Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
02-01-2011, 11:29 AM
|
#1
|
LQ Newbie
Registered: Jan 2008
Posts: 9
Rep:
|
Linux client on a Samba Domain (PDC)
I'm configuring a classroom based on Linux (just Linux, without Windows) with user mobility.
What I want is that any student will use its own 'username/password' on whatever computer getting its own data and without having to define every user on every computer.
As far as Samba is very useful, even when I don't need Windows support I decided to base the solution on Samba.
Right now I still have some problems and the solution doesn't work in my test environment.
Maybe I misunderstood some concepts and therefore I would like to get your help.
I defined a PDC (Samba 3.5 Domain Controller) on a Fedora 13 with 'homes', starting nmb and smb and it seems to work.
On a Ubuntu 10.10 Wokstation I built a Samba 'Domain Member Server' starting nmb, smb and winbind.
First question: should I define 'homes' on this server or not? I assumed 'not' as the 'homes' you have to use are the ones defined on the PDC, not on the DMS.
Second question: does winbind run just on DMS? Not on the PDC too?
I defined the DMS 'machine' and some domain users on the PDC and I could 'join' the DMS to the PDC without any problem (join rpc ...)
From the workstation I can us smbclient seeing a domain with two servers, one of which is the controller. I can connect to the home shares using the domain users wich are authorized by the PDC.
On the DMS I paid attention on nsswitch.conf and pam file running 'pam-auth-update'. So 'webinfo -u' provides a list of users on the domain, local users and domain users.
The problem arrives when I try to connect from the session login screen on the workstation to 'mydomain\myuser'.
PDC validates the user, if the password is right, and I get connected but not to my PDC homes.
Instead I get some errors starting with:
'could not update ICEAuthoriy file /home/mydomain/myuser/.ICEAuthority'
It seems I'm in an empty space in an open but useless session which I can close later on.
Did I forget something?
Thanks in advance for your help
Quique
........................................................................
Hereafter you will see the short smb.conf reported by testparm
PDC
[global]
workgroup = TESO-DOM
server string = Samba Server Version %v
interfaces = lo, wlan0
bind interfaces only = Yes
log level = 2
log file = /var/log/samba/log.%m
max log size = 50
add user script = /usr/sbin/useradd "%u" -n -g users
delete user script = /usr/sbin/userdel "%u"
add group script = /usr/sbin/groupadd "%g"
delete group script = /usr/sbin/groupdel "%g"
delete user from group script = /usr/sbin/userdel "%u" "%g"
add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
logon path =
domain logons = Yes
os level = 255
preferred master = Auto
domain master = Yes
dns proxy = No
wins support = Yes
hosts allow = 127., 192.168.1.
cups options = raw
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[netlogon]
path = /var/lib/samba/netlogon
[profiles]
path = /var/lib/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
[homes]
read only = No
create mask = 0600
directory mask = 0700
browseable = No
DMS
[global]
workgroup = TESO-DOM
server string = Samba Server Version %v
interfaces = lo, wlan0, eth0
security = DOMAIN
log file = /var/log/samba/log.%m
max log size = 50
local master = No
dns proxy = No
wins server = 192.168.1.100
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind rpc only = Yes
hosts allow = 127., 192.168.1.
.............................................................
|
|
|
02-01-2011, 07:51 PM
|
#2
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
I don't have an answer to the questions you asked, but your description sounds like it might be a good fit for LDAP. There are how to documents available discussing how to authenticate users against an LDAP database instead of local accounts. I believe that the home directories are then stored on the Samba server and can be accessed from any of the locations.
|
|
|
02-02-2011, 03:32 AM
|
#3
|
LQ Newbie
Registered: Jan 2008
Posts: 9
Original Poster
Rep:
|
Quote:
Originally Posted by Noway2
I don't have an answer to the questions you asked, but your description sounds like it might be a good fit for LDAP. There are how to documents available discussing how to authenticate users against an LDAP database instead of local accounts. I believe that the home directories are then stored on the Samba server and can be accessed from any of the locations.
|
Thanks for your answer.
In fact I'm using tdbsam as the passdb backend.
It doesn't appear on the testparm report but in the smb.conf there is 'passdb backend = tdbsam'.
I found some info about pdc with LDAP but I tried to build a simpler solution as I will work just with about 10 workstations.
By the way, I thought that LDAP and tdb play the same role. Am I wrong?
Regards
|
|
|
02-08-2011, 04:57 AM
|
#4
|
LQ Newbie
Registered: Jan 2008
Posts: 9
Original Poster
Rep:
|
Well, after some googling and some more test the point is that my ubuntu DMS (Samba Domain Member Server) workstation doesn't mount the corresponding /home/dom-user which is on the PDC (built also on Samba).
The domain user is authorized by the PDC and I start a new session but without /home/dom-user, therefore getting a lot of errors. In such situation even I can open a console and doing commands as 'dom-user'.
How can I get my home mounted?
Is it a winbind responsibility? Something to do with 'logon home or path' parameters on smb?
Or is it a pam responsibility?
I have read something about pam_mount, so is this what I should configure?
Any help?
|
|
|
02-10-2011, 07:45 AM
|
#5
|
LQ Newbie
Registered: Jan 2008
Posts: 9
Original Poster
Rep:
|
I'm still working on the matter and I made some progress.
Things are going better after having put on '/etc/pam.d/common-session' the line:
session required pam_mkhomedir.so skel=/etc/skel/ umask=0027
Now, on the Ubuntu workstation, I can log-in using a 'user-domain' (which is not at all defined on this workstation).
I can run whatever program on my workstation storing new files.
BUT ... I'm not using the '/home/user-domain' directory defined on the PDC. Instead of that, I'm using a new '/home/user-domain' which has been automatically made on the workstation.
So, my problem still is how to use the PDC [homes] as my home directory. Therefore I would find the same data using any workstation.
Regards
|
|
|
02-15-2011, 06:58 AM
|
#6
|
LQ Newbie
Registered: Jan 2008
Posts: 9
Original Poster
Rep:
|
Hi again!
Really nobody knows, at least, if it is possible to use my [homes] on the PDC as my /home on the workstation?
And if it is possible where is the key point to get it?
Assumed that samba is working right on the PDC and on the Workstation and I already get access (I can mount/unmount it) to the [homes] share on the PDC.
Regards
|
|
|
02-22-2011, 07:19 AM
|
#7
|
LQ Newbie
Registered: Jan 2008
Posts: 9
Original Poster
Rep:
|
Hi!
After looking at several forums and reading some documents I got some progress.
Besides the solution based on pam_mkhomedir, which works but doesn't provide what I was looking for, the new solution is based on pam_mount.
On the DMS (Ubuntu 10.04) I had to: - install libpam-mount
- modify /etc/pam.d/common-session
- configure /etc/security/pam_mount.conf.xml
The result is: - when you log the first time on the DMS the system builds your home folder and mounts the PDC-home on it
- when you log out the system tries to 'umount' the home but it gets a 'busy' error
The weak point is that at least in my case it works too slow. Hopefuly it may be improved.
Regards
Quique
Last edited by quique.costa; 02-24-2011 at 03:50 AM.
Reason: I had misinterpreted the results.
|
|
|
All times are GMT -5. The time now is 10:42 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|