Line 1: |
Line 1: |
| + | == Hostname == |
| + | |
| + | Put the machines hostname in /etc/hostname |
| + | |
| + | '''thing2''' |
| + | |
| + | And set the fqdn in /etc/hosts |
| + | |
| + | 127.0.0.1 '''thing2'''.ad.pumpingstationone.org localhost '''thing2''' |
| + | |
| | | |
| == Installation == | | == Installation == |
| + | |
| + | |
| + | === Arch Linux === |
| | | |
| sudo pacman -S krb5 samba | | sudo pacman -S krb5 samba |
| + | |
| + | === Debian === |
| + | |
| + | sudo apt-get install krb5-user libnss-winbind libpam-winbind ntp samba winbind |
| + | |
| + | === Ubuntu === |
| + | |
| + | sudo apt-get install krb5-user ntp samba winbind |
| + | |
| + | * Default Kerberos version 5 realm: AD.PUMPINGSTATIONONE.ORG |
| | | |
| == /etc/nsswitch.conf == | | == /etc/nsswitch.conf == |
Line 24: |
Line 47: |
| | | |
| == /etc/samba/smb.conf == | | == /etc/samba/smb.conf == |
| + | |
| + | If there is an existing smb.conf file, move it: |
| + | |
| + | sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.default |
| + | |
| [global] | | [global] |
| workgroup = PS1 | | workgroup = PS1 |
Line 39: |
Line 67: |
| idmap config *:range = 70001-80000 | | idmap config *:range = 70001-80000 |
| idmap config *:backend = tdb | | idmap config *:backend = tdb |
− | template shell = /bin/bash
| + | template shell = /bin/bash |
| + | |
| + | == Join the domain == |
| + | Use your account, you must be in the Domain Admins group. If you are adding a machine and are not in the Domain Admins group, Join the [[Systems Group]] and ask. |
| + | |
| + | sudo net ads join -U '''administrator'''@AD.PUMPINGSTATIONONE.ORG |
| + | |
| + | == /etc/pam.d/system-auth == |
| + | |
| + | === Ubuntu === |
| + | |
| + | Ubuntu sets up pam_winbind.so automatically. |
| + | |
| + | === Arch === |
| + | |
| + | In Arch, make the following changes to system-auth |
| + | |
| + | %PAM-1.0 |
| + | |
| + | auth required pam_env.so |
| + | auth sufficient pam_unix.so try_first_pass nullok |
| + | auth required pam_winbind.so use_first_pass use_authtok |
| + | auth optional pam_permit.so |
| + | |
| + | account sufficient pam_unix.so |
| + | account sufficient pam_winbind.so use_first_pass use_authtok |
| + | account optional pam_permit.so |
| + | account required pam_time.so |
| + | |
| + | password sufficient pam_unix.so try_first_pass nullok sha512 shadow |
| + | password sufficient pam_winbind.so use_first_pass use_authtok |
| + | password optional pam_permit.so |
| + | |
| + | session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 |
| + | session required pam_limits.so |
| + | session required pam_env.so |
| + | session sufficient pam_unix.so |
| + | session sufficient pam_winbind.so use_first_pass use_authtok |
| + | session optional pam_permit.so |
| + | |
| + | == /etc/sudoers.d/domain_admins == |
| + | |
| + | %domain\ admins ALL=(ALL:ALL) ALL |
| + | %PS1\\domain\ admins ALL=(ALL:ALL) ALL |
| + | |
| + | |
| + | Then make sure the file has proper permissions: |
| + | |
| + | sudo chmod 0440 /etc/sudoers.d/domain_admins |
| + | |
| + | == pam_mkhomdir.so == |
| + | |
| + | pam_mkhomdir is responsible for creating the home directory of users that don't have one. Without it you get the following message. |
| + | |
| + | Could not chdir to home directory /home/PS1/username: No such file or directory |
| + | |
| + | === ubuntu === |
| + | |
| + | Create a file called /usr/share/pam-configs/my_mkhomedir: |
| + | |
| + | Name: activate mkhomedir |
| + | Default: yes |
| + | Priority: 900 |
| + | Session-Type: Additional |
| + | Session: |
| + | required pam_mkhomedir.so umask=0022 skel=/etc/skel |
| + | |
| + | and then run: |
| + | sudo pam-auth-update |
| + | |
| + | |
| + | == /etc/lightdm/lightdm.conf == |
| + | |
| + | Ubuntu Only, enable showing the other ''user'' login. |
| + | |
| + | [SeatDefaults] |
| + | user-session=ubuntu |
| + | greeter-session=unity-greeter |
| + | autologin-user=ps1member |
| + | '''greeter-show-manual-login=true''' |