I installed the following Ubuntu packages (which brought along the necessary prerequisites):
Edit /etc/ldap.conf (merges both pam and libnss into one file):
host auth base dc=lair,dc=lan uri ldap://auth ldap_version 3 bind_policy soft pam_password exop nss_base_passwd ou=People,dc=lair,dc=lan?one nss_base_passwd ou=People,dc=dslab,dc=lan?one nss_base_passwd ou=People,dc=sunyit,dc=lan?one nss_base_shadow ou=People,dc=lair,dc=lan?one nss_base_shadow ou=People,dc=dslab,dc=lan?one nss_base_shadow ou=People,dc=sunyit,dc=lan?one nss_base_group ou=Group,dc=lair,dc=lan?one nss_base_group ou=Group,dc=dslab,dc=lan?one nss_base_group ou=Group,dc=sunyit,dc=lan?one
Configure /etc/nsswitch.conf as follows:
passwd: files [SUCCESS=return] ldap group: files [SUCCESS=return] ldap shadow: files [SUCCESS=return] ldap hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: files services: files ethers: files rpc: files netgroup: nis
And /etc/ldap/ldap.conf:
BASE dc=lair,dc=lan URI ldap://auth
The /etc/pam.d/common-* files came preset with LDAP entries that look like they'll “just work” for us. No changes were made.
To configure nfs, I installed the following packages (which brought in necessary prerequisites):
In /etc/auto.master:
/home /etc/auto.home --timeout=60 -fstype=nfs4,rw
In /etc/auto.home:
* nfs:/home/&
We need to enable idmapd support in /etc/default/nfs-common:
# If you do not set values for the NEED_ options, they will be attempted # autodetected; this should be sufficient for most people. Valid alternatives # for the NEED_ options are "yes" and "no". # Do you want to start the statd daemon? It is not needed for NFSv4. NEED_STATD= # Options for rpc.statd. # Should rpc.statd listen on a specific port? This is especially useful # when you have a port-based firewall. To use a fixed port, set this # this variable to a statd argument like: "--port 4000 --outgoing-port 4001". # For more information, see rpc.statd(8) or http://wiki.debian.org/?SecuringNFS STATDOPTS= # Do you want to start the idmapd daemon? It is only needed for NFSv4. NEED_IDMAPD=yes # Do you want to start the gssd daemon? It is required for Kerberos mounts. NEED_GSSD=
Finally, in /etc/idmapd.conf:
[General] Domain = lair Pipefs-Directory = /var/lib/nfs/rpc_pipefs Verbosity = 0 [Mapping] Nobody-User = nobody Nobody-Group = nogroup [Translation] Method = nsswitch
Be sure to restart nfs-common and then autofs.
Remove any existing directories in /home (such as those of local users). This will lead to less problems (it actually wouldn't automount for me if there were local files in /home).
In /etc/X11/xinit/xserverrc, we want to remove the “-nolisten tcp” so we can do X networking.
Before:
#!/bin/sh # $Id: xserverrc 189 2005-06-11 00:04:27Z branden $ exec /usr/bin/X11/X -nolisten tcp
After:
#!/bin/sh # $Id: xserverrc 189 2005-06-11 00:04:27Z branden $ exec /usr/bin/X11/X
To enable lair members sudo access, in visudo:
# User privilege specification root ALL=(ALL) ALL %lair ALL=(ALL) ALL
I removed the %admin reference.
I also removed all local users (bob, jim, roy).
In Ubuntu, for a user to have the ability to mount an inserted USB stick, they must be a member of group 'plugdev' (apparently in cases where pmount/pumount is used).
It doesn't appear as if Ubuntu 9.04 uses pmount, but I did find somewhere that might solve the problem for me…
In /etc/gnome-system-tools/users/profiles, I added the line:
groups=cdrom,floppy,dialout,tape,dip,adm,plugdev,fax,audio,scanner,fuse,video
to the stanza for Unprivileged users. Total updated file looks as follows:
[Unprivileged]name=Unprivileged name[es]=Usuario sin privilegios shell=/bin/bash home-prefix=/home uid-min=1000 uid-max=6000 groups=cdrom,floppy,dialout,tape,dip,adm,plugdev,fax,audio,scanner,fuse,video [Desktop] name=Desktop user name[es]=Usuario del escritorio default=1 shell=/bin/bash home-prefix=/home uid-min=1000 uid-max=6000 groups=cdrom,floppy,dialout,tape,dip,adm,plugdev,fax,audio,scanner,fuse,video [Administrator] name=Administrator name[es]=Administrador shell=/bin/bash home-prefix=/home uid-min=1000 uid-max=6000 groups=cdrom,floppy,dialout,tape,dip,adm,plugdev,fax,audio,scanner,fuse,admin,sambashare,l padmin,video