U s i n g t h e L i n u x P C o n t h e M e e t P C V L A N This article was published on www.tudelft.nl/itt Date: june, 2007 Author: Boris van Es Version: 1.0 Case In your lab there are several computers which are not able to run on the ITT provided Linux image. Due to compatibility issues you are doomed to use the current linux/unix distribution you are using. These machines must be able to write data to the bulkservers and print on the multifunctional printers. The ITT project is not involved in updating your Linux machines. This is the job of the lab-pc-owner. Please take notice of the following guidelines to make your Linux machine capable of exchanging data with the bulkservers and use the same printers as your normal workstation. please give me some ITT First make sure you have the latest Samba client on your Linux pc. (june 2007 -> this is version 3.025a) The configuration and examples in this section are based on the SuSe 10.2 distribution. But Fedora, Ubuntu or RedHat have similar configuration. Updating Samba Go the www.samba.org and download the selected rpm s (as depicted) Note: these versions are of June 2007. Please use the most recent versions. It is a good practice to use the latest version of Samba.
Updating Samba Place the download rpm s in a rpm folder on the desktop and start a terminal. Now run as depicted. Updating Samba After updating you should see something as depicted. Adding the hostname in the Active Directory First, create a service call to add your Linux pc (hostname) to the Active Directory. Configuring NTP Because we are going to work with Kerberos, the right time is extremely important. Please adjust you NTP settings Go to Yast2 and select as depicted.
Configuring NTP Use the TU Delft NTP servers. (Right Time is critical due to the default time skew of 300 sec. for Kerberos) Configure WinBind and Samba If you want to authenticate against the Active Directory you need to make some configuration change in your smb.conf. But first open Yast2 and select Network Services. In this pane you ll find a windows domain membership icon. (this depends on your distribution you are using) This applet will make some changes in the smb.conf Windows Domain Membership You need to add your host in order to be able to authenticate.
Windows Domain Membership Click yes to join the domain. (it s nothing more than some adjustments in your smb.conf) Windows Domain Membership Use your own NetId and ditto password. WinBind not installed? You might receive an error message if you do not have the correct packages installed for authenticating against our active directory domain. Press OK Installed packages.. After the automatic install we advise you to reboot.
Reboot Select Restart the computer. Start Yast2 again Select windows domain membership again and press finish. You ll notice some activity. If you start windows domain membership again you ll see something like depicted. When starting you ll see that the domain membership is verified. Login When trying to logon with your netid you ll notice it won t work. This is because we need to make/change some manual settings in the smb.conf
Adjusted smb.conf Differences in smb.conf made Windows Domain Membership You ll see that only a couple of lines are added to the Global section of the smb.conf by the Domain Membership icon. Note: The Domain Membership changes are not enough, we need to add some extra lines!!! Original smb.conf Adjusting the smb.conf Now ad some lines to make authentication to our Active Directory possible. [global] workgroup = DASTUD printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: idmap gid = 10000-1000000 idmap uid = 10000-1000000 idmap domains = DASTUD idmap config DASTUD:backend = rid idmap config DASTUD:base_rid = 0 idmap config DASTUD: range = 10000-1000000 realm = TUDELFT.NET security = ADS template homedir = /home/%u Adjusting the smb.conf Make the following adjustments in the smb.conf.
template shell = /bin/bash allow trusted domains = no usershare max shares = 100 winbind refresh tickets = yes winbind use default domain = yes winbind enum users = no winbind enum groups = no winbind offline logon = yes loglevel = 3 winbind:5 idmap backend = rid:dastud=10000-1000000 Adjusting the smb.conf Versions of Samba 3.024 and previous versions please use the following adjustment in your smb.conf Restart winbind Test the AD authentication Open a terminal and type getent passwd <netid> You should receive an answer. If you do not receive an answer similar to what is depicted. something is wrong. Please reboot, check the /var/log/messages for error details.
Logging on with Netid Why should you logon with your netid, instead of a local account? This is necessary to make printing available. When logging on for the first time you ll see something like depicted. Don t worry all folders are created. Logged on with Netid I m logged on with my netid and therefore a regular non-root user on this Linux machine. Depicted: My home within Linux. CREATING A PRINTER Create Printer Now logoff and logon as root. We are going to create a printer. This printer is connected to a multifunctional (NashuaTec 2500) Every user with netid and logged on to this machine, can use this printer. The costs for printing are at the account for the logged on user(s). Every netid will pay for his/her own prints.
Create printer Adding a printer with GUI will not work. With this version (10.2) it hangs and need a force quit. So. we are going to use the web interface. Create Printer / web interface Choose Add printer. Create Printer / web interface Choose names that suits you.
Create Printer / web interface Choose printing by Samba. Create Printer / web interface Add device URI. Make sure you use smb://tudelft.net/<printserver>/<printer > The tudelft.net is necessary to send your netid (when logged on with netid) to the printserver. Create Printer / web interface Open a new tab in your browser an go to webprint.tudelft.nl Now login and choose a location. From within here you can download the PPD driver for Linux. Now save and unpack the driver to a folder on e.g. the desktop.
Create printer Click browse to provide the PPD file. Select the PPD file Click Add Printer Create printer Give root and password. Create printer / settings After the printer is added, please select the options you like. Create printer / finishing This is the printer.conf You ll see there are no usernames or whatsoever in the conf file. Now restart the cups service or better.. reboot.
Test printer Login with your netid. Open printers, select the added printer. You ll probably notice that a testprint might not work. So its better to open a webpage and try to print. In our example I ll print a webpage from nu.nl The actual print is in full color and looks good. e-mail CONFIGURING the Evolution mail client Adding the exchange add-in Before we can use Evolution we need to install the plug-in. This need to be done by a root. Evolution Setup Start the evolution client and press Forward. Now fill in the identity settings and press Forward.
Evolution Setup For servertype choose Microsoft Exchange. For username fill in your netid For owa url fill in: https://webmail.tudelft.nl Press authenticate Evolution Setup Type your password. Evolution Setup Select check new mail. 10 minutes is ok.
Evolution Setup Account information is automatically filled in for you. Press forward. Choose the Europe/Amsterdam time zone. FINISHED configuring. Using Evolution The first time you start the Evolution client it will fetch the mail from the server. For large mailboxes this can take a while. As depicted full Outlook functionality in this Evulotion e-mail Linux client. Using Evolution And even full calendar functionality. MOUNTING Home- Group and Bulk folders Prerequisites In a Linux system only root equivalent users can use the mount command.
Because I m logged on with my netid, I m just a regular user on the Linux pc. Therefore we need to work with the sudoers. Mounts For convenience I have created some folders in home folder called; HOME, GROUP and BULK These endpoint are CIFS shares on a Windows based server with an NTFS file system. This file system does NOT support symbolic links and is not case sensitive aware. Mounting the BULK In this example I m creating a mount to the bulkserver ghost share. Mounting the BULK Works. Be aware of the fact you are using a NTFS filesystem. So it is not case sensitive and symbolic links won t work either. Mounting your home folder First.. find out your home folder target. In my case it is SRV509 (one of the staff-homes cluster servers) And the share is \staff-homes-dg\ (because my last name starts with an e ) Mounting your home folder You ll mount on the share. Now walk through to your part of the share. In my case it is e and within this folder I ll see my own home folder named bdgpvanes. Works. In the Linux file browser (the
equivalent of the windows explorer) you will see your familiar Windows interface. Mounting your group folder Mounting the groupfolder is not different compared to mounting a home folder. But first we will have to find out where our actual share is. Within Windows we use DFS, but that doesn t work within Linux. On our website www.tudelft.nl/itt I will provide you a table with share information. For this example I have made myself member of the group TNW-IST-OP- Secr which is the secretariat group of the section OP of the department IST from the faculty TNW (applied sciences) Within the table I ll see that this department is hosted on: \\srv517\staff-groups-tnw-ist4\op You can use the groupfolder the same way as within Windows. END OF INSTRUCTION