El Martes, 2 de Enero de 2007 20:44, Jason Greene escribi?:
> Wants:
> Linux server with Samba as the PCD
> Windows 2k and XP workstations are on the Samba domain and authenticate
> all users with the Samba PDC.
> Migrate Windows workstations to Linux (ubuntu) workstations and have
> them authenticate all users against the Samba PDC and mount all
> necessary shares (just like the windows PCs did)
>
>
> Can someone point me to a good Howto on this or tell me how to
> accomplish this?
I've used the idealx howto and some other documents collected through the
web
to accomplish this.
This is a quick HOWTO, written without testing. In your linux machines you
must do this:
PDC
---
Install a NFS server in the PDC. I use unfs3d, an user-space NFS server that
suits my needs and works well with VServers. Adjust /etc/exports to match the
homes of your users:
root@pdc # cat /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See unfsd(8).
/home/samba/users 192.168.1.0/24(rw,fixed,no_root_squash)
# === END ==
And restart your NFS server
root@pdc # invoke-rc.d unfs3 restart
In the linux clients
--------------------
The kernel in your clients must have the automounter v4 compiled or available
as a module. Install the autofs package and configure it
root@client # cat /etc/auto.master
# /etc/auto.master
#
/home/samba/users /etc/auto.home --timeout 600
# === END ==
root@client # cat /etc/auto.home
# /etc/auto.home
#
# Only one line!
*
-tcp,nfsvers=3,mountport=2049,port=2049,nolock,intr,rsize=16384,wsize=16384
pdc.mydomain.com:/home/samba/users/&
# === END ==
root@client # invoke-rc.d autofs restart
(My /etc/auto.home line is so long because I don't use portmap) There's
people
that put the autofs data in the LDAP but right now I prefer to have it in the
files.
Now install libpam-cracklib (if used), libnss-ldap and libpam-ldap packages. I
use Debian but I suppose in Ubuntu the packages will be the same. Copy using
scp the following files from the PDC to the clients:
root@pdc # scp /etc/pam.d/common-* <linux_client>:/etc/pam.d/
[ ... ]
root@pdc # scp /etc/ldap/ldap.conf <linux_client>:/etc/ldap/
[ ... ]
Normally you only have to edit the URI or HOST parameter and write there the
IP or DNS name of your LDAP server. I also remove the ROOTBINDDN directive
(and the /etc/ldap.secret file) from the files because it's only needed if
you want to change one user password in the client machine using the root
account and you can make that from the PDC.
root@client # cat /etc/ldap/ldap.conf
/etc/ldap/ldap.conf - Ajustes por defecto para clientes LDAP
# Modificado por Asier, 2006-11-22 - see ldap.conf(5) for details
#
# chmod 644 /etc/ldap/ldap.conf
ldap_version 3
###
### Common settings for LDAP
###
URI ldap://ldapserver.mydomain.com/
BASE dc=example,dc=com
TIMELIMIT 5
###
### TLS stuff
###
SSL start_tls
TLS_CACERT /etc/ldap/ssl/cert/ca.pem
TLS_CHECKPEER no
TLS_REQCERT allow
###
### Settings for libpam-ldap (/etc/pam_ldap.conf)
###
pam_filter objectclass=posixAccount
pam_password exop
pam_login_attribute uid
pam_member_attribute memberUid
###
### Setting for NSS (/etc/libnss-ldap.conf)
###
scope one
bind_timelimit 5
nss_base_passwd ou=Users,dc=example,dc=com?one
nss_base_passwd ou=Computers,dc=example,dc=com?one
nss_base_shadow ou=Users,dc=example,dc=com?one
nss_base_group ou=Groups,dc=example,dc=com?one
# === END ==
For commodity I use the same file for LDAP, PAM and NSS:
root@client # pwd
/etc/
root@client # ln -sf ldap/ldap.conf libnss-ldap.conf
root@client # ln -sf ldap/ldap.conf pam_ldap.conf
Last, adjust the /etc/nsswitch.conf (or copy it from the PDC, the settings
will be if not the same very similar):
root@pdc # scp /etc/nsswitch.conf <linux_client>:/etc/
[ ... ]
Restart some services in the client
root@client # invoke-rc.d ssh restart
root@client # invoke-rc.d autofs restart
It's done. Now you should be able to login with ssh in the clients using
--
Asier.