Debian Configuration :: LTSP Login With Active Directory Credentials
Feb 28, 2016
I've been working on building an LTSP server for diskless booting. I have a tftp server that's booting the system. I followed the steps on [URL] .... to build the LTSP server.
I had to make one change from the guide. I have a cisco router that's acting as the DHCP, I'm not very familiar with Cisco IOS so instead of playing with that, I decided to modify the default file on the PXE.
I commented the kernel append line and added the following instead
/srv/tftp/ltsp/amd64/pxelinux.cfg/default
Code: Select allappend initrd=initrd.img-3.16.0-4-amd64 init=/sbin/init-ltsp root=/dev/nfs rw nfsroot=10.0.5.99:/opt/ltsp/amd64 ip=dhcp
I'm mounting the nfs as a rw file system for now. I'm planning to make it read only once I have it working the way I want. In addition to this, I also chroot into the LTSP root and installed lightdm + mate. As I understood what I read, this would boot the environment on the diskless system. All of this seem to work correctly.
What I need to do next is to find a way to setup the LTSP clients to log in by authenticating on the active directory. I understand that the login account used by the LTSP client has to exist on the LTSP server.
I have successfully added the LTSP server as a worksation within the windows domain and I can log into domain accounts from the LTSP server but domain credentials do not work when using an LTSP client, I can only log in if I use an account that exists on the LTSP server. I wanted to know if there is a way to accomplish AD authentication.
Do I have to build an LDAP server on the LTSP server, sync accounts with the Active Directory to be able to log in with AD credentials?
View 2 Replies
ADVERTISEMENT
Oct 5, 2010
I would like to be able to get squid or dansguardian to authenticate a user account against active directory so that a users browsing activities can be logged.
I can find lots a very useful info on how to set up ntlm_auth etc, but all of these methods produce a pop up window when the user launches the browser.
I'm posting this thread because I would like to be able to authenicate, but without a pop up window. Is there a way of automatically carrying out this authentication so that the user is unaware of it.
We've previously attempted authenticating against an NT4 PDC, but the users worked out that they could use any user account on the network, not just the user that was logged in which kinda defeated the whole idea of logging the users activity.
My current setup is:
Windows 2003 AD
Windows XP Clients, soon to be converted to windows 7.
Fedora 11 running squid and dansguardian.
View 2 Replies
View Related
Feb 2, 2011
I followed these steps to add a client to my active directory domain, everything is working as expected except that when a username has whitespace it creates a directory in /home with whitespace and gconf fail to access his config dir in the user's home. KDE also fails to start but I don't know what's failing yet. I found that the easiest way to fix these issues is to replace whitespaces by underline in homepaths so I changed the pam_mkhomedir source to replace the whitespaces and save it using the usermod command. It should work but is not... the reason is that I can't change the user data using the usermod because domain users are not in /etc/passwd.
View 5 Replies
View Related
Oct 28, 2009
I've very new to linux, so please excuse my ignorance. I am trying to setup a number of servers to authenticate against my Windows Server 2003 active directory. I have successfully done this with one computer (Dell Optiplex 755), but I can?t seem to get it to work with my servers (Dell PowerEdge R710). I am using Fedora 11. I have setup samba and pam and have successfully joined the network. Everything with winbind seems to be working properly and I can get all the user info, etc. When I log in with a local account, everything is fine. If I try to log in with an account from my domain through SSH, I see the message Code:/usr/bin/xauth: creating new authority file /home/apkelley/.XauthorityAfter that, nothing happens and it is as if I haven?t connected to anything. If I try to log into the actual server using the graphical interface, it starts logging me in, shows a blank screen for about a second, and then returns to the login screen as if nothing has happened.I would greatly appreciate any suggestions for how I might fix this problem or how to find out more information about the error.Here are my smb.conf and system-auth files:
/etc/samba/smb.conf
Code:
[global]
[code]....
View 2 Replies
View Related
Mar 9, 2011
I have one of my user's home directory on a seperate partition, and I was wondering if there was a way to only mount it when/if the user is logged in and unmount it if they log out.
View 1 Replies
View Related
Mar 10, 2011
I've joined my box to an AD domain and set it to allow user logins via AD. In 11.2 I could choose my domain vs local login when X started up, in 11.4 I can not find that ability.
View 3 Replies
View Related
Jun 5, 2011
I am trying to integrate my centos machine with active directory [Windows Server 2008] using Kerberos and LDAP. I can now successfully SSH to my linux machine as an active directory user. Then it automatically creates home directory for that particular user using the PAM module.
My problem is that i cannot login to GDM using the same active directory account. Should I do some configuration changes for GDM login to take place using an active directory account.?
View 4 Replies
View Related
May 13, 2010
I have successfully connected (and authenticated the user) from linux (Ubuntu) to Active Directory (windows 2003) using "Likewise Open".
1. at the login screen I have to enter "example.localusername" to login. how can I simplify the login so that the user can choose (click)the domain and just enter the username and password (like the login in windows) or make the domain the default.
2. how can I configure the default user profile? meaning, when the user login for the first time, I want to configure his profile. does it use the "/etc/skel" directory like the regular local login?
View 3 Replies
View Related
Aug 24, 2010
I have four server :
- the first of them is the router (firewall, htb, squid, etc.)
- the second have installed apache2
- the third sql
- and the last one is LTSP server for 40 client.
When the ThinClient connect to the LTSP server ewerything works good, but i can't see all of them on squid access log. Isee one ip address (LTSP server), but i want to see 40 ip adrresses. The same situation is in htb. It's doesn't work on the thin client. Is there any way to get this work that how i want ?
View 1 Replies
View Related
Jun 22, 2010
I am testing CentOS 5.4 on a virtual machine before deploying to a server.I am trying to get authentication through our Active Directory server, without actually joining the machine to the domain.I tried multiple tutorials, including this one: URL...Basically I enabled authentication through kerberos and modified my ldap.conf file.
View 1 Replies
View Related
Jan 22, 2010
I have running windows 2008 active directory. need to login ad users to linux system, which is inside the windows domain
View 3 Replies
View Related
Sep 22, 2009
I want to create a network similar to windows network on linux .Users should have profiles and can do network login similar to active directory on windows.
View 2 Replies
View Related
Aug 24, 2011
i set up an ltsp server on debian squeeze. after a standard installation, sound doesn't work on clients.
[code]...
when i start iceweasel normally (executed on server side), i get sound on the client. when i start ltsp-localapps iceweasel, i get no sound on flash sites and videos videos.what's wrong ? with local apps, is it possible that the flashplugin-nonfree doesn't talk to alsa ?
View 1 Replies
View Related
Mar 18, 2011
Howto prepare, configure a Squeeze client to get Active Directory Ready?
View 2 Replies
View Related
Aug 26, 2011
I just did an apt upgrade and for the most part everything is looking good. However when I boot up I have no network connection. Here is the result of trying to ping google: connect: Network is unreachable
I can fix it easily with a simple sudo dhclient eth0 but I was hoping someone would be able to suggest a more correct and less annoying solution. I have uninstalled network manager. This is a desktop computer with an ethernet connection and DHCP. I do not need anything fancy.
View 1 Replies
View Related
Dec 15, 2015
I bought a bluetooth pen, I connect it via USB, my bluetooth connection is active but I can't find other therminals, and my debian machine it isn't visible to other terminals.
It seems that my bluetooth connection works, but it can't pair other terminals. I want to connect bluetooth speaker, but it seems impossible.
View 3 Replies
View Related
Apr 23, 2011
My Debian server is used by people to set up ssh-tunnels for use as a local proxy ( on their remote machines).Since only the tunnel is setup, and no shell is used, I can't use "who" to see which users have an active ssh-tunnel on my server, but I would like to have an idea about who is active etc. I think I should be able to determine this from the auth.log file, but then I would have to use some script to determine what connection is still active. Is there an easy way to see what users have active ssh-tunnels on my Debian server at any given moment?
View 3 Replies
View Related
Sep 9, 2010
I have configured SquirrelMail on my RHEL 5.4 machine for learning purpose and I am stucked at the final step. I am following this doc.
After configuring, I have browsed to [URL] Here, server.red.com is the hostname of my server.
This page is asking Name and Password from me, but I haven't given any credentials while configuring it.
Are there any default credentials ? Or may be I need to change my config files or something ?
View 14 Replies
View Related
Aug 23, 2011
I have some errors when run the mount -all command: mount: wrong fs type, bad option, bad superblock on /dev/sdc5, missing codepage or helper program, or other error In some cases useful info is found in syslog - try dmesg | tail or so Failed to open /proc/filesystems: No such file or directory
[Code]..
View 14 Replies
View Related
Oct 26, 2010
I just wanted to checkout samba. So, I installed on a CentOS 5.5 64bit server. The version I used is 3.5.6. I followed this guide. [URL]. LDAP is working good. When I use the following command: (net groupmap list) I am getting the error.
Code: [root@server1 samba]# net groupmap list
[2010/10/26 16:26:09.135901, 0] lib/smbldap.c:1151(smbldap_connect_system)
failed to bind to server ldap://127.0.0.1 / with dn="cn=root,dc=mtm,dc=testdomain,dc=com" Error: Invalid credentials
[2010/10/26 16:26:39.180063, 0] passdb/pdb_ldap.c:3448(ldapsam_setsamgrent)
ldapsam_setsamgrent: LDAP search failed: Time limit exceeded
[2010/10/26 16:26:39.180109, 0] passdb/pdb_ldap.c:3523(ldapsam_enum_group_mapping)
ldapsam_enum_group_mapping: Unable to open passdb I am sure that I have set the correct password in Code: smbpassword -w mypassword.
Also, I can login to the LDAP thourgh PHPLDAPAdmin with the same password and the bind cn.
Here is my smb.conf Code: # Global parameters
[global]
ldap ssl = off
nt acl support = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
workgroup = TESTDOMAIN
netbios name = SERVER1
security = user
enable privileges = yes
#interfaces = 192.168.5.11
#username map = /etc/samba/smbusers
server string = Samba Server %v
#security = ads
encrypt passwords = Yes
#min passwd length = 3
#pam password change = no
#obey pam restrictions = No
# method 1:
#unix password sync = no
#ldap passwd sync = yes
# method 2:
unix password sync = yes
ldap passwd sync = no
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *
New password*" %n
"*Retype new password*" %n
"
log level = 10
syslog = 0
log file = /var/log/samba/log.%U
max log size = 50
time server = Yes
#socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=root,dc=mtm,dc=testdomain,dc=c om
#ldap admin dn = cn=samba,ou=DSA,dc=company,dc=c om
ldap suffix = dc=mtm,dc=testdomain,dc=c om
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
#ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m "%u"
#ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
# printers configuration
#printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
#force create mode = 0640
#force directory mode = 0750
#nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile folders:
preserve case = yes
short preserve case = yes
case sensitive = no
[netlogon]
path = /home/netlogon/
browseable = No
read only = yes
[profiles]
path = /home/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
#force user = %U
# next line allows administrator to access all profiles
#valid users = %U "Domain Admins"
[printers]
comment = Network Printers
#printer admin = @"Print Operators"
guest ok = yes
printable = yes
path = /home/spool/
browseable = No
read only = Yes
printable = Yes
print command = /usr/bin/lpr -P%p -r %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
# print command = /usr/bin/lpr -U%U@%M -P%p -r %s
# lpq command = /usr/bin/lpq -U%U@%M -P%p
# lprm command = /usr/bin/lprm -U%U@%M -P%p %j
# lppause command = /usr/sbin/lpc -U%U@%M hold %p %j
# lpresume command = /usr/sbin/lpc -U%U@%M release %p %j
# queuepause command = /usr/sbin/lpc -U%U@%M stop %p
# queueresume command = /usr/sbin/lpc -U%U@%M start %p
[print$]
path = /home/printers
guest ok = No
browseable = Yes
read only = Yes
valid users = @"Print Operators"
write list = @"Print Operators"
create mask = 0664
directory mask = 0775
[public]
path = /tmp
guest ok = yes
browseable = Yes
writable = yes
View 2 Replies
View Related
Mar 17, 2011
I have an LDAP server holding user/pass/group for many users. Due to network issues, the server sometimes is unreachable and clients cannot login, current sessions usually freeze after a while. All client have ubuntu 10.04.2 x64.
I have went through the outdated howto to cache the LDAP credentials.
I setup the required packages
daily cron "nss_updatedb ldap"
and edited '/etc/nsswitch.conf' to have "files ldap [NOTFOUND=return] db" for both passwd and group.
[Code]....
View 2 Replies
View Related
May 22, 2010
I've just made a fresh install of Ubuntu 10.04. When I right-click a panel and choose "New Panel", the panel is made, but is not visible. The panel is placed on the left side of the screen, and icons on the desktop is moved to the right. Also windows does not use the full width of the screen when maximized. I've tried to remove the panel configuration in my home directory, logout and login, installing ATI drivers and running a gnome-panel command (from another post on ubuntu forums), but nothing works.
View 2 Replies
View Related
Sep 3, 2010
I am currently running LTSP on Ubuntu 10.04. It is a dual gig nic setup with 16GB of ram and dual AMD quad core 2.4s. I installed all the latest updates as well as likewise-open so we can use AD authentication. When testing the configuration in the lab, I boot 32 clients that successfully reach the login screen. Here comes the interesting part, I can log in, using all unique AD accounts, up to 22 clients. When I attempt to log in to the 23rd client LTSP hangs. If I restart a client it will retrieve an IP address, but TFTP will eventually time out. All of the clients are connected to a Gigabit switch along with the server so network speeds are not an issue. When I run system monitor it only shows 3.6GB of memory in use and the processors are all under 10% utilization. I have beating my head against this issue for 2 days .
View 1 Replies
View Related
Apr 21, 2010
I've been asked to investigate the possibility of using LTSP in our school to provide a more "real world" programming environment to our students. We have a Windows 2003 Server domain and no plans to change it.I've set up the LTSP server, joined the domain and everything seems to be working fine, I can login to the LTSP server with a student account.
The next thing I want to achieve is give the students access to their "My Documents" folder on the Windows 2003 server. Is it possible to have a student log on to the terminal server (who has never logged in before) and have it automatically mount their share on the windows server?
View 1 Replies
View Related
Feb 26, 2016
I had directory inside www that is gone. I am not sure if I removed it my mistake somehow or there is something weird going on. How would I track down what happened to this directory?
View 2 Replies
View Related
Feb 8, 2011
Anyone out there having expirience with iFolder. I've used the following tutorial: [URL] to install it. I used libflaim as a database (no LDAP). All web interfaces work well (admin, ifolder). I can create users and make folders. But when I try to login with a desktop client (windows or linux) I get an error message invalid credentials and this message in Simias.log:
[Code]...
View 6 Replies
View Related
Dec 6, 2010
At my Uni, we use a web-based login for our internet connections. Its based off of Cisco, and every Wednesday night every computer on campus must re-enter their credentials to use the network.
Normally on my several computers I simply pull up the Terminal, point links to google.com using
Code:
And enter my credentials when Cisco redirects to the login page.
Literally, the process is
Code:
Then ENTER to accept the redirect, down arrow to skip over the logo image, USERNAME, ENTER, PASSWORD, ENTER, ENTER.
Naturally, this is EXTREMELY time consuming, as I have about 5 computers located around campus and must physically walk to the machines and login every single week.
My question is, How would I formulate a program that does the following;
1) checks for connectivity (i.e. is able to reach/resolve to the greater part of the internet) and
2) automatically fills in the credentials on the links login page?
View 2 Replies
View Related
Jun 28, 2011
I've got a problem when I try to use to load modules like when I try : modprobe tun It says : FATAL: Could not load /lib/modules/2.6.32-4-pve/modules.dep: No such file or directory I've checked in my filesystem, the directory 2.6.32-4-pve doesn't exist, instead I have 2.6.39.2.110628 So how could I make modprobe look into the right directory ?
View 4 Replies
View Related
Jan 17, 2016
Setup a DNS/DHCP/Directory server on Debian? I would like to configure the things in Debian so that can join Linux and Windows(if possible as m not sure yet) clients to the directory server. Any links to setup both Forward and Reverse lookup zone in the environment.
View 4 Replies
View Related
Apr 10, 2010
i have created a wordpress user with a symbolic link from his home (/home/wordpress) to /usr/share/wordpress but when wordpress ftps to wordpress home dir it does not follow the sym-link. is there a way to set default ftp dir for the wordpress user to /usr/share/wordpress rather than /home/wordpress?
View 6 Replies
View Related
