3,430
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: + + + + + + + + + + + + + + + + + + + + + + + Line 24:
Line 47: + + + + + Line 40:
Line 68: + + + + + + + + + + + + − #%PAM-1.0 + − '''auth sufficient pam_winbind.so''' + − + − '''account sufficient pam_winbind.so''' + − + − + + − '''session required pam_mkhomdir.so''' + − '''session required pam_winbind.so''' − + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
→Installation
== Hostname ==
Put the machines hostname in /etc/hostname
'''thing2'''
And set the fqdn in /etc/hosts
127.0.0.1 '''thing2'''.ad.pumpingstationone.org localhost '''thing2'''
== Installation ==
== Installation ==
=== Arch Linux ===
sudo pacman -S krb5 samba
sudo pacman -S krb5 samba
=== Debian ===
sudo apt-get install krb5-user libnss-winbind libpam-winbind ntp samba winbind
=== Ubuntu ===
sudo apt-get install krb5-user ntp samba winbind
* Default Kerberos version 5 realm: AD.PUMPINGSTATIONONE.ORG
== /etc/nsswitch.conf ==
== /etc/nsswitch.conf ==
== /etc/samba/smb.conf ==
== /etc/samba/smb.conf ==
If there is an existing smb.conf file, move it:
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.default
[global]
[global]
workgroup = PS1
workgroup = PS1
idmap config *:backend = tdb
idmap config *:backend = tdb
template shell = /bin/bash
template shell = /bin/bash
== Join the domain ==
Use your account, you must be in the Domain Admins group. If you are adding a machine and are not in the Domain Admins group, Join the [[Systems Group]] and ask.
sudo net ads join -U '''administrator'''@AD.PUMPINGSTATIONONE.ORG
== /etc/pam.d/system-auth ==
== /etc/pam.d/system-auth ==
=== Ubuntu ===
Ubuntu sets up pam_winbind.so automatically.
=== Arch ===
In Arch, make the following changes to system-auth
In Arch, make the following changes to system-auth
%PAM-1.0
auth required pam_env.so
auth required pam_env.so
auth sufficient pam_unix.so try_first_pass nullok
auth required pam_unix.so try_first_pass nullok
auth required pam_winbind.so use_first_pass use_authtok
auth optional pam_permit.so
auth optional pam_permit.so
account sufficient pam_unix.so
account required pam_unix.so
account sufficient pam_winbind.so use_first_pass use_authtok
account optional pam_permit.so
account optional pam_permit.so
account required pam_time.so
account required pam_time.so
password required pam_unix.so try_first_pass nullok sha512 shadow
password sufficient pam_unix.so try_first_pass nullok sha512 shadow
password sufficient pam_winbind.so use_first_pass use_authtok
password optional pam_permit.so
password optional pam_permit.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_limits.so
session required pam_limits.so
session required pam_env.so
session required pam_env.so
session required pam_unix.so
session sufficient pam_unix.so
session sufficient pam_winbind.so use_first_pass use_authtok
session optional pam_permit.so
session optional pam_permit.so
== /etc/sudoers.d/domain_admins ==
%domain\ admins ALL=(ALL:ALL) ALL
%PS1\\domain\ admins ALL=(ALL:ALL) ALL
Then make sure the file has proper permissions:
sudo chmod 0440 /etc/sudoers.d/domain_admins
== pam_mkhomdir.so ==
pam_mkhomdir is responsible for creating the home directory of users that don't have one. Without it you get the following message.
Could not chdir to home directory /home/PS1/username: No such file or directory
=== ubuntu ===
Create a file called /usr/share/pam-configs/my_mkhomedir:
Name: activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session:
required pam_mkhomedir.so umask=0022 skel=/etc/skel
and then run:
sudo pam-auth-update
== /etc/lightdm/lightdm.conf ==
Ubuntu Only, enable showing the other ''user'' login.
[SeatDefaults]
user-session=ubuntu
greeter-session=unity-greeter
autologin-user=ps1member
'''greeter-show-manual-login=true'''