I have a working winbind setup on Debian Sarge that I am currently modifing to work with Ubuntu Gutsy. If anyone wants the deb package to automagically install this let me know, it works nice. Some things will be a little different on FC but you should be able to get most of it. I am not using AD I am using RPC because my server is a Samba system not a Windows system. Very little should be different in this case.
I keep the home directory /home/<DOMAIN>/<USER> so that I can keep them seperate from local system user accounts. This seems to be the standard and it works well. You need these packages installed, FC may use different names for them. samba, winbind, libpam-mount, smbfs Your mount command needs to be set in /etc/security/pam_mount.conf. In my conf file it is the very last line and is the only line that starts with volume. If you have any other lines that start with volume you should remove it. volume * smbfs <SERVER NAME> & /home/<DOMAIN NAME>/& uid=&,gid=users,dmask=0700,fmask=600 - - You need to replace <SERVER NAME> with your server name and <DOMAIN NAME> with your domain name. You also need to set some config files, they should look mostly like this. Again this works great in Debian and Ubuntu but may need work in FC. These are my config files. Please let me know if this works in FC. You may have problems with GDM, Gnome, KDM, KDE on special files like sockets. Those hacks may a problem. Remember to restart samba, then join the domain then restart winbind. You need to use *net* to join the domain. ------- /etc/nsswitch.conf passwd: compat winbind group: compat winbind shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis ------- /etc/nsswitch.conf-- ------- /etc/samba/smb.conf [global] # Network workgroup = RADADOSGROUP server string = %h security = domain password server = * # Stop virtual NIC's like Qemu and VmPlayer from fighting over domain control interfaces = eth0 # Printing load printers = no # Logging log file = /var/log/samba/log.%m log level = 1 max log size = 100 # Winbind winbind uid = 10000-20000 winbind gid = 10000-20000 obey pam restrictions = yes winbind separator = + template shell = /bin/bash winbind enum users = yes winbind enum groups = yes winbind use default domain = yes [public] comment = Public upload path = /home/samba/public public = yes printable = no write list = @netadmins ------- /etc/samba/smb.conf-- ------- /etc/security/pam_mount.conf ... # This is the last line of the file and the only one that deals with volume. volume * smbfs SERVER & /home/RADADOSGROUP/& uid=&,gid=users,dmask=0700,fmask=600 - - ------- /etc/security/pam_mount.conf-- ------- /etc/pam.d/common-account account required pam_winbind.so ------- /etc/pam.d/common-account-- ------- /etc/pam.d/common-auth auth required pam_mount.so auth sufficient pam_unix.so use_first_pass nullok_secure auth required pam_group.so use_first_pass auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so ------- /etc/pam.d/common-auth-- ------- /etc/pam.d/common-session session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_unix.so session optional pam_foreground.so session optional pam_mount.so ------- /etc/pam.d/common-session-- ------- /etc/pam.d/common-pammount auth optional pam_mount.so use_first_pass session optional pam_mount.so use_first_pass ------- /etc/pam.d/common-pammount-- On Nov 11, 2007 5:13 PM, Andrew Anderson <[EMAIL PROTECTED]> wrote: > I am hoping somebody can help me out with this. > > I have recently begun working on a fedora 7 box to provide seamless > logins for the users on a windows Active Directory domain. > > I have gotten this 95% there. Users can login using their windows > credentials thanks to pam_mount, their home folders which are on the > windows file server are mounted as /home/%username%. > > The problem I'm having is that although pam_mount and samba seem to be > properly influenced by the directive 'winbind use default domain = > false' that I added to the /etc/pam.d/system-auth file, whatever manages > setting the home directory on login is still using the Domain\username > nomenclature. > > This is creating an error on login when the system (is it PAM that > handles this?) is trying to change the directory > to /home/Domain/username (which is actually mounting > as /home/username). > > Does anybody know what configuration I should be looking at for this? > > > Regards, > > Andrew. > > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying > -- You need music, music needs you; but the RIAA we'd all be better off without.
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
