Author Topic: linuxmce, samba and openldap  (Read 6946 times)

piusvelte

  • Regular Poster
  • **
  • Posts: 39
    • View Profile
linuxmce, samba and openldap
« on: March 19, 2009, 02:36:17 pm »
*UPDATE*
What should be the owner:group on files in /home/public/*? Thank you!
*

I'm trying to get my new dedicated core setup as my domain controller, with dns, and holding network user's home directories. In the process, I'm also trying to copy my media file from my retiring server to the core, which is where I'm now running into a problem. I don't seem to have access to the public share on my network,  without authenticating to ldap, and the linuxmce user is a local account, not in ldap. I can authenticate to mount the public share using an ldap account, but then I don't have permissions to write to the directories (videos...). How do I integrate linuxmce (users, devices...) with openldap on the same box? Also, why are the home directories set to force user = root, and group = public?

Thank you!

Here's my smb.conf file:
Code: [Select]
## @FileType: Pluto Sectioned Config File ##
## @Version: 2 ##
## @KeepSections: ##
## @RemoveSections: ##

[global]
## BEGIN : Domain and Hostname

workgroup = EMMAN
server string =
netbios name =

## END : Domain and Hostname
smb ports = 139
log level = 2
invalid users = root
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
encrypt passwords = true
socket options = TCP_NODELAY
dns proxy = no
# passwd program = /usr/bin/passwd %u
# passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
username map = /etc/samba/usermap.txt
unix extensions = yes
security = user

#ldap setup
passdb backend = ldapsam:ldap://localhost/
obey pam restrictions = no
ldap admin dn = cn=admin,dc=emman,dc=local
ldap suffix = dc=emman, dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
; Do ldap passwd sync
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
#end ldap

[public]
comment = public files
browseable = yes
writable = yes
create mask = 0777
directory mask = 0777
path = /home/public/data
public = yes
        read only = no

[home]
comment = shared home files
browsable = yes
writable = yes
## BEGIN : Home Hosts Allow
### END : Home Hosts Allow
path = /home
public = no
guest ok = no
force user = root
        force group = public
        create mask = 0774
        directory mask = 0775
        inherit acls = yes
        inherit uid = yes
        inherit owner = yes
        inherit permissions = yes


## BEGIN : User Shares

## END : User Shares


## BEGIN : InternalStorageDevices

## END : InternalStorageDevices

*UPDATE*
I added my ldap users to the local public group and am now copying over my media.
« Last Edit: March 19, 2009, 08:17:51 pm by piusvelte »

colinjones

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 3003
    • View Profile
Re: linuxmce, samba and openldap
« Reply #1 on: March 19, 2009, 09:02:10 pm »
What are you trying to achieve by adding a Domain Controller to your network? What is wrong with using the local accounts in the way it is set up out of the box? Any PC can already authenticate, connect to, or map these shares and access folders on your core (or indirectly on your core through remotely mounted shares that are exported as SAMBA shares). You seem to be adding a whole layer of additional functionality that is duplicating functionality that is already there. A DC will give you access to an AD, but that isn't going to give you additional functionality of use on the LMCE, and in any case, if you really want an AD, that doesn't exclude you from using the SAMBA authentication/sharing already in place...

piusvelte

  • Regular Poster
  • **
  • Posts: 39
    • View Profile
Re: linuxmce, samba and openldap
« Reply #2 on: March 19, 2009, 09:51:45 pm »
It seems like I've overlooked a bit. Can I setup login scripts so that I manage network users on LMCE, and have those users log in on my windows and mac machines with their "My Documents" and home directories mapped to their /home/<user>/data/documents? I don't need to use openldap then? Thank you!

piusvelte

  • Regular Poster
  • **
  • Posts: 39
    • View Profile
Re: linuxmce, samba and openldap
« Reply #3 on: March 19, 2009, 09:53:43 pm »
I forgot to add, how do I get windows xp and mac osx to authenticate to LMCE? Thanks!

colinjones

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 3003
    • View Profile
Re: linuxmce, samba and openldap
« Reply #4 on: March 19, 2009, 10:10:53 pm »
Firstly, you definitely don't want to map their My Documents to the LMCE media folders! You will end up with alsorts of files/folders getting writting into the LMCE folder structure, which is very specific to LMCE.

What are you trying to achieve? Are you planning on putting media on the LMCE core in the /home/public/data folders, and just want your MAC/PC users to be able to access that media on their computers as well?

Or the other way around - there is media on their computers, and you want LMCE to be able to access it?

piusvelte

  • Regular Poster
  • **
  • Posts: 39
    • View Profile
Re: linuxmce, samba and openldap
« Reply #5 on: March 20, 2009, 01:29:57 am »
My old network was setup with all user's files on a file server. All media was in a specific set of folders, shared out using samba to xbox media center, windows xp and mac osx. Everything else was in user's home directories that "My Documents" would map to, keeping all of our files centralized on the file server. My plan is to replace that file server with a linuxmce core, adding all of the functionality that comes with it, while retaining the functionality that I had before. I also want to move dhcp and dns from my router to this core machine. My impression is that I should keep all media that I want to share to media director's and the rest of the linuxmce world in the linuxmce folder structure, and keep everything else the way I had it before, using openldap+samba to handle domain authentication, and user's documents. How should I be doing this? I have a new server with lots of storage, with the hopes of keeping all documents/media/etc from all users centralized there. Thank you!

colinjones

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 3003
    • View Profile
Re: linuxmce, samba and openldap
« Reply #6 on: March 20, 2009, 01:43:26 am »
OK,

1. DNS and DHCP are already on the core, and you mustn't play with them, particularly DHCP. Connect up the core server as per design, here http://wiki.linuxmce.org/index.php/Network_Setup and it will do DHCP and DNS relay out of the box with no further configuration. Leave it like that or you will break LMCE.

2. Personally, I recommend you don't keep your files/media on the core or MDs, but on a separate networked device like a PC with shares or a NAS. It just makes it more convenient when/if you rebuild your LMCE environment. But I understand what you want to achieve. There is no reason why you cannot create more home directories on the core, outside the public/user_1/user_1 directories and export them as SAMBA shares. Then on your PCs/Macs/etc you can map to them by redirecting your My Documents folders via their UNC like any other. The media that you will store in the public folder, is already exported as a SAMBA share, and so you can map a persistent drive to it from your other computers using its UNC in the normal way.

3. When you configure the SAMBA shares you can set whatever username/password you want, these are what you use to map the drives on your PCs. The public share is open, so you need no credentials, just map anonymously.

piusvelte

  • Regular Poster
  • **
  • Posts: 39
    • View Profile
Re: linuxmce, samba and openldap
« Reply #7 on: March 20, 2009, 02:48:53 am »
I really appreciate your help with all of this. I haven't touched anything with dhcp/dns, so I'm good there. I've reverted the ldap changes to smb.conf, and have created my users locally, so now I just have to stop the ldap authentication and I think that I'm back to a mostly lmce setup. Thanks again!

piusvelte

  • Regular Poster
  • **
  • Posts: 39
    • View Profile
Re: linuxmce, samba and openldap
« Reply #8 on: March 20, 2009, 05:10:47 pm »
Could someone please post the default lmce smb.conf file? I think that I have it all in place, but would like to make sure.

Also, why are the user (root) and group (public) forced on the home directories?

Here's what I have:
Quote from: smb.conf
## @FileType: Pluto Sectioned Config File ##
## @Version: 2 ##
## @KeepSections: ##
## @RemoveSections: ##

[global]
## BEGIN : Domain and Hostname

workgroup = DCEROUTER
server string =   
netbios name =

## END : Domain and Hostname
smb ports = 139
log level = 2
invalid users = root
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
encrypt passwords = true
socket options = TCP_NODELAY
dns proxy = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
username map = /etc/samba/usermap.txt
unix extensions = yes
security = user

[public]
comment = public files
browseable = yes
writable = yes
create mask = 0777
directory mask = 0777
path = /home/public/data
public = yes

[home]
comment = shared home files
browsable = yes
writable = yes
## BEGIN : Home Hosts Allow
### END : Home Hosts Allow
path = /home
public = no
guest ok = no
force user = root
force group = public
create mask = 0774
directory mask = 0775
inherit acls = yes
inherit uid = yes
inherit owner = yes
inherit permissions = yes


## BEGIN : User Shares

## END : User Shares


## BEGIN : InternalStorageDevices

## END : InternalStorageDevices

piusvelte

  • Regular Poster
  • **
  • Posts: 39
    • View Profile
Re: linuxmce, samba and openldap
« Reply #9 on: March 21, 2009, 03:38:08 pm »
OK, I installed LMCE on my media director and copied the smb.conf file from there.