This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
ubuntu:desktop_ad_intergration [2013/12/11 12:37] tschulz [Link Home Dir Script] |
ubuntu:desktop_ad_intergration [2013/12/11 14:15] tschulz [Link Home Dir Script] |
||
---|---|---|---|
Line 17: | Line 17: | ||
===== Active Directory Authentication ===== | ===== Active Directory Authentication ===== | ||
We will be using Samba or more specifically winbind to authenticate/lookup user via pam | We will be using Samba or more specifically winbind to authenticate/lookup user via pam | ||
- | First we need to make a /etc/samba/smb/conf | + | First we need to make a /etc/samba/smb/conf. This is a example smb.conf be sure to change **workgroup** and **realm** |
<file config smb.conf> | <file config smb.conf> | ||
[global] | [global] | ||
Line 75: | Line 75: | ||
===== Setup share mounting (Pam Mount) ===== | ===== Setup share mounting (Pam Mount) ===== | ||
- | Here is a complete pam_mount config the most important statements are the four volume line that mount the various shares for each user | + | Here is a complete pam_mount config the most important statements are these four lines that mount the various shares for each user<file> |
+ | <volume options="uid=%(USER),gid=100" user="*" mountpoint="~/.mnt/public" path="public" server="cfs.sebekaschools.net" fstype="cifs" /> | ||
+ | <volume options="uid=%(USER),gid=100" user="*" mountpoint="~/.mnt/wpkg" path="wpkg" server="cfs.sebekaschools.net" fstype="cifs" /> | ||
+ | <volume options="uid=%(USER),gid=100" user="*" mountpoint="~/.mnt/%(USER)-ffs" path="User Data/%(USER)" server="ffs.sebekaschools.net" fstype="cifs" /> | ||
+ | <volume options="uid=%(USER),gid=100" user="*" mountpoint="~/.mnt/%(USER)-sfs" path="User Data/%(USER)" server="sfs.sebekaschools.net" fstype="cifs" /> | ||
+ | </file> | ||
<file xml /etc/security/pam_mount.conf.xml> | <file xml /etc/security/pam_mount.conf.xml> | ||
<?xml version="1.0" encoding="utf-8" ?> | <?xml version="1.0" encoding="utf-8" ?> | ||
Line 124: | Line 129: | ||
</file> | </file> | ||
==== Link Home Dir Script ==== | ==== Link Home Dir Script ==== | ||
- | This is a script that links a users network home directory to a bookmark and nautilus or nemo. It is designed to be run at login | + | This is a script that links a users network home directory to a bookmark and nautilus or nemo. It is designed to be run at login. * |
+ | Save script to **/scripts** and **chmod 755 /scripts/link_h.sh** | ||
<file bash /scripts/link_h.sh> | <file bash /scripts/link_h.sh> | ||
#!/bin/sh | #!/bin/sh | ||
Line 186: | Line 192: | ||
===== Automatic Home Directory creation and skeleton Directory setup ===== | ===== Automatic Home Directory creation and skeleton Directory setup ===== | ||
+ | This is a full common-session pam file the only change is this line <file> | ||
+ | session required pam_mkhomedir.so skel=/etc/skel/ umask=0077</file> | ||
+ | Notice that we are using /etc/skel for a skeleton dir. | ||
+ | <file pam /etc/pam.d/common-session> | ||
+ | # | ||
+ | # /etc/pam.d/common-session - session-related modules common to all services | ||
+ | # | ||
+ | # This file is included from other service-specific PAM config files, | ||
+ | # and should contain a list of modules that define tasks to be performed | ||
+ | # at the start and end of sessions of *any* kind (both interactive and | ||
+ | # non-interactive). | ||
+ | # | ||
+ | # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. | ||
+ | # To take advantage of this, it is recommended that you configure any | ||
+ | # local modules either before or after the default block, and use | ||
+ | # pam-auth-update to manage selection of other modules. See | ||
+ | # pam-auth-update(8) for details. | ||
+ | # here are the per-package modules (the "Primary" block) | ||
+ | session [default=1] pam_permit.so | ||
+ | # here's the fallback if no module succeeds | ||
+ | session requisite pam_deny.so | ||
+ | # prime the stack with a positive return value if there isn't one already; | ||
+ | # this avoids us returning an error just because nothing sets a success code | ||
+ | # since the modules above will each just jump around | ||
+ | session required pam_permit.so | ||
+ | session required pam_mkhomedir.so skel=/etc/skel/ umask=0077 | ||
+ | # The pam_umask module will set the umask according to the system default in | ||
+ | # /etc/login.defs and user settings, solving the problem of different | ||
+ | # umask settings with different shells, display managers, remote sessions etc. | ||
+ | # See "man pam_umask". | ||
+ | session optional pam_umask.so | ||
+ | # and here are more per-package modules (the "Additional" block) | ||
+ | session required pam_unix.so | ||
+ | session optional pam_winbind.so | ||
+ | session optional pam_mount.so | ||
+ | session optional pam_ck_connector.so nox11 | ||
+ | # end of pam-auth-update config | ||
+ | </file> | ||
+ | |||
+ | Dowload {{:ubuntu:skel.tar|}} and extract it to /etc/skel e.g. | ||
+ | <file> | ||
+ | wget http://wiki.sebeka.k12.mn.us/_media/ubuntu:skel.tar | ||
+ | tar xvf skel.tar -C /etc/skel | ||
+ | </file> | ||
===== Configure Lightdm for Network logins ===== | ===== Configure Lightdm for Network logins ===== | ||
+ | This is a full lightdm.conf. I made two changes. | ||
+ | - I changed **user-session to ubuntu-2d** because it's a lot nicer on older hardware. | ||
+ | - I added **greeter-show-manual-login=true** to allow login of network users. | ||
+ | <file config /etc/lightdm/lightdm.conf> | ||
+ | [SeatDefaults] | ||
+ | greeter-session=unity-greeter | ||
+ | user-session=ubuntu-2d | ||
+ | greeter-show-manual-login=true | ||
+ | greeter-hide-users=true | ||
+ | </file> |