LinuxMCE domain Controller

From LinuxMCE
Revision as of 05:16, 7 August 2010 by B9love (Talk | contribs)

Jump to: navigation, search

Insert non-formatted text here

These steps will turn your core into a primary domain controller for your LinuxMCE network. I basically scoured the internet for the steps and compiled all the applicable steps into this write up. You should be able to join Linux, Macs, Windows XP, Windows Vista, and Windows 7 computers to the LinuxMCE domain. I have tested this with Ubuntu, Kubuntu, Windows XP, Windows Vista, Windows 7, and Windows Server 2008 X64. The server 2008 operating system kept "falling off" the domain and I would have to rejoin the domain every 2-3 days. I would call that an incompatibility.

These configurations allow single sign-on on all machines joined to the domain and roaming profiles. More options are available by editing the samba.conf file. I don't know all the configuration options for the samba.conf file, google will be your friend here. Unfortunately you can not turn an existing core into a domain controller (well, I wasn't able to). It's good practice to start with a fresh OS when making a domain controller, it's also good practice to format the hard drive after demoting a machine from a domain controller.


I installed LinuxMCE using the latest snap shot.

Install Kubuntu from the DVD.

Perform the updates as described in the wiki then run the LinuxMCE install script.(Note - run the Diskless MD script after making your core a PDC)

In a terminal perform the following steps:

sudo su -

nano /etc/samba/smb.conf

Make sure your smb.conf file looks like this:

workgroup = LinuxMCE server string = DCERouter netbios name = DCERouter security = user

Add the following under global:

  domain logons = yes
  1. logon path = \\%N\%U\profile
  2. logon drive = H:
  3. logon home = \\%N\%U
  logon script = logon.cmd
  add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d /var/lib/samba -s /bin/false %u

NOTE: If you want to use roaming profiles uncomment logon path,drive, and home, then supply the appropriate paths. The drive letter can be anything you want but you want to use something that wont be used by a local drive (C:, D: etc).

Add the following under shares:

[netlogon]

  comment = Network Logon Service
  path = /srv/samba/netlogon
  guest ok = yes
  read only = yes
  share modes = no


[homes]

  comment = Home Directories
  browseable = no
  read only = no
  create mask = 0700
  directory mask = 0700
  valid users = %S

press Ctrl X to save and exit

  1. enter the following commands:

sudo mkdir -p /srv/samba/netlogon

sudo touch /srv/samba/netlogon/logon.cmd

sudo chmod 777 /var/lib/samba/secrets.tdb (NOTE: This is the best I can do, please supply a better way than modifying the permissions on this file.)

sudo net groupmap add ntgroup="Domain Admins" unixgroup=admin rid=512 type=d

Note:(The way it should be) The user used to join the domain needs to be a member of the sysadmin group, as well as a member of the system admin group. (What actually happened) The user I created while installing Kubuntu was the only user That could add computers to the domain. I always name that user Administrator so it actually worked pretty good in the end, it made the whole thing feel like an appliance.


NOTE: You need to manually add DNS entries to the LinuxMCE DNS server for Linuxmce.local, and DCERouter, in order to join the domain. You can do it on the client (workstation) by editing the Host file but I wouldn't recommend it. There are to many reasons not to modify the host file. You also want to make sure the DNS suffix for your network cards is LinuxMCE.local. Again it can be done on the core or the client, I recommend the core. To do this on the core You'll want to make sure DHCP is configured with LinuxMCE.local for the DNS suffix. I'll add the steps for Bind9 and DHCP later but it's pretty easy to figure out plus google is your friend here also.


To Join a linux machine to the domain perform the following in a terminal on the client:

sudo nano /etc/samba/smb.conf

Make sure your smb.conf file looks like this:

  workgroup = YOURDOMAINNAME
  security = domain

net join -W YOURDOMAINNAME -U administrator


If anyone knows how to make this better or can spot any holes, please edit this.