Introduction
As you know, let's talk here of a service that someone might one day try to make
it out of necessity, as this client that we serve.
What we use:
This will be the machine that we put in the field in 2003 AD.
Installing LTSP 5
Let's install LTSP 5:
# Apt-get update
# Apt-get install ltsp-server-standalone openssh-server
1 of 10 05/03/2010 08:26 PM
Linux authenticating on AD and running with LTS... http://translate.googleusercontent.com/translate_c...
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin in
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile #% h / .ssh / authorized_keys
2 of 10 05/03/2010 08:26 PM
Linux authenticating on AD and running with LTS... http://translate.googleusercontent.com/translate_c...
# Kerberos options
# KerberosAuthentication in
# KerberosGetAFSToken in
# KerberosOrLocalPasswd yes
# KerberosTicketCleanup yes
# GSSAPI options
# GSSAPIAuthentication in
# GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd in
PrintLastLog yes
TCPKeepAlive yes
# UseLogin in
# MaxStartups 10:30:60
# Banner / etc / issue.net
UsePam yes
3 of 10 05/03/2010 08:26 PM
Linux authenticating on AD and running with LTS... http://translate.googleusercontent.com/translate_c...
# Ltsp-build-client
If the environment is not installed successfully, you must remove the directory
"/ opt / ltsp /" and run the command again.
After making the settings you can put the machines to boot over the network
and ready, LTSP is now working properly for this.
That completes our first part of the tutorial. Our next step is to make the users
who will use the LTSP be authenticated in Active Directory, let's go.
First edit / etc / hosts by putting the name and ip of your Domain Controller:
Then we will install ntpdate to make the timing of time between the server
4 of 10 05/03/2010 08:26 PM
Linux authenticating on AD and running with LTS... http://translate.googleusercontent.com/translate_c...
Installing Kerberos
Kerberos w / Linux (Debian Etch):
# Vim / etc/krb5.conf
[Libdefaults]
ticket_lifetime = 24000
default_realm = DOMINIO.COM.BR
dns_lookup_realm = false
dns_lookup_kdc = false
[Realms]
DOMINIO.COM.BR = (
kdc = 10.100.0.165
admin_server = 10.100.0.165:749
default_domain = 10.100.0.165
)
[Domain_realm]
. Nelinha-sp.com.br = DOMINIO.COM.BR
nelinha-sp.com.br = DOMINIO.COM.BR
[Login]
= true krb4_convert
krb4_get_tickets = false
[Logging]
kdc = FILE: / var/log/krb5kdc.log
admin_server = FILE: / var / log / kadmin.log
default = FILE: / var/log/krb5lib.log
5 of 10 05/03/2010 08:26 PM
Linux authenticating on AD and running with LTS... http://translate.googleusercontent.com/translate_c...
We will edit some configuration files and make the communication between the
Proxy and Domain Controller via Kerberos.
First it is necessary that the server time Linux and Windows server are
synchronized. For this we use an NTP server, the following steps:
Linux server:
# Ntpdate ntp.cais.rnp.br
Windows server:
Prompted for the password for user "administrator". If all went well, you will
run the command "klist" and the return will be similar to what we obtained, as
follows:
# Kinit administrator
Administrador@DOMINIO.COM.BR password is:
# Klist
Ticket cache: FILE: / tmp/krb5cc_0
Default principal: administrador@DOMINIO.COM.BR
Valid starting Expires Service principal
02/22/07 14:25:47 02/23/07 00:25:47 krbtgt / MACHINE @ DOMINIO.COM.BR
Kerberos 4 ticket cache: / tmp/tkt0
klist: You Have No tickets cached
6 of 10 05/03/2010 08:26 PM
Linux authenticating on AD and running with LTS... http://translate.googleusercontent.com/translate_c...
[Global]
workgroup = your-domain
server string = ltsp server
log level = 2
log file = / var / log / samba /% m.log
max log size = 50
ads security =
password server = 10.100.0.165
encrypt passwords = true
socket options = TCP_NODELAY SO_RCVBUF = 8192 SO_SNDBUF = 8192
winbind uid = 10000-20000
7 of 10 05/03/2010 08:26 PM
Linux authenticating on AD and running with LTS... http://translate.googleusercontent.com/translate_c...
[Homes]
comment = Home Directories
browseable = no
writable = yes
valid users =% S
create mode = 0664
directory mode = 0775
[Printers]
comment = All Printers
Path = / var / spool / samba
browseable = yes
guest ok = yes
writable = no
printable = yes
Note: Before starting Samba you must enter the field. Before joining check the
following:
Check if file / etc / samba / secrets.tdb was created, if yes delete it. This file
must be deleted because it saves the previous settings of fields;
Check the Windows machine to machine Samba is already entered, if yes
delete it.
8 of 10 05/03/2010 08:26 PM
Linux authenticating on AD and running with LTS... http://translate.googleusercontent.com/translate_c...
# Cd / etc / pam.d
# Vim common-account
# Vim common-auth
# Vim common-password
# Vim common-session
@ Include common-pammount
@ Include common-winbind
9 of 10 05/03/2010 08:26 PM
Linux authenticating on AD and running with LTS... http://translate.googleusercontent.com/translate_c...
In my case I had to do with the user login also in graphical mode, so I had to
edit the file mentioned above / etc / pam.d / gdm.
Well, I hope you enjoyed it and that can help many others ...
http://www.vivaolinux.com.br/artigo/Linux-autenticando-no-AD-e-rodando-
LTSP-com-DHCP- (Windows-2003)
Back to site
10 of 10 05/03/2010 08:26 PM