Quote:
Originally posted by thomas289
I am able to join the Fedora machine to my domain and it shows up in the active directory. I was using the link that you gave me nordickiwi to configure PAM. I think i am getting closer, when i try and logon to the fedora machine using a user name from my domain controller and it asks to use the root directory then after that it says the administrator has disabled my account and goes back to the logon screen. I was able to do almost all of the commands on that site you gave me. What program should i use to edit the startup scripts. thanks Thomas
|
Let's start from scratch. Here's a brief set of instructions to accomplish what you want. Some you will already have done. If what I'm saying in others is not clear, ask for more explanation.
I begin with assuming that you have Win2K Server promoted to Active Directory one one machine, and Fedora on another.
1. On the Fedora machine, open up /etc/samba/smb.conf with an editor (gedit is nice) and make the following changes:
1.a Change "WORKGROUP" to the netbios name of your Active Directory domain. For example, if you're active directory name is "mydomain.com", then change "WORKGROUP" to
workgroup = mydomain
1.b Change the security level to DOMAIN, i.e.
security = domain
1.c Configure the password server lines. Here I'm superstititous and always configure the wildcard "*" as well as all actual domain controllers on my Win2K domain:
password server = *
password server = dc-1 dc-2
Of course, you'll use the netbios names of the domain controllers on your domain, not "dc-1" or "dc-2" (unless you happen to name your domain controllers that way).
Save your changes and exit. You are done with smb.conf.
2. Join your Fedora machine to the Windows domain. With Fedora and Samba 3, the command is different that it was with earlier versions of Redhat and Samba. The command is
root# net join -S DOMPDC -UAdministrator%password
where DOMPDC is the name of a domain controller in your Active Directory domain, and the user info following -U are for a domain admin account in the Active Directory domain that can join machines to the domain.
3. Create identically named user accounts on the Active Directory domain and the Fedora machine. The passwords for the user accounts don't have to be the same, but it is not a bad idea for them to be the same, unless you don't plan on having your users actually ever log into the Fedora box. When I use a Samba machine as a file server for my Windows networks, I actually don't want my Windows users logging into the Samba machine, and will set up the user accounts on the Samba machine with a password they don't know about. They just need to get to their home folder on the Samba machine over the network, and the Windows domain controller will authenticate them with their Windows user info.
3a. Example: create "user1" as a user in the Active Directory domain, and create a "user1" on the Fedora box. The Fedora box will create a home folder for "user1" in \home\user1.
4. Now start Samba. From the command line you can do a simple:
#service smb start
I'm sure you'll want to make this permanent, i.e. have Samba start each time the Fedora machine starts. Redhat/Fedora has a nice little GUI applet for configuring services. It is your friend. If you haven't met it yet, meet it now. I'm not at a Redhat/Fedora machine right now, but on the "start" menu there are two "System" menu options. One of them points another menu called something like "Additional Server Settings" (could be a bad guess about the actual name). Inside it you'll see an option for "services" with a "gear" icon. Open it, scroll down the list of services until you come to "smb." Check it, and save your change. The next time the machine starts, smb will start also.
In Fedora, you can also get to the services GUI applet from the command line with the following command:
#system-config-services
5. We're done. Now it's time to test. If everything works like it ought to work, "user1" can sit down at a Windows workstation, log in, and then
5a. Browse the network until they find the fedora machine (say it is named "fedora"), double click on the machine name, and it should open up and show them their "user1" folder on the fedora machine. Or
5b. Map a network share to it as
\\fedora\user1
That's it. If you want to create additional shares on the fedora box that multiple users can access, read the Fedora /etc/samba/smb.conf file. It is heavily commented with lots of examples (look at the bottom half of the file) about the kind of file shares that can be created.