U s i n g t h e L i n u x P C o n t h e M e e t P C V L A N This article was published on www.tudelft.nl/itt
Date: june , 2007 Author: Boris van Es Version: 1.0 Case
In your lab there are several computers which are not able to run on the ITT provided Linux image. Due to compatibility issues you are doomed to use the current linux/unix distribution you are using. These machines must be able to write data to the bulkservers and print on the multifunctional printers. The ITT project is not involved in updating your Linux machines. This is the job of the lab-pc-owner. Please take notice of the following guidelines to make your Linux machine capable of exchanging data with the bulkservers and use the same printers as your normal workstation.
First make sure you have the latest Samba client on your Linux pc. (june 2007 -> this is version 3.025a) The configuration and examples in this section are based on the SuSe 10.2 distribution.
But Fedora, Ubuntu or RedHat have similar configuration.
Updating Samba
Go the www.samba.org and download the selected rpm‟s (as depicted) Note: these versions are of June 2007. Please use the most recent versions. It is a good practice to use the latest version of Samba.
please give me some ITT
Updating Samba
Place the download rpm‟s in a rpm folder on the desktop and start a terminal. Now run as depicted.
Updating Samba
After updating you should see something as depicted.
Adding the hostname in the Active Directory
First, create a service call to add your Linux pc (hostname) to the Active Directory.
Configuring NTP
Because we are going to work with Kerberos, the right time is extremely important.
Please adjust you NTP settings Go to Yast2 and select as depicted.
Configuring NTP
Use the TU Delft NTP servers.
(Right Time is critical due to the default time skew of 300 sec. for Kerberos)
Configure WinBind and Samba If you want to authenticate against the Active Directory you need to make some configuration change in your smb.conf. But first open Yast2 and select Network Services. In this pane you‟ll find a „windows domain membership‟ icon. (this depends on your distribution you are using)
This applet will make some changes in the smb.conf
Windows Domain Membership You need to add your host in order to be able to authenticate.
Windows Domain Membership Click yes to join the domain. (it‟s nothing more than some adjustments in your smb.conf)
Windows Domain Membership Use your own NetId and ditto password.
WinBind not installed?
You might receive an error message if you do not have the correct packages installed for authenticating against our active directory domain.
Press OK
Installed packages..
After the automatic install we advise you to reboot.
Reboot
Select “Restart the computer”.
Start Yast2 again
Select „windows domain membership‟ again and press finish.
You‟ll notice some activity. If you start „windows domain
membership‟ again you‟ll see something like depicted.
When starting you‟ll see that the domain membership is verified.
Login
When trying to logon with your netid you‟ll notice it won‟t work.
This is because we need to
make/change some manual settings in the smb.conf
Adjusted smb.conf
Original smb.conf
Differences in smb.conf made Windows Domain Membership You‟ll see that only a couple of lines are added to the Global section of the smb.conf by the Domain Membership icon.
Note: The Domain Membership changes are not enough, we need to add some extra lines !!!
Adjusting the smb.conf Now ad some lines to make
authentication to our Active Directory possible.
[global]
workgroup = DASTUD printing = cups printcap name = cups printcap cache time = 750 cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
idmap gid = 10000-1000000 idmap uid = 10000-1000000 idmap domains = DASTUD
idmap config DASTUD:backend = rid idmap config DASTUD:base_rid = 0
idmap config DASTUD: range = 10000-1000000 realm = TUDELFT.NET
security = ADS
template homedir = /home/%U
Adjusting the smb.conf
Make the following adjustments in the smb.conf.
template shell = /bin/bash allow trusted domains = no usershare max shares = 100 winbind refresh tickets = yes winbind use default domain = yes winbind enum users = no
winbind enum groups = no winbind offline logon = yes loglevel = 3 winbind:5
idmap backend = rid:DASTUD=10000-1000000
Adjusting the smb.conf
Versions of Samba 3.024 and previous versions please use the following adjustment in your smb.conf Restart winbind
Test the AD authentication Open a terminal and type “getent passwd <netid>” You should receive an answer.
If you do not receive an answer similar to what is depicted…. something is wrong.
Please reboot, check the
Logging on with Netid
Why should you logon with your netid, instead of a local account?
This is necessary to make printing available.
When logging on for the first time you‟ll see something like depicted.
Don‟t worry… all folders are created.
Logged on with Netid
I‟m logged on with my netid and
therefore a regular non-root user on this Linux machine.
Depicted: My home within Linux.
CREATING A PRINTER
Create Printer
Now logoff and logon as root. We are going to create a printer. This printer is connected to a multifunctional (NashuaTec 2500) Every user with netid and logged on to this machine, can use this printer. The costs for printing are at the account for the logged on user(s).
Every netid will pay for his/her own prints.
Create printer
Adding a printer with GUI will not work. With this version (10.2) it hangs and need a force quit.
So…. we are going to use the web interface.
Create Printer / web interface Choose Add printer.
Create Printer / web interface Choose names that suits you.
Create Printer / web interface Choose printing by Samba.
Create Printer / web interface Add device URI.
Make sure you use
smb://tudelft.net/<printserver>/<printer >
The tudelft.net is necessary to send your netid (when logged on with netid) to the printserver.
Create Printer / web interface Open a new tab in your browser an go to webprint.tudelft.nl
Now login and choose a location. From within here you can download the PPD driver for Linux.
Now save and unpack the driver to a folder on e.g. the desktop.
Create printer
Click browse to provide the PPD file. Select the PPD file
Click Add Printer
Create printer
Give root and password.
Create printer / settings
After the printer is added, please select the options you like.
Create printer / finishing This is the printer.conf
You‟ll see there are no usernames or whatsoever in the conf file.
Now restart the cups service or better….. reboot.
Test printer
Login with your netid.
Open printers, select the added printer. You‟ll probably notice that a testprint might not work.
So its better to open a webpage and try to print.
In our example I‟ll print a webpage from nu.nl
The actual print is in full color and looks good.
CONFIGURING the Evolution mail client
Adding the exchange add-in
Before we can use Evolution we need to install the plug-in. This need to be done by a root.
Evolution Setup
Start the evolution client and press Forward.
Now fill in the identity settings and press Forward.
Evolution Setup
For servertype choose Microsoft Exchange.
For username fill in your netid For owa url fill in:
https://webmail.tudelft.nl Press authenticate Evolution Setup Type your password.
Evolution Setup
Select check new mail…. 10 minutes is ok.
Evolution Setup
Account information is automatically filled in for you.
Press forward.
Choose the Europe/Amsterdam time zone.
FINISHED configuring.
Using Evolution
The first time you start the Evolution client it will fetch the mail from the server.
For large mailboxes this can take a while.
As depicted… full Outlook functionality in this Evulotion e-mail Linux client.
Using Evolution
And even full calendar functionality.
MOUNTING Home- Group and Bulk folders Prerequisites
In a Linux system only root equivalent users can use the mount command.
Because I‟m logged on with my netid, I‟m just a regular user on the Linux pc. Therefore we need to work with the sudoers.
Mounts
For convenience I have created some folders in home folder called; HOME, GROUP and BULK
These endpoint are CIFS shares on a Windows based server with an NTFS file system.
This file system does NOT support symbolic links and is not case sensitive aware.
Mounting the BULK
In this example I‟m creating a mount to the bulkserver ghost share.
Mounting the BULK Works.
Be aware of the fact you are using a NTFS filesystem. So it is not case sensitive and symbolic links won‟t work either.
Mounting your home folder
First.. find out your home folder target. In my case it is SRV509 (one of the staff-homes cluster servers) And the share is \staff-homes-dg\ (because my last name starts with an „e‟)
Mounting your home folder You‟ll mount on the share.
Now walk through to your part of the share. In my case it is “e” and within this folder I‟ll see my own home folder named bdgpvanes.
Works.
equivalent of the windows explorer) you will see your familiar Windows interface.
Mounting your group folder
Mounting the groupfolder is not different compared to mounting a home folder. But first we will have to find out where our actual share is.
Within Windows we use DFS, but that doesn‟t work within Linux.
On our website www.tudelft.nl/itt I will provide you a table with share
information.
For this example I have made myself member of the group “TNW-IST-OP-Secr” which is the secretariat group of the section OP of the department IST from the faculty TNW (applied sciences) Within the table I‟ll see that this
department is hosted on:
\\srv517\staff-groups-tnw-ist4\op You can use the groupfolder the same way as within Windows.
