Line 4: |
Line 4: |
| ===Introduction=== | | ===Introduction=== |
| The following details the setup of Fedora 11 as a desktop to authenticate users against SME. The method has been tested using Fedora installed in a VirtualBox virtual machine on a Windows XP host. It assumes login is via the gui interface. | | The following details the setup of Fedora 11 as a desktop to authenticate users against SME. The method has been tested using Fedora installed in a VirtualBox virtual machine on a Windows XP host. It assumes login is via the gui interface. |
− |
| |
| ===Install Fedora=== | | ===Install Fedora=== |
| *Download the Fedora .iso and install. The initial install process asks for a root password and the hostname (which defaults to localhost.localdomain). Change this to a hostname of your choice and your domain name. | | *Download the Fedora .iso and install. The initial install process asks for a root password and the hostname (which defaults to localhost.localdomain). Change this to a hostname of your choice and your domain name. |
Line 23: |
Line 22: |
| pam_mount | | pam_mount |
| libtalloc (this needs to be updated if you haven't run all the updates, else samba and the domain join don't work) | | libtalloc (this needs to be updated if you haven't run all the updates, else samba and the domain join don't work) |
− |
| |
| ===Firewall Modifications=== | | ===Firewall Modifications=== |
| Open the 'System - Administration - Firewall' and tick | | Open the 'System - Administration - Firewall' and tick |
Line 29: |
Line 27: |
| samba-client | | samba-client |
| as Trusted Services. Don't forget to 'Apply' | | as Trusted Services. Don't forget to 'Apply' |
− |
| |
| ===Samba Modifications=== | | ===Samba Modifications=== |
| * Open 'System - Administration - Services' and enable 'smb' | | * Open 'System - Administration - Services' and enable 'smb' |
Line 81: |
Line 78: |
| :Enter the admin password for the SME server when prompted and you should get a message, | | :Enter the admin password for the SME server when prompted and you should get a message, |
| Joined domain <WORKGROUP> | | Joined domain <WORKGROUP> |
− |
| |
| ===Authentication Modifications=== | | ===Authentication Modifications=== |
| {{Warning box| Altering the pam system authentication files can seriously effect your ability to login in to the system. Take a backup of the /etc/pam.d directory and /etc/nsswitch.conf. Have a live CD available to give access and re-apply the backup files if you make a mistake and/or get locked out}} | | {{Warning box| Altering the pam system authentication files can seriously effect your ability to login in to the system. Take a backup of the /etc/pam.d directory and /etc/nsswitch.conf. Have a live CD available to give access and re-apply the backup files if you make a mistake and/or get locked out}} |
Line 154: |
Line 150: |
| <volume fstype="cifs" server="<SMESERVER>" path="homes" mountpoint="~/nethome" options="nosuid,nodev" /> | | <volume fstype="cifs" server="<SMESERVER>" path="homes" mountpoint="~/nethome" options="nosuid,nodev" /> |
| *Replace <SMESERVER> above with the samba name of your SME server. This will mount the users 'home' directory from SME into a directory called 'nethome' in their local home directory. | | *Replace <SMESERVER> above with the samba name of your SME server. This will mount the users 'home' directory from SME into a directory called 'nethome' in their local home directory. |
− |
| |
| ===Login and Test=== | | ===Login and Test=== |
| *Exit the Terminal cli | | *Exit the Terminal cli |
Line 160: |
Line 155: |
| *Login as a valid SME server user on your system, just giving username and password. No need for DOMAIN\user as samba configured above to use the default Windows Workgroup | | *Login as a valid SME server user on your system, just giving username and password. No need for DOMAIN\user as samba configured above to use the default Windows Workgroup |
| *Authentication against SME should proceed and the user log in. A home directory on the local machine should be created as /home/DOMAIN/user, and a sub directory to that called 'nethome' mounted to the users home directory on the SME server. The mount point should also appear on the users gui desktop. | | *Authentication against SME should proceed and the user log in. A home directory on the local machine should be created as /home/DOMAIN/user, and a sub directory to that called 'nethome' mounted to the users home directory on the SME server. The mount point should also appear on the users gui desktop. |
− |
| |
| ===VirtualBox Guest Additions Installation=== | | ===VirtualBox Guest Additions Installation=== |
| {{Note box| This section is only applicable if you have installed Fedora in a VirtualBox Virtual Machine. It should be carried out immediately after installation and before setting up the rest of the authentication features}} | | {{Note box| This section is only applicable if you have installed Fedora in a VirtualBox Virtual Machine. It should be carried out immediately after installation and before setting up the rest of the authentication features}} |
Line 172: |
Line 166: |
| sh ./VBoxLinuxAdditions-x86.run | | sh ./VBoxLinuxAdditions-x86.run |
| *The script should run, build and install the guest additions. | | *The script should run, build and install the guest additions. |
− |
| |
| ===Issues / ToDo=== | | ===Issues / ToDo=== |
| The above was tested on a VirtualBox virtual machine. The login appears to stall after username and password entered due to the mount of the home directory, but this does complete after a little while. Appears to be due to NAT traversal and WINS lookup as VM is using NAT and a different subnet. Couldn't get bridged mode to work, and haven't installed on a dedicated machine on the same subnet to confirm. Login is a little slow therefore using the VM. Perhaps someone could confirm its OK when on proper subnet. | | The above was tested on a VirtualBox virtual machine. The login appears to stall after username and password entered due to the mount of the home directory, but this does complete after a little while. Appears to be due to NAT traversal and WINS lookup as VM is using NAT and a different subnet. Couldn't get bridged mode to work, and haven't installed on a dedicated machine on the same subnet to confirm. Login is a little slow therefore using the VM. Perhaps someone could confirm its OK when on proper subnet. |
| | | |
| Haven't tested the pam password configuration to see if password changes are handled correctly. | | Haven't tested the pam password configuration to see if password changes are handled correctly. |