[Samba] Authenticating from Windows domains via winbind the easy way
Buchan Milne
bgmilne at cae.co.za
Sun Apr 27 13:13:45 GMT 2003
Sorry if this sounds like an advertisement, but in the past 6 weeks or so
there have probably been close on 100 questions on getting Winbind
working.
For those of you who are new to linux/samba, you may want to consider
using Mandrake 9.0 for your first implementation, since *everything* (ok,
there is one bug which I will mention) is taken care of for you.
When installed in expert mode, you get the chance to choose your
authentication method, one of LDAP/NIS/Windows Domain. If you choose
Windows domain, it will setup winbind, and if you configure your network
during installation, join the domain for you.
On Mandrake 9.0, ACLs work out-the-box on XFS via samba, and on ext2/3 if
you mount the filesystems with the'acl' mount option. On our production
servers, we have been using ACLs since Mandrake 8.2 on XFS, with no
stabilty problems. Mandrake 9.1 ships with kernel 2.4.21-pre, in which
ACLs are not enabled, so if you want to use 9.1 with ACLs, use the updates
kernel for 9.0.
By default, when setup for winbind, all pam-enabled services will
authenticate against the domain (via pam_winbind), including
KDE,gdm,ssh,imap,pop3 etc. Local logins will also auto-create home
directories, as will a connection to samba running on the machine.
Caveats on 9.0:
-When entering the information on your domain during installation, enter
your domain name (the NETBIOS domain name for AD users) in caps
Caveats on 9.0 and 9.1:
-kscreensaver pam file is incorrect, copy the one from xscreensaver which
is correct:
# cp -f /etc/pam.d/screensaver /etc/pam.d/kscreensaver3
otherwise you will lock yourself out of your desktop.
Unfortunately I have not thoroughly tested joining of 9.1 to a domain, and
have yet to have someone confirm that it works, but if it does not work,
all that is required is a join of the domain post-install.
So, if you don't want to battle through a week of understanding all the
issues in attemtping to get winbind running, you may want to consider
trying Mandrake 9.0. I demonstrated this at a local conference, and in the
allotted 30 minutes could do a (minimal with KDE) installation, joining
the machine during installation, log into KDE and console with a domain
account on first boot with no changes, browse the newly created home
directory from a windows machine via samba and use ACLs, and run CVS over
SSH from the windows client using TortoiseCVS.
For more information on the implementation, see:
http://ranger.dnsalias.com/mandrake/samba
http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.tar.gz
http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.pdf
http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks-handouts.pdf
The tarball includes sample config files, including for Redhat 8.0
Finally, if someone has managed to setup Mandrake 9.1, and got joining
working during instalaltion, please let me know.
Regards,
Buchan
--
|----------------Registered Linux User #182071-----------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
More information about the samba
mailing list