This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
ubuntu:desktop_ad_intergration [2013/12/11 12:23] tschulz created |
ubuntu:desktop_ad_intergration [2013/12/11 14:19] tschulz [Setup share mounting (Pam Mount)] |
||
---|---|---|---|
Line 17: | Line 17: | ||
===== Active Directory Authentication ===== | ===== Active Directory Authentication ===== | ||
We will be using Samba or more specifically winbind to authenticate/lookup user via pam | We will be using Samba or more specifically winbind to authenticate/lookup user via pam | ||
- | First we need to make a /etc/samba/smb/conf | + | First we need to make a /etc/samba/smb/conf. This is a example smb.conf be sure to change **workgroup** and **realm** |
<file config smb.conf> | <file config smb.conf> | ||
[global] | [global] | ||
Line 74: | Line 74: | ||
===== Setup share mounting (Pam Mount) ===== | ===== Setup share mounting (Pam Mount) ===== | ||
+ | |||
+ | Here is a complete pam_mount config the most important statements are these four lines that mount the various shares for each user<file> | ||
+ | <volume options="uid=%(USER),gid=100" user="*" mountpoint="~/.mnt/public" path="public" server="cfs.sebekaschools.net" fstype="cifs" /> | ||
+ | <volume options="uid=%(USER),gid=100" user="*" mountpoint="~/.mnt/wpkg" path="wpkg" server="cfs.sebekaschools.net" fstype="cifs" /> | ||
+ | <volume options="uid=%(USER),gid=100" user="*" mountpoint="~/.mnt/%(USER)-ffs" path="User Data/%(USER)" server="ffs.sebekaschools.net" fstype="cifs" /> | ||
+ | <volume options="uid=%(USER),gid=100" user="*" mountpoint="~/.mnt/%(USER)-sfs" path="User Data/%(USER)" server="sfs.sebekaschools.net" fstype="cifs" /> | ||
+ | </file> | ||
+ | <file xml /etc/security/pam_mount.conf.xml> | ||
+ | <?xml version="1.0" encoding="utf-8" ?> | ||
+ | <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"> | ||
+ | <!-- | ||
+ | See pam_mount.conf(5) for a description. | ||
+ | --> | ||
+ | |||
+ | <pam_mount> | ||
+ | |||
+ | <!-- debug should come before everything else, | ||
+ | since this file is still processed in a single pass | ||
+ | from top-to-bottom --> | ||
+ | |||
+ | <debug enable="0" /> | ||
+ | |||
+ | <!-- Volume definitions --> | ||
+ | |||
+ | |||
+ | <!-- pam_mount parameters: General tunables --> | ||
+ | |||
+ | <!--<luserconf name=".pam_mount.conf.xml" /> --> | ||
+ | |||
+ | <!-- Note that commenting out mntoptions will give you the defaults. | ||
+ | You will need to explicitly initialize it with the empty string | ||
+ | to reset the defaults to nothing. --> | ||
+ | <mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other,uid,gid,*" /> | ||
+ | <!-- | ||
+ | <mntoptions deny="suid,dev" /> | ||
+ | <mntoptions allow="*" /> | ||
+ | <mntoptions deny="*" /> | ||
+ | --> | ||
+ | <mntoptions require="" /> | ||
+ | |||
+ | <logout wait="0" hup="0" term="0" kill="0" /> | ||
+ | |||
+ | |||
+ | <!-- pam_mount parameters: Volume-related --> | ||
+ | |||
+ | <mkmountpoint enable="1" remove="true" /> | ||
+ | |||
+ | <volume options="uid=%(USER),gid=100" user="*" mountpoint="~/.mnt/public" path="public" server="cfs.sebekaschools.net" fstype="cifs" /> | ||
+ | <volume options="uid=%(USER),gid=100" user="*" mountpoint="~/.mnt/wpkg" path="wpkg" server="cfs.sebekaschools.net" fstype="cifs" /> | ||
+ | <volume options="uid=%(USER),gid=100" user="*" mountpoint="~/.mnt/%(USER)-ffs" path="User Data/%(USER)" server="ffs.sebekaschools.net" fstype="cifs" /> | ||
+ | <volume options="uid=%(USER),gid=100" user="*" mountpoint="~/.mnt/%(USER)-sfs" path="User Data/%(USER)" server="sfs.sebekaschools.net" fstype="cifs" /> | ||
+ | |||
+ | </pam_mount> | ||
+ | </file> | ||
==== Link Home Dir Script ==== | ==== Link Home Dir Script ==== | ||
+ | This is a script that links a users network home directory to a bookmark and nautilus or nemo. It is designed to be run at login. | ||
+ | * Save script to **/scripts** and **chmod 755 /scripts/link_h.sh** | ||
+ | <file bash /scripts/link_h.sh> | ||
+ | #!/bin/sh | ||
+ | ##################################################################### | ||
+ | #This is the script that updates file manager bookmarks for Unity | ||
+ | #place in /scripts | ||
+ | ##################################################################### | ||
+ | |||
+ | linkstaff() | ||
+ | { cd $HOME/.mnt | ||
+ | rm H\ Drive | ||
+ | ln -s ${LOGNAME}-ffs H\ Drive | ||
+ | } | ||
+ | |||
+ | linkstudent() | ||
+ | { cd $HOME/.mnt | ||
+ | rm H\ Drive | ||
+ | ln -s ${LOGNAME}-sfs H\ Drive | ||
+ | } | ||
+ | |||
+ | addBookmark() | ||
+ | { cd $HOME | ||
+ | if [ "`cat ${HOME}/.gtk-bookmarks | grep H%20Drive`" = "" ] | ||
+ | then | ||
+ | echo "file://${HOME}/.mnt/H%20Drive" >> ${HOME}/.gtk-bookmarks | ||
+ | echo "Added bookmark H Drive" | ||
+ | else | ||
+ | echo "bookmark already H Drive exists" | ||
+ | fi | ||
+ | |||
+ | if [ "`cat ${HOME}/.gtk-bookmarks | grep Documents`" = "" ] | ||
+ | then | ||
+ | echo "file://${HOME}/Documents" >> ${HOME}/.gtk-bookmarks | ||
+ | echo "Added bookmark documents" | ||
+ | else | ||
+ | echo "bookmark already exists documents" | ||
+ | fi | ||
+ | |||
+ | if [ "`cat ${HOME}/.gtk-bookmarks | grep Downloads`" = "" ] | ||
+ | then | ||
+ | echo "file://${HOME}/Downloads" >> ${HOME}/.gtk-bookmarks | ||
+ | echo "Added bookmark Downloads" | ||
+ | else | ||
+ | echo "bookmark Downloads already exists" | ||
+ | fi | ||
+ | } | ||
+ | |||
+ | |||
+ | |||
+ | if [ "`id | grep student`" = "" ] | ||
+ | then | ||
+ | echo "staff" | ||
+ | linkstaff | ||
+ | else | ||
+ | echo "student" | ||
+ | linkstudent | ||
+ | fi | ||
+ | addBookmark | ||
+ | </file> | ||
===== Automatic Home Directory creation and skeleton Directory setup ===== | ===== Automatic Home Directory creation and skeleton Directory setup ===== | ||
+ | This is a full common-session pam file the only change is this line <file> | ||
+ | session required pam_mkhomedir.so skel=/etc/skel/ umask=0077</file> | ||
+ | Notice that we are using /etc/skel for a skeleton dir. | ||
+ | <file pam /etc/pam.d/common-session> | ||
+ | # | ||
+ | # /etc/pam.d/common-session - session-related modules common to all services | ||
+ | # | ||
+ | # This file is included from other service-specific PAM config files, | ||
+ | # and should contain a list of modules that define tasks to be performed | ||
+ | # at the start and end of sessions of *any* kind (both interactive and | ||
+ | # non-interactive). | ||
+ | # | ||
+ | # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. | ||
+ | # To take advantage of this, it is recommended that you configure any | ||
+ | # local modules either before or after the default block, and use | ||
+ | # pam-auth-update to manage selection of other modules. See | ||
+ | # pam-auth-update(8) for details. | ||
- | ===== Configure Lightdm for Network logins ===== | + | # here are the per-package modules (the "Primary" block) |
+ | session [default=1] pam_permit.so | ||
+ | # here's the fallback if no module succeeds | ||
+ | session requisite pam_deny.so | ||
+ | # prime the stack with a positive return value if there isn't one already; | ||
+ | # this avoids us returning an error just because nothing sets a success code | ||
+ | # since the modules above will each just jump around | ||
+ | session required pam_permit.so | ||
+ | session required pam_mkhomedir.so skel=/etc/skel/ umask=0077 | ||
+ | # The pam_umask module will set the umask according to the system default in | ||
+ | # /etc/login.defs and user settings, solving the problem of different | ||
+ | # umask settings with different shells, display managers, remote sessions etc. | ||
+ | # See "man pam_umask". | ||
+ | session optional pam_umask.so | ||
+ | # and here are more per-package modules (the "Additional" block) | ||
+ | session required pam_unix.so | ||
+ | session optional pam_winbind.so | ||
+ | session optional pam_mount.so | ||
+ | session optional pam_ck_connector.so nox11 | ||
+ | # end of pam-auth-update config | ||
+ | </file> | ||
+ | Dowload {{:ubuntu:skel.tar|}} and extract it to /etc/skel e.g. | ||
+ | <file> | ||
+ | wget http://wiki.sebeka.k12.mn.us/_media/ubuntu:skel.tar | ||
+ | tar xvf skel.tar -C /etc/skel | ||
+ | </file> | ||
+ | ===== Configure Lightdm for Network logins ===== | ||
+ | This is a full lightdm.conf. I made two changes. | ||
+ | - I changed **user-session to ubuntu-2d** because it's a lot nicer on older hardware. | ||
+ | - I added **greeter-show-manual-login=true** to allow login of network users. | ||
+ | <file config /etc/lightdm/lightdm.conf> | ||
+ | [SeatDefaults] | ||
+ | greeter-session=unity-greeter | ||
+ | user-session=ubuntu-2d | ||
+ | greeter-show-manual-login=true | ||
+ | greeter-hide-users=true | ||
+ | </file> |