[Samba] winbind and vnc revisited

Basil Copeland blcjr2 at gmail.com
Thu May 19 16:24:07 GMT 2005 

A couple of days ago, I posted a question about using vnc with winbind
users (i.e. users from a Win2k3 Active Directory domain being
authenticated locally on a Linux box -- in this case Fedora Core 3 --
with winbind).  The consensus seemed to be that it wasn't possible, at
least with the free versions of VNC.

Well, not so.  Here's how I did it.

First, I found out by accident (i.e. just trying different things)
that if I created a vncserver session for my winbind user while logged
in as that user, that it worked!  That is, while logged in as a
winbind user, I set up a vncserver session as usual:

vncserver :2

(for display :2), got prompted for the passwd, and vnc set up the .vnc
directory and everything.  Then, using vnc (specifically tightvnc)
from a Windows box, I logged into the winbind users' desktop on :2. 
Voila, I'm logging in remotely with vnc as a winbind user.

The next problem to overcome was to get this to start up automatically
at boot time so I wouldn't have to log in locally first in order to be
able to log in remotely as the winbind user.

I tried to do this through the usual means on a Redhat/Fedora box by
editing /etc/sysconfig/vncservers but this wouldn't work: even after
changing the order of the startup scripts so that winbind started
before vncserver it would not recognize the winbind user.

After googling to find out how to start vncserver for a specific user,
I found something that worked, and put it in the /etc/rc.local file:

/bin/su - winbinduser -c "/usr/bin/vncserver :2"

I'm presuming that this is simply giving the winbinduser root
privilege to start a vnc session on :2.  If so, then I would think
that the only reason why things don't work when the normal
"S92vncserver" script is run during startup is that the "S91winbind"
script has not finished setting up winbind before the vncserver script
tries to set up a session for the winbind user.

Maybe somebody more familiar with SysV can suggest something that
would make this work through the "Sxx" scripts so it can be done
without resorting to rc.local.

But for now, I've got the ability to VNC into the FC3 server without
having to create a local account; I can use a winbind user account.

More information about the samba mailing list