Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / Re: Connecting Ubuntu 14.04.x to a Zentyal 4.0 Domain
« on: February 01, 2015, 04:50:30 am »
How is your domain set up if I may ask? Sounds like whatever name you put in for the domain may have sent you down a different configuration path. I could be wrong though. I would appreciate more information about your setup and configuration so that I may be able to help you.
2
Installation and Upgrades / Re: Ubuntu Desktop client with Zentyal 4.0
« on: December 28, 2014, 02:44:41 am »
I figured out the problem that I was having and everything works perfectly down. I documented the steps that I took.
https://forum.zentyal.org/index.php/topic,24191.msg92649.html#msg92649
Hopefully it can help someone else out.
https://forum.zentyal.org/index.php/topic,24191.msg92649.html#msg92649
Hopefully it can help someone else out.
3
Installation and Upgrades / Connecting Ubuntu 14.04.x (16.04.x) to a Zentyal 4.x (5.x) Domain
« on: December 28, 2014, 02:42:06 am »
A proper guide for connecting Ubuntu 14.04.x to a Zentyal 4.0 domain using 'winbind' seems to be lacking out there in the world so I shall share the knowledge, of hours (days) of troubleshooting, that I use in getting my Ubuntu 14.04.x workstation or server to work in perfect harmony with Zentyal 4.0. This also allows, in certain cases, the users home on the server to be mounted on the client.
Some pre-requisites:
Assumptions for this example:
Step 1
Configure your nsswitch.conf file.
root@ubuntu:~# vim /etc/nsswitch.conf
# line 11 as follows
hosts: files dns
root@ubuntu:~# apt-get install winbind libpam-winbind libnss-winbind krb5-config
# specify Realm
+------------------+ Configuring Kerberos Authentication +------------------+
| When users attempt to use Kerberos and specify a principal or user name |
| without specifying what administrative Kerberos realm that principal |
| belongs to, the system appends the default realm. The default realm may |
| also be used as the realm of a Kerberos service running on the local |
| machine. Often, the default realm is the uppercase version of the local |
| DNS domain. |
| |
| Default Kerberos version 5 realm: |
| |
| WHATEVERDOMAIN.LOCAL_____________________________________________________ |
| |
| <Ok> |
| |
+---------------------------------------------------------------------------+
# specify the hostname of AD DS
+--------------+ Configuring Kerberos Authentication +---------------+
| Enter the hostnames of Kerberos servers in the WHATEVERDOMAIN.LOCAL|
| Kerberos realm separated by spaces. |
| |
| Kerberos servers for your realm: |
| |
| zentyal.whateverdomain.local______________________________________ |
| |
| <Ok> |
| |
+--------------------------------------------------------------------+
# specify the hostname of AD DS
+------------------+ Configuring Kerberos Authentication +------------------+
| Enter the hostname of the administrative (password changing) server for |
| the FD3S.SERVER.WORLD Kerberos realm. |
| |
| Administrative server for your Kerberos realm: |
| |
| zentyal.whateverdomain.local_____________________________________________ |
| |
| <Ok> |
| |
+---------------------------------------------------------------------------+
Step 2b
Sometimes, you may not get the steps for adding the kerberos server and administrative server.
To do so, run the following command.
oot@ubuntu:~# dpkg-reconfigure krb5-config
Step 3
Configure smb.conf and nsswitch.conf file again.
root@ubuntu:~# vim /etc/samba/smb.conf
# line 29: change workgroup name to the one for AD DS and add lines like follows
workgroup = WHATEVERDOMAIN
password server = zentyal.whateverdomain.local
realm = WHATEVERDOMAIN.LOCAL
security = ads
idmap config * : range = 16777216-33554431
template homedir = /h/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = true
root@ubuntu:~# vim /etc/nsswitch.conf
# line 7: add like follows
passwd: compat winbind
group: compat winbind
shadow: compat winbind
Step 4a
Follow this step if you are configuring this on a desktop or server.
Note that the directory for the users home does not need to be /h. It can be whatever necessary but it has to be the same as the 'template homedir' in step 3.
root@ubuntu:~# mkdir /h
root@ubuntu:~# apt-get install cifs-utils smbclient libpam-mount
root@ubuntu:~# vim /etc/security/pam_mount.conf.xml
# line 17: add the following in the volume definitions
<volume user="*" fstype="cifs" server="zentyal" path="%(USER)" mountpoint="/s/%(USER)" options="workgroup=whateverdomain,uid=%(USER),dir_mode=0700,sec=ntlm,nosuid,nodev" />
Step 4b
Follow this step if you are configuring this on a laptop.
Note that the directory for the users home does not need to be /h. It can be whatever necessary but it has to be the same as the 'template homedir' in step 3.
root@ubuntu:~# mkdir /h
root@ubuntu:~# vim /etc/pam.d/common-session
# add at the last line if you need ( auto create a home directory when initial login )
session optional pam_mkhomedir.so skel=/etc/skel umask=077
Step 5
Finally joining the client to the server.
# join AD Domain ( net ads join -U [administrative user on AD])
root@ubuntu:~# net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- WHATEVERDOMAIN
Joined 'UBUNTU' to dns domain 'whateverdomain.local'
No DNS domain configured for client. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER
Do not worry about that DNS fail if you get it.
Step 6
Restart the client that you have just joined to the Zentyal domain and attempt to log in using a domain using.
You can also test to see if everything has worked properly with the following commands to see if they return the correct information.
root@ubuntu:~# wbinfo -u
root@ubuntu:~# wbinfo -g
Much of this follows the steps from http://www.server-world.info/en/note?os=Ubuntu_14.04&p=samba&f=3.
If you have found any errors, feel free to message. Hope this helps someone out there!
To note, this actually works well in certain Windows Domain Active Directory setups too.
Some pre-requisites:
- Properly configured Zentyal 4.0 server to support Domain logons.
- Properly configure and working DNS system with both the server and client(s) having a FQDN.
- A general desire to do this without using likewise, powerbroker, centrify, or something similar.
Assumptions for this example:
- The domain is 'whateverdomain.local'
- The Zentyal server's hostname is 'zentyal'
- The Ubuntu hostname is 'ubuntu'
- Both the Zentyal server and the clients have their times synced.
- Both server and client(s) have FQDN.
Step 1
Configure your nsswitch.conf file.
root@ubuntu:~# vim /etc/nsswitch.conf
# line 11 as follows
hosts: files dns
root@ubuntu:~# apt-get install winbind libpam-winbind libnss-winbind krb5-config
# specify Realm
+------------------+ Configuring Kerberos Authentication +------------------+
| When users attempt to use Kerberos and specify a principal or user name |
| without specifying what administrative Kerberos realm that principal |
| belongs to, the system appends the default realm. The default realm may |
| also be used as the realm of a Kerberos service running on the local |
| machine. Often, the default realm is the uppercase version of the local |
| DNS domain. |
| |
| Default Kerberos version 5 realm: |
| |
| WHATEVERDOMAIN.LOCAL_____________________________________________________ |
| |
| <Ok> |
| |
+---------------------------------------------------------------------------+
# specify the hostname of AD DS
+--------------+ Configuring Kerberos Authentication +---------------+
| Enter the hostnames of Kerberos servers in the WHATEVERDOMAIN.LOCAL|
| Kerberos realm separated by spaces. |
| |
| Kerberos servers for your realm: |
| |
| zentyal.whateverdomain.local______________________________________ |
| |
| <Ok> |
| |
+--------------------------------------------------------------------+
# specify the hostname of AD DS
+------------------+ Configuring Kerberos Authentication +------------------+
| Enter the hostname of the administrative (password changing) server for |
| the FD3S.SERVER.WORLD Kerberos realm. |
| |
| Administrative server for your Kerberos realm: |
| |
| zentyal.whateverdomain.local_____________________________________________ |
| |
| <Ok> |
| |
+---------------------------------------------------------------------------+
Step 2b
Sometimes, you may not get the steps for adding the kerberos server and administrative server.
To do so, run the following command.
oot@ubuntu:~# dpkg-reconfigure krb5-config
Step 3
Configure smb.conf and nsswitch.conf file again.
root@ubuntu:~# vim /etc/samba/smb.conf
# line 29: change workgroup name to the one for AD DS and add lines like follows
workgroup = WHATEVERDOMAIN
password server = zentyal.whateverdomain.local
realm = WHATEVERDOMAIN.LOCAL
security = ads
idmap config * : range = 16777216-33554431
template homedir = /h/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = true
root@ubuntu:~# vim /etc/nsswitch.conf
# line 7: add like follows
passwd: compat winbind
group: compat winbind
shadow: compat winbind
Step 4a
Follow this step if you are configuring this on a desktop or server.
Note that the directory for the users home does not need to be /h. It can be whatever necessary but it has to be the same as the 'template homedir' in step 3.
root@ubuntu:~# mkdir /h
root@ubuntu:~# apt-get install cifs-utils smbclient libpam-mount
root@ubuntu:~# vim /etc/security/pam_mount.conf.xml
# line 17: add the following in the volume definitions
<volume user="*" fstype="cifs" server="zentyal" path="%(USER)" mountpoint="/s/%(USER)" options="workgroup=whateverdomain,uid=%(USER),dir_mode=0700,sec=ntlm,nosuid,nodev" />
Step 4b
Follow this step if you are configuring this on a laptop.
Note that the directory for the users home does not need to be /h. It can be whatever necessary but it has to be the same as the 'template homedir' in step 3.
root@ubuntu:~# mkdir /h
root@ubuntu:~# vim /etc/pam.d/common-session
# add at the last line if you need ( auto create a home directory when initial login )
session optional pam_mkhomedir.so skel=/etc/skel umask=077
Step 5
Finally joining the client to the server.
# join AD Domain ( net ads join -U [administrative user on AD])
root@ubuntu:~# net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- WHATEVERDOMAIN
Joined 'UBUNTU' to dns domain 'whateverdomain.local'
No DNS domain configured for client. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER
Do not worry about that DNS fail if you get it.
Step 6
Restart the client that you have just joined to the Zentyal domain and attempt to log in using a domain using.
You can also test to see if everything has worked properly with the following commands to see if they return the correct information.
root@ubuntu:~# wbinfo -u
root@ubuntu:~# wbinfo -g
Much of this follows the steps from http://www.server-world.info/en/note?os=Ubuntu_14.04&p=samba&f=3.
If you have found any errors, feel free to message. Hope this helps someone out there!
To note, this actually works well in certain Windows Domain Active Directory setups too.
4
Installation and Upgrades / Ubuntu Desktop client with Zentyal 4.0 [SOLVED]
« on: December 14, 2014, 09:40:35 pm »
Well, I have this issue that I hope someone out there is able to help me with.
I have a bunch of clients running Ubuntu Mate 14.04 that I need to get working in harmony with Zentyal 4.0. The funny thing however is that I am able to get Ubuntu Server 14.04 connected happily with my Zentyal server while even being able to auto mount users home folders onto the Ubuntu servers. Using the same method that I go with in connecting the Ubuntu Servers do not work with my Ubuntu Mate 14.04 clients.
Not sure if this information is helpful or not, but I am able to connect Windows clients perfectly fine with no issue.
I have gone through several different methods in using winbind, as this is the method that I use for the Ubuntu Server.
Hopefully someone could help me out. Thanks for any one who can provide me with any information.
I have a bunch of clients running Ubuntu Mate 14.04 that I need to get working in harmony with Zentyal 4.0. The funny thing however is that I am able to get Ubuntu Server 14.04 connected happily with my Zentyal server while even being able to auto mount users home folders onto the Ubuntu servers. Using the same method that I go with in connecting the Ubuntu Servers do not work with my Ubuntu Mate 14.04 clients.
Not sure if this information is helpful or not, but I am able to connect Windows clients perfectly fine with no issue.
I have gone through several different methods in using winbind, as this is the method that I use for the Ubuntu Server.
Hopefully someone could help me out. Thanks for any one who can provide me with any information.
Pages: [1]