samba - Mar 2011 - join an ubuntu desktop client do samba domain, and login in

Hello,
I did all the steps to build a DC, i even joined windows clients ok.

Now i want to add a ubuntu desktop.
Ok, i modified the Workgroup and other parameters in smb.conf, i ran the
net rpc join -S DOMPDC -UAdministrator%password
i got an OK messange.


Now, i reboot, the login screen appears and.....?

i cant login with MyDomain\Myuser, nor i cant find an user management
screen to add my domain users...


i cant find info on that, how do i login with domain users in an ubuntu
desktop?

thanks

Il 03/03/2011 09:15, fdelval at rojatex.com ha scritto:
> Hello,
> I did all the steps to build a DC, i even joined windows clients ok.
>
> Now i want to add a ubuntu desktop.
> Ok, i modified the Workgroup and other parameters in smb.conf, i ran the
> net rpc join -S DOMPDC -UAdministrator%password
> i got an OK messange.
>
>
> Now, i reboot, the login screen appears and.....?
>
> i cant login with MyDomain\Myuser, nor i cant find an user management
> screen to add my domain users...
>
>
> i cant find info on that, how do i login with domain users in an ubuntu
> desktop?
>
> thanks
>
Although a bit dated, I belive this might be helpful:

http://www.ubuntugeek.com/how-to-add-ubuntu-804-to-win-server-2003-active-directory-domain.html

It talks about Likewise-open.

-- 
Marcello Romani

On Thu, 2011-03-03 at 09:25 +0100, Marcello Romani
wrote:
> Il 03/03/2011 09:15, fdelval at rojatex.com ha scritto:
> > Hello,
> > I did all the steps to build a DC, i even joined windows clients ok.
> >
> > Now i want to add a ubuntu desktop.
> > Ok, i modified the Workgroup and other parameters in smb.conf, i ran
the
> > net rpc join -S DOMPDC -UAdministrator%password
> > i got an OK messange.
> >
> >
> > Now, i reboot, the login screen appears and.....?
> >
> > i cant login with MyDomain\Myuser, nor i cant find an user management
> > screen to add my domain users...
> >
> >
> > i cant find info on that, how do i login with domain users in an
ubuntu
> > desktop?
> >
> > thanks
> >
> 
> Although a bit dated, I belive this might be helpful:
> 
>
http://www.ubuntugeek.com/how-to-add-ubuntu-804-to-win-server-2003-active-directory-domain.html
> 
> It talks about Likewise-open.
> 
> -- 
> Marcello Romani
I was charged with this task recently, took quite a bit of time to put
everything together, but I have it working. 
I am not clear if you are using a samba pdc or a windows pdc, I expect
the ubuntu workstation set up should be close or the same for either.  I
use a samba pdc, and I found it necessary to refine my group permissions
system using the net command to get this working (the command that
brought it all together was `net sam mapunixgroup` or some such, which
led to having to remap group users, which led to shares on windows
workstations with domain permissions breaking, which led to several
applications breaking until permissions were re-applied).  In other
words, this only works if all your ducks are in a row on the samba pdc.
But I have a handful of ubuntu machines in a primarily XP environment
connecting to a Samba pdc.  The ubuntu machines will also work through
an openswan vpn. 
This set up will allow users to log in with just their domain.name
(instead of DOMAIN\domain.name), and will mount the same shares as the
windows computers will do via the logon script.  Here are the notes,
good luck with everything:

  1. sudo su
     2. apt-get install winbind samba libpam-mount smbfs
     3. mv /etc/hosts /etc/hosts.orig
     4. vi /etc/hosts <= set this file so that it contains only the
        following lines: 
                127.0.0.1 localhost TEST1 TEST1.ctfn.ca
                127.0.1.1 TEST1
                192.168.150.10 pdc pdc.domain.com
     5. mkdir /home/DOMAIN
     6. vi /etc/nsswitch.conf <= modify the following 3 lines, leave the
        rest of the file as is: 
                passwd: compat winbind
                group: compat winbind
                hosts: files dns wins mdns4_minimal mdns4
     7. mv /etc/samba/smb.conf /etc/samba/smb.conf.orig
     8. vi /etc/samba/smb.conf <= copy/paste the following into this
        file: 
                [global]
                 ;Workstation Settings
                workgroup = DOMAIN
                netbios name = TEST1
                server string = %h
                security = domain
                idmap backend = tdb
                idmap uid = 15000-20000
                idmap gid = 15000-20000
                wins server = 192.168.150.10
                winbind use default domain = yes
                winbind enum groups = yes
                winbind enum users = yes
                password server = 192.168.150.10
                template shell = /bin/bash 
                template homedir = /home/%D/%U 
                 ;Logging 
                log level = 2
                log file = /var/log/samba/log.%m 
                max log size = 1000 
                syslog = 0 
                panic action = /usr/share/samba/panic-action %d 
     9. /etc/init.d/smbd restart
    10. /etc/init.d/nmbd restart
    11. /etc/init.d/winbind restart
    12. net join DOMAIN <= If this does not return a line stating join
        Domain DOMAIN was successful, stop and review, you missed
        something.
    13. cd /etc/pam.d <= Note: modifying files in this location
        incorrectly may result in locking you out of the machine. Boot
        from a live cd and copy the original files back to fix.
    14. mv common-account common-account.orig
    15. vi common-account <= copy/paste the following into this file: 
                account [success=2 default=ignore] pam_winbind.so 
                account [success=1 default=ignore] pam_unix.so 
                account requisite pam_deny.so
                account required pam_permit.so
    16. mv common-auth common-auth.orig
    17. vi common-auth <= copy/paste the following into this file: 
                auth [success=2 default=ignore] pam_unix.so
                nullok_secure
                auth [success=1 default=ignore] pam_winbind.so
                use_first_pass
                auth requisite pam_deny.so
                auth optional pam_mount.so
                auth required pam_permit.so
    18. mv common-session common-session.orig
    19. vi common-session <= copy/paste the following into this file: 
                session required pam_unix.so nullok_secure
                session required pam_mkhomedir.so skel=/etc/skel
                umask=0022
                session optional pam_mount.so
                session [default=1] pam_permit.so
                session requisite pam_deny.so
                session required pam_permit.so
                session optional pam_ck_connector.so nox11
    20. mv /etc/security/pam_mount.conf.xml
/etc/security/pam_mount.conf.xml.orig
    21. vi /etc/security/pam_mount.conf.xml <= copy/paste the following
        into this file: 
                <?xml version="1.0" encoding="utf-8"
?>
                <!DOCTYPE pam_mount SYSTEM
"pam_mount.conf.xml.dtd">
                <pam_mount> 
                <debug enable="0" />
                <volume options="user=%(DOMAIN_USER),domain=DOMAIN"
\
                fstype="cifs" server="mainlian"
path="Common" \
                mountpoint="/home/DOMAIN/%(DOMAIN_USER)/Common"
                ></volume> 
                <volume options="user               
%(DOMAIN_USER),domain=DOMAIN,noperm" \ fstype="cifs"
                server="mainlian" path="Departments" \
                mountpoint="/home/DOMAIN/%(DOMAIN_USER)/Departments"
                ></volume> 
                <volume options="user=%(DOMAIN_USER),domain=DOMAIN"
\
                fstype="cifs" server="mainlian"
path="%(DOMAIN_USER)" \
                mountpoint="/home/DOMAIN/%(DOMAIN_USER)/Documents"
                ></volume>
               
<path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>
                <logout wait="0" hup="0"
term="0" kill="0" />
                <mkmountpoint enable="1" remove="true"
/>
                </pam_mount>
    22. Open system==>Administration==>login screen==>press the unlock
        button==>enter password for network-admin
    23. Uncheck "play login sound" and uncheck "show list of
users".
        Ensure "show the screen for choosing who will log in is
        selected"
    24. Log out user network-admin and log in with domain user.
    25. Open Departments mount from Desktop, drag department folders for
        this user to menu on left side of nautilus window.



Bob Miller
334-7117/660-5315
http://computerisms.ca
bob at computerisms.ca
Network, Internet, Server,
and Open Source Solutions

Il 03/03/2011 18:18, Bob Miller ha scritto:

[snip]

Very interesting read. Excellent style, too, IMHO.

Thanks for sharing.

-- 
Marcello Romani

Although my DC is ubuntu, i tryed that.
I end up with a nasty DNS error, which is setup, pointing to the DC server
and working.
Maybe thats not the solution for a linux PDC?

> Il 03/03/2011 09:15, fdelval at rojatex.com ha scritto:
>> Hello,
>> I did all the steps to build a DC, i even joined windows clients ok.
>>
>> Now i want to add a ubuntu desktop.
>> Ok, i modified the Workgroup and other parameters in smb.conf, i ran
the
>> net rpc join -S DOMPDC -UAdministrator%password
>> i got an OK messange.
>>
>>
>> Now, i reboot, the login screen appears and.....?
>>
>> i cant login with MyDomain\Myuser, nor i cant find an user management
>> screen to add my domain users...
>>
>>
>> i cant find info on that, how do i login with domain users in an ubuntu
>> desktop?
>>
>> thanks
>>
>
> Although a bit dated, I belive this might be helpful:
>
>
http://www.ubuntugeek.com/how-to-add-ubuntu-804-to-win-server-2003-active-directory-domain.html
>
> It talks about Likewise-open.
>
> --
> Marcello Romani
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
Fran Del Val
Dpto de inform?tica.
Rojatex S.L.

Hello,
Wow, that was kind of a big and detailed explanation, thanks
Yes, i set up a samba PDC and i want to join an ubuntu, no windows
involved at all.

Never thought that it was easier to join a windows client than a linux
one, but its ok, i will try despite it looks complicated

thanks again


> On Thu, 2011-03-03 at 09:25 +0100, Marcello Romani wrote:
>> Il 03/03/2011 09:15, fdelval at rojatex.com ha scritto:
>> > Hello,
>> > I did all the steps to build a DC, i even joined windows clients
ok.
>> >
>> > Now i want to add a ubuntu desktop.
>> > Ok, i modified the Workgroup and other parameters in smb.conf, i
ran
>> the
>> > net rpc join -S DOMPDC -UAdministrator%password
>> > i got an OK messange.
>> >
>> >
>> > Now, i reboot, the login screen appears and.....?
>> >
>> > i cant login with MyDomain\Myuser, nor i cant find an user
management
>> > screen to add my domain users...
>> >
>> >
>> > i cant find info on that, how do i login with domain users in an
>> ubuntu
>> > desktop?
>> >
>> > thanks
>> >
>>
>> Although a bit dated, I belive this might be helpful:
>>
>>
http://www.ubuntugeek.com/how-to-add-ubuntu-804-to-win-server-2003-active-directory-domain.html
>>
>> It talks about Likewise-open.
>>
>> --
>> Marcello Romani
>
> I was charged with this task recently, took quite a bit of time to put
> everything together, but I have it working.
> I am not clear if you are using a samba pdc or a windows pdc, I expect
> the ubuntu workstation set up should be close or the same for either.  I
> use a samba pdc, and I found it necessary to refine my group permissions
> system using the net command to get this working (the command that
> brought it all together was `net sam mapunixgroup` or some such, which
> led to having to remap group users, which led to shares on windows
> workstations with domain permissions breaking, which led to several
> applications breaking until permissions were re-applied).  In other
> words, this only works if all your ducks are in a row on the samba pdc.
> But I have a handful of ubuntu machines in a primarily XP environment
> connecting to a Samba pdc.  The ubuntu machines will also work through
> an openswan vpn.
> This set up will allow users to log in with just their domain.name
> (instead of DOMAIN\domain.name), and will mount the same shares as the
> windows computers will do via the logon script.  Here are the notes,
> good luck with everything:
>
>   1. sudo su
>      2. apt-get install winbind samba libpam-mount smbfs
>      3. mv /etc/hosts /etc/hosts.orig
>      4. vi /etc/hosts <= set this file so that it contains only the
>         following lines:
>                 127.0.0.1 localhost TEST1 TEST1.ctfn.ca
>                 127.0.1.1 TEST1
>                 192.168.150.10 pdc pdc.domain.com
>      5. mkdir /home/DOMAIN
>      6. vi /etc/nsswitch.conf <= modify the following 3 lines, leave the
>         rest of the file as is:
>                 passwd: compat winbind
>                 group: compat winbind
>                 hosts: files dns wins mdns4_minimal mdns4
>      7. mv /etc/samba/smb.conf /etc/samba/smb.conf.orig
>      8. vi /etc/samba/smb.conf <= copy/paste the following into this
>         file:
>                 [global]
>                  ;Workstation Settings
>                 workgroup = DOMAIN
>                 netbios name = TEST1
>                 server string = %h
>                 security = domain
>                 idmap backend = tdb
>                 idmap uid = 15000-20000
>                 idmap gid = 15000-20000
>                 wins server = 192.168.150.10
>                 winbind use default domain = yes
>                 winbind enum groups = yes
>                 winbind enum users = yes
>                 password server = 192.168.150.10
>                 template shell = /bin/bash
>                 template homedir = /home/%D/%U
>                  ;Logging
>                 log level = 2
>                 log file = /var/log/samba/log.%m
>                 max log size = 1000
>                 syslog = 0
>                 panic action = /usr/share/samba/panic-action %d
>      9. /etc/init.d/smbd restart
>     10. /etc/init.d/nmbd restart
>     11. /etc/init.d/winbind restart
>     12. net join DOMAIN <= If this does not return a line stating join
>         Domain DOMAIN was successful, stop and review, you missed
>         something.
>     13. cd /etc/pam.d <= Note: modifying files in this location
>         incorrectly may result in locking you out of the machine. Boot
>         from a live cd and copy the original files back to fix.
>     14. mv common-account common-account.orig
>     15. vi common-account <= copy/paste the following into this file:
>                 account [success=2 default=ignore] pam_winbind.so
>                 account [success=1 default=ignore] pam_unix.so
>                 account requisite pam_deny.so
>                 account required pam_permit.so
>     16. mv common-auth common-auth.orig
>     17. vi common-auth <= copy/paste the following into this file:
>                 auth [success=2 default=ignore] pam_unix.so
>                 nullok_secure
>                 auth [success=1 default=ignore] pam_winbind.so
>                 use_first_pass
>                 auth requisite pam_deny.so
>                 auth optional pam_mount.so
>                 auth required pam_permit.so
>     18. mv common-session common-session.orig
>     19. vi common-session <= copy/paste the following into this file:
>                 session required pam_unix.so nullok_secure
>                 session required pam_mkhomedir.so skel=/etc/skel
>                 umask=0022
>                 session optional pam_mount.so
>                 session [default=1] pam_permit.so
>                 session requisite pam_deny.so
>                 session required pam_permit.so
>                 session optional pam_ck_connector.so nox11
>     20. mv /etc/security/pam_mount.conf.xml
> /etc/security/pam_mount.conf.xml.orig
>     21. vi /etc/security/pam_mount.conf.xml <= copy/paste the following
>         into this file:
>                 <?xml version="1.0" encoding="utf-8"
?>
>                 <!DOCTYPE pam_mount SYSTEM
"pam_mount.conf.xml.dtd">
>                 <pam_mount>
>                 <debug enable="0" />
>                 <volume
options="user=%(DOMAIN_USER),domain=DOMAIN" \
>                 fstype="cifs" server="mainlian"
path="Common" \
>                 mountpoint="/home/DOMAIN/%(DOMAIN_USER)/Common"
>                 ></volume>
>                 <volume options="user>                
%(DOMAIN_USER),domain=DOMAIN,noperm" \ fstype="cifs"
>                 server="mainlian" path="Departments" \
>                
mountpoint="/home/DOMAIN/%(DOMAIN_USER)/Departments"
>                 ></volume>
>                 <volume
options="user=%(DOMAIN_USER),domain=DOMAIN" \
>                 fstype="cifs" server="mainlian"
path="%(DOMAIN_USER)" \
>                
mountpoint="/home/DOMAIN/%(DOMAIN_USER)/Documents"
>                 ></volume>
>                
<path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>
>                 <logout wait="0" hup="0"
term="0" kill="0" />
>                 <mkmountpoint enable="1"
remove="true" />
>                 </pam_mount>
>     22. Open system==>Administration==>login screen==>press the
unlock
>         button==>enter password for network-admin
>     23. Uncheck "play login sound" and uncheck "show list of
users".
>         Ensure "show the screen for choosing who will log in is
>         selected"
>     24. Log out user network-admin and log in with domain user.
>     25. Open Departments mount from Desktop, drag department folders for
>         this user to menu on left side of nautilus window.
>
>
>
> Bob Miller
> 334-7117/660-5315
> http://computerisms.ca
> bob at computerisms.ca
> Network, Internet, Server,
> and Open Source Solutions
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
Fran Del Val
Dpto de inform?tica.
Rojatex S.L.