Topic: Redhat 8.0 Client logons

[Adam Lark]

We need to log Redhat 8.0 clients (2.4.18-18.8.0) onto our SME 5.5 box (2.2.19-7.0..

I'm well versed in windows but I'm on a real steep learning curve when it comes to linux.

We would like to do it with SMB not NFS

So far with standard  Redhat 8.0  desktop build as long as the user is also a user on the Redhat 8.0 client machine & the passwords are the same as on SME server the SME box will give them a DHCP address, machine name, allow them access to there email and the proxy server for web access.

We need to know how to do the following;

How can we let the Redhat 8.0 client machines use the ibays as maped shared directories?

How can we make the Redhat 8.0 client machines get their user id's & passwords from the server so any user can walk up to any machine and logon?

If anyone has done this or can point me in the right direction I would be extreamly greatful.

Adam

[Jan]

I'm really interested what people come up with.

I tried Lisa part of KDE and also linneighbourhood (works kind of). But there must be a better way to do this. I have been looking on and off for the past year. Found that Lisa does a good job on the SME side but no dice on any of the shares of XP pro clients.

Maybe a solution for browsing XPclient shares will come along in this thread.

regards,

Jan

[robert Boardman]

I'm not exactly sure the correct procedue for enabling  linux boxes to  login to SMB domains
 But  know you need to have samba installed on the linux box and use the winbind application and mess abou with the pam Auth files
heer is a good tutorial for lycorrs which should be relivent for Redhat

http://www.isomedia.com/homes/kpuckett/Windows_Domain_Logins_from_DesktopLX.htm

Robb

[Graham]

I am interested too - we all know how to use M$ logons
and map network drives and share folders but what is the true Unix way ?

I am guessing you have to mount a NFS resource but what about users home file space and authorising them with the server.

Any pointers appreciated !

[Damien Curtain]

Graham wrote:
>
> I am interested too - we all know how to use M$ logons
> and map network drives and share folders but what is the true
> Unix way ?

nis + automount

> I am guessing you have to mount a NFS resource but what about
> users home file space and authorising them with the server.

you'll hear people go on and on about the inherent security flaws in nfs.....
--
 Damien

[daithik]

I had the same issues using both RedHat 8 & mandrake 9, but now have both authenticating to both SME 5.2 & 5.5.

First, I must say there is no issue with SME, it is the redhat & mandrake that have the problem...

During installation of both Mandrake9 & RedHat8 you can set the systems to use a NT Domain controller for authentication - fill in these required fields and finish installation.

When you have rebooted the freshly installed system and your Xserver starts, use Ctrl&Alt&F2 to jump to a new console & log in as root.
When there type: winbindd to make sure your winbimdd service is running, then wbinfo -t (this checkes the shared secret between server & cient) - on all installs I have done I get the error message stating the secret is bad!

To fix this use:
smbpasswd -j DOMAINNAME -U admin

DOMAINNAME = the windows workgroup set on the e-smith Workgroup page

You will then be asked for your e-sith admin password, enter this and press return.


Now repeat the: wbinfo -t - you should now recieve a message stating the secret is good.

Once this is done you can issue:
wbinfo -u - this will return a list of all e-smith users
wbinfo -a USERNAME%PASSWORD - this will check to see if the user can be authenticated. If all is ok use Ctrl&Alt&F7 to jump back to your login screen and off you go.

At this stage, on some installs I can see the authentication being done but as the login tries to create your new home directory I have had permission denied messages - as a workaround or this I usually create a directory under /home using the Worgroup name in caps - back to your shell as root and issue:

mkdir /home/WORKGROUPNAME
chmod 777 /home/WORKGRUPNAME

I know this is probably a securty risk but it works

Then try logging in again and your new home directory will be created as /home/WORKGROUPNAME/username

and all should be fine...

hope this helps, daithik

[Dean Mumby]

daithik

Thanks for the instructions

I have tried to follow your instructions on redhat 8.0 with all updates but only after the instalation has been in use for a few weeks.

I ran setup and setup the samba authentication . I had to edit /etc/nsswitch.conf as well as /etc/samba/smb.conf to reflect winbindd settings .

at this point I am able to authenticate from the command line

wbinfo -t   -  secret good
wbinfo -a  DOMAIN+USER%PASSWORD says authenticate fine

when I try logon using gnome  I just get gdm-binary authentication failed in the messages log

do you have any ideas

Regards
Dean

[Dean Mumby]

Hi

I hope you may be able to shed a little more light.

You said that during a fresh install of redhat 8.0 you could configure the samba authentication.
I did a personal desktop, workstation and full install today on the same machine (it was very time connsuming)
and I only got the samba authentication option on the full install.

I got the same "unable to check secret error " on all installs as apposed to your "bad password error".
With the full install I joined the domain but was unable to authenticate even after running setup setting the samba authentication and rebooting.

I have searched the net till im blue in the face and every bit of documentation says you need to edit /etc/nsswitch and /etc/samba/smb.conf as well as link some pam libaries.

Your instauctions made it sound so much easier that I was wondernig if you wouldnt mind a more detailed explanation of how you got this to work.

I am downloading mandrake 9.0 to see if perhaps your ease of setup was with mandrake rather than redhat.

I hope you dont mind me contacting you directly but I need to get this up and running a.s.a.p as my company is considering moving the workstations to linux.


Best Regards
Dan Mumby

[Adam Lark]

I'm so close but yet so very far away!

My e-smith server (5.5) name is Kylie (IP 192.168.0.101) & my workgroup name is LARK. I am trying to access ibays called it & kids & I want my e-smith box to do the authentication.

I can see the shares using:
[root@pc-00122 etc]# /usr/bin/smbclient -L 192.168.0.101

I can mount the shares to directories I have created under /mnt/
[root@pc-00122 etc]# mount /192.168.0.101/it /mnt/it

I can join the domain
[root@pc-00122 alark]# smbpasswd -j LARK -U admin
Password:
Joined domain LARK.

But non of the wbinfo stuff works

[root@pc-00122 alark]# wbinfo -t
Could not check secret
[root@pc-00122 alark]# wbinfo -u
Error looking up domain users
[root@pc-00122 alark]# wbinfo -g
Error looking up domain groups

and when I check the status of winbind I get

[root@pc-00122 init.d]# ./winbind status
winbindd dead but subsys locked

I have tried the sock standard smb.conf & nsswitch.conf file & I have tried editing them. The edited versions are listed bellow;

nsswitch.conf EDITED VERSION

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#   nisplus or nis+      Use NIS+ (NIS version 3)
#   nis or yp      Use NIS (NIS version 2), also called YP
#   dns         Use DNS (Domain Name Service)
#   files         Use the local files
#   db         Use the local database (.db) files
#   compat         Use NIS on compat mode
#   hesiod         Use Hesiod for user lookups
#   [NOTFOUND=return]   Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files
shadow:     files
group:      files

#hosts:     db files dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files    

bootparams: dns [NOTFOUND=return] files

ethers:     files dns
netmasks:   files dns
networks:   files dns
protocols:  files
rpc:        dns files
services:   files

netgroup:   files

publickey:  dns

automount:  files
aliases:    dns files

[Chris]

This I am very interested in. Been looking for a simple solution to connect linux to linux server, in a mixed environment, for a while.

Automount appears to work "most" of the time, so for average MS user it becomes very confusing when it fails.

I currently have a client about to finally implement a server, in a mixed desktop environment, and whilst I will be able to supply a stable and effective MS sharing/ auth enviroment, linux to linux appears less robust.

Are there simple way for a linux client to auth though a e-smith 5.5/ 5.6 box, using either RH7.3 RH8 (still suspect of stability of this platform) or Mandrake 9.0.?

Security is not a big issue, as we all know how secure \shares are, but is implementing Samba for Windows, and replicating this with NIS/NFS (customised install on the Mitel box) the best option?

As most people seem to have found it seems as if there are pieces of the jigsaw puzzle missing, as so much time has been spent getting it right for windows, and less for Linux desktops.

Any advice would be appreciated.

CB

[Brian Read]

I would use Samba.  I have done this sucessfully with Lindows and Lycoris (which both come with a "Windows friendly" samba already configured.

cheers

Brian