Edubuntu LTSP with Netware Authentication
Gavin McCullagh
gmccullagh at gmail.com
Thu Feb 22 10:18:43 UTC 2007
Hi,
On Wed, 21 Feb 2007, Willis, Ben wrote:
> With openssh , automagic account creation does not work, since ssh dameon
> first peeks into the local database to fetch credentials before calling
> PAM. If account does not exist, it refuses connection.
>
> Solutions, including automatic synchronization of local database and a
> nss switch library for ncpfs are under finalization. Details will be
> available on this site."
>
> If this is still a limitation in the current module then I'm worried that
> it may never work.
That is a bit nasty. Just as a test, if you create an account locally
with a different password, does the authentication work? In other words,
create a dummy account just to get over the initial lookup and see does the
authentication then work.
It's not really a solution, just an effort to understand if this is the
problem.
We use NIS for centralised accounts. This is done by adding an entry to
nsswitch.conf
passwd: files nis compat
which moreorless says "for the password database, first search the local
/etc/passwd files, then try NIS, etc". This _definitely_ works with
openssh. It appears from Novell documentation that NDS can be used in
nsswitch.conf
http://www.novell.com/documentation/nw6p/index.html?page=/documentation/nw6p/scommenu/data/ae3nohe.html
Although, this guy (who is on solaris not linux but I suspect it's similar)
treats the novell server as a plain LDAP database
http://mysecondhead.blogspot.com/2006/06/solaris-10-and-novell-nds.html
This article (which I have not read in detail), seems to be a howto on
getting authentication against NDS.
http://linuxgazette.net/issue93/pesin.html
This article, and the section "Prepare the SuSE Linux Workstations and/or
Servers that will allow authentication via LDAP." looks like it might be
exactly what you need.
https://secure-support.novell.com/KanisaPlatform/Publishing/471/3000394_f.SAL_Public.html
At worst you could probably create a script to pull all of the users out of
your netware server and create a /etc/passwd file full of dummy accounts
for the linux machines. I guess this could happen hourly or nightly. You
really shouldn't need to do this though.
Sorry to only give pointers but I've never used Novell for this. Let us
know how you get on,
Gavin
More information about the edubuntu-devel
mailing list