User Tools

Site Tools


ubuntu:desktop_ad_intergration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
ubuntu:desktop_ad_intergration [2013/12/11 12:23]
tschulz created
ubuntu:desktop_ad_intergration [2013/12/11 14:19] (current)
tschulz [Setup share mounting (Pam Mount)]
Line 17: Line 17:
 ===== Active Directory Authentication ===== ===== Active Directory Authentication =====
 We will be using Samba or more specifically winbind to authenticate/​lookup user via pam We will be using Samba or more specifically winbind to authenticate/​lookup user via pam
-First we need to make a /​etc/​samba/​smb/​conf+First we need to make a /​etc/​samba/​smb/​conf.  This is a example smb.conf be sure to change **workgroup** and **realm**
 <file config smb.conf>​ <file config smb.conf>​
 [global] ​                                                                                       ​ [global] ​                                                                                       ​
Line 74: Line 74:
  
 ===== Setup share mounting (Pam Mount) ===== ===== Setup share mounting (Pam Mount) =====
 +
 +Here is a complete pam_mount config the most important statements are these four lines that mount the various shares for each user<​file>​
 +<volume options="​uid=%(USER),​gid=100"​ user="​*"​ mountpoint="​~/​.mnt/​public"​ path="​public"​ server="​cfs.sebekaschools.net"​ fstype="​cifs"​ />
 +<volume options="​uid=%(USER),​gid=100"​ user="​*"​ mountpoint="​~/​.mnt/​wpkg"​ path="​wpkg"​ server="​cfs.sebekaschools.net"​ fstype="​cifs"​ />
 +<volume options="​uid=%(USER),​gid=100"​ user="​*"​ mountpoint="​~/​.mnt/​%(USER)-ffs"​ path="​User Data/​%(USER)"​ server="​ffs.sebekaschools.net"​ fstype="​cifs"​ />
 +<volume options="​uid=%(USER),​gid=100"​ user="​*"​ mountpoint="​~/​.mnt/​%(USER)-sfs"​ path="​User Data/​%(USER)"​ server="​sfs.sebekaschools.net"​ fstype="​cifs"​ />
 +</​file>​
 +<file xml /​etc/​security/​pam_mount.conf.xml>​
 +<?xml version="​1.0"​ encoding="​utf-8"​ ?>
 +<​!DOCTYPE pam_mount SYSTEM "​pam_mount.conf.xml.dtd">​
 +<!--
 + See pam_mount.conf(5) for a description.
 +-->
 +
 +<​pam_mount>​
 +
 + <!-- debug should come before everything else,
 + since this file is still processed in a single pass
 + from top-to-bottom -->
 +
 +<debug enable="​0"​ />
 +
 + <!-- Volume definitions -->
 +
 +
 + <!-- pam_mount parameters: General tunables -->
 +
 +<​!--<​luserconf name="​.pam_mount.conf.xml"​ /> -->
 +
 +<!-- Note that commenting out mntoptions will give you the defaults.
 +     You will need to explicitly initialize it with the empty string
 +     to reset the defaults to nothing. -->
 +<​mntoptions allow="​nosuid,​nodev,​loop,​encryption,​fsck,​nonempty,​allow_root,​allow_other,​uid,​gid,​*"​ />
 +<!--
 +<​mntoptions deny="​suid,​dev"​ />
 +<​mntoptions allow="​*"​ />
 +<​mntoptions deny="​*"​ />
 +-->
 +<​mntoptions require=""​ />
 +
 +<logout wait="​0"​ hup="​0"​ term="​0"​ kill="​0"​ />
 +
 +
 + <!-- pam_mount parameters: Volume-related -->
 +
 +<​mkmountpoint enable="​1"​ remove="​true"​ />
 +
 +<volume options="​uid=%(USER),​gid=100"​ user="​*"​ mountpoint="​~/​.mnt/​public"​ path="​public"​ server="​cfs.sebekaschools.net"​ fstype="​cifs"​ />
 +<volume options="​uid=%(USER),​gid=100"​ user="​*"​ mountpoint="​~/​.mnt/​wpkg"​ path="​wpkg"​ server="​cfs.sebekaschools.net"​ fstype="​cifs"​ />
 +<volume options="​uid=%(USER),​gid=100"​ user="​*"​ mountpoint="​~/​.mnt/​%(USER)-ffs"​ path="​User Data/​%(USER)"​ server="​ffs.sebekaschools.net"​ fstype="​cifs"​ />
 +<volume options="​uid=%(USER),​gid=100"​ user="​*"​ mountpoint="​~/​.mnt/​%(USER)-sfs"​ path="​User Data/​%(USER)"​ server="​sfs.sebekaschools.net"​ fstype="​cifs"​ />
 +
 +</​pam_mount>​
 +</​file>​
 ==== Link Home Dir Script ==== ==== Link Home Dir Script ====
 +This is a script that links a users network home directory to a bookmark and nautilus or nemo.  It is designed to be run at login. ​   ​
 +  * Save script to **/​scripts** and **chmod 755 /​scripts/​link_h.sh**
 +<file bash /​scripts/​link_h.sh>​
 +#!/bin/sh
  
 +#####################################################################​
 +#This is the script that updates file manager bookmarks for Unity
 +#place in /scripts
 +#####################################################################​
 +
 +linkstaff()
 +{ cd $HOME/.mnt
 + rm H\ Drive
 + ln -s ${LOGNAME}-ffs H\ Drive
 +}
 +
 +linkstudent()
 +{ cd $HOME/.mnt
 + rm H\ Drive
 + ln -s ${LOGNAME}-sfs H\ Drive
 +}
 +
 +addBookmark()
 +{ cd $HOME
 + if [ "`cat ${HOME}/​.gtk-bookmarks ​ | grep H%20Drive`"​ = ""​ ]
 + then
 + echo "​file://​${HOME}/​.mnt/​H%20Drive"​ >> ${HOME}/​.gtk-bookmarks
 + echo "Added bookmark H Drive"
 + else
 + echo "​bookmark already H Drive exists"​
 + fi
 +
 + if [ "`cat ${HOME}/​.gtk-bookmarks ​ | grep Documents`"​ = ""​ ]
 +        then
 +                echo "​file://​${HOME}/​Documents"​ >> ${HOME}/​.gtk-bookmarks
 +                echo "Added bookmark documents"​
 +        else
 +                echo "​bookmark already exists documents"​
 +        fi
 +
 + if [ "`cat ${HOME}/​.gtk-bookmarks ​ | grep Downloads`"​ = ""​ ]
 +        then
 +                echo "​file://​${HOME}/​Downloads"​ >> ${HOME}/​.gtk-bookmarks
 +                echo "Added bookmark Downloads"​
 +        else
 +                echo "​bookmark Downloads already exists"​
 +        fi
 +}
 +
 +
 +
 +if [ "`id | grep student`"​ = ""​ ]
 +then
 + echo "​staff"​
 + linkstaff
 +else
 + echo "​student"​
 + linkstudent
 +fi
 +addBookmark
 +</​file>​
  
 ===== Automatic Home Directory creation and skeleton Directory setup  ===== ===== Automatic Home Directory creation and skeleton Directory setup  =====
 +This is a full common-session pam file the only change is this line <​file>​
 +session required pam_mkhomedir.so skel=/​etc/​skel/​ umask=0077</​file>​
 +Notice that we are using /etc/skel for a skeleton dir.
 +<file pam /​etc/​pam.d/​common-session>​
 +#
 +# /​etc/​pam.d/​common-session - session-related modules common to all services
 +#
 +# This file is included from other service-specific PAM config files,
 +# and should contain a list of modules that define tasks to be performed
 +# at the start and end of sessions of *any* kind (both interactive and
 +# non-interactive).
 +#
 +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
 +# To take advantage of this, it is recommended that you configure any
 +# local modules either before or after the default block, and use
 +# pam-auth-update to manage selection of other modules. ​ See
 +# pam-auth-update(8) for details.
  
-===== Configure Lightdm for Network logins =====+# here are the per-package modules (the "​Primary"​ block) 
 +session [default=1] pam_permit.so 
 +# here's the fallback if no module succeeds 
 +session requisite pam_deny.so 
 +# prime the stack with a positive return value if there isn't one already; 
 +# this avoids us returning an error just because nothing sets a success code 
 +# since the modules above will each just jump around 
 +session required pam_permit.so 
 +session required pam_mkhomedir.so skel=/etc/skel/ umask=0077 
 +# The pam_umask module will set the umask according to the system default in 
 +# /​etc/​login.defs and user settings, solving the problem of different 
 +# umask settings with different shells, display managers, remote sessions etc. 
 +# See "man pam_umask"​. 
 +session optional pam_umask.so 
 +# and here are more per-package modules (the "​Additional"​ block) 
 +session required pam_unix.so  
 +session optional pam_winbind.so  
 +session optional pam_mount.so  
 +session optional pam_ck_connector.so nox11 
 +# end of pam-auth-update config 
 +</​file>​
  
 +Dowload {{:​ubuntu:​skel.tar|}} and extract it to /etc/skel e.g.
 +<​file>​
 +wget http://​wiki.sebeka.k12.mn.us/​_media/​ubuntu:​skel.tar ​
 +tar xvf skel.tar -C /etc/skel
 +</​file>​
 +===== Configure Lightdm for Network logins =====
 +This is a full lightdm.conf. ​ I made two changes.  ​
 +  - I changed **user-session to ubuntu-2d** because it's a lot nicer on older hardware.  ​
 +  - I added **greeter-show-manual-login=true** to allow login of network users. ​
 +<file config /​etc/​lightdm/​lightdm.conf>​
 +[SeatDefaults]
 +greeter-session=unity-greeter
 +user-session=ubuntu-2d
 +greeter-show-manual-login=true
 +greeter-hide-users=true
 +</​file>​
ubuntu/desktop_ad_intergration.1386786196.txt.gz · Last modified: 2013/12/11 12:23 by tschulz