El Martes, 2 de Enero de 2007 20:44, Jason Greene escribió: > Wants: > Linux server with Samba as the PCD > Windows 2k and XP workstations are on the Samba domain and authenticate > all users with the Samba PDC. > Migrate Windows workstations to Linux (ubuntu) workstations and have > them authenticate all users against the Samba PDC and mount all > necessary shares (just like the windows PCs did) > > > Can someone point me to a good Howto on this or tell me how to > accomplish this?
I've used the idealx howto and some other documents collected through the web to accomplish this. This is a quick HOWTO, written without testing. In your linux machines you must do this: PDC --- Install a NFS server in the PDC. I use unfs3d, an user-space NFS server that suits my needs and works well with VServers. Adjust /etc/exports to match the homes of your users: [EMAIL PROTECTED] # cat /etc/exports # /etc/exports: the access control list for filesystems which may be exported # to NFS clients. See unfsd(8). /home/samba/users 192.168.1.0/24(rw,fixed,no_root_squash) # === END === And restart your NFS server [EMAIL PROTECTED] # invoke-rc.d unfs3 restart In the linux clients -------------------- The kernel in your clients must have the automounter v4 compiled or available as a module. Install the autofs package and configure it [EMAIL PROTECTED] # cat /etc/auto.master # /etc/auto.master # /home/samba/users /etc/auto.home --timeout 600 # === END === [EMAIL PROTECTED] # cat /etc/auto.home # /etc/auto.home # # Only one line! * -tcp,nfsvers=3,mountport=2049,port=2049,nolock,intr,rsize=16384,wsize=16384 pdc.mydomain.com:/home/samba/users/& # === END === [EMAIL PROTECTED] # invoke-rc.d autofs restart (My /etc/auto.home line is so long because I don't use portmap) There's people that put the autofs data in the LDAP but right now I prefer to have it in the files. Now install libpam-cracklib (if used), libnss-ldap and libpam-ldap packages. I use Debian but I suppose in Ubuntu the packages will be the same. Copy using scp the following files from the PDC to the clients: [EMAIL PROTECTED] # scp /etc/pam.d/common-* <linux_client>:/etc/pam.d/ [ ... ] [EMAIL PROTECTED] # scp /etc/ldap/ldap.conf <linux_client>:/etc/ldap/ [ ... ] Normally you only have to edit the URI or HOST parameter and write there the IP or DNS name of your LDAP server. I also remove the ROOTBINDDN directive (and the /etc/ldap.secret file) from the files because it's only needed if you want to change one user password in the client machine using the root account and you can make that from the PDC. [EMAIL PROTECTED] # cat /etc/ldap/ldap.conf /etc/ldap/ldap.conf - Ajustes por defecto para clientes LDAP # Modificado por Asier, 2006-11-22 - see ldap.conf(5) for details # # chmod 644 /etc/ldap/ldap.conf ldap_version 3 ### ### Common settings for LDAP ### URI ldap://ldapserver.mydomain.com/ BASE dc=example,dc=com TIMELIMIT 5 ### ### TLS stuff ### SSL start_tls TLS_CACERT /etc/ldap/ssl/cert/ca.pem TLS_CHECKPEER no TLS_REQCERT allow ### ### Settings for libpam-ldap (/etc/pam_ldap.conf) ### pam_filter objectclass=posixAccount pam_password exop pam_login_attribute uid pam_member_attribute memberUid ### ### Setting for NSS (/etc/libnss-ldap.conf) ### scope one bind_timelimit 5 nss_base_passwd ou=Users,dc=example,dc=com?one nss_base_passwd ou=Computers,dc=example,dc=com?one nss_base_shadow ou=Users,dc=example,dc=com?one nss_base_group ou=Groups,dc=example,dc=com?one # === END === For commodity I use the same file for LDAP, PAM and NSS: [EMAIL PROTECTED] # pwd /etc/ [EMAIL PROTECTED] # ln -sf ldap/ldap.conf libnss-ldap.conf [EMAIL PROTECTED] # ln -sf ldap/ldap.conf pam_ldap.conf Last, adjust the /etc/nsswitch.conf (or copy it from the PDC, the settings will be if not the same very similar): [EMAIL PROTECTED] # scp /etc/nsswitch.conf <linux_client>:/etc/ [ ... ] Restart some services in the client [EMAIL PROTECTED] # invoke-rc.d ssh restart [EMAIL PROTECTED] # invoke-rc.d autofs restart It's done. Now you should be able to login with ssh in the clients using -- Asier. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
