Edubuntu LTSP with Netware Authentication

Willis, Ben BenWillis at
Thu Feb 22 16:43:30 UTC 2007


I tried your test. I created a user on the server "di" and gave it a password that is different than the one in NDS. I was able to login to SSH using the NDS password. In the logs I can see when the NCP module modified the user and downloaded some other attributes for the user.

I have not gotten to the other suggestions but does this shed any light on the issue?



-----Original Message-----
From: edubuntu-devel-bounces at on behalf of Gavin McCullagh
Sent: Thu 2/22/2007 5:18 AM
To: edubuntu-devel at
Subject: Re: Edubuntu LTSP with Netware Authentication

On Wed, 21 Feb 2007, Willis, Ben wrote:

> With openssh , automagic account creation does not work, since ssh dameon
> first peeks into the local database to fetch credentials before calling
> PAM. If account does not exist, it refuses connection.
> Solutions, including automatic synchronization of local database and a
> nss switch library for ncpfs are under finalization. Details will be
> available on this site."
> If this is still a limitation in the current module then I'm worried that
> it may never work.

That is a bit nasty.  Just as a test, if you create an account locally
with a different password, does the authentication work?  In other words,
create a dummy account just to get over the initial lookup and see does the
authentication then work.

It's not really a solution, just an effort to understand if this is the

We use NIS for centralised accounts.  This is done by adding an entry to
	passwd:         files nis compat

which moreorless says "for the password database, first search the local
/etc/passwd files, then try NIS, etc".  This _definitely_ works with
openssh. It appears from Novell documentation that NDS can be used in

Although, this guy (who is on solaris not linux but I suspect it's similar)
treats the novell server as a plain LDAP database

This article (which I have not read in detail), seems to be a howto on
getting authentication against NDS.

This article, and the section "Prepare the SuSE Linux Workstations and/or
Servers that will allow authentication via LDAP." looks like it might be
exactly what you need.

At worst you could probably create a script to pull all of the users out of
your netware server and create a /etc/passwd file full of dummy accounts
for the linux machines.  I guess this could happen hourly or nightly.  You
really shouldn't need to do this though.

Sorry to only give pointers but I've never used Novell for this.  Let us
know how you get on,


edubuntu-devel mailing list
edubuntu-devel at
Modify settings or unsubscribe at:

More information about the edubuntu-devel mailing list