Results 1 to 10 of 10

Thread: Windows Domain Membership

  1. #1

    Question Windows Domain Membership

    Hello, guys!


    I've been working on homologate openSUSE for our company.
    As we use a Active Directory structure, I used the documentation from SLED and was perfectly able to join the DOMAIN using the WINDOWS DOMAIN MEMBERSHIP tool.


    However, I want to use the "expert configuration" to auto mount windows directories in the local machine.


    I entered in yast2>windows domain membership>expert settings>mount server directories


    Do you guys have any how-to of using this?


    I tried this configuration:
    name server: 192.168.4.x (IP of server)
    remote path: /sistema
    local path: /mnt
    options: user=%(DOMAIN_USER)




    This is the last step to homologate SUSE for us. Do you guys have any kind of help to give me?

  2. #2
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,188

    Default Re: Windows Domain Membership

    Let's first ask a question;

    - Do you want the mount to be mounted when a user logs into the system
    or
    - Do you want the mount to be constantly available and automounted on system startup?

    The problem with the first one is that pam_mount is incompatible with openSSH's privilege separation and you have to disable that in order for that to work and I find it as a "poor solution".
    .: miuku @ #opensuse @ irc.libera.chat

  3. #3

    Default Re: Windows Domain Membership

    @Miuku

    I want the mount to be mounted at the log in of the user. Thats because I need the permissions from the samba-ad to work with my linux workstations.

    I have to disable the openSSH separation?

    I thought that I just had to configure correctly the EXPERT SETTINGS, to do the auto mount.

  4. #4
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,710
    Blog Entries
    1

    Default Re: Windows Domain Membership

    Quote Originally Posted by odirneto1309 View Post
    @Miuku

    I want the mount to be mounted at the log in of the user. Thats because I need the permissions from the samba-ad to work with my linux workstations.

    I have to disable the openSSH separation?

    I thought that I just had to configure correctly the EXPERT SETTINGS, to do the auto mount.
    Using AutoFS to mount the share 'on demand' might be a good fit here.

    https://doc.opensuse.org/documentati...ha.autofs.html

  5. #5
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,188

    Default Re: Windows Domain Membership

    I agree with Deano, autofs would be a better idea but it would require you to save your credentials locally in a file only the root can read.

    In short you could do something like this;

    - install autofs package
    - edit /etc/auto.master and add before the +auto.master something like;

    Code:
    /mnt /etc/windows.mount --timeout=60
    Then create /etc/windows.mount file with this in it:
    Code:
    mountname    -fstype=cifs,ro,domain=yourdomain.com,credentials=/etc/samba/my.creds ://your.windows.server/mount
    mountname here refers to what it will create in /mnt/mountname

    Then create /etc/samba/my.creds and make sure it only contains
    Code:
    username=usernametouseformount
    password=userspasswordthatyouspecified
    Make sure the file is root.root and 600

    Start autofs; systemctl start autofs

    It will then mount the windows mount whenever the user enters that directory via shell or a GUI program.

    Note, this will only be useful in a system where the local user does not have root permissions and cannot read your password file. If that is the case, you need to look for alternatively solutions such as disabling privilege separation.
    .: miuku @ #opensuse @ irc.libera.chat

  6. #6

    Default Re: Windows Domain Membership

    @miuku

    Autofs did not solve my problem because I need the share to be mount, with the AD user permissions, but at a specifc path. My ERP need it to be mount, with the user permissions, to work properly.

    Thats why I was trying to do this using WINDOWS DOMAIN MEMBERSHIP from SUSE to do this.

    If the only way is to use fstab or autofs, those solutions are not integrated to AD, so its not worth to use it in our enviroment because we need this integration.

  7. #7
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,188

    Default Re: Windows Domain Membership

    One thing I need to know before I draft you a quick how-to is whether you need this functionality when logging in through locally with a graphical user interface or via SSH?

    And if you need it locally after logging via a login manager, do you use GNOME or KDE?
    .: miuku @ #opensuse @ irc.libera.chat

  8. #8

    Default Re: Windows Domain Membership

    @miuku

    Its in graphical settings.

    I use XFCE for those

  9. #9
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,710
    Blog Entries
    1

    Default Re: Windows Domain Membership

    The following guide may be of some value here:
    https://doc.opensuse.org/documentati...curity.ad.html

  10. #10
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: Windows Domain Membership

    If you're supporting more than just a couple Linux clients in an AD, you should consider installing an AD Linux extension like Centrify or Likewise Open.
    Then, you should be able to configure your client machines centrally. using common AD objects like GPO.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •