[Samba] Linux desktop setup with authentication against Samba AD DC

Peter Milesson miles at atmos.eu
Thu Nov 14 16:24:31 UTC 2024




On 14.11.2024 16:51, bd730c5053df9efb wrote:
> On Thursday, November 14th, 2024 at 07:48, Peter Milesson via samba <samba at lists.samba.org> wrote:
>
>>
>> On 13.11.2024 21:14, Peter Milesson via samba wrote:
>>
>>> Hi folks,
>>>
>>> I'm figuring to setup a few Linux desktops with LXDM as display
>>> manager, and with authentication against a Samba AD DC. After
>>> successful authentication, I want the authenticated user's profile to
>>> be downloaded, or preferably mapped, from a SMB server (Linux,
>>> Windows, NAS, ...), to the local Linux PC. I intend to use Debian
>>> Bookworm, with Archlinux as a secondary alternative (too bleeding edge
>>> for my taste, as updates not seldom break the installation).
>>>
>>> Essentially I want a similar experience as Windows with redirected
>>> folders, or roaming profiles. The intended use is a lightweight
>>> desktop for occasional users sharing PCs, where full blown Windows
>>> desktops are not economically justifiable (hardware and licensing costs).
>>>
>>> Previously (many years ago) I made a setup based on NFS, but that's a
>>> path I want to avoid, unless there is no other viable alternative.
>>> That setup was based on the display manager Slim, which I had to tweak
>>> to some extent. As Slim is ancient, and with no development for ages,
>>> it's not an option.
>>>
>>> I guess the hardest part is setting up LXDM to authenticate against
>>> the Samba AD DC. There may be other display managers, that better suit
>>> the requirements. I have got little experience with alternatives, and
>>> I'm completely open for suggestions.
>>>
>>> If somebody have got any experience with something similar, I would be
>>> grateful to get some thoughts and ideas.
>>>
>>> Best regards,
>>>
>>> Peter
>> Hi folks,
>>
>> I did some authentication testing, and it seems that the display manager
>> uses pam_winbind for authentication, as does ssh. So far, so good.
>>
>> Now remains the problem of mapping a Samba share as the user's home
>> directory.
>>
>> Is there somebody having any input on this?
>>
>> Best regards,
>>
>> Peter
>>
>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
> Hi!
>
> I have stopped using roaming profiles a couple of years ago but I do use a home drive share. The users of the network have a personal share in an smb share, lets call it \\FILESERVER\USERS\%USERNAME% which in windows is mounted as the personal home drive (P:) and the documents folder redirects to that drive, this drive is also made available offline with windows CSC.
>
> I'm using a linux workstation for myself in a network where all the client workstations are windows and what I have done is to use pam_mount in combination with pam_winbind and what I do is have pam_mount mount the SMB share on $HOME/.Documents (the dot is not a typo) and with unison I synchronize $HOME/.Documents and $HOME/Documents (the lack of the dot is not a typo). Unison has this folder marked as removable. This way I use my documents folder and it doesn't matter if I logged in being connected to my work's network or not and when I am connected to the network I use unison to sync the local copy of my Documents folder with my remote folder.
>
> Logging in being away from my work's network takes a little longer because of the timeouts when pam_mount is trying to mount network resources that are not available but it works great. This setup doesn't cover the shared profile requirement but I guess that with some tweaking it could be used to achieve something like that.
>
> Hope it helps.
> Best regards,
> Dave.
>
Hi Dave,

Thanks for you input. I will have a look at it and report back.

Best regards,

Peter




More information about the samba mailing list