[Samba] join an ubuntu desktop client do samba domain, and login in
fdelval at rojatex.com
fdelval at rojatex.com
Fri Mar 4 03:44:01 MST 2011
Hello,
Wow, that was kind of a big and detailed explanation, thanks
Yes, i set up a samba PDC and i want to join an ubuntu, no windows
involved at all.
Never thought that it was easier to join a windows client than a linux
one, but its ok, i will try despite it looks complicated
thanks again
> On Thu, 2011-03-03 at 09:25 +0100, Marcello Romani wrote:
>> Il 03/03/2011 09:15, fdelval at rojatex.com ha scritto:
>> > Hello,
>> > I did all the steps to build a DC, i even joined windows clients ok.
>> >
>> > Now i want to add a ubuntu desktop.
>> > Ok, i modified the Workgroup and other parameters in smb.conf, i ran
>> the
>> > net rpc join -S DOMPDC -UAdministrator%password
>> > i got an OK messange.
>> >
>> >
>> > Now, i reboot, the login screen appears and.....?
>> >
>> > i cant login with MyDomain\Myuser, nor i cant find an user management
>> > screen to add my domain users...
>> >
>> >
>> > i cant find info on that, how do i login with domain users in an
>> ubuntu
>> > desktop?
>> >
>> > thanks
>> >
>>
>> Although a bit dated, I belive this might be helpful:
>>
>> http://www.ubuntugeek.com/how-to-add-ubuntu-804-to-win-server-2003-active-directory-domain.html
>>
>> It talks about Likewise-open.
>>
>> --
>> Marcello Romani
>
> I was charged with this task recently, took quite a bit of time to put
> everything together, but I have it working.
> I am not clear if you are using a samba pdc or a windows pdc, I expect
> the ubuntu workstation set up should be close or the same for either. I
> use a samba pdc, and I found it necessary to refine my group permissions
> system using the net command to get this working (the command that
> brought it all together was `net sam mapunixgroup` or some such, which
> led to having to remap group users, which led to shares on windows
> workstations with domain permissions breaking, which led to several
> applications breaking until permissions were re-applied). In other
> words, this only works if all your ducks are in a row on the samba pdc.
> But I have a handful of ubuntu machines in a primarily XP environment
> connecting to a Samba pdc. The ubuntu machines will also work through
> an openswan vpn.
> This set up will allow users to log in with just their domain.name
> (instead of DOMAIN\domain.name), and will mount the same shares as the
> windows computers will do via the logon script. Here are the notes,
> good luck with everything:
>
> 1. sudo su
> 2. apt-get install winbind samba libpam-mount smbfs
> 3. mv /etc/hosts /etc/hosts.orig
> 4. vi /etc/hosts <= set this file so that it contains only the
> following lines:
> 127.0.0.1 localhost TEST1 TEST1.ctfn.ca
> 127.0.1.1 TEST1
> 192.168.150.10 pdc pdc.domain.com
> 5. mkdir /home/DOMAIN
> 6. vi /etc/nsswitch.conf <= modify the following 3 lines, leave the
> rest of the file as is:
> passwd: compat winbind
> group: compat winbind
> hosts: files dns wins mdns4_minimal mdns4
> 7. mv /etc/samba/smb.conf /etc/samba/smb.conf.orig
> 8. vi /etc/samba/smb.conf <= copy/paste the following into this
> file:
> [global]
> ;Workstation Settings
> workgroup = DOMAIN
> netbios name = TEST1
> server string = %h
> security = domain
> idmap backend = tdb
> idmap uid = 15000-20000
> idmap gid = 15000-20000
> wins server = 192.168.150.10
> winbind use default domain = yes
> winbind enum groups = yes
> winbind enum users = yes
> password server = 192.168.150.10
> template shell = /bin/bash
> template homedir = /home/%D/%U
> ;Logging
> log level = 2
> log file = /var/log/samba/log.%m
> max log size = 1000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> 9. /etc/init.d/smbd restart
> 10. /etc/init.d/nmbd restart
> 11. /etc/init.d/winbind restart
> 12. net join DOMAIN <= If this does not return a line stating join
> Domain DOMAIN was successful, stop and review, you missed
> something.
> 13. cd /etc/pam.d <= Note: modifying files in this location
> incorrectly may result in locking you out of the machine. Boot
> from a live cd and copy the original files back to fix.
> 14. mv common-account common-account.orig
> 15. vi common-account <= copy/paste the following into this file:
> account [success=2 default=ignore] pam_winbind.so
> account [success=1 default=ignore] pam_unix.so
> account requisite pam_deny.so
> account required pam_permit.so
> 16. mv common-auth common-auth.orig
> 17. vi common-auth <= copy/paste the following into this file:
> auth [success=2 default=ignore] pam_unix.so
> nullok_secure
> auth [success=1 default=ignore] pam_winbind.so
> use_first_pass
> auth requisite pam_deny.so
> auth optional pam_mount.so
> auth required pam_permit.so
> 18. mv common-session common-session.orig
> 19. vi common-session <= copy/paste the following into this file:
> session required pam_unix.so nullok_secure
> session required pam_mkhomedir.so skel=/etc/skel
> umask=0022
> session optional pam_mount.so
> session [default=1] pam_permit.so
> session requisite pam_deny.so
> session required pam_permit.so
> session optional pam_ck_connector.so nox11
> 20. mv /etc/security/pam_mount.conf.xml
> /etc/security/pam_mount.conf.xml.orig
> 21. vi /etc/security/pam_mount.conf.xml <= copy/paste the following
> into this file:
> <?xml version="1.0" encoding="utf-8" ?>
> <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
> <pam_mount>
> <debug enable="0" />
> <volume options="user=%(DOMAIN_USER),domain=DOMAIN" \
> fstype="cifs" server="mainlian" path="Common" \
> mountpoint="/home/DOMAIN/%(DOMAIN_USER)/Common"
> ></volume>
> <volume options="user=
> %(DOMAIN_USER),domain=DOMAIN,noperm" \ fstype="cifs"
> server="mainlian" path="Departments" \
> mountpoint="/home/DOMAIN/%(DOMAIN_USER)/Departments"
> ></volume>
> <volume options="user=%(DOMAIN_USER),domain=DOMAIN" \
> fstype="cifs" server="mainlian" path="%(DOMAIN_USER)" \
> mountpoint="/home/DOMAIN/%(DOMAIN_USER)/Documents"
> ></volume>
> <path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>
> <logout wait="0" hup="0" term="0" kill="0" />
> <mkmountpoint enable="1" remove="true" />
> </pam_mount>
> 22. Open system==>Administration==>login screen==>press the unlock
> button==>enter password for network-admin
> 23. Uncheck "play login sound" and uncheck "show list of users".
> Ensure "show the screen for choosing who will log in is
> selected"
> 24. Log out user network-admin and log in with domain user.
> 25. Open Departments mount from Desktop, drag department folders for
> this user to menu on left side of nautilus window.
>
>
>
> Bob Miller
> 334-7117/660-5315
> http://computerisms.ca
> bob at computerisms.ca
> Network, Internet, Server,
> and Open Source Solutions
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Fran Del Val
Dpto de informática.
Rojatex S.L.
More information about the samba
mailing list