Hello, Wow, that was kind of a big and detailed explanation, thanks Yes, i set up a samba PDC and i want to join an ubuntu, no windows involved at all.
Never thought that it was easier to join a windows client than a linux one, but its ok, i will try despite it looks complicated thanks again > On Thu, 2011-03-03 at 09:25 +0100, Marcello Romani wrote: >> Il 03/03/2011 09:15, [email protected] ha scritto: >> > Hello, >> > I did all the steps to build a DC, i even joined windows clients ok. >> > >> > Now i want to add a ubuntu desktop. >> > Ok, i modified the Workgroup and other parameters in smb.conf, i ran >> the >> > net rpc join -S DOMPDC -UAdministrator%password >> > i got an OK messange. >> > >> > >> > Now, i reboot, the login screen appears and.....? >> > >> > i cant login with MyDomain\Myuser, nor i cant find an user management >> > screen to add my domain users... >> > >> > >> > i cant find info on that, how do i login with domain users in an >> ubuntu >> > desktop? >> > >> > thanks >> > >> >> Although a bit dated, I belive this might be helpful: >> >> http://www.ubuntugeek.com/how-to-add-ubuntu-804-to-win-server-2003-active-directory-domain.html >> >> It talks about Likewise-open. >> >> -- >> Marcello Romani > > I was charged with this task recently, took quite a bit of time to put > everything together, but I have it working. > I am not clear if you are using a samba pdc or a windows pdc, I expect > the ubuntu workstation set up should be close or the same for either. I > use a samba pdc, and I found it necessary to refine my group permissions > system using the net command to get this working (the command that > brought it all together was `net sam mapunixgroup` or some such, which > led to having to remap group users, which led to shares on windows > workstations with domain permissions breaking, which led to several > applications breaking until permissions were re-applied). In other > words, this only works if all your ducks are in a row on the samba pdc. > But I have a handful of ubuntu machines in a primarily XP environment > connecting to a Samba pdc. The ubuntu machines will also work through > an openswan vpn. > This set up will allow users to log in with just their domain.name > (instead of DOMAIN\domain.name), and will mount the same shares as the > windows computers will do via the logon script. Here are the notes, > good luck with everything: > > 1. sudo su > 2. apt-get install winbind samba libpam-mount smbfs > 3. mv /etc/hosts /etc/hosts.orig > 4. vi /etc/hosts <= set this file so that it contains only the > following lines: > 127.0.0.1 localhost TEST1 TEST1.ctfn.ca > 127.0.1.1 TEST1 > 192.168.150.10 pdc pdc.domain.com > 5. mkdir /home/DOMAIN > 6. vi /etc/nsswitch.conf <= modify the following 3 lines, leave the > rest of the file as is: > passwd: compat winbind > group: compat winbind > hosts: files dns wins mdns4_minimal mdns4 > 7. mv /etc/samba/smb.conf /etc/samba/smb.conf.orig > 8. vi /etc/samba/smb.conf <= copy/paste the following into this > file: > [global] > ;Workstation Settings > workgroup = DOMAIN > netbios name = TEST1 > server string = %h > security = domain > idmap backend = tdb > idmap uid = 15000-20000 > idmap gid = 15000-20000 > wins server = 192.168.150.10 > winbind use default domain = yes > winbind enum groups = yes > winbind enum users = yes > password server = 192.168.150.10 > template shell = /bin/bash > template homedir = /home/%D/%U > ;Logging > log level = 2 > log file = /var/log/samba/log.%m > max log size = 1000 > syslog = 0 > panic action = /usr/share/samba/panic-action %d > 9. /etc/init.d/smbd restart > 10. /etc/init.d/nmbd restart > 11. /etc/init.d/winbind restart > 12. net join DOMAIN <= If this does not return a line stating join > Domain DOMAIN was successful, stop and review, you missed > something. > 13. cd /etc/pam.d <= Note: modifying files in this location > incorrectly may result in locking you out of the machine. Boot > from a live cd and copy the original files back to fix. > 14. mv common-account common-account.orig > 15. vi common-account <= copy/paste the following into this file: > account [success=2 default=ignore] pam_winbind.so > account [success=1 default=ignore] pam_unix.so > account requisite pam_deny.so > account required pam_permit.so > 16. mv common-auth common-auth.orig > 17. vi common-auth <= copy/paste the following into this file: > auth [success=2 default=ignore] pam_unix.so > nullok_secure > auth [success=1 default=ignore] pam_winbind.so > use_first_pass > auth requisite pam_deny.so > auth optional pam_mount.so > auth required pam_permit.so > 18. mv common-session common-session.orig > 19. vi common-session <= copy/paste the following into this file: > session required pam_unix.so nullok_secure > session required pam_mkhomedir.so skel=/etc/skel > umask=0022 > session optional pam_mount.so > session [default=1] pam_permit.so > session requisite pam_deny.so > session required pam_permit.so > session optional pam_ck_connector.so nox11 > 20. mv /etc/security/pam_mount.conf.xml > /etc/security/pam_mount.conf.xml.orig > 21. vi /etc/security/pam_mount.conf.xml <= copy/paste the following > into this file: > <?xml version="1.0" encoding="utf-8" ?> > <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"> > <pam_mount> > <debug enable="0" /> > <volume options="user=%(DOMAIN_USER),domain=DOMAIN" \ > fstype="cifs" server="mainlian" path="Common" \ > mountpoint="/home/DOMAIN/%(DOMAIN_USER)/Common" > ></volume> > <volume options="user= > %(DOMAIN_USER),domain=DOMAIN,noperm" \ fstype="cifs" > server="mainlian" path="Departments" \ > mountpoint="/home/DOMAIN/%(DOMAIN_USER)/Departments" > ></volume> > <volume options="user=%(DOMAIN_USER),domain=DOMAIN" \ > fstype="cifs" server="mainlian" path="%(DOMAIN_USER)" \ > mountpoint="/home/DOMAIN/%(DOMAIN_USER)/Documents" > ></volume> > > <path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path> > <logout wait="0" hup="0" term="0" kill="0" /> > <mkmountpoint enable="1" remove="true" /> > </pam_mount> > 22. Open system==>Administration==>login screen==>press the unlock > button==>enter password for network-admin > 23. Uncheck "play login sound" and uncheck "show list of users". > Ensure "show the screen for choosing who will log in is > selected" > 24. Log out user network-admin and log in with domain user. > 25. Open Departments mount from Desktop, drag department folders for > this user to menu on left side of nautilus window. > > > > Bob Miller > 334-7117/660-5315 > http://computerisms.ca > [email protected] > Network, Internet, Server, > and Open Source Solutions > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- Fran Del Val Dpto de informática. Rojatex S.L. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
