Authentication Modifications===
Retrieved from "https://wiki.koozali.org/Special:MobileDiff/13749"

Navigation menu