Topic: Ubuntu Feisty Fawn joining SME domain

[robw]

Hi, I've been trying to get an Ubuntu Feisty Fawn 7.04 desktop to connect to an SME domain for about 5 days now and am about to tear hair out!

I have tried the howto at http://tech.canterburyschool.org/tech/UbuntuWorkstations which is very well written and comprehensive. Unforetunately it hasn't worked in my situation. I have tried all the tricks from the forums including creating and activating the computer account on the SME server but all to no avail.

So far, at different times, I have had

the desktop join the domain but fail to login (Using Happy Gnome with name list) - just get local machine users listed and get incorrect username or password trying to get in via domain OR local user accounts

fail on joining domain

fail trying to get wbinfo -u

succeed getting domain users - wbinfo -u - but still fail to login when reboot

aaaaaaaaaaahhhhh!

Can anyone PLEASE help with some instructions/tips/tricks/traps for getting Feisty to connect to an SME domain.

Thanks heaps in anticipation

[stephen noble]

http://wiki.contribs.org/Mepis

there was also a thread a few weeks ago
but any problem was because the howto wasn't followed

[robw]

Hi snoble and thanks for the reply. The http://wiki.contribs.org/Mepis howto is actually the same as the canterburyschool one I used (they even have a acknowledgement of Ideas borrowed from Canterbury...) but with the machine account creation and activation in SME (which I did).

I came unstuck when I then tried the wbinfo -u and -g. I get error looking up domain users/groups. When I reboot the Ubuntu PC, I can't login using domain OR local accounts.

I am using a script to backup and restore the relevant files asnd when I restore, I can get in locally just fine. When I retry, however, I now can't even get past the domain join as it fails there. I seem to be snookered! Is there something obvious that I'm doing/not doing?

BTW, the server is a fully patched SME 7.2 according to it's software manager. The PC is Ubuntu 7.04 Feisty Faun fully patched. I also followed some other instructions to install Samba (on the Ubuntu machine) - not sure if that was correct but smbd wasn't running before I did and now it is.

[r2ks]

Like you i also have tried the same instruction and have looked my self out of my work station and can not login to it. HAS ANY one setup ubuntu fiesty fawn to Logon to sme server as a domain controller
Thanks

[robw]

Like you i also have tried the same instruction and have looked my self out of my work station and can not login to it. HAS ANY one setup ubuntu fiesty fawn to Logon to sme server as a domain controller
Thanks

Hi r2ks, if you're currently locked out, I can probably point you to how to get back. I'm assuming you backed up the files before starting (?). If so, you just go into the Ubuntu recovery console (hit esc as soon as the loader starts), put in your root password when prompted and use the command line to restore your files. Have a look at Mark Higgins' post on http://ubuntuforums.org/archive/index.php/t-8332.html for more info on how to backup and restore via a shell script.

Meanwhile, does anyone have any further info on getting Feisty connected to an SME domain???

[r2ks]

I have unlocked my it seams every time i try to use the Mepis contrib something Happens Locked out our have to Sign in to Ubuntu with password 2 or 3 times.

First My question is by looking at that Contrib do i replace the existing information in those files for /etc/pam.d/common-auth with what is in the contrib ??

This is pretty bad that this Communty can not come up with More Clearer documantation for this to Work on any linux work station to connect i have a MS$ XP Box that connects to the Server No problem I want away for MS$

I LOVE SME it is a Great server i did Read that Maybe the Version of Samba i have on my SME Box is the Problem some how My smetest repo got enabled

PLEASE TEAM Lets Make this Work

[stephen noble]

>This is pretty bad that ...

The community did come up with a solution for what was available at the time
your the community with the need now it's up to you to add to the knowledge
don't think we didn't go through the same pain your going through now

[hedererjs]

i've made it work for Suse and fedora, but always with problems that are not due to SME, but with my station.

for connecting to shares, i recommend fusesmb

[r2ks]

with all do repect snoble and all of the hard work you have put in. as with the rest of this Community. all i was saying is that it is to bad that we can take a MS$ box and connect it to a sme server Linux box no Problem. but i am haveing such a pain connecting Ubuntu linux to the server. I have tried fedora 7 and connected no problems so at this point ther is no longer any need to post on this fourm for this issue. I will take it to the ubuntu fourms do you not agree that there is more of a difficult time time conecting a linux box to a Linux server or maybe it is me.

Again i did not mean anything of disrespect to you SNOBLE or any other.

[stephen noble]

Agreed,
It's so hard I'm beginning to think it's on purpose

[r2ks]

OK everyone i have My Ubuntu feisty Fawn connected to my Sme Server where do i Post The Procedure at there are a Couple of tweaks not in the Mepis contrib

[r2ks]

Connecting Ubuntu Feisty Fawn to Sme Server

on the ubuntu Client Download and install Winbind and Samba
apt-get install samba
apt-get install winbind libpam-mount

Next Make sure you go System->Administration->login window
Under security uncheck deny tcp connections to xserver
if you do not uncheck this you will not be able to use any of your system administration functions
will you are there go to Local and use happy gnome with Browser to see all your Domain users
next do a Sudo Nano -w /etc/samba/smb.conf
Copy this information into the smb.conf Under this Line  
# Change this to the workgroup/NT-domain name your Samba server will part of

   workgroup = (
what ever your Domain is )
  idmap uid = 10000-20000

  idmap gid = 10000-20000

  template shell = /bin/bash

  template homedir = /home/%U

  winbind enum users = yes

  winbind enum groups = yes

  winbind cache time = 10

  winbind separator = +

  security = domain

  password server = *

  winbind use default domain = yes

next do a sudo nano -w /etc/nsswitch.conf
Edit these files to Look Like this
passwd:         compat winbind

group:          compat winbind

shadow:         compat winbind

next do a sudo nano -w /etc/pam.d/common-account
Comment out all other Lines with a # and add these Lines
# these are for Domain authentication

account sufficient pam_winbind.so

account required        pam_unix.so

next do a sudo nano-w /etc/pam.d/common-auth
comment out all Lines and add this
## use the follolwing "auth" line by itself to restrict local access (a bit$

## will validate ONLY off of network

#auth   required        pam_winbind.so use_first_pass

#

## use the TWO "auth" lines below for either network or local validation -

## will validate off of EITHER network or local passwd db

auth    required        pam_mount.so

auth    sufficient      pam_winbind.so use_first_pass

auth    required        pam_unix.so use_first_pass


next do a sudo nano -w /etc/pam.d/common-session
Comment out all other Lines and add this
#These are the Fields for Domain auth

session required        pam_unix.so

session required        pam_mkhomedir.so umask=0022 skel=/etc/skel/

session optional        pam_mount.so

session optional        pam_foreground.so

next do a sudo nano -w /etc/pam.d/sudo
Just Add these Lines
auth sufficient pam_winbind.so

auth required pam_unix.so use_first_pass

Next do a sudo /etc/init.d/winbind start

now go to your Sme Server and type this command
signal-event machine-account -create clientname$
smbpasswd -a -m clientname$

Remember the Clientname is the name of your laptop or PC you are trying to connect to the sme server
Back to the workstaion or Client Machine and type
sudo net rpc join -D (What ever your Domain Is) -U admin

and it should Join

[Mjohnson]

Thanks...

Works Great!!

[troykd]

That fix worked for me but it hosed up synaptic and some other programs.  Undid it and it went back to 'normal'. 

[TrevorB]

OK everyone i have My Ubuntu feisty Fawn connected to my Sme Server where do i Post The Procedure at there are a Couple of tweaks not in the Mepis contrib

Create your own wiki item for Ubuntu/Fiesty Fawn....

Trevor B 

[MasthaX]

well that didnt work for me, i cant even get in my own system anymore not even while logging in on a local account. Also i have to type the password twice dont know why it only takes the second time. how can i undo this all? Or do i need to reinstall my Ubuntu? If its the easies solution i would do that there aren't any usefull files on the system so.

[pfigueira]

Hi,

I'm new to sme server.
I manage a large school equipment (+-1250 users) and hat to configure a mix envoirement (linux a window$ clients). I had a similar problem: linux (ubuntu) clients could not join the domain but the window$ clients could. After a lot of hours (really a lot) a foud the solution. My domain is only localy visible. Both the linux and windows$ clients had the sme server has the dns server. Only the window$ machines got the name of the server resolved by the dns server. Strange. So I had to edit the hosts file (/etc/hosts) on the ubuntu clients with all the server names. (server_ip servername domain.xxx www.domain.xxx etc)
With this problem solved, now I have another problem: The domain users, on the ubuntu workstation, can not mount the usb-sticks. Can anyone help me?

Thanks,
Paulo F.

[pfigueira]

Can someone help me. The school season is almost starting and I'm stuck with the usb pens mount problem.
Thanks,
Paulo F.

[troykd]

Here's what worked for me.  32 bit Feisty on a 64 bit Dell Notebook.  Real simple.

From your Ubuntu toolbar, select Places.

Select Connect to Server

Select Windows Share

Fill in your servers NAME

Fill in your user name

Put your workgroup in for the Domain

Double click the icon created and log in.  Worked for me.  Had my shares and could add ALL the printers at the office.  One thing about Ubuntu, it does an awesome job of finding network printers.  Better than Fedora.

Hope it works for you.

[steever]

USB SOLUTION:

From http://tech.canterburyschool.org/tech/UbuntuWorkstations

Logins validated by the Windows server won't correctly pickup membership in local groups, making sound, USB devices, etc. inaccessible. To fix that do the following (Thanks to Steve Towson, Marist Brothers International School, Japan):

   1.  edit /etc/pam.d/gdm to include auth optional pam_group.so
                   
   2.  edit /etc/security/group.conf to include gdm;*;*;Al0000-2400;floppy,audio,cdrom,video,plugdev,scanner
                   

Explanation:
   No.1 instructs gdm to use the /etc/security/group.conf
   No.2 assigns membership of the floppy, audio, cdrom, video, plugdev (usb sticks) and scanner groups to any user who logs in through the gdm.

[steever]

Has anyone managed to auth gutsy against SME?  Or had any luck authenticating edubuntu thin client against SME?  Enquiring minds and idle hands want to know!

Thanks

Steve

[troykd]

Had it working with Feisty Fawn but no luck with Hardy Heron.

Troy

[troykd]

Bump,
Anyone get Hardy Heron to work with SME?

[Paperguides]

I have managed to get something working previously on Hardy but then had a HD failure. When I applied what I thought was the same patches as last time  I now have the problem discussed above i.e. I needing to input two passwords.   I have asked on the Ubuntu forum if anyone can help with no response at all.

The two passwords required can be show thus:

tony@humphrey:~$ sudo ls
pam_mount password:
[sudo] password for tony:
Desktop  Documents  Examples  Music  Pictures  Public  Templates  Test   Videos
tony@humphrey:~$

I do not understand some of the mods that I made to the password files so cannot see what needs to be tweaked to correct the problem.

Are there any Linux gurus around?

Tony