Configuring Linux Workstations for a Microsoft Windows Environment and Network

最新推荐文章于 2024-07-18 16:44:41 发布

kendyhj9999

最新推荐文章于 2024-07-18 16:44:41 发布

阅读量2.3k

点赞数

文章标签： microsoft linux windows access server terminal

From:http://www.yolinux.com/TUTORIALS/LinuxTutorialMicrosoftWindowsNetworkIntegration.html#BASICCONFIGURATION

This tutorial is aimed at those who wish to migrate fully from a Microsoft Windows desktop to a Linux desktop system but still integrate with the Microsoft Windows servers and infrastructure like that found in a typical corporate environment. Integration with Microsoft print services, file sharing (mounting cifs,smbfs), Exchange server, other MS/Windows PC's, dual boot NTFS drives, Citrix, remote X-Windows logins, telnet and ftp access are all covered in this tutorial.

This tutorial assumes the base system with a full X-Windows and Gnome desktop installation. See Linux Red Hat Installation Tutorial for more information.

Microsoft Office Compatibility: Open Office (bundled with Red Hat Linux 8.0+/Fedora Core) can read/write Word, Excel and Powerpoint files. It also has a vastly superior (compared to MS/Office) HTML web output conversion capability. It is currently (in my opinion) the best office software suite for Linux today. See: YoLinux Linux Office Suites

Microsoft Network Compatibility: This tutorial relies heavily on the SAMBA suite of tools to integrate with the Microsoft Network services.

Tutorial Contents:

# Prerequisite and Basic Configuration
# Mounting/Integrating with the Microsoft File Servers
# Mounting a MS/Windows NTFS or DOS Hard Drive
# List and Browse MS/Windows Shares
# Interfacing with the Microsoft Exchange Mail Servers
# Printing
# Telnet and FTP Access
# Remote access of Linux server by MS/Windows PC users
# Connecting to a Microsoft Windows Terminal Server (NT, 2000 or XP) using RDP
# Integrating with Citrix Winframe NT Application Servers
# Authenticating Linux with Microsoft Active Directory
# LinksPrerequisite and Basic Configuration:
Install Sun SDK (1.4): See Java SDK download/install

Web Browser Configuration: Mozilla
Java VM support:
```
    ln -s /usr/java/j2sdk1.4.0_03/jre/plugin/i386/ns610/libjavaplugin_oji.so /usr/lib/mozilla/plugins/

    
```
Supports mime type: application/x-java-vm
(Required for Microsoft Exchange OWA webmail support.)
Note: The installation of the plugin "plugger" will generate the directory /usr/lib/mozilla/plugins/ . Typically the Mozilla browser installation will create a directory but with the browser version as part of the name. (i.e. mozilla-1.2.1/) This will typically change with each upgrade and I avoid using it for plugins.
Proxy configuration: Many corporate networks rely on SOCKS proxy servers for access to the internet. Typically a Proxy Auto Configuration (PAC) script is issued to be registered with the browser. These scripts are usually targeted to Microsoft Explorer of Netscape Navigator (4.x) specifically. Try the proxy script: "Edit" + "Preferences" and select "Advanced (+)" and "Proxies" + "Automatic proxy configuration URL", enter the script location and select the "Reload" button. If it works, great your ready to surf. If your corporation uses a proxy directly, enter it under "Manual proxy configuration". If using a script and it does not work, use the command "wget http://proxy-url.domain.com/proxy-script.pac " to download the proxy script. Examine the file proxy-script.pac . Buried in the logic of the script is usually the explicit listing of a proxy server which can be entered under the Mozilla manual configuration. If you are at a corporation using a firewall and have direct access, I'm jealous and you have no need for proxy configuration.
Helper Application configuration for various file types:

GNOME Desktop Proxy configuration: (required by Ximian Evolution below)

See YoLinux GNOME Desktop tutorial: Proxy configurationMounting/Integrating with the Microsoft File Servers:

Accessing MS/Windows file servers:
MS/Windows file shares are accessed using a MS/Windows login and password thus I mount the file systems in user directories as they are user resources. Check to see if the proper SAMBA packages are installed: rpm -qa | grep samba . The packages samba-common , samba-client and samba should be installed.

Mount points: The local Linux system mount point choice and method of access is actually important. If it is a multiuser system and the file server is using user privileges to mount and access the file then it might be prudent to use a mount point local to the user. If the system is owned and used solely by the user then I recommend creating a directory in /mnt and using it as a mount point. In either case a soft link (ln -s) to the $HOME/.gnome-desktop/ (RH 7-9) directory will create a nice user interface icon for access purposes. (Fedora Core 3: Use the directory $HOME/Desktop/ )

[Potential Pitfall] : The mount point to the user's home directory MUST be recognized by the admin as a potential pitfall. When removing a user from the system, the command "userdel -r " will recursively delete files and directories found below the home directory. The command "rm -R " will NOT follow sym links thus sym links to $HOME/.gnome-desktop/ are safe. The directories mounted to directories below the $HOME/ path may not be safe from mass deletion.

Create the desktop mount point which will provide a desktop icon and app link to the Nautilus file manager to view files on the server:

System mount point: /mnt/

       [root]#
 mkdir $HOME/.gnome-desktop/MS-SERVER-NAME

       [root]#
 mkdir /mnt/MS-SERVER-NAME

       [root]#
 mkdir /mnt/MS-SERVER-NAME
/MS-Windows-Share

       [root]#
 ln -s /mnt/MS-SERVER-NAME
/MS-Windows-Share
 $HOME/.gnome-desktop/MS-SERVER-NAME

Note Fedora Core 3: $HOME/Desktop/
or

User mount point: $HOME/

       [root]#
 mkdir $HOME/.gnome-desktop/MS-SERVER-NAME

       [root]#
 mkdir $HOME/MS-SERVER-NAME

       [root]#
 mkdir $HOME/MS-SERVER-NAME
/MS-Windows-Share

       [root]#
 ln -s $HOME/MS-SERVER-NAME
/MS-Windows-Share
 $HOME/.gnome-desktop/MS-SERVER-NAME

See "Potential Pitfall" above before using your home directory as a mount point!!

Use one of the following methods: (I prefer method 1)

Directly and upon system boot, mount MS/Windows file server:
Create file ~/.smbpassword (chmod 400 $HOME/.smbpassword)

username = ms-windows-login-name

password = ****

Edit file: /etc/fstab
(you need to be root to edit this file.) and add the following line: (one line. May be shown here as word-wrapped)
CIFS:

//MS-SERVER-NAME/MS-Windows-Share /mnt/MS-SERVER-NAME/MS-Windows-Share cifs credentials=/home/linux-user-id /.smbpassword,workgroup=MS-WINDOWS-DOMAIN ,uid=linux-user-id ,gid=linux-user-group-name 0 0

or SMBFS:

//MS-SERVER-NAME/MS-Windows-Share /mnt/MS-SERVER-NAME/MS-Windows-Share smbfs credentials=/home/linux-user-id /.smbpassword,workgroup=MS-WINDOWS-DOMAIN ,uid=linux-user-id ,gid=linux-user-group-name 0 0

Mount: [root]# mount /mnt/MS-SERVER-NAME /MS-Windows-Share
Unmount: [root]# umount /mnt/MS-SERVER-NAME/MS-Windows-Share
Note:

"cifs" is a newer virtual file system supporting locking, Unicode, hardlinks, etc while "smbfs" (Server Message Block) is an older less advanced protocol.
If the uid and gid are omitted you may only have read access to the MS/Windows server. The uid/gid may be the alphanumeric name or the system user/group numbers.

Directly mount MS/Windows file server: (as root) (one line - may be shown wordwrapped)
[root]# mount -t smbfs -o username=ms-windows-user-id ,workgroup=MS-WINDOWS-DOMAIN ,uid=linux-user-id ,gid=linux-user-group-name //MS-SERVER-NAME /MS-Windows-Share /mnt/MS-SERVER-NAME /MS-Windows-Share password: [root]# umount /mnt/MS-SERVER-NAME /MS-Windows-Share
Password can also be specified on the command line:
- username=ms-windows-user-id ,password=supersecret
- username=ms-windows-user-id ,password=
  (This will specify a "null" password.)
Note that enterprise systems may be using higher levels of security in which case a mount may look more like the following:
[root]# mount -t cifs -o user=WinDomain/userid -o sec=ntlmv2 //MS-SERVER-NAME /MS-Windows-Share-name /mnt/local-linux-mount-point
Note:
- The option ",_netdev" may be added after the user to delay mounting until the network has been enabled.
- The CIFS filesystem was introduced as a sucessor to the SMBFS file system and is more feature rich to support MS/Windows applications and OS security.
Use Samba smbmount: (as root) (one line - may be shown wordwrapped)

[root]# smbmount //MS-SERVER-NAME /MS-Windows-Share /mnt/MS-SERVER-NAME /MS-Windows-Share -o username=ms-windows-login-name ,workgroup=MS-WINDOWS-DOMAIN Password: [root]# smbumount /mnt/MS-SERVER-NAME /MS-Windows-Share
Use Samba shell: (non-root user)
smbclient //MS-SERVER-NAME /MS-Windows-Share -U MS-WINDOWS-DOMAIN /ms-windows-login-name
Password:
This places you in a shell mounted to the MS/Windows server. You can enter commands such as ls, put and get like in an ftp client. Type ? for a full list of commands.
LinNeighborhood: Linux workstation gui tool.
Make your life simple and use the GUI/File Manager LinNeighborhood. It uses smbmount, samba and smbclient to give you access to MS/Windows servers and printers.
Uses GTK+ Libraries.
- LinNeighborhood Home Page
- LinNeighborhood Screen Shot

Note: If the share is a hidden share append a "$" to the name of the share. i.e.: //MS-SERVER-NAME/MS-Windows-Share$

[Potential Pitfall] : If the Microsoft login password is changed, unmount the drive, change the $HOME/.smbpasswd password entry and remount the drive.

[Potential Pitfall] : Spaces in share names are often problematic. Escape with "/040".
Example: //HOSTNAME /share /040name

[Potential Pitfall] : Using OpenOffice to edit an MS/Word document on a cifs mounted file system. OpenOffice Writer may freeze when editing the document when performing a "saving as" on the file as it does not use cisf byte range locks. Fix using the cisf mount option nobrl .

GUI Mount/Configuration Tools:

Gnomba
KNetMon

List and Browse MS/Windows Shares:

smbclient :
```
smbclient -u winlogin
 -W MsWindowsDomain
 -L MsWindowsServer

              
```
This will list all available servers in the domain and all the shares on the MS/Windows server specified.
Man Pages:
- smbclient
File browser access: The system browsers Gnome/Nautilus and newer versions of KDE/Konqueror can also browse the Microsoft file servers using the URL "smb:// "

[Potential Pitfall] : The version of Nautius which ships with Red Hat 8.0 is limited to 12 character (8.3 legacy) problems.
Start Nautilus ("Start Here" icon on desktop) and use URL "smb:// "
Choose Domain folders then "Shares" folders. Login as MS-WINDOWS-DOMAIN /ms-windows-user-id and password.
SMB4k: http://smb4k.berlios.de/ [Screenshots ]
Scan for active workgroups, hosts and shares, mount/unmount, access files (using Konqueror), printer shares, ...
Requires QT libraries 3.1+. (RH 9.0 uses QT3.1 thus OK) Binaries for Fedora, SUSE and Debian.
Note: Requires root access to dynamically mount MS/Windows shares. To give users this privilege, apply the "sticky bit" to smbmnt:
chmod a+t /usr/bin/smbmnt
Also see:
- Davenport - JAVA applet for CIFS/SMB file server access.
- jCIFS.samba.org - jCIFS home page

Mounting a MS/Windows NTFS or DOS Hard Drive:

This procedure is common for dual boot systems and for those who wish to access legacy data. The NTFS file system is used with MS/Windows NT, 2000 and XP. Read only access is available with the NTFS kernel module. The default Red Hat compiled kernels support these NTFS modules. If compiling from source be sure to set the following in kernel-XXXXX.config : CONFIG_NTFS_FS=m (read-only NTFS support. Write support is at your own risk: CONFIG_NTFS_RW=y )

Tuxera.com: Linux NTFS driver - included in all Linux 2.6 kernels
Download the appropriate NTFS driver source: Tuxera.com NTFS-3G community download
The find the version of the kernel you are running, use the command: uname -r -p or cat /proc/version .
Determine the target processor with the command uname -p
Install rpm as root: rpm -ivh kernel-ntfs-2.4.XXX.iX86.rpm
Load module: /sbin/modprobe ntfs
Check for errors: dmesg | grep NTFS
Verify: cat /proc/filesystems
or modprobe -l | grep ntfs
Create mount point: mkdir /mnt/windows
Add line to /etc/fstab :
/dev/hda1 /mnt/windows ntfs ro,umask=0222,uid=Linux-Login-ID 0 0
- Uid is the Linux user login id which is allowed exclusive access to MS/Windows drive. Remove this to allow all system users access to the drive.
- Device reflects that of the MS/Windows hard drive. First SCSI drive would be /dev/sda1 . See YoLinux SCSI tutorial for more info.
mount /mnt/windows
or
mount -t ntfs -o nls=utf8 /dev/hdXX /mnt/windows

Note: DOS and MS/Windows 3.1, 95, 98 or 2000ME can be mounted for read/write using file system types, msdos, umsdos, vfat with no additional kernel module installation required. (NTFS requires extra module) Example for MS/Windows 95:

         /dev/hda1 /mnt/win95 vfat defaults 0 0

For more information see the man pages for: modprobe , dmesg , mount , umount , fstab , dump and fs .

Interfacing with the Microsoft Exchange Mail Servers:

Email, Calendar, Outlook and Microsoft Exchange: Use (1) MS/Outlook on Linux, (2) MS/OWA webmail or (3) Linux Outlook clone, Ximian

Run MS/Outlook on Linux:
Run the Codeweavers Crossover commercial version of Wine and run Microsoft Outlook on Linux. See the YoLinux Tutorial on Installing Crossover and Outlook .
MS/Exchange OWA webmail:
Use your browser: http://webmail.megacorp.com (Company specific)
Note: Java JVM must be installed and browser JVM support must be configured as described above to enable full appointment calendar functionality.
Microsoft Exchange Access with Ximian Evolution email client and Ximian Connector: - Novell CONNECTOR REQUIRES EXCHANGE SERVER 2000! It does not work with MS/Exchange 5.5.
Install Instructions: http://www.novell.com/products/connector/
Red Hat Linux 8.0 comes with the Novell/Ximian/Evolution version 1.0 email client. The Novel MS/Exchange connector requires Evolution version 1.2.
- Download Novell Red-Carpet, Novell/Ximian Evolution 1.2 and Novell/Ximian Connector:
- Red Carpet:
  - Download: http://www.novell.com/products/desktop/update.html
  - Install: rpm -ivh red-carpet-1.4.3-1.ximian.4.i386.rpm
- Download Ximian Evolution 1.2 and Ximian Connector:
  - Run: /usr/bin/red-carpet
  - Configure HTTP Proxy if required.
  - You will be presented with packages to update. Select "Update Now".
  - Choose "Unsubscribed Channels"
  - Select "Ximian Connector" + "Subscribe" button (lower right) + "Install" icon (upper right) + select the "check" box.
    This will install the connector and update Ximian Evolution (V1.2).
  - Select "OK" + "File" + "Exit".
- Install License:
  - File: connector-key.txt
    Place in directory: /home/user-dir /evolution/
- Ximian Evolution Configuration:
  - Start Ximian Evolution email client: (Select envelope icon on the Linux desktop tool bar.)
  - Select "Tool" + "Setting"
  - Select the "Mail Accounts" icon (left hand panel) + "Add" button on right.
    - Exchange OWA server: webmail.megacorp.com
Ximian Connector Notes:
- Uses webdav protocol to a OWA (Outlook Web Access) server to support email, address book and calendar functions.
- Ximian connector requires MS/Exchange server 2000 or better.
KDE KMail and appointment calendar:
Use KDE KMail and appointment calendar which interface with MS/Exchange 2000 using webdav interface.
OMC: Open Message and Collaboration - MS/Exchange 5.5+ connector and Brutus development MAPI to CORBA framework.

IBM Lotus:

Lotus Notes:

On 07/10/2006, IBM announced Lotus Notes client for Linux.

Installation: Notes 7.0.1 client on Red Hat Enterprise 4/CentOS 4

IBM customers can download the licensed C93D1NA.zip from the IBM "Partnerworld program ", "Passport Advantage " to a working directory. i.e. Lotus7.0.1
Perform this step as root - create target install directory: mkdir /opt/IBM/Workplace Managed Client
chmod +w /opt/IBM/Workplace Managed Client
Uncompress: unzip C93D1NA.zip
Results in Personality.zip, readme.pdf, setuplinux.bin
Uncompress: unzip Personality.zip
Set permissions: chmod +x setup_wct_platform.bin setuplinux.bin
cp setuplinux.bin updateSite/features/com.ibm.workplace.notesinstall.linux.feature_7.0.1.0000-0900/bin/linux/
Run install program: ./setup_wct_platform.bin
Accept license and specify target directory: /opt/IBM/Workplace Managed Client (default)
Select "Finish"

Lotus Notes client start script:

 
         01 #!/bin/bash 
 
         02  
 
         03 NOTESBIN=~/notes 
 
         04 NOTESDATA=~/notes/data 
 
         05 NOTESDIR=~/notes/data 
 
         06 LD_LIBRARY_PATH=$NOTESBIN:$NOTESBIN/jvm/bin/classic:$NOTESBIN/jvm/bin:$LD_LIBRARY_PATH 
 
         07 PATH=$NOTESBIN/jvm/bin:$NOTESBIN:$PATH 
 
         08 CLASSPATH=./:$NOTESBIN/:$CLASSPATH 
 
         09 export NOTESBIN NOTESDATA NOTESDIR LD_LIBRARY_PATH PATH CLASSPATH 
 
         10  
 
         11 # Command to start Lotus Notes: 
 
         12 /opt/IBM/Workplace/ Managed/ Client/ rcp /richclient / 
 
         13   -personality com.ibm.workplace.noteswc.standalone.linux.personality

Lotus Notes 7 documentation
SuSE users see SLED 10 patch

Lotus Sametime:

"Meanwhile" is an IBM/Lotus Sametime plugin which is available for the Linux IM client Gaim. Use the following RPM packages:

gaim
gaim-meanwhile

Connect with the user id (LDAP format): CN=Joe R Blow/OU=US/O=MegaCorp and regular Sametime password.

Links:

Printing:

Accessing The Local Microsoft Printer Network:

Configuring the lpr print command: (lprNG)

As root run the GUI configuration tool command: /usr/bin/redhat-config-printer (RH 8.0+)
Select the "New" icon + "Next".
Give it a Queue name. (Make up your own name.)
Select "Windows Printer".
Select "Forward".
Enter Ms/Windows info:
(This example is for a Windows network printer.)
Share: //MS-SERVER-NAME /MS-Windows-Print-Share
Host IP: XXX.XXX.XXX.XXX
Workgroup: WORKGROUP-NAME
User: Your MS/Windows login name
Password: Your MS/Windows password
Select a driver: If it is not listed, pick the closest you can find. Typically there will be an emulation mode for ljet4 or some other popular mode.
Select "Apply"
Select "File" + "Save Changes".
Select "File" + "Quit".

Find the "Host IP" address with the command:

host MS-SERVER-NAME
or

[prompt]$ smbclient //MS-SERVER-NAME
/

added interface ip=your-ip-address
 bcast=XXX.XXX.XXX.255
 nmask=255.255.255.0

Got a positive name query response from ip-address-of-MS-SERVER
 ( ip-address-of-MS-SERVER
 )

Password:

When multiple printers have been defined, use this gui to select the default. the command "lpr file-name " will use the default printer. Use the "-P queue-name " flag to specify a non-default printer.

When sending print jobs directly to an HP network printer (instead of through a MS/Windows print server), configure the queue to use TCP/IP port 9100.

The default Mozilla printer device specification: lpr ${MOZ_PRINTER_NAME:+'-P'}${MOZ_PRINTER_NAME} will print to the default unless modified.

Printing uses the following configuration files:

/etc/printcap - lpr config file (Generated by GUI. You don't need to understand it.)
or $HOME/.printcap

joeshp:/

        :ml#0:/

        :mx#0:/

        :sd=/var/spool/lpd/joeshp:/

        :af=/var/spool/lpd/joeshp/joeshp.acct:/

        :sh:/

        :lp=|/usr/share/printconf/util/smbprint:/

        :lpd_bounce=true:/

        :if=/usr/share/printconf/util/mf_wrapper:

/etc/printcap.local
/usr/share/printconf/util/smbprint - Red Hat 8.0/9.0 shell script

Man pages:

Links:

LPRng Home Page

Create a script to print:

Use smbclient shell:
smbclient //MS-PRINT-SERVER /printer-share -U MS-WINDOWS-DOMAIN /ms-windows-login-name
Use the command: smb: /> print file-name
Command line: smbclient //MS-PRINT-SERVER /printer-share windows-login-password -N -U ms-windows-login-name -W MS-WINDOWS-DOMAIN -c "print file-to-print.ps "

Shell script to print a PostScript or printer ready file: $HOME/bin/print

 
           1 #!/bin/sh 
 
           2 /usr/bin/smbclient //<i>MS-PRINT-SERVER</i>/<i>printer-share</i> <i>windows-login-password</i> / 
 
           3                     -N                       / 
 
           4                     -U <i>ms-windows-login-name</i> / 
 
           5                     -W <i>MS-WINDOWS-DOMAIN</i>     / 
 
           6                     -c  "print $1" 
 
           7 echo "Printing file $1"

Shell script to print a text file: $HOME/bin/printTXT

 
           1 #!/bin/bash 
 
           2 BASENAME=`/bin/ basename $1` 
 
           3 /usr/bin/enscript -o /tmp/$BASENAME. ps $1 
 
           4 /usr/bin/smbclient //<i>MS-PRINT-SERVER</i>/<i>printer-share</i> <i>windows-login-password</i> / 
 
           5                     -N                       / 
 
           6                     -U <i>ms-windows-login-name</i> / 
 
           7                     -W <i>MS-WINDOWS-DOMAIN</i>     / 
 
           8                     -c  "print /tmp/$BASENAME.ps" 
 
           9 echo "Printing file $1"

Links:

LDP Printing HowTo

Granting remote shell access (telnet) and file transfer (ftp) access:

To turn on telnet and ftp access, edit the files /etc/xinetd.d/telnet and /etc/xinetd.d/ftp and change the line:

disable         = yes

to:

disable         = no

Restart xinetd: service xinetd restart (or: /etc/init.d/xinetd restart )

Man pages:

Also see YoLinux tutorials on the following:

Xinetd services configuration
ssh server configuration - ssh is preferred over telnet for a secure connection
FTP server configuration

Remote access of Linux server by MS/Windows PC users:

There are three basic ways to access your Linux system remotely:

Text terminal with telnet or SSH
Text terminal with telnet or SSH to launch individual X-Window applications displayed by the local X-server.
Full Linux desktop access using XDMCP by MS/Windows PC running the local X-server.

Remote X-Windows access by a MS/Windows PC requires the installation of X-Windows server software:

Open Source MS/Windows PC X-Windows server software:

Xming - [instructions ] - X-Windows for MS/Windows - My preferred choice!
Cygwin/X : Described below

Commercial MS/Windows PC X-Windows server software:

1) Text terminal access:

Grant Linux access to remote users. See xinetd configuration above .

Telnet and SHH text terminal client programs for MS/Windows:

Putty [Download putty.exe to your desktop]
Putty: SSH configuration. Select from LHS:
- Session >> Port 22 and SSH
- Connection + SSH >> "Preferred SSH protocol version:" >> "2"
Cygwin - MS/Windows text terminal shell with telnet and ssh client (and an entire Linux shell environment with applications).

For SSH server configuration see the YoLinux.com Internet security SSH server configuration tutorial .

For more information on xinetd, see the YoLinux.com Networking and xinetd configuration tutorial .

2) Launch individual X-Window applications from text terminal:

Steps:

Launch X-Windows server: Cygwin:
Start X server on MS/Win32: C:/cygwin/lib/Singular/startxserver.bat

X-Windows applications will be launched individually from the text terminal console.
XMing:
Xming - [instructions ] - X-Windows for MS/Windows

Note that Xming-mesa has Open-GL 3D support while basic Xming has 2D X-windows support only. You don't need both.

Configure: Programs + Xming + XLaunch

Select "Multiple windows" + next
Select "Start no client" + next
Select "No Access Control" (this allows remote Linux system to write to your local Xming X-server) + next

Set remote access control to your local X-server:

Note that the default setting blocks remote access to your local X-server.

Configure terminal and shell DISPLAY variable:

Putty: SSH configuration
Select from LHS:
- Session >> Port 22 and SSH
- Connection + SSH >> "Preferred SSH protocol version:" >> "2"
- Connection + SSH >> "Enable X11 forwarding"

Configure your environment to support display to remote X-server.
Create script: /opt/bin/setip

 
             1 #!/bin/bash 
 
             2 clientip=` echo $SSH_CLIENT |  cut -d ' ' -f1 |  sed -e  's,::ffff:,,' ` 
 
             3 # Test for servers with hostname prefix server and gateway address 
 
             4 if [[ ! ($clientip =~  "^server|^192.168.0.1" ) ]];  then   
 
             5    export DISPLAY=$clientip:0.0 
 
             6    echo DISPLAY  set to SSH Client $DISPLAY 
 
             7 else 
 
             8    echo Server to Server SSH Detected.  Keeping DISPLAY  set to $DISPLAY 
 
             9 fi

Note:

Do NOT add this to your ~/.bashrc as it will prevent XDMCP access as well as Linux console access.
Before switching to a root account ("sudo su -" or "su -") allow the existing display to accept X protocol: xhost +
A regular ssh connected user will often use display :10.0 while root will use :0.0

3) Full Linux desktop access using XDMCP:

Granting X-Window access to your PC using Xming (or Cygwin, ReflectionX, HummingBird Exceed):

To allow a full Linux login screen (GDM or XDM) and Linux desktop access to another Linux system or to a MS/Windows system requires allowing remote GDM (or XDM) and XDMCP X-Windows access. First configure the Linux system to allow remote access, then use X-Windows software to remotely access the system from MS/Windows (or another Linux system).

Step 1:

Allow remote XDMCP access

See the YoLinux GDM and XDMCP tutorial on configuring Linux to allow remote access.
or
You can use the config tool /usr/sbin/gdmsetup to configure GDM (Gnome login screen) and XDMCP (X-Windows remote full screen access).
You can test the GDM login screen locally: X -query localhost :1

Step 2:

Use X-Window software which runs on MS/Windows

Using XMing on your PC to connect to full Linux GUI desktop with XDMCP:

Xming - [instructions ] - X-Windows for MS/Windows

Note that Xming-mesa has Open-GL 3D support while basic Xming has 2D X-windows support only. You don't need both.

Configure Xming: Programs + Xming + XLaunch

Select "Full screen" + next
Select "Open session via XDMCP" + Next
Select "Connect to host" and enter IP address (or node name) of Linux system + next
next
Finish

Using Cygwin on your PC to connect to full Linux GUI desktop with XDMCP:

Download XFree86 for MS/Windows and install. Be sure to select the "loop" graphic to change from "Default" to "Install" to install all packages. The default is to exclude the X-window server. Packages to install may be selected individually.
Start Cygwin: Windows 2000 menu: "Start" + "Programs" + "Cygwin" + "Cygwin Bash Shell"
Start MS/Windows X-Server for XDMCP connection: (/usr/X11R6/bin/xwin )
- xwin -query Ip-address-of-Unix-computer
  Used to display Linux desktop on MS/Windows PC.
- xwin -multiplemonitors -scrollbars -indirect Ip-address-of-Unix-computer
  Used to display Linux desktop on MS/Windows with multiple monitors.
- xwin -ac -multiwindow Ip-address-of-Unix-computer
  Starts X server but does not generate a desktop window. Each Linux application will create its' own window. In a shell set your display environment to the IP address of your PC and individual applications will be displayed to your MS/Windows desktop.
  In cygwin remote ssh or telnet shell: export DISPLAY=ip-of-local-pc:0.0
  The local IP address can be obtained on MS/Windows through the DOS command: IPCONFIG
[Potential Pitfall] : If your Cygwin bash shell command line prompt is "i have no name " then it is because your uid in the file /etc/passwd is too large. It must be less than the 16 bit limit of 65536. The uid is the third field demarked by the colon (":"). Change the uid to an integer value less than 65536. This will also fix X/Server problems which arise when trying to connect to other computers using X.

Connecting to a Microsoft Windows Terminal Server (NT, 2000 or XP) using RDP:

One may graphically connect to a Microsoft Windows Terminal NT Server, server 2000 or a Microsoft Windows XP system (Professional and Home edition) with a Microsoft Windows Terminal RDP (Remote Desktop Protocol) client for Linux known as "rdesktop". Use version 1.2 or later (which comes with Red Hat 9.0 or later). Version 1.1 which ships with Red Hat Linux 8.0 is buggy.

Note that Microsoft Windows XP uses RDP 5.2 (an extension to the ITU-T T.128 application sharing protocol) using 24 bit color and supports sound. The older RDP 4.0 only supported 8 bit color and did not support sound.

If there is an active rdesktop session, MS/Windows XP will not allow one to login at the console. You will get an error message which states that the system is locked. Only one active MS/Windows desktop is allowed. MS/Windows terminal server is required for more than one simultaneous user login.

Use:

Red Hat/CentOS/Fedora: Install RPM: rpm -ivh rdesktop-X.X.X-X.i386.rpm
Note: Red Hat 8.0 (old) or other distributions of Linux which do not offer a binary package: Download source, untar, configure, make, make install.
Configure MS/Windows XP to allow remote connections:
- Right click "My Computer" desktop icon.
- Select "Properties".
- Select "Remote" tab
  Check "Remote Desktop": "Allow users to connect remotely to this computer".
  OK

Launch Linux desktop client:

rdesktop -u windows-user-id
 -p windows-password
 -g 1200x950 ms-windows-terminal-server-host-name

rdesktop -u windows-user-id
 -g 1240x992 ms-windows-terminal-server-host-name

option	Description
-a	Color depth: 8, 16, 24
-r	Device redirection. i.e. Redirect sound on remote machine to local device. i.e. `-0 -r sound` (MS/Windows 2003)
-g	Geometry: `width xheight` or `70%` screen percentage.
-p	Use `-p -` to receive password prompt.
-d	Use `-d -` to specify a domain. No space is allowed between the "-d" and the domain name (V1.3.1).

Note:

I can also connect to my dual monitor MS/Windows system from my dual monitor Linux system and display the full two monitors. I use the following geometry directive: -g 2540x992
To toggle rdesktop between full screen and the displayed window size, use the following keystroke: ctrl-alt-enter

Links:

http://www.rdesktop.org/ - rDesktop Home Page
GNOME Terminal Services Client - GUI front end to store multiple configurations of rDesktop and other remote desktops for many servers.

Integrating with Citrix Winframe NT Application Servers:

Citrix Winframe ICA Client for Linux:
(ICA: Independent Computing Architecture)

Download: http://www.citrix.com/site/SS/downloads/index.asp
- Select "Clients" link from left hand side of page.
- Select "Citrix ICA Clients" - "Linux"
- Select English ".rpm" - "Version Details"
- Download:
  - Admin Guide: http://support.citrix.com/servlet/KbServlet/download/180-102-8765/ICA_UNIX_Guide.pdf
  - "Get Software": ICAClient-8.0-1.i386.rpm
As root Install: [root]# rpm -ivh ICAClient-8.0-1.i386.rpm
Run/Configure (as user) ICA Client Manager: /usr/lib/ICAClient/wfcmgr
Note: This tool allows full capabilities to configure and run the ICA Citrix winframe client.
- Select "Options" + "Settings..." [screenshot ]
  - Select from pull-down menu: "Server Locations"
  - Network Protocol: TCP/IP
  - Server Group: Primary
  - Address List: (Auto-Locate)
- Select "Entry" + "New..."
  - Select (default option showing: Network) radio button "Published Application"
  - Select button to the right "... ".
  - Select "Citrix-App "
Test Application:
- Select the "Lightning Bolt" icon to connect.
- This will bring up the Microsoft NT server login dialog box.
  - User name: NT-Login-Name
  - Password: NT-Password
  - Domain: MS-WINDOWS-DOMAIN
As a Linux user, run Citrix ICA Client only: First Citrix Application
This will bring up the specified ICA application where the "description" is defined in $HOME/.ICAClient/appsrv.ini section heading. i.e. "Citrix-App "
You can also create a desktop launcher icon: right click on a free area of the desktop and select "New Launcher". Use icon /usr/lib/ICAClient/icons/citrix48.xpm
Application Command: /usr/lib/ICAClient/wfica -desc "Citrix-App " -username NT-Login-Name -password NT-Password -domain MS-WINDOWS-DOMAIN
ICA Client: Second, Third,... Citrix Application
- Configure:
  - Start ICA manager: /usr/lib/ICAClient/wfcmgr
  - Select "New" Icon (or "Entry" + "New")
    - Network:
      - Network Protocol: TCP/IP
      - Server Location: MS-NT-CITRIX-SERVER
      - Select "Server" radio button
      - Description: Application/Server Description
      - Server: MS-NT-CITRIX-SERVER
    - Login:
      - Username: ms-windows-login-name
      - Domain: MS-WINDOWS-DOMAIN
      - Password:
    - Select "Apply"
- Run Application:
  - Launch command: # /usr/lib/ICAClient/wfica -desc "Application/Server Description " -username ms-windows-login-name -password your-password-goes-here -domain MS-WINDOWS-DOMAIN
    Other password options:
    - Option "-clearpassword" may need to be used instead.
    - The password may also be held in the Citrix configuration. Set the configuration with /usr/lib/ICAClient/wfcmgr and select "Connection" + "Properties" + "login" to store the password.
  - Use icon /usr/lib/ICAClient/icons/citrix48.xpm
FYI:
- Help: wfica -h
- If running programs where you have to share files with the Citrix Metaframe server, use SAMBA to export a MS/Windows NT share.
- ICA client product number for Linux client: 81/7
- Config files:
  - $HOME/.ICAClient/*.ini
  - /usr/lib/ICAClient/config/*.ini (not used)
  - /usr/lib/ICAClient/.config/*.ini (not used)
- Launching from a browser: (Using ICA Citrix plug-in)
  - Mime type: application/x-ica
  - Application: /usr/lib/ICAClient/wfica -file %s
  Where "%s" refers to the ".ica" file being passed.
- File: .mailcap : application/x-ica; /usr/lib/ICAClient/wfica -file %s; x-mozilla-flags=plugin:Citrix ICA
- Graphics capture utility: /usr/lib/ICAClient/util/xcapture
  Select window (middle mouse button), select region (corner to corner drag with left mouse button) or cancel (right mouse button).
Uninstall: (rpm -e) Manually delete cache: /usr/lib/ICAClient/cache/

Send/Receive a "WinPopup" Message:

Send a WinPopup Message:

MS/Windows can send a message to another MS/Windows PC which will pop-up (using "WinPopup" protocol) and appear in a dialog box. This is used by admins for notification purposes. The DOS command is:

   NET SEND NetBIOS-computer-name

 "Message to send to user
"

Linux can send the same message to a MS/Windows PC using the command:

   [prompt]$
 smbclient -M NetBIOS-computer-name

 

   Message to send to user

   ctrl-d

Notes:

Message limit is 1600 bytes.
Alternate method: cat mymessage .txt | smbclient -M NetBIOS-computer-name

Receive a WinPopup Message:

To handle incoming " WinPopup" messages on Linux, set the "message command" parameter in the smb.conf .

    message command = csh -c 'xedit %s;rm %s' &

This will use the application "xedit " to display the message. The message is then removed.

%s : The filename containing the message.
%t : Message destination (computer or server to which it was sent.)
%f : Message sender.

Default smb.conf config file is no message command .

Notes:

Using mail to relay the incoming message. Linux smb.conf :

    message command = /bin/mail -s 'message from %f on %m' root < %s; rm %s

To handle incoming " WinPopup" messages on MS/Windows, copy WinPopup into the startup group on your WfWg PC.
/etc/samba/lmhosts - NETBIOS name resolution

Also see LinPopUp available from LittleIgloo.org .

Authenticating Linux with Microsoft Active Directory:

The following approaches are available:

Use a software package such as Likewise Open which allows the Linux system to connect to the MS/Active Directory in Microsoft native protocols.
Use "Microsoft's Unix services for Windows" to enhance AD to include Linux and Unix support. This will support NIS or LDAP protocols. LDAP can be used with or without Kerberos. Thus we have the following three options:
1. Standard NIS authentication
2. Standard LDAP authentication (with or without SSL)
3. Kerberos authentication with LDAP

The following shows a basic LDAP only configuration.

This requires that the Microsoft Active Directory server have its schema enhanced to support Unix/Linux systems, specifically the uid and gid which are numerical representations of the user and group id.
This requires installing Microsoft's Unix services for Windows server 2003 (and earlier) or for server 2008, Microsoft's "Cross platform authentication utilites":
Unix services for Windows Info and download

On the Linux system it requires adding the following /etc/ldap.conf file which defines the translation between native Linux LDAP attribute names and those used by Microsoft Active Directory:

host XXX.XXX.XXX.XXX

 XXX.XXX.XXX.XXX

 

base dc=megacorp

,dc=com


binddn cn=SysAdmin,dc=megacorp

,dc=com


bindpw bindPassword


scope sub
ssl no

nss_base_passwd ou=accounts,dc=megacorp

,dc=com

nss_base_shadow ou=accounts,dc=megacorp

,dc=com

nss_base_group  ou=accounts,dc=megacorp

,dc=com



nss_map_objectclass posixAccount user

nss_map_objectclass shadowAccount user

nss_map_objectclass posixGroup Group



nss_map_attribute uid sAMAccountName

nss_map_attribute uidNumber msSFU30UidNumber

nss_map_attribute gidNumber msSFU30GidNumber

nss_map_attribute loginShell msSFU30LoginShell

nss_map_attribute gecos name

nss_map_attribute userPassword msSFU30Password

nss_map_attribute homeDirectory msSFU30HomeDirectory

nss_map_attribute uniqueMember msSFU30PosixMember

nss_map_attribute cn cn



nss_login_attribute sAMAccountName

pam_member_attribute msSFU30PosixMember

Note:

The "host" statement lists the primary and failover AD servers.

The file /etc/pam.d/system_auth can be configured with the console tool /usr/bin/authconfig or the GUI configuration tool /usr/bin/system-config-authentication .
See the YoLinux LDAP authentication tutorial

Edit /etc/nsswitch.conf so that Linux will authenticate to the Active Directory server using LDAP.

..

...

passwd files ldap

shadow files ldap

group  files ldap

...

..

This is the simplest authentication configuration. The prefered configuration will include Kerberos and SSL. (not covered here - yet) Microsoft's Unix services for Windows also supports the use of Active directory as an NIS server although the LDAP configuration is more current and when used with SSL and Kerberos, it is also more secure.

Links:

YoLinux.com Tutorials:
RDesktop.org - MSTSC (Microsoft Terminal Services Client) (Default port 3389)
NETBIOS Name resolution:
- NETBEUI
- Netbios name resolution

kendyhj9999

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Configuring Linux Workstations for a Microsoft Windows Environment and Network

<br />From:http://www.yolinux.com/TUTORIALS/LinuxTutorialMicrosoftWindowsNetworkIntegration.html#BASICCONFIGURATION<br />This tutorial is aimed at those who wish to migrate fully from a MicrosoftWindows desktop to a Linux desktop system but still integ
复制链接

扫一扫