Topic: [ANNOUNCE] Ubuntu Authentication

[timn]

For those that are interested I have created a Wiki HowTo page for authenticating Ubuntu 9.10 Karmic Koala against SME. It works for me but YMMV.

http://wiki.contribs.org/Ubuntu_Client_Authentication

[Stefano]

hi

tried on a ubuntu 8.04 hardy and it's almost working

I will test on other distro debian based

just a question: where did you find these infos? have you a link?

thank you

[timn]

Searched these forums for previous posts, and the basis was

http://tech.canterburyschool.org/tech/UbuntuWorkstations_2fAuthenticationSetup

which has been mentioned before.

Also http://samba.org/samba/docs/man/Samba-Guide/unixclients.html#wdcsdm

Also google was my friend, together with a lot of trial and error. I actually had it working a lot sooner than I thought except for a silly typo that took me far too long to track down as it was late.

[Daniel B.]

Many thanks for this how-to. I've tested on Ubuntu Karmic, and it's working.

Regards, Daniel

[timn]

Daniel
Did you install on a clean box or in a VM.

Can you confirm if you get a delay at login while the home directory is mounted. Also after the net rpc join command, did wbinfo work straight away? I think both of these problems may be related to my VirtualBox VM using a different subnet and NAT, as I can't get bridge mode to install.

Tim

[Daniel B.]

Daniel
Did you install on a clean box or in a VM.

Hi. Yes, the ubuntu box is a VM (KVM based), but in bridged mode, so in the same subnet as the SME (which is another VM).

Can you confirm if you get a delay at login while the home directory is mounted. Also after the net rpc join command, did wbinfo work straight away? I think both of these problems may be related to my VirtualBox VM using a different subnet and NAT, as I can't get bridge mode to install.
Tim

after the net rpc, wbinfo -u/g worked as expected (but it was already working in fact, this ubuntu was installed as 8.04, joined in the domain, upgraded to 8.10, 9.04 and 9.10, then I found your how-to and I just follow it for the pam/nss part. The samba/winbind part on my setup was exactly the same as your how-to)

At the login, there's a small delay (I mount 2 samba shares), but it's reasonable (it may take 3 to 5 seconds more than before)

Regards

[timn]

OK, thanks. My delay for mount at login is more like a minute than 3-5 seconds, hence my concern.

[steever]

Beautiful work, Tim!

Is it possible, do you think, to have the user's home folder under SME mounted as their home folder on the workstation instead of as nethome?

Also, what do you think about using ldap instead of winbind?  That way it would be possible to mac central auth as well, all with home automounted.

Steve

[Stefano]

Beautiful work, Tim!

Is it possible, do you think, to have the user's home folder under SME mounted as their home folder on the workstation instead of as nethome?

I think you could achieve it changing the mount point in pam_mount.conf.xml  file

Also, what do you think about using ldap instead of winbind?  That way it would be possible to mac central auth as well, all with home automounted.

Steve

no, because SME doesn't use (ATM) ldap for users' accounts and auth

[steever]

I think you could achieve it changing the mount point in pam_mount.conf.xml  file

There might be special permission problems ... I'll have to experiment.

no, because SME doesn't use (ATM) ldap for users' accounts and auth

The LDAP contrib allows this to happen.

I'll have a go at both and let you know ...

Steve

[Stefano]

The LDAP contrib allows this to happen.
I'll have a go at both and let you know ...

ok.. but please remember that it is beta sw..
in any case, let us know

[engdev]

Thanks timn, you are a genius.

Tried this on my existing 9.04 Ubuntu installation and works fine. However, once you reboot after doing the 'login & test', I receive a "no logon servers" error after entering my logon password. It doesn't appear to matter as my home drive is still thereand read/write is ok. I have my SME home mapped to 'U_drive' so it's same as windows.

[engdev]

Just thought I would let you know that I removed my Ubuntu 9.04 and installed fresh Linuxmint 8 (i.e Ubuntu 9.10 base). I followed the how-to 100% and it works great, the only change is at the very end. After the 'Login and Test' part you need to re-boot, simply logging out doesn't work. As far as I am concerned there is no login delay, it seems fine to me.

Thanks again for a great how-to.

[linuxgurumaniac]

hello,
great tutorial, all works but when i tried to login with any of the sme user,
if a entered a wrong password ill get a wrong password which is good
but when i enter the right one i get the following :
"your password has expired"
please help....

[timn]

Just tried and works OK for me. Incorrect password gives "wrong password" followed by "authentication failure" messages. Second attempt with correct password works OK. Doesn't help you I know.

Is the actual users SME account locked?

Are you sure the machine has joined the SME domain?

[linuxgurumaniac]

hello again, and thanks for your fast reply.

well yes i was able to connect and see all the groups and user using the command mentioned below,

Code: [Select]

wbinfo -u
wbinfo -g
but please notice that this command

Code: [Select]

smbtreedid not return anything.

I have been using this same machine as a PDC for our winxp pc, but now we are looking
to upgrade to ubuntu, and we do need to have a PDC for a mixed enviremont.
thanks in advance.

[timn]

Have you run

Code: [Select]

testparm to check smb.conf is valid. Also have you set

Code: [Select]

winbind use default domain = yes in smb.conf

[engdev]

I forgot to mention that

Code: [Select]

smbtreedidn't return anything for me either.

Code: [Select]

testparmwas fine

and I have the

Code: [Select]

winbind use default domain = yes in /etc/samba/smb.conf

[linuxgurumaniac]

I forgot to mention that

Code: [Select]

smbtreedidn't return anything for me either.

Code: [Select]

testparmwas fine

and I have the

Code: [Select]

winbind use default domain = yes in /etc/samba/smb.conf

same here but i do get "your password has expired"
when i'm using a correct username and password,
and no they are not locked , i'm using them to access the domain through winxp.

[mdo]

Re. password has expired:

Just ignore that for the moment and continue (as far as I remember there is an OK button for that message). We had that message as well with Ubuntu 9.04 after each logon but you could ignore (OK) the message and continue.

This message is gone since Ubuntu 9.10 here.

[linuxgurumaniac]

Re. password has expired:

Just ignore that for the moment and continue (as far as I remember there is an OK button for that message). We had that message as well with Ubuntu 9.04 after each logon but you could ignore (OK) the message and continue.

This message is gone since Ubuntu 9.10 here.

thx for the reply, well i get that password expired i will be asked to enter the username again.
yes i was testing on ubuntu 9.04, i will try it on ubuntu 9.10 and see what will happen.
thx again.

[linuxgurumaniac]

hello guys,
I installed the ubuntu 9.10 version and it worked on it i was able to login as a domain user,
but i had to add the domain name to the login

Code: [Select]

DOMAIN-NAME\usernameas long as it had worked i don't mind.

Now i do have tow questions :

1--> I want these user to able to log into an ubuntu machine
       while be there data well fall them on both OS, but in the ubuntu case i got "nethome".
       How can I bring the windows data and put in there home so u want feel the difference
       even the desktop wallpaper.

2--> How can i put some restrictions when they are using ubuntu like I used to with do
       with the netlogon script for windows.

thanks in advance....

[engdev]

Re. the 'smbtree' command not working, it's due to:

root@jwj-laptop:/home/administrator# smbtree
The program 'smbtree' is currently not installed.  You can install it by typing:
apt-get install smbclient
smbtree: command not found
root@jwj-laptop:/home/administrator#

So if you install smbclient it fixes the problem, so this needs adding to the 'Additional Packages' section. Thanks

[tkibugu]

Is it possible, do you think, to have the user's home folder under SME mounted as their home folder on the workstation instead of as nethome?

Hi steever, a thread on debian authentication contains some info: http://forums.contribs.org/index.php/topic,45263.0.html
HTH