In the rear of the enemy. Implementation
Events take place behind a garden ring in a standard firm that uses, mainly, Microsoft solutions, not standing out in this respect from the rest. For some time now a Linux company has been working in the company, which cannot stand working in Windows OS.
With all the dislike for usability provided by the products of a notorious corporation, linuksoid needs to integrate into the network to carry out activities for which he will receive a salary. In particular, he will need to work with mail, share files through shared folders, open MS Office documents.
')
Since the network uses Active Directory technology, first of all, after installing Linux on your machine, you should install the Kerberos libraries and utilities - the libraries will most likely pull themselves through dependencies.
It should be noted that Patrick Wolkerding does not respect Kerberos, or at least did not respect, but as you have noticed, I am not going to tell Linux how to install packages or how to rebuild the entire system to support something.
If you are not familiar with Kerberos, then I advise you to read the theoretical foundations, this is useful for understanding the process and for catching errors.
My approximate settings / etc / krb5.conf:
Perform kinit my_account_name, enter the password and get a ticket. Or we will not receive for one of the heaps of reasons, the main of which is the dispersed time. If necessary, we put ntpd, to keep time up to date, which is recommended.
As a mail client (MUA) I use Kmail - supports both NTLM and Kerberos (GSSAPI). I responsibly declare - GSSAPI + Exchange + Kmail is working. The latest version of Kmail should be used due to serious progress in usability, as well as an elementary correction of errors.
In general, I use all of Kontact, but he doesn’t have full integration with Exchange yet, and I’m glad that our company doesn’t use Exchange’s non-mail features. However, the KDE team promises to resolve this issue and integrate to the fullest.
From the fronts, Gnome reports on Evolution, but, as I understand it, OWA is used in this solution, and is unlikely to work with Exchange 2007. However, I am sure that the comments will contain more accurate information.
Yes, any Linux user knows that OpenOffice.org is not a very stable program. She handles MS Office documents most often, but this is not guaranteed. Latex and associates, of course, without competition, but it is still possible to substantiate it in the scientific community, but in the office we will have to hope that OOo will not fail.
In particularly clinical cases, it is possible to install Ms Office under Wine / CrossOver. I have not yet reached the clinical situation.
To create your own shared folder, set Samba (for hand-gathering, enable AD support).
And this is what /etc/samba/smb.conf looks like, a mixture of default settings for the distribution and mine:
Also, do not forget to include winbind in /etc/nsswitch.conf:
Winbind we need to authorize users - you can set access to shared folders to individual users.
With a Kerberos ticket on hand, this is not particularly difficult. There are two ways I tried - fusesmb and KDE's built-in capabilities. Fusesmb allows you to work with files “on the spot” not only with KDE / Gnome applications, but also with any other. The built-in features of KDE, on the other hand, provide an easy way to quickly look around and download what you need for further work.
There is still mount.cifs, but I still could not get it to work with Kerberos. But in fact, my craving for Kerberos is not always and not everywhere justified, so perhaps this option will suit anyone.
That's all. If Linux user lacks something else - write in the comments, we will decide with the world / habr.
With all the dislike for usability provided by the products of a notorious corporation, linuksoid needs to integrate into the network to carry out activities for which he will receive a salary. In particular, he will need to work with mail, share files through shared folders, open MS Office documents.
')
Kerberos
Since the network uses Active Directory technology, first of all, after installing Linux on your machine, you should install the Kerberos libraries and utilities - the libraries will most likely pull themselves through dependencies.
It should be noted that Patrick Wolkerding does not respect Kerberos, or at least did not respect, but as you have noticed, I am not going to tell Linux how to install packages or how to rebuild the entire system to support something.
If you are not familiar with Kerberos, then I advise you to read the theoretical foundations, this is useful for understanding the process and for catching errors.
My approximate settings / etc / krb5.conf:
[libdefaults] default_realm = DOMAIN.LOCAL # The following krb5.conf variables are only for MIT Kerberos. kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true [realms] DOMAIN.LOCAL = { kdc = 192.168.0.1 kpasswd_server = 192.168.0.1 default_domain = domain.local } [domain_realm] domain.local=DOMAIN.LOCAL .domain.local=DOMAIN.LOCAL Perform kinit my_account_name, enter the password and get a ticket. Or we will not receive for one of the heaps of reasons, the main of which is the dispersed time. If necessary, we put ntpd, to keep time up to date, which is recommended.
Mail client
As a mail client (MUA) I use Kmail - supports both NTLM and Kerberos (GSSAPI). I responsibly declare - GSSAPI + Exchange + Kmail is working. The latest version of Kmail should be used due to serious progress in usability, as well as an elementary correction of errors.
In general, I use all of Kontact, but he doesn’t have full integration with Exchange yet, and I’m glad that our company doesn’t use Exchange’s non-mail features. However, the KDE team promises to resolve this issue and integrate to the fullest.
From the fronts, Gnome reports on Evolution, but, as I understand it, OWA is used in this solution, and is unlikely to work with Exchange 2007. However, I am sure that the comments will contain more accurate information.
Office package.
Yes, any Linux user knows that OpenOffice.org is not a very stable program. She handles MS Office documents most often, but this is not guaranteed. Latex and associates, of course, without competition, but it is still possible to substantiate it in the scientific community, but in the office we will have to hope that OOo will not fail.
In particularly clinical cases, it is possible to install Ms Office under Wine / CrossOver. I have not yet reached the clinical situation.
Samba, we share
To create your own shared folder, set Samba (for hand-gathering, enable AD support).
And this is what /etc/samba/smb.conf looks like, a mixture of default settings for the distribution and mine:
[global] workgroup = DOMAIN server string = %h server (Linux) dns proxy = no realm = DOMAIN.LOCAL security = ADS password server = 192.168.0.1 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/nologin winbind enum groups = yes winbind enum users = yes winbind nested groups = Yes usershare allow guests = yes [share] path = /home/deepwalker/share guest ok = no browseable = yes writable = yes create mask = 0666 directory mask = 0777 [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no Also, do not forget to include winbind in /etc/nsswitch.conf:
passwd: compat winbind group: compat winbind ... Winbind we need to authorize users - you can set access to shared folders to individual users.
We walk in public folders
With a Kerberos ticket on hand, this is not particularly difficult. There are two ways I tried - fusesmb and KDE's built-in capabilities. Fusesmb allows you to work with files “on the spot” not only with KDE / Gnome applications, but also with any other. The built-in features of KDE, on the other hand, provide an easy way to quickly look around and download what you need for further work.
There is still mount.cifs, but I still could not get it to work with Kerberos. But in fact, my craving for Kerberos is not always and not everywhere justified, so perhaps this option will suit anyone.
That's all. If Linux user lacks something else - write in the comments, we will decide with the world / habr.
Source: https://habr.com/ru/post/54506/
All Articles