Topic: LINUX WORKSTATION

[steever]

Hi - I am trying to connect a Linux workstation to SME server so that all users on SME can put their usernames and passwords into the Linux box and be delivered to a nice Gnome desktop, where the user's home folder is there home folder on the SME box.  I have been having a great deal of trouble, have read much on this board, and am still having trouble.

Here is an outline of my different attempts:

A. Using NIS and NFS with Fedora Core 3
I can authenticate users against the SME but logging in using GDM doesn't work because of a shell issue.  Even changing the users' shells to bash instead of sshell doesn't fix this problem.

B.  Using NIS and NFS with Ubuntu Hoary
I can authenticate users against the SME box and can mount /home/esmith/files/users with NFS so that each user has a home folder.  Log in with GDM works fine, but the big SHOWSTOPPER problem is that NFS maps USER's home folder /home/files/users/USER/ where it really needs to be mapped to /home/files/users/USER/home - the big problem is that the user can actually delete important mail files etc.

C.  Using WINBIND and NFS with Fedora Core 3
I can authenticate users against the SME box and have set up the homedir template to be /home/esmith/files/%U/home (an NFS mount) but Fedora complains that it cannot create the relevant .gnome and .gnome2 folders inside the USER's home folder.

There was a very long discourse between boarders Damian and Crimsonline which dealt with these issues, but it didn't seem to be resolved.  Anybody working on these problems?

I love SME, especially the user-management and email functions, but due to licensing my school needs to ditch Windows.  I want to keep SME and connect using either Fedora or Ubuntu.  Can anyone help?  Damian?[/list][/i]

[totodiaz]

Have you check this?:
http://no.longer.valid/phpwiki/index.php/NIS%20Authenticated%20Linux%20workstation%20on%20an%20e-smith%20server

[steever]

Yes, thanks, I followed these great instructions so that the server is running NIS and I can authenticate with Ubuntu with no problems (as I noted in my initial post) but .... the NFS arrangement has severe problems:

A user named "contribs" will have their home mapped to /home/esmith/files/users/contribs instead of the more correct /home/esmith/files/users/contribs/home   - the end result of this is that when logged into a Linux workstation, the user could delete their mail files - anybody got a way to mount through NFS /home/esmith/files/users/contribs/home instead of /home/esmith/files/users/contribs ???

[steever]

I worked on this problem on and off today, this time using Damian's idea of grepping /etc/passwd to /etc/passwd.dist, changing shell and home locations that way, and then instructing the NIS server (SME) to use passwd.dist instead of passwd - Damian suggests changing the home location pointer to /home/user but this relies on using autofs and automount, both of which are beyond my level.

So now I'm thinking:  use Damian's method to point each user's home to /home/e-smith/files/users/username/home rather than the default /home/e-smith/files/users/username and then use NFS to export /home/e-smith/files/users.

Come on guys:  if we can get this working, SME will be ubeatable for Single Sign On - at least until we get LDAP authentication through SME working ..., even in that event, we need to get NFS ironed out!  Help schools everywhere to use SME and ditch Microsoft.

Unfortunately this idea did not work, Ubuntu complains that it can't find the export /home/e-smith/files/users/username/home even though I can navigate there.  I am about to give up on this and make a nice new SAMBA/LDAP PDC that places home folders in a reasonable location.  This is sad, I'd rather use SME, but ...

So anybody got an idea?

[mhiggins]

we've been trying to do the same thing, except just using winbind.... the way sme was made to work

The SME box is 6.0.1 with the unofficial update script applied (that just make esmith so very much better)

We know it can be done because mandrake seems to do a domain login with SME out of the box as long as you join the domain during the initial build, but well it's just not our desktop of choice

We want to use Ubuntu - Hoary Hedgehog 5.04

As a desktop client, ubuntu rocks & with a few minutes spent at the unofficial Ubuntu 5.04 Starter Guide http://ubuntuguide.org everything seems to work out of the box

Been following & playing with this;

http://ubuntuforums.org/archive/index.php/t-5409.html

but unfortunately haven't got it working yet. It seems to join the domain & everything tests OK, but when i reboot, can't log in as in i'm locked out.

If you do intend to play with this, as always BACK UP YOUR FILES FIRST.

This is a script to do just exactly that; copy & paste this with your favorite text editor & save it as winbindbak.sh

#winbind_back_up script
cp -v /etc/login.defs /etc/login.defs.bak
cp -v /etc/nsswitch.conf /etc/nsswitch.conf.bak
cp -v /etc/samba/smb.conf /etc/samba/smb.conf.bak
cp -v /etc/pam.d/common-account /etc/pam.d/common-account.bak
cp -v /etc/pam.d/common-auth /etc/pam.d/common-auth.bak
cp -v /etc/pam.d/common-password /etc/pam.d/common-password.bak
cp -v /etc/pam.d/common-session /etc/pam.d/common-session.bak
cp -v /etc/pam.d/sudo /etc/pam.d/sudo.bak

then as root / sudo at a comand prompt run;

sh /path_to_where_you_saved_it/winbindbak.sh

That way if you end up locked out like i did, you can come back up in rescue mode & put them all back;

& heres a script to do just that again copy & paste this to your favorite text editor & save as winbindrest.sh

#winbind_restore_backed_up_files & save the broken ones for investigation script
cp -v /etc/login.defs /etc/login.defs.bak2
cp -v /etc/nsswitch.conf.bak /etc/nsswitch.conf.bak2
cp -v /etc/samba/smb.conf.bak /etc/samba/smb.conf.bak2
cp -v /etc/pam.d/common-account.bak /etc/pam.d/common-account.bak2
cp -v /etc/pam.d/common-auth.bak /etc/pam.d/common-auth.bak2
cp -v /etc/pam.d/common-password.bak /etc/pam.d/common-password.bak2
cp -v /etc/pam.d/common-session.bak /etc/pam.d/common-session.bak2
cp -v /etc/pam.d/sudo.bak /etc/pam.d/sudo.bak2
cp -v /etc/login.defs.bak /etc/login.defs
cp -v /etc/nsswitch.conf.bak /etc/nsswitch.conf
cp -v /etc/samba/smb.conf.bak /etc/samba/smb.conf
cp -v /etc/pam.d/common-account.bak /etc/pam.d/common-account
cp -v /etc/pam.d/common-auth.bak /etc/pam.d/common-auth
cp -v /etc/pam.d/common-password.bak /etc/pam.d/common-password
cp -v /etc/pam.d/common-session.bak /etc/pam.d/common-session
cp -v /etc/pam.d/sudo.bak /etc/pam.d/sudo

then as root / sudo at a command prompt run;

sh /path_to_where_you_saved_it/winbindrest.sh

& you should be back up & running in seconds

Anyway until i get it sorted i'm hard wiring the mounts into the /etc/fstab

[Damian]

Hey Steever,
Which is your preferred way of doing this ? Fedora, Ubuntu or something I've never heard of  
Autofs isn't beyond you, you just need to give it a spin!
Working offline with Crimsonline went a little pear-shaped as we seemed to lose contact - probably my fault. That said, we made a LOT of progress past what was posted in the forum. The shame of it is that during the frequent exchanges some people may have found useful items, but I'm conscious of not clogging up the forum with mundane conversation.
Anyhow, can you post an update as to where you are now and we'll see if we can get you going  
Damian

[steever]

The basic situation is this:  we love SME - we don't love Microsoft.  After the incident with Microsoft in China, my bosses have given me the unoffical nod to investigate moving away from MS as much as possible.

So, we'd like to use Ubuntu or Fedora workstations authenticating off SME (either through Winbind or NIS), so that when username logs in, their home directory is mapped to /home/e-smith/files/users/username/home (I can get a mapping to /home/e-smith/files/users/username happening but this allows the user to delete their own Mail files (not good).

Stephen Noble and Adam Landow have also been working on this problem - the NIS works fine for me, the automount stuff doesn't work.

So please, I am sure that almost everyone wants a nice step by step, particular of the nfs mount stuff.

I am happy to use Winbind, but want users' home directories mapped, not created on the fly.

If this works, SME will be THE server platform.

[Damian]

Well OK then. I have the $home/home mapping that you're looking for working here using the method I described in all those postings. A pain to read through all of them and they may be incomplete. I'll get hold of FC3 and build up a autofs howto for FC3 with SME 6.01.
I'll post back when I have something useful.

[Tib]

Hi

It's probably not the way you want to go but I run Suse and Mepis ... I log into both with the user name and password as setup on SME. But in both I use Smb4k and just map the drives that are allowed for the user ... the home drive comes up nicely without mail folder access etc. It's the closest and neatest way I have found and less hassels to setup. People cannot access drives they don't have auth to use. With this setup you don't have to stuff around with NIS NFS etc.

For a good working temp setup try it. I'm starting to play around with it at work as well ... I know it's not the prefered way to run on a network but it works as a temp setup till something better comes along.

Tib

[steever]

Actually today it worked.  I used a nice fresh SME 6.5 install and a nice fresh FC3 workstation.  I did not set up any local users on the FC3 workstation and it worked out fine.

Maybe it was just Ubuntu playing up - I read that /home has to be empty for automounting of /home to work, and the way Ubuntu is set up is that there is a user set up automatically in /home to handle the sudo.

So I am a very happy fellow tonight.  Is there anyway to make push run automatically any time there is a change to users' details - adding/deleting/changing a password?  The initial how to talked about this but not in reference to push.

Thanks Damian and others for helping out.  Oh, is there a way of having the ibays the user is allowed to access available through NFS?  So that a teacher logging in can easily put stuff in the teachers ibay, eg. /ibays/teachers ?

[mhiggins]

Been thinking about what it is we are trying to do, not really sure if this fits with what everyone else has a goal but what we need is;

1) SME domain, authentication login control that flows to local linux machines (preferably running ubuntu or Fedora)

Winbind looks right to do this

2) a linux equivalent of "roaming profiles", as in...

login here, here's your profile stuff & your mounts,
move to a new machine, there it is again,
pick your notebook up & leave the office, you still have your stuff held locally in your local profile, but your mounts to the server are broken,
change something while your away, log back into the domain, thankyou we have your changes.

In short, the same functionality that SME has been dishing up to windows NT/W2K/XPpro clients for years.

I may be wrong but NFS doesn't seem like the right way to achieve this

Maybe i'm missing something on synchronization.

Does anyone have any ideas on how to best to achieve this?

[steever]

I have been playing around today with FC3 authenticated off SME with automounted /home but have come across the following problem ...

When userA logs out, /home/userA remains mounted.  When userB logs in, they can then navigate to /home/userA and read the contents of files in the directory.  userA's folder eventually dismounts by itself, but in a school setting this is not a good thing - is there a way to have /home/userA automatically dismounted upon logout or - alternatively - a way to set initial permissions on /home/e-smith/files/users/*/home so that it is 0750 instead of the default 0755.  I looked in /etc/skel but there's nothing there.  Anybody?