linux client/Active Directory server home directories
Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
So it looks like the rules from the common* files are loaded. But stil I cannot login using gdm. Loggin in from the shell works. Mounting without a problem. But when I log in using gdm I get the following error:
/etc/gdm/PreSession/Default: Registering your session with wtmp and utmp
/etc/gdm/PreSession/Default: running: /usr/bin/X11/sessreg -a -w /var/log/wtmp -u /var/run/utmp -x "/var/lib/gdm/:20.Xservers" -h "" -l ":20" "wes"
/etc/gdm/Xsession: Beginning session setup...
_IceTransTransNoListen: unable to find transport: tcp
_IceTransmkdir: ERROR: euid != 0,directory /dev/X will not be created.
_IceTransmkdir: ERROR: Cannot create /dev/X
_IceTransPTSOpenServer: mkdir(/dev/X) failed, errno = 13
_IceTransOpen: transport open failed for pts/ubuntu:
_IceTransMakeAllCOTSServerListeners: failed to open listener for pts
_IceTransISCOpenServer: Protocol is not supported by a ISC connection
_IceTransOpen: transport open failed for isc/ubuntu:
_IceTransMakeAllCOTSServerListeners: failed to open listener for isc
_IceTransSCOOpenServer: Protocol is not supported by a SCO connection
_IceTransOpen: transport open failed for sco/ubuntu:
_IceTransMakeAllCOTSServerListeners: failed to open listener for sco
and edited /etc/X11/gdm/gdm.conf and changed the UserAuthDir
line so that it reads "UserAuthDir=/tmp".
And I still get the same error while trying to log in using gdm. So I tried to login without GDM and then startx. This gives the error that .serverauth.xxxxx can't be locked. Where before I got this plus that .ICEauthority could not be locked
Have you guy's got it working, loggin in with GDM with a mounted home?? And what distro are you using, maybe it's an ubuntu setting thats preventing me from loggin in.
I'm sorry. I think I'm using a newer version of pam, because the config files are different. There is no /etc/pam.d/common-auth, and no /etc/pam.d/common-session. In there place, I was using /etc/pam.d/system-auth, and /etc/pam.d/gdm and /etc/pam.d/login.
See some of these how-to's that I ended up using (but keep in mind that I still didn't get it to work quite right. One problem I still have is that gdm asks for your password twice!):
This is the one posted earlier in this thread that I tried to follow, until I realized I didn't have the right pam files:
I've had the password problem to, On my machine it was because of a pam setting. You probably have required instead of sufficient in one of the pam config files. Then the login process will need to go through both login processes, thus needing the password twice. Will check what config file was causing the problem, and let you know
Though it's strange that you don't have all the config files. What distro are you using. I'm using Ubuntu 5.10 (Breezy).
Also, do you mount the homedrive of a user as the home (\\server\home\user = ~) or do you just use the user authentication, and mount the home in the home of the user (\\server\home\user = ~/home_on_domain/). And if you do mount the share as home, do you use pam_mount to do this?
The authentication part works for me, it the mounting of the home that's causing the login troubles.
And I was mounting //win2000server/Users/Teachers/ at /mnt/anymountpoint/, and then using --bind to re-mount /anymountpoint/userhomefolder at /home/DOMAIN/username .
But, again, we got this to work manually, but never figured out the pam_mount syntax because we would have to use more than one group variable in the volume line, i.e. //win2000server/Users/Teachers and //win2000server/Users/Students/Year/, and we couldn't figure out how to do that.
Tip : You don't have USB and sound with AD users because they where not authorised to access devices.
To fix this: login in your ubuntu box with your local login/password (the one you entered during Ubuntu Install)
Once logged in, if you use GNOME, go to "System">"Administration">"Users and groups"
You are asked to enter the sudo password. It's the same you entered at login.
Now just "add an user"
Type the "User" and click on the "Create random password" then you can validate.
Also you could have seen the "Permissions" on the devices at the third tab in the "Edit computer user" window.
Explanation: the AD users is not recognised on the local machine, on local devices. Because the account does not exist at all. So any AD user is not considered to have access to devices. Even if he is "Administrator" in AD.
To match AD user login and local account permissions, you need to add as many as users needed to access the Ubuntu Box ; with their AD login/pass ; and make the newly created local account match the username of the AD account.
Example: to permit the administrator account to have access to the sound, just add an user with the same username ; ie "administrator".
This newly created administrator is used by the Ubuntu box to permit access to the local ressources by the administrator user from AD.
NB: the passwords of both account doesn't have to be the same. Because the newly created user ; local ; will not be used as a login account.
If you need more details, just ask. Because I'm not as good in english as I am at AD related stories.
PS: for auto mount of the home dir I will maybe experience this now and get a reply asap.
You certainly seem to know what you are talking about, thanks for the info.
Too bad that the Active Directory users don't have access to the devices by default. That means I have to make local account for every Active Directory user on every Linux machine.
Is it possible to give Active Directory users access to the devices by default? Or maybe create a script that automaicly add the user logging in to the local machine accounts. I'm going to try to add the group Domainusers to the local machine, and see how that works.
Anyway's you have a nice day too
Oke, I've played around a little bit with the permissions. It seems that you don't have to add a user with the same name to get access. You just have to add the username to the groups in /etc/groups. Though that's probably the only thing that happens when you add a user with the same name to the local machine.
Right, what I have to try and do now is automaticly add a user loggin in to the device access groups (e.g. cdrom, floppy, audio, etc). This so that I don't have to change the setting of a linux machine everytime a new user wants to use it.
Sorry it took so long for me to get back with the mount syntax you wanted. This syntax seems to work when run manually as root, to first mount the entire Users directory, then bind the specific user's home folder to their auto-created home directory on the linux box (two seperate commands):
mount -t smbfs //server/Users /mnt/main_mnt_point -o
mount --bind /mnt/main_mnt_point /groupfolder/username /home/DOMAIN/username
I know that probably doesn't help too much, but that's the only way we could manually get it to work. I'm doing this from memory, by the way, so even the above might be off a little.
I'm a newbie in Linux world. I just installed a brand new Suse SLES 9.3 and I want to add it into the existing Windows Server 2003 network without using Samba for the monment. All I want is to configure the static IP (e.g. 192.168.101.100) on the Suse box and using the 2003 (192.168.100.10) AD/DNS server to re-route it to the main router (192.168.100.1) and translate the Suse IP into the public IP (e.g. 188.8.131.52).
I did configure the Windows Web Server this way and it works fine so far.
I don't have enough knowledge about Linux but while I'm reading this thread I think is kind of related to my quest. If you have some spared time, could you put together a step by step guide of what you're doing right now. It will be great learning tool for newbie like myself.
Thanks in advance.
I'm afraid that I'm also a little confused as to what it is you want to do.
Is the Windows 2003 Server connected to a router with the public IP 184.108.40.206?
Do you want to allow public access *from* the outside world to the Suse box, or just have access *to* the internet through the router?
First let me thank both of you for a prompt response. I'm facing a lot of resistant from the Windows group by setting up this Linus server. That's why I have to live under the Windows 2003 DNS server right now.
Our group is in the testing phase of the Java application and I did setup a Windows Web server to host MySQL and allowed the Java users to access thru the web.
At the same time, I want to shy away from the Windows world and use this opportunity to learn Linux. I'm was forced to live under the server 2003 PDC.
Right now, I just want to setup a static IP (192.168.101.101) for my SUSE 9.3 to point the Windows DHCP/DNS server (192.168.100.10) which will re-route my Linux IP to the router (192.168.100.1) and thru the firewall/NAT to translate the 192.168.101.101 to a public IP 220.127.116.11) so remote user can access from outside with this public IP. I should mention that my Linux server is sitting in the DMZ.
I don't know if it's the right way to do it or not?. Or you could show me a simple way to get it done.
My next step is to set the Samba server to allow both world to communicate then I will try to push for clean stand alone Linux server. That will make MY day :-)
Again, thank you for sharing your knowledge and experience.
I want to apologize right now up front, but I don't think I'm going to be of much help to you.
It sounds like what you need to configure is your router; not necessarily anything on the Linux box. In other words, if you set your Linux box to whatever IP you want, it's up to your router configuration to control how users will be able to access it from outside the firewall.
Putting it on the DMZ of the router makes sense, but every router is different, and I'm no router expert, but I would assume that you would have to have another public IP to be able to put it on the DMZ. If you don't have a free public IP to use, then you would have to put the Linux box on the LAN, and enable Port Forwarding to the Linux box, as wes_55 mentioned, for whatever ports you want to use on it.
The problem with this setup, is that if any Port Forwarding is already enabled, for a port you want to use, and pointing at the Windows Server, then you won't be able to forward that port to the Linux box also, at least on the routers that I have used.
In any case, you might want to post this as a new question in the Networking section of LinuxQuestions, since this is more of a straight networking issue, and not specific to Linux and Windows integration, unless I'm still misunderstanding the question.