[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[K12OSN] Win2k3 Home Dirs



I'm needing to have each user access there windows home folder from the K12LSTP 6.0 client.  Somehow it's not coming through though...

I have not figured out how to get the Kerberos ticket in cron.  The instructions I've found for this are for other distro's and don't apply.

Here are some of the config files:

krb5.conf

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = UCA1.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 UCA1.LOCAL = {
  kdc = 10.0.4.2:88
  admin_server = 10.0.4.2:749
  default_domain = UCA1.LOCAL
  kdc = 10.0.4.2
 }

[domain_realm]
 .example.com = UCA1.LOCAL
  example.com = UCA1.LOCAL

 uca1.local = UCA1.LOCAL
 .uca1.local = UCA1.LOCAL
[kdc]
 profile = "">
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
* * * * * *

system-auth  (I think I have too much here as it's now asking for the password twice)

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.

auth        sufficient    pam_winbind.so
auth        required      pam_mount.so
auth        required      pam_group.so use_first_pass
auth        sufficient    pam_krb5.so use_first_pass ignore_root
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     sufficient    pam_krb5.so ignore_root
account     sufficient    pam_winbind.so
account     required      pam_unix.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    optional      pam_krb5.so
password    requisite     pam_cracklib.so try_first_pass retry=3
password    required      pam_mount.so try_first_pass shadow md5
password    required      pam_ldap.so md5
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

# session     optional      pam_keyinit.so revoke
# session     required      pam_limits.so
# session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     required      pam_mkhomedir.so umask=0022 skel=/etc/skel
session     optional      pam_mount.so shadow md5 use_authtok
session     optional      pam_krb5.so

* * * * * *

ldap.conf

# The distinguished name of the search base.
base dc=UCA1,dc=LOCAL

# Search timelimit
#timelimit 30
timelimit 120

# Bind/connect timelimit
#bind_timelimit 30
bind_timelimit 120


# RFC 2307 (ActiveDirectory) mappings UCA1
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber uidNumber
nss_map_attribute gidNumber gidNumber
nss_map_attribute givenname givenName
nss_map_attribute ou Description

nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
nss_map_attribute gecos displayName
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad

# SASL mechanism for PAM authentication - use is experimental
# at present and does not support password policy control
#pam_sasl_mech DIGEST-MD5
uri ldap://10.0.4.2
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5


--
Mel Wade
"The real problem is not whether machines think but whether men do." - BF Skinner
http://www.melwade.com
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]