Changes

From SME Server
Jump to navigationJump to search

Client Authentication:Fedora (view source)

Revision as of 23:45, 6 November 2009

1,813 bytes removed ,  23:45, 6 November 2009
no edit summary
Line 52: Line 52:  
  Local Authorization is sufficient for local users
 
  Local Authorization is sufficient for local users
 
  Create Home directories on first login
 
  Create Home directories on first login
Now change back to the 'User Information' tab, press 'Configure Winbind' and then 'Join Domain'.
+
Now change back to the 'User Information' tab, press 'Configure Winbind' and then 'Join Domain'. Save the configuration when prompted.
    
Close this application down.
 
Close this application down.
Line 79: Line 79:     
Replace <WORKGROUP> above (and below) with the 'Windows workgroup' name of your SME server. Replace <ip of sme server> above with the internal network ip address of your SME server.
 
Replace <WORKGROUP> above (and below) with the 'Windows workgroup' name of your SME server. Replace <ip of sme server> above with the internal network ip address of your SME server.
   
{{Note box| If you run the 'System - Administration - Authentication' tool again your amendments will be lost}}
 
{{Note box| If you run the 'System - Administration - Authentication' tool again your amendments will be lost}}
   
To check validation of smb.conf, run
 
To check validation of smb.conf, run
 
  testparm
 
  testparm
   −
The 'Join Domain' above should also have worked, so test with  
+
The 'Join Domain' above should also have worked so to list users, groups and available shares respectively from the SME server, test with  
 
  wbinfo -u
 
  wbinfo -u
 
  wbinfo -g
 
  wbinfo -g
 
  smbtree
 
  smbtree
to list users, groups and available shares respectively from the SME server.
      
If it doesn't appear to have worked then run
 
If it doesn't appear to have worked then run
Line 99: Line 96:  
===Authentication Modifications===
 
===Authentication Modifications===
 
{{Warning box| Altering the pam system authentication files can seriously effect your ability to login in to the system. Take a backup of the /etc/pam.d directory and /etc/nsswitch.conf. Have a live CD available to give access and re-apply the backup files if you make a mistake and/or get locked out}}
 
{{Warning box| Altering the pam system authentication files can seriously effect your ability to login in to the system. Take a backup of the /etc/pam.d directory and /etc/nsswitch.conf. Have a live CD available to give access and re-apply the backup files if you make a mistake and/or get locked out}}
Open and edit /etc/nsswitch.conf and find the hosts: line. Change it to
+
Open and edit /etc/nsswitch.conf and find the 'hosts:' line. Change it to
 
  hosts: files wins dns
 
  hosts: files wins dns
 +
Check also
 +
group:  files winbind
 +
passwd: files winbind
 +
shadow: files winbind
 +
Save and close
 +
cd/etc/pam.d
 +
Open and edit the system-auth file, and amend as below
   −
Change to the auth-client-config tool profile directory
+
Open and edit the password-auth file, and amend as below
cd /etc/auth-client-config/profile.d
     −
Create and edit a new file called acc-sme, and enter
+
   
  [sme]
  −
nss_group=group:        compat winbind
  −
nss_netgroup=netgroup:  nis
  −
nss_passwd=passwd:      compat winbind
  −
nss_shadow=shadow:      compat
  −
pam_account=account  [success=2 new_authtok_reqd=done default=ignore]  pam_winbind.so
  −
            account  [success=1 default=ignore]                        pam_unix.so use_first_pass use_authtok
  −
            account  requisite                                        pam_deny.so
  −
            account  required                                          pam_permit.so
  −
pam_auth=auth [success=2 default=ignore]  pam_winbind.so
  −
          auth [success=1 default=ignore]  pam_unix.so      nullok_secure  use_first_pass  use_authtok
  −
          auth requisite             pam_deny.so
  −
          auth required     pam_permit.so
  −
          auth required     pam_securetty.so
  −
          auth optional     pam_mount.so      enable_pam_password
  −
pam_password=password [success=2 default=ignore]  pam_unix.so    obscure sha512
  −
              password [success=1 default=ignore]  pam_winbind.so  use_first_pass  md5  use_authtok
  −
              password requisite     pam_deny.so
  −
              password required     pam_permit.so
  −
              password optional             pam_gnome_keyring.so
  −
pam_session=session  [default=1]  pam_permit.so
  −
            session  requisite    pam_deny.so
  −
            session  required    pam_permit.so
  −
            session  optional    pam_winbind.so
  −
            session  required    pam_unix.so
  −
            session  required    pam_mkhomedir.so skel=/etc/skel umask=0022
  −
            session  optional    pam_mount.so         enable_pam_password
  −
            session  optional    pam_ck_connector.so  nox11
  −
{{Tip box| You can use
  −
auth-client-config -S > acc-sme
  −
to create the file first, containing the current pam files configuration, and then just modify}}
  −
Save the file. Apply the pam authorisation changes
  −
auth-client-config -a -p sme
   
=== Automount User Home Directories at Login===
 
=== Automount User Home Directories at Login===
 
  cd /etc/security
 
  cd /etc/security
Retrieved from "https://wiki.koozali.org/Special:MobileDiff/13750"

Navigation menu