Author Topic: authentication  (Read 7466 times)

klovell

  • Guru
  • ****
  • Posts: 205
    • View Profile
authentication
« on: July 06, 2010, 09:00:27 pm »
I just had an awesome thought, Linuxmce uses samba correct? Can it be setup to allow linux and windows computers to authenticate?  I just read an article that states Samba can be used to allow a linux machine to act as a primary domain controller for Linux, Windows and Macs.  According to the article it not only allows single sign-on but you can utilize some pretty cool feature like roaming profiles.  Roaming profiles can be a pain with large profiles but it has it's place in the "i love that feature" list.  I'm prepared to attempt to turn my core into a PDC but I just want to make sure I'm not wasting my time.  The user structure seems like there's more going on than what's on the surface.  For example, I noticed my user name on the core is pluto_username but i only log in as username.  I'm assuming there are aliases being used?

Basically can anyone who knows the Linuxmce structure think of any reason at all why this wouldn't work?  For instance the script (I'm assuming it's some kind of script) that creates the folder structure for a user when you create a new user.  I'm assuming if i made the core a PDC before i make it a core (install kubuntu, config Samba, then run mce script) life should be well but that's a huge assumption.  I have no clue what's going on when that linuxmce script is running so my Samba configurations could be over written while linuxmce is installing.  Does anyone have any info on this? 

Thanks 

tschak909

  • LinuxMCE God
  • ****
  • Posts: 5549
  • DOES work for LinuxMCE.
    • View Profile
Re: authentication
« Reply #1 on: July 06, 2010, 09:09:16 pm »
It can be done.

Go for it.

-Thom

valent

  • Guru
  • ****
  • Posts: 381
    • View Profile
    • /kernel_reloaded/
Re: authentication
« Reply #2 on: July 06, 2010, 10:32:39 pm »
Best way to find out is to try and report back. If you take normal precautions, like backing up LinuxMCE files before you replace them with your own, and also keep a separate copy of your samba config files in home folder in case LinuxMCE overwrites them you should be fine.

Don't be afraid to experiment and then when you find something that works you can continue the talk with LinuxMCE devels how to get your new samba config options added to LinuxMCE.
LinuxMCE - If it was easy, everybody would be doing it!!
My setup - http://wiki.linuxmce.org/index.php/User:Valent

klovell

  • Guru
  • ****
  • Posts: 205
    • View Profile
Re: authentication
« Reply #3 on: July 06, 2010, 11:17:01 pm »
Okay, I found a good write up on using Samba as a PDC.  I'm going to give it a spin and hope for the best.  I'll let you guys know. 

Thanks

klovell

  • Guru
  • ****
  • Posts: 205
    • View Profile
Re: authentication
« Reply #4 on: July 12, 2010, 07:53:14 pm »
update:

Okay, I got it working... sort of.  I configured the Core as a PDC and I was able to join a kubuntu installation to the linuxmce domain.  Linuxmce worked the way I'm used to and kubuntu worked as a client the way i expected it to.  I started to join server 2008 to the domain only because I had a fresh install in a vm that I wasn't using.  It attempted to join but it failed because there was no account for it on the core.  Before I could finish toying with the windows side of things I noticed that all my MDs lost the ability to play anything besides Hulu.  Up until this point my only test was to select Video and look for my videos.  During setting up the core as a PDC I noticed all shares and web admin were unavailable, but they came back when I was done.  When trying to play anything (even content stored on the core in a public folder) the md would display a File not found error.  There was more to the error but it basically said file not found.  I couldn't figure it out and by the time i decided to write down the error the MD's stopped show the message but it still wouldn't play the files.  While looking for logs, I don't know if I did something or not but my MD's wont boot at all.  I don't know what the initial cause was but I'm thinking there was no computer account on the domain for the MD's and that's why it couldn't access content.  The core was able to see and play everything and maybe that's why the orbiters saw the content but they weren't play able. Does this mean the initial MD pxe boot image has to be configured as a client of the domain or would it be easier to manually join each MD to the Domain?  I have allot of questions, I can do this but I'm going to need help, when it comes to domains I'm a windows guy. 

I used 3 different sources to do this and compiled all the information that worked into one, plus I didn't wipe the core before the install.  I'm going to try this again on a fresh install before users and MDs are added but after LMCE is installed.  I'll start that later when I get out of work but the point of this post is to see if anyone has any suggestions or pointers.  I know i didn't give you all much info to go on but any tips before I give it another try would be appreciated.  I have every intention of sharing what I did.  If Linuxmce is going to be the catch-all for all things entertaining and convenient in the home we might as well make it a pdc and tie all the computers in the house together.  Think of all the single sign-on possibilities... I love single sign-on! 

wierdbeard65

  • Guru
  • ****
  • Posts: 449
    • View Profile
    • My Quest
Re: authentication
« Reply #5 on: July 12, 2010, 07:56:59 pm »
Dude, looks like you are rapidly becoming the expert on this and therefore, the developer  ;D

Could you update the Wiki with a how-to once it all works?
Paul
If you have the time to help, please see where I have got to at: http://wiki.linuxmce.org/index.php/User:Wierdbeard65

klovell

  • Guru
  • ****
  • Posts: 205
    • View Profile
Re: authentication
« Reply #6 on: July 12, 2010, 08:12:22 pm »
O no! not the D word!  I'll update the wiki once I get it working properly.  Based on all the information I have... who knows if it's all right... this should work pretty flawlessly on a fresh install of lmce.  I can't wait to get out of work, I think I'm starting to feel sick...  ;)

wierdbeard65

  • Guru
  • ****
  • Posts: 449
    • View Profile
    • My Quest
Re: authentication
« Reply #7 on: July 12, 2010, 08:14:09 pm »
I think I'm starting to feel sick...  ;)
;D
Paul
If you have the time to help, please see where I have got to at: http://wiki.linuxmce.org/index.php/User:Wierdbeard65

tschak909

  • LinuxMCE God
  • ****
  • Posts: 5549
  • DOES work for LinuxMCE.
    • View Profile
Re: authentication
« Reply #8 on: July 12, 2010, 08:20:38 pm »
Next step is to make plumbing and UI to expose this in a sane way to a user.

-Thom

klovell

  • Guru
  • ****
  • Posts: 205
    • View Profile
Re: authentication
« Reply #9 on: July 12, 2010, 09:23:22 pm »
yea... I'm going to need serious hand holding to pull that one off.  At the very least a layman's overview on how the UI works.  That's not my way of getting out of it.  I've always been interested in how it all works but my system hasn't been working long enough to dive into it.  one day... 

It's funny I finally get my system working great, well as good as a beta system can work, and I break it turning it into a domain controller.  Well at least I had fun breaking it.  8)

los93sol

  • Guru
  • ****
  • Posts: 396
    • View Profile
Re: authentication
« Reply #10 on: July 13, 2010, 12:55:53 am »
klovell, please join the development channel on irc to discuss your work, I'm interested in this as well and wouldn't mind helping out

klovell

  • Guru
  • ****
  • Posts: 205
    • View Profile
Re: authentication
« Reply #11 on: July 14, 2010, 06:04:11 pm »
I've never really used IRC but I'll give it a try.  The last time I was on there no one was talking and I don't really know what the etiquette is for IRC so I didn't want to just start typing.

I have another update.  Linuxmce is very capable of being a PDC.  I reinstalled the core using the DVD install as per the wiki instructions, before restarting the computer to get to the avwizard I setup the PDC, then I restarted and ran through the wizard, finally I ran the diskless MD script.  Both the PDC and linucmce side of the core seems to be functioning as expected.  I was able to join a server 2008 installation, kubuntu, and my Nas (openfiler running on ubuntu) to the domain.  The users linuxmce creates happen to be domain users which is a perk.  I was hoping for this out the box since that's how it works in windows but i couldn't be sure since I've never created or mannaged a linux domain controller (windows - any user created on a DC is a domain user).

While setting it up this time I ran into a little issue... no big deal but it can be a deal breaker.  I created a separate sub net just for Lmce and I thought I had it pretty isolated with my routing rules but I missed one.  I didn't realize that my server 2008 DNS servers has been providing DNS for the LMCE network this entire time.  Before I reinstalled the core I saw the route enabled in the router and deleted it.  I was having trouble joining the domain and it took 2.5 hours of Samba research and google searches before i realized the error that looked like a permissions issue because it flat out said log on failure, turned out to be a DNS issue.  I recreated the routes in my router to my DNS servers and joining the domain worked instantly.  Apparently the lmce dns server sucks or it doesn't have entries for linuxmce or dcerouter... which doesn't even make sense.  I also noticed that unlike windows the workstations didn't create an entry in DNS when joining, but that could be because it's a windows DNS server that's not even on the linux domain.  I'm going to toy with this later when I get out of work.  I'm going to attempt to add entries in the lmce DNS server first and configure the pdc to write to the dns server.  I'm trying to get this working with out changing to much of what lmce has going on.  los93sol, if you want to help that would be greatly appreciated.  Clearly using an internal DNS server would fit the direction lmce is taking but Linux DNS and DC servers are all new to me.   I'll try and jump on IRC later. I can't wait to get this finished.   

Thom - I was thinking about the UI part of this and IMO there isn't really much to present to the end user.  The current LMCE interface for creating users is all that's needed to create domain users and it doesn't apper that any extra steps are needed. I'm thinking maybe I can create a script that can reside next to the lmce install script on the dvd, or some where online where it can be downloaded.  While setting up, if someone wants their core to be a domain controller they'll just have to run the "Domain" script after the lCME script.   The last time I check it wasn't good practice to re-purpose a server from or to a DC without first formatting it so I think a script ran during setup should be sufficient.  If you all want to add it to the current install script and just make LMCE a DC going forward that's fine with me.  Based on the intentions of the core I'd say it's probably a good idea as long as non-domain computers can still access the core (which they can).  If we have to do something with DNS maybe we should revisit the UI for DNS.

Marie.O

  • Administrator
  • LinuxMCE God
  • *****
  • Posts: 3675
  • Wastes Life On LinuxMCE Since 2007
    • View Profile
    • My Home
Re: authentication
« Reply #12 on: July 14, 2010, 06:40:01 pm »
I've never really used IRC but I'll give it a try.  The last time I was on there no one was talking and I don't really know what the etiquette is for IRC so I didn't want to just start typing.
http://freenode.net/channel_guidelines.shtml might give you a hint or two.

klovell

  • Guru
  • ****
  • Posts: 205
    • View Profile
Re: authentication
« Reply #13 on: August 05, 2010, 12:47:20 am »
I've been testing this for a couple weeks now and I think it's ready.  I'm trying to add my write up it to the wiki but i don't know how, I've never contributed to a wiki before.  I created an account but I don't see where I can add a subcatagory.  Any pointers?

huh

  • Guru
  • ****
  • Posts: 245
    • View Profile
Re: authentication
« Reply #14 on: August 05, 2010, 05:38:23 am »
Cool- I look forward to testing.  I think you should start here:  http://wiki.linuxmce.com/index.php/Add_a_page_to_the_wiki