I'm looking to setup a trial installation of Ubuntu on some netbooks. I would like them to use AD authentication to validate students logins which I've managed in the past with Likewise etc.
One thing I've never managed to do though is 'map' their home folder in AD so they can access it when logged in. Ideally I would like them to use their AD credentials to login, and then their 'home' is mapped to the AD share, and they use their AD credentials to authenticate with the browser (firefox)
Anyone done this or have any recommendations?
you need to use pam_mount to automagically mount the cifs share that contains their home directory when they login to the netbook.
Cheers,I've never heard of pam_mount.
Any method will do - as long as they don't have to specifiy the paths themselves
Depending on the folder structure on the server holding the home dirs you might need to use a bit of scripting fu. It's fairly simple otherwise.
I'm resurrecting this thread as I've had a bit of time to play around with this. Being a linux noob who tinkers once in a while I've got no scripting ability as such
On my test system I've got ubuntu 11.10 and likewise - which is logging in domain users nicely.
Whats the best way to get each users AD 'homefolder' showing on their desktop? I'm not sure how to go about using smbmount pam-mount etc as different year groups will be mapped to different servers/paths etc?
I'd be glad to see any scripting examples so I can have a closer look?
So how exactly did you set up ubuntu to login via domain ?
I just did the dead simple way = installed Likewise-open and configured the AD information. Now I can login with AD credentials.
If I Connect to Server (i.e \\server\share) it connects without requesting authentication which is great, but I'm trying to set this up for students so a link is automatically provided for them
Any success with this? I may be looking to do the same thing.
Originally Posted by Sheridan
Nope - I gave up. I tried asking on a few forums but the general answer is 'write a script' etc etc, and thats the point - I would like to get a starting script to have a look at.
Plus - our students are mapped to various servers with differing paths (i.e \\server1\year7\astudent, \\server3\year11\astudent etc) so it complicates things.
Meh. Same problem I had last time I tried. Ho hum.
Originally Posted by Sheridan
Thanks for the update.
When I get a chance in the next few weeks I will give it a go with scripting - i will also set it as a challenge for a couple of the kids here who are stupidly clever if i don't have a chance.
Will post back ASAP.
I have a very simple solution to this, if your setup happens to match ours at least. I've not actually implemented this myself yet because my proposal to introduce a few Linux machines to our school network was knocked back but I'm confident this could be made to work well enough.
I don't know how your school runs things but here everybody has swipe cards with an ID number. This ID number is also both their username and the name of their AD network home folder hence user 1234's home folder is located at //server/homefoldershare/1234
Hence, you can avoid all that nonsense of likewise, samba configs, AD authentication and pam_mounts by simply having a link to either a zenity or kdialog (depending on if you run GNOME or KDE) script that basically prompts the user for first their choice of server (if you have multiple DCs/ samba shares) and then asks them for their username and password then all the script does is run:
Before mounting the share it should warn the user to remember to log-off to unmount their share to prevent others accessing their otherwise private files.
I'm sure someone will beat me to it as a zenity script to do this would be easily less than 30 lines worth of code - I'm busy today but I'll do it soon if no-one else does!
Its also important to note that, with such a script there would be no real need for LDAP or AD auth. to be set up on the Linux box - if you don't mind any old person using said boxes you could just have a regular, non-root user set up with an easy password - logging out of such an account is enough to sever the connection to their smb share.