This page is specific to Ubuntu versions 9.04

If you find this information applicable to additional versions/releases, please edit this page and modify this header to reflect that. Please also include any necessary modifications for this information to apply to the additional versions.


Introduction

The following are steps for integrating an LTSPv5 server into an Active Directory environment. These steps were taken on Ubuntu 9.04 (Jaunty).

Authentication

Active Directory authentication has been made quite easy through the use of a package called "likewise-open". You can do the integration using command line tools or the GUI. The following describes the GUI method:

1. Install the "likewise-open-gui" package. 2. Check that DNS resolves the Active Directory server by hostname. One way to do this is open a terminal window and "ping <hostname>". If the server's hostname cannot be resolved, we need to fix this before going on. In my case, I discovered that there was a problem with the "hosts" line in /etc/nsswitch.conf. So, I needed to edit this file such that the hosts line read:

    hosts: files dns

3. Under System > Administration > Active Directory Membership, enter Windows domain name and administrative user and password

4. You should join the domain successfully.

5. At this point, you are configured in such a way that you can login using <domain>\<username> as the Username. I highly encourage you to set likewise to use the domain as the default domain, such that you simply login with <username>. Do this by editing /etc/samba/lwiauthd.conf and adding a line to the end:

    winbind use default domain = yes

6. Reboot the server before continuing.

Mounting Windows Share on Login

Now that you can authenticate into the Active Directory server, you may also want to automatically "redirect a folder", or as we say in the Linux world, "mount a cifs volume". I did this using "pam_mount" like this:

1. Install the "libpam-mount" package.

2. Install the "smbfs" package.

3. Edit the pam_mount configuration file: /etc/security/pam_mount.conf.xml Here is an example of a volume entry:

<volume   sgrp="VHS\teacher^group" options="username=%(USER),user=%(USER),domain=VHS"  fstype="cifs"  server="172.16.12.125"  path="teachers/%(DOMAIN_USER)" mountpoint="/home/VHS/%(DOMAIN_USER)/Documents" />

This basically says "If the users is in the "VHS\teacher^group" group, then mount their shared folder on the Documents folder in their home directory." You will need to adjust the rules for your environment.

4. Edit /etc/ssh/sshd_config:

ChallengeResponseAuthentication no
PasswordAuthentication yes
# The following speeds up login
GSSAPIAuthentication no

5. Restart ssh:

sudo /etc/init.d/ssh restart


CategoryLtsp

UbuntuLTSP/ActiveDirectoryIntegration (last edited 2009-07-21 19:38:39 by gideon)