samba - Nov 2024 - Linux desktop setup with authentication against Samba AD DC

Hi folks,

I'm figuring to setup a few Linux desktops with LXDM as display manager, 
and with authentication against a Samba AD DC. After successful 
authentication, I want the authenticated user's profile to be 
downloaded, or preferably mapped, from a SMB server (Linux, Windows, 
NAS, ...), to the local Linux PC. I intend to use Debian Bookworm, with 
Archlinux as a secondary alternative (too bleeding edge for my taste, as 
updates not seldom break the installation).

Essentially I want a similar experience as Windows with redirected 
folders, or roaming profiles. The intended use is a lightweight desktop 
for occasional users sharing PCs, where full blown Windows desktops are 
not economically justifiable (hardware and licensing costs).

Previously (many years ago) I made a setup based on NFS, but that's a 
path I want to avoid, unless there is no other viable alternative. That 
setup was based on the display manager Slim, which I had to tweak to 
some extent. As Slim is ancient, and with no development for ages, it's 
not an option.

I guess the hardest part is setting up LXDM to authenticate against the 
Samba AD DC. There may be other display managers, that better suit the 
requirements. I have got little experience with alternatives, and I'm 
completely open for suggestions.

If somebody have got any experience with something similar, I would be 
grateful to get some thoughts and ideas.

Best regards,

Peter

On 13.11.2024 21:14, Peter Milesson via samba wrote:
> Hi folks,
>
> I'm figuring to setup a few Linux desktops with LXDM as display 
> manager, and with authentication against a Samba AD DC. After 
> successful authentication, I want the authenticated user's profile to 
> be downloaded, or preferably mapped, from a SMB server (Linux, 
> Windows, NAS, ...), to the local Linux PC. I intend to use Debian 
> Bookworm, with Archlinux as a secondary alternative (too bleeding edge 
> for my taste, as updates not seldom break the installation).
>
> Essentially I want a similar experience as Windows with redirected 
> folders, or roaming profiles. The intended use is a lightweight 
> desktop for occasional users sharing PCs, where full blown Windows 
> desktops are not economically justifiable (hardware and licensing costs).
>
> Previously (many years ago) I made a setup based on NFS, but that's a 
> path I want to avoid, unless there is no other viable alternative. 
> That setup was based on the display manager Slim, which I had to tweak 
> to some extent. As Slim is ancient, and with no development for ages, 
> it's not an option.
>
> I guess the hardest part is setting up LXDM to authenticate against 
> the Samba AD DC. There may be other display managers, that better suit 
> the requirements. I have got little experience with alternatives, and 
> I'm completely open for suggestions.
>
> If somebody have got any experience with something similar, I would be 
> grateful to get some thoughts and ideas.
>
> Best regards,
>
> Peter
>
>
Hi folks,

I did some authentication testing, and it seems that the display manager 
uses pam_winbind for authentication, as does ssh. So far, so good.

Now remains the problem of mapping a Samba share as the user's home 
directory.

Is there somebody having any input on this?

Best regards,

Peter