[K12OSN] Win2k3 Home Dirs
Mel Wade
mel at melwade.com
Fri Dec 1 21:58:10 UTC 2006
I'm needing to have each user access there windows home folder from the
K12LSTP 6.0 client. Somehow it's not coming through though...
I have not figured out how to get the Kerberos ticket in cron. The
instructions I've found for this are for other distro's and don't apply.
Here are some of the config files:
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = UCA1.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
UCA1.LOCAL = {
kdc = 10.0.4.2:88
admin_server = 10.0.4.2:749
default_domain = UCA1.LOCAL
kdc = 10.0.4.2
}
[domain_realm]
.example.com = UCA1.LOCAL
example.com = UCA1.LOCAL
uca1.local = UCA1.LOCAL
.uca1.local = UCA1.LOCAL
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
* * * * * *
system-auth (I think I have too much here as it's now asking for the
password twice)
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth sufficient pam_winbind.so
auth required pam_mount.so
auth required pam_group.so use_first_pass
auth sufficient pam_krb5.so use_first_pass ignore_root
auth sufficient pam_ldap.so use_first_pass
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account sufficient pam_krb5.so ignore_root
account sufficient pam_winbind.so
account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password optional pam_krb5.so
password requisite pam_cracklib.so try_first_pass retry=3
password required pam_mount.so try_first_pass shadow md5
password required pam_ldap.so md5
password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password required pam_deny.so
# session optional pam_keyinit.so revoke
# session required pam_limits.so
# session [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid
session required pam_unix.so
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
session optional pam_mount.so shadow md5 use_authtok
session optional pam_krb5.so
* * * * * *
ldap.conf
# The distinguished name of the search base.
base dc=UCA1,dc=LOCAL
# Search timelimit
#timelimit 30
timelimit 120
# Bind/connect timelimit
#bind_timelimit 30
bind_timelimit 120
# RFC 2307 (ActiveDirectory) mappings UCA1
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber uidNumber
nss_map_attribute gidNumber gidNumber
nss_map_attribute givenname givenName
nss_map_attribute ou Description
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
nss_map_attribute gecos displayName
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad
# SASL mechanism for PAM authentication - use is experimental
# at present and does not support password policy control
#pam_sasl_mech DIGEST-MD5
uri ldap://10.0.4.2
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
--
Mel Wade
"The real problem is not whether machines think but whether men do." - BF
Skinner
http://www.melwade.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20061201/3d17e640/attachment.htm>
More information about the K12OSN
mailing list