Topic: [ANNOUNCE] Ubuntu Authentication

[timn]

For those that are interested I have created a Wiki HowTo page for authenticating Ubuntu 9.10 Karmic Koala against SME. It works for me but YMMV.

http://wiki.contribs.org/Ubuntu_Client_Authentication

[Stefano]

hi

tried on a ubuntu 8.04 hardy and it's almost working

I will test on other distro debian based

just a question: where did you find these infos? have you a link?

thank you

[timn]

Searched these forums for previous posts, and the basis was

http://tech.canterburyschool.org/tech/UbuntuWorkstations_2fAuthenticationSetup

which has been mentioned before.

Also http://samba.org/samba/docs/man/Samba-Guide/unixclients.html#wdcsdm

Also google was my friend, together with a lot of trial and error. I actually had it working a lot sooner than I thought except for a silly typo that took me far too long to track down as it was late.

[Daniel B.]

Many thanks for this how-to. I've tested on Ubuntu Karmic, and it's working.

Regards, Daniel

[timn]

Daniel
Did you install on a clean box or in a VM.

Can you confirm if you get a delay at login while the home directory is mounted. Also after the net rpc join command, did wbinfo work straight away? I think both of these problems may be related to my VirtualBox VM using a different subnet and NAT, as I can't get bridge mode to install.

Tim

[Daniel B.]

Daniel
Did you install on a clean box or in a VM.

Hi. Yes, the ubuntu box is a VM (KVM based), but in bridged mode, so in the same subnet as the SME (which is another VM).

Can you confirm if you get a delay at login while the home directory is mounted. Also after the net rpc join command, did wbinfo work straight away? I think both of these problems may be related to my VirtualBox VM using a different subnet and NAT, as I can't get bridge mode to install.
Tim

after the net rpc, wbinfo -u/g worked as expected (but it was already working in fact, this ubuntu was installed as 8.04, joined in the domain, upgraded to 8.10, 9.04 and 9.10, then I found your how-to and I just follow it for the pam/nss part. The samba/winbind part on my setup was exactly the same as your how-to)

At the login, there's a small delay (I mount 2 samba shares), but it's reasonable (it may take 3 to 5 seconds more than before)

Regards

[timn]

OK, thanks. My delay for mount at login is more like a minute than 3-5 seconds, hence my concern.

[steever]

Beautiful work, Tim!

Is it possible, do you think, to have the user's home folder under SME mounted as their home folder on the workstation instead of as nethome?

Also, what do you think about using ldap instead of winbind?  That way it would be possible to mac central auth as well, all with home automounted.

Steve

[Stefano]

Beautiful work, Tim!

Is it possible, do you think, to have the user's home folder under SME mounted as their home folder on the workstation instead of as nethome?

I think you could achieve it changing the mount point in pam_mount.conf.xml  file

Also, what do you think about using ldap instead of winbind?  That way it would be possible to mac central auth as well, all with home automounted.

Steve

no, because SME doesn't use (ATM) ldap for users' accounts and auth

[steever]

I think you could achieve it changing the mount point in pam_mount.conf.xml  file

There might be special permission problems ... I'll have to experiment.

no, because SME doesn't use (ATM) ldap for users' accounts and auth

The LDAP contrib allows this to happen.

I'll have a go at both and let you know ...

Steve

[Stefano]

The LDAP contrib allows this to happen.
I'll have a go at both and let you know ...

ok.. but please remember that it is beta sw..
in any case, let us know

[engdev]

Thanks timn, you are a genius.

Tried this on my existing 9.04 Ubuntu installation and works fine. However, once you reboot after doing the 'login & test', I receive a "no logon servers" error after entering my logon password. It doesn't appear to matter as my home drive is still thereand read/write is ok. I have my SME home mapped to 'U_drive' so it's same as windows.

[engdev]

Just thought I would let you know that I removed my Ubuntu 9.04 and installed fresh Linuxmint 8 (i.e Ubuntu 9.10 base). I followed the how-to 100% and it works great, the only change is at the very end. After the 'Login and Test' part you need to re-boot, simply logging out doesn't work. As far as I am concerned there is no login delay, it seems fine to me.

Thanks again for a great how-to.

[linuxgurumaniac]

hello,
great tutorial, all works but when i tried to login with any of the sme user,
if a entered a wrong password ill get a wrong password which is good
but when i enter the right one i get the following :
"your password has expired"
please help....

[timn]

Just tried and works OK for me. Incorrect password gives "wrong password" followed by "authentication failure" messages. Second attempt with correct password works OK. Doesn't help you I know.

Is the actual users SME account locked?

Are you sure the machine has joined the SME domain?