[Samba] Linux desktop setup with authentication against Samba AD DC

Peter Milesson miles at atmos.eu
Wed Dec 4 18:45:09 UTC 2024




On 04.12.2024 15:01, Rowland Penny via samba wrote:
> On Wed, 4 Dec 2024 14:25:15 +0100
> Peter Milesson via samba <samba at lists.samba.org> wrote:
>> Hi Rowland,
>>
>> Essentially, my setup is mandatory in the context of what features
>> are available to the users. Otherwise it's a vanilla Debian. The
>> basic functionality is identical to a NFS setup with the users home
>> directories stored on a server. When the user first logs in, there is
>> an empty home directory mounted under /home/<user>, which is
>> automatically filled with all the LXDE desktop folders, and default
>> settings, exactly as would have happened if the user have had a local
>> account and logged in for the first time. IMHO, the possibility of
>> duplicating the setup from a master, doesn't leverage the setup to a
>> distribution.
>>
>> Your solution is an alternative, and I guess some prefer your setup.
>> The main thing is that the concept is viable, useful and efficent.
>>
> I think the difference between your method and mine is very limited. I
> just use the standard Debian 12 install with Samba from backports
> running as a Unix domain member. You are using a modified install (with
> things removed and other things added ??).
>
> After that, we both do the same, first time a user logs on, an empty
> share is mounted and the distro fills it in (just as it does if
> pam-mkhomedir is used).
>
> So, yes, I think we can say it is viable, useful and efficent.
>
> Rowland
>   
>
Hi Rowland,

I have only installed a Debian box with Samba from backports, as I 
usually do. I have added the libpam-mount package (and probably the 
superfluous libpam-krb5). There is a unified /etc/samba/smb.conf for the 
domain, a correct /etc/krb5.conf. Then pam_mount.conf.xml configured for 
the domain and profile server. That's the basic. Naturally, there are 
more configurations involved for the desktop, localizations (using Czech 
here), and other stuff.

I just make a binary copy of the disk, without Samba joined to the 
domain on the master PC, also with smbd and winbind disabled, transfer 
it to a new PC, start the new PC without network connection, rename it, 
restart it, and join the domain from the admin account. Then enable smbd 
and winbind. Everything else is preconfigured in the master image, 
including printers, root, and admin user accounts.

If I compare to setting up a new Windows PC, this is much quicker.

Many thanks for the efforts you have put into this "project" Rowland!

Best regards,

Peter






More information about the samba mailing list