Integrating Windows and Linux desktops.IT departments charged with integrating UnIx clients among the Windows desktops they're running can make life easier by administering Linux user accounts with Microsoft Corp.'s Active Directory. Samba samba Ballroom dance of Brazilian origin, popularized in the U.S. and Europe in the 1940s. Danced to music in ⁴⁄₄ time with a syncopated rhythm, the dance is characterized by simple forward and backward steps and tilting, rocking body movements. , the open-source project for providing Windows-compatible file and print services, makes this possible, but it doesn't make it easy. After some time spent consulting documentation and tweaking tweaking Vox populi Fine-tuning to produce optimal results configuration files, EWEEK Labs recently set up a Red Hat Inc. Fedora A free distribution of the Linux kernel from Red Hat along with a variety of open source utilities. Technical support is not provided for any of the Fedora distribution, only for Red Hat's full fee-based subscription of Linux. Core 2 Linux system so that it authenticated reliably with a Windows 2003 domain controller using Samba 3.03. (Each distribution that ships with Samba requires slightly different steps to enable Active Directory authentication.) The sometimes-rocky process we went through to configure the systems is detailed below. We set up a Windows Server See Windows Server 2008, Windows Server 2003, Windows Home Server, Windows 2000 and Windows NT. 2003 machine with all the latest patches applied and configured with Active Directory Domain Controller and DNS (Domain Name System) A system for converting host names and domain names into IP addresses on the Internet or on local networks that use the TCP/IP protocol. For example, when a Web site address is given to the DNS either by typing a URL in a browser or behind the (Domain Name System) server roles. On the client side, we set up a Fedora Core 2 system with all the current updates Installed. For reference, we used the Official Samba-3 HowTo and Reference Guide (available online at http://samba.org/samba/docs/man) and the book 'Samba-3 by Example," along with some assorted Google searches. We first installed the Samba packages KRB KRB Krebs Ringer Bicarbonate 5-workstation, Samba-Client and Samba. Next, we used neat (the Red Hat network configuration client) to make our Windows system the DNS server A dedicated server or a service within a server that provides DNS name resolution in an IP network. It turns names for Web sites and network resources into numeric IP addresses. DNS servers are used in large companies, in all ISPs and within the DNS system in the Internet, a vital service for our Fedora client. This allowed the client to properly resolve the arbitrary name we'd given our server. We used a Red Hat setup tool, authconfig, to enable winbind, a Samba service for resolving user and group information from Windows servers See Windows Server 2003, Windows Home Server, Windows 2000 and Windows NT. . In addition to starting the winbind service, authconfig makes most of the modifications required for the smb.conf configuration file. Fedora Core 2 includes a nicer-looking version of authconfig called system-config-authentication, but we found during tests that we had to run system-config-authentication twice to get it to save all of the information we'd entered-a bug that caused quite a bit of confusion during testing. We selected "use winbind' in the authconfig tool and hit "next' to enter our server information. Authconfig includes a button for joining a domain. When the button was selected, we were prompted for a user name and password with administrator rights on our Windows server. If a join is successful, there will be a confirmation in the terminal window after closing authconfig. If you don't see this, something is amiss. If there is a problem and the server information settings entered in winbind are correct, there may be too much of a discrepancy between the client's and server's clocks. To log on to our client system via a user account from our Windows server, we had to adjust a few of the PAM (pluggable authentication module (security) Pluggable Authentication Module - (PAM) The new industry standard integrated login framework. PAM is used by system entry components, such as the Common Desktop Environment's dtlogin, to authenticate users logging into a Unix system. ) files on the client system. The file system-auth needs to be adjusted to enable authentication through winbind, and the gdm and log-in Files must be modified to create a home directory for new users automatically when they first log in. A last piece of advice: Be sure to back up your PAM files before modifying them. More than once during testing, we had to boot with a rescue CD to restore our working PAM files. www.eweek.com |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion