UbuntuHelp:UbuntuLTSP/ActiveDirectoryIntegration
来自Ubuntu中文
点击翻译: |
English |
请不要直接编辑翻译本页,本页将定期与来源同步。 |
This page is specific to Ubuntu versions 9.04 |
If you find this information applicable to additional versions/releases, please edit this page and modify this header to reflect that. Please also include any necessary modifications for this information to apply to the additional versions.
Introduction
The following are steps for integrating an LTSPv5 server into an Active Directory environment. These steps were taken on Ubuntu 9.04 (Jaunty).
Authentication
Active Directory authentication has been made quite easy through the use of a package called "likewise-open". You can do the integration using command line tools or the GUI. The following describes the GUI method: 1. Install the "likewise-open-gui" package. 2. Check that DNS resolves the Active Directory server by hostname. One way to do this is open a terminal window and "ping <hostname>". If the server's hostname cannot be resolved, we need to fix this before going on. In my case, I discovered that there was a problem with the "hosts" line in /etc/nsswitch.conf. So, I needed to edit this file such that the hosts line read:
hosts: files dns
3. Under System > Administration > Active Directory Membership, enter Windows domain name and administrative user and password 4. You should join the domain successfully. 5. At this point, you are configured in such a way that you can login using <domain>\<username> as the Username. I highly encourage you to set likewise to use the domain as the default domain, such that you simply login with <username>. Do this by editing /etc/samba/lwiauthd.conf and adding a line to the end:
winbind use default domain = yes
6. Reboot the server before continuing.
Now that you can authenticate into the Active Directory server, you may also want to automatically "redirect a folder", or as we say in the Linux world, "mount a cifs volume". I did this using "pam_mount" like this: 1. Install the "libpam-mount" package. 2. Install the "smbfs" package. 3. Edit the pam_mount configuration file: /etc/security/pam_mount.conf.xml
Here is an example of a volume entry:
<volume sgrp="VHS\teacher^group" options="username=%(USER),user=%(USER),domain=VHS" fstype="cifs" server="172.16.12.125" path="teachers/%(DOMAIN_USER)" mountpoint="/home/VHS/%(DOMAIN_USER)/Documents" />
This basically says "If the users is in the "VHS\teacher^group" group, then mount their shared folder on the Documents folder in their home directory." You will need to adjust the rules for your environment. 4. Edit /etc/ssh/sshd_config:
ChallengeResponseAuthentication no PasswordAuthentication yes # The following speeds up login GSSAPIAuthentication no
5. Restart ssh:
sudo /etc/init.d/ssh restart