Edubuntu LTSP with Netware Authentication
Willis, Ben
BenWillis at anderson5.net
Thu Feb 22 16:43:30 UTC 2007
Gavin,
I tried your test. I created a user on the server "di" and gave it a password that is different than the one in NDS. I was able to login to SSH using the NDS password. In the logs I can see when the NCP module modified the user and downloaded some other attributes for the user.
I have not gotten to the other suggestions but does this shed any light on the issue?
Thanks,
Ben
-----Original Message-----
From: edubuntu-devel-bounces at lists.ubuntu.com on behalf of Gavin McCullagh
Sent: Thu 2/22/2007 5:18 AM
To: edubuntu-devel at lists.ubuntu.com
Subject: Re: Edubuntu LTSP with Netware Authentication
Hi,
On Wed, 21 Feb 2007, Willis, Ben wrote:
> With openssh , automagic account creation does not work, since ssh dameon
> first peeks into the local database to fetch credentials before calling
> PAM. If account does not exist, it refuses connection.
>
> Solutions, including automatic synchronization of local database and a
> nss switch library for ncpfs are under finalization. Details will be
> available on this site."
>
> If this is still a limitation in the current module then I'm worried that
> it may never work.
That is a bit nasty. Just as a test, if you create an account locally
with a different password, does the authentication work? In other words,
create a dummy account just to get over the initial lookup and see does the
authentication then work.
It's not really a solution, just an effort to understand if this is the
problem.
We use NIS for centralised accounts. This is done by adding an entry to
nsswitch.conf
passwd: files nis compat
which moreorless says "for the password database, first search the local
/etc/passwd files, then try NIS, etc". This _definitely_ works with
openssh. It appears from Novell documentation that NDS can be used in
nsswitch.conf
http://www.novell.com/documentation/nw6p/index.html?page=/documentation/nw6p/scommenu/data/ae3nohe.html
Although, this guy (who is on solaris not linux but I suspect it's similar)
treats the novell server as a plain LDAP database
http://mysecondhead.blogspot.com/2006/06/solaris-10-and-novell-nds.html
This article (which I have not read in detail), seems to be a howto on
getting authentication against NDS.
http://linuxgazette.net/issue93/pesin.html
This article, and the section "Prepare the SuSE Linux Workstations and/or
Servers that will allow authentication via LDAP." looks like it might be
exactly what you need.
https://secure-support.novell.com/KanisaPlatform/Publishing/471/3000394_f.SAL_Public.html
At worst you could probably create a script to pull all of the users out of
your netware server and create a /etc/passwd file full of dummy accounts
for the linux machines. I guess this could happen hourly or nightly. You
really shouldn't need to do this though.
Sorry to only give pointers but I've never used Novell for this. Let us
know how you get on,
Gavin
--
edubuntu-devel mailing list
edubuntu-devel at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
More information about the edubuntu-devel
mailing list