[K12OSN] two more netware/linux questions

Joe Guenther jguenther at chinooksedge.ab.ca
Tue Oct 12 16:00:47 UTC 2004


  No the UID and GID can be dynamically created.  I have integrated 
eDirectory and LTSP and I only enter the new users in to Novell 
eDirectory ... all the rest happens automatically on the LTSP when a new 
user logs in for the first time.  I hope this helps, as this syntax was 
a key break-through when I set up my Netware /  LTSP integration.

Joe Guenther

= = = = = = = copy of portion of system-auth file = = = = = = = =

## note this following line is ALL ONE LINE - there is not line break
auth        sufficient   /lib/security/pam_ncp_auth.so nullok 
use_first_pass 
ndsserver=DBHSNS1:ou=dbhs.ou=CerdS.o=CE,ou=2005.ou=dbhs.ou=CerdS,ou=2006.ou=dbhs.ou=CerdS,ou=2007.ou=dbhs.ou=CerdS.o=CE,ou=2008.ou=dbhs.ou=CerdS.o=CE 
-a -d -L -u2000,4000,pn,gcd -g2000,4000,pn -A

## the -a switch seemed to make it magically create a new user in Linux
## from an existing Novell account
##
# -zA = automount
# -A = "Notice the -A argument is necessary for TCP/IP operation and you 
do not have to load the IPX protocol"
# -d : turn on debugging output
# -v : display reasons login failures on terminal (default)
# -q : do not display login failures
# -s : disallow SUPERVISOR from logging-in
# -S : disallow SUPERVISOR equivalent from logging-in (NYI)
# -uMIN,MAX,CFLAGS,MFLAGS : parameters for user creation
# -gMIN,MAX,CFLAGS : parameters for group creation
#
#  r : When creating user, it must take uid from UNIX:UID property. If uid
#      is already used, or object does not have UNIX:UID property, user is
#      not allowed to login.
#  p : When creating user, preffer uid from UNIX:UID property.
#  n : When inventing uid for new user, take one which is one greater than
#      highest used uid in MIN,MAX range.
#  f : When inventing uid #auth       sufficient    pam_stack.so 
service=system-authfor new user, take first unused in MIN,MAX range.
#  If you specify both 'r' and 'p', or both 'n' and 'f', behavior is 
undefined.
#
# User modification is enabled by non-empty MFLAGS option in -u parameter.
# MFLAGS can consist of one or more following letters:
#  g : Update user's primary gid according to NDS database.
#  c : Update user's gecos (comment, full name) according to NDS database.
#  d : Update user's home directory according to NDS database.
#  s : Update user's shell according to NDS database.
#
# If -g,,r or -g,,p is specified, group's UNIX:GID attribute is read 
from NDS.
# If attribute does not exist,and 'r' was not used, new gid is invented 
according
# to min, max and n/f values in -g option.
#
# If -u,,r or -u,,p is specified, user's UNIX:UID attribute is read from 
NDS.
# If attribute does not exist,and 'r' was not used, new uid is invented 
according
# to min, max and n/f values in -g option.
#
# During user creation, home directory is retrieved from UNIX:Home 
Directory,
# login shell from UNIX:Login Shell. If UNIX:Home Directory does not exist,
# /home/$cn is used as home directory for user. If UNIX:Login Shell does 
not exist,
# /bin/bash is used.




Guy Lessard wrote:

>Is setting UID and GID necessary in eDirectory for ncpfs to work?, i
>did'nt add a single ID to anyone or is this mandatory to maintain the
>K12 servers and Native file access operational?
>
>As for squid/edirectory, i dont know of any solution.
>
>David Tisdell a écrit :
>
>  
>
>>Hi all,
>>Guy Lessard has been helping me out (and doing a great
>>job) but if anyone has any other insight feel free to
>>chime in. I want to raise 2 separate issues:
>>1) With Guy's help, I am switching over to ncpfs. I
>>had been running Novell's native file access for Unix
>>but ran into an unsolvable problem and decided to
>>abandon it in favor of ncpfs. We assigned all of our
>>users UID numbers and a default GID in the unix tab in
>>consoleone. Even though unix info is entered into
>>edirectory, ncpfs doesn't seem to be picking up on it
>>consistently. I had a few select people using Native
>>File access for UNIX since the beginning of last
>>school year. Those UIDS seem to get picked up by
>>ncpfs. We added the rest of the student body this
>>summer. Those newer UIDS don't seem to be seen by
>>ncpfs. I downloaded and installed the ncpfs snapins
>>for nwadmn32. I then viewed a couple of users that had
>>Unix ids from last year and the Unix information was
>>identical to whay I see in Consoleone. I then viewed a
>>couple of users that we added UIDS for this summer and
>>though the unix info could be seen in Consoleone, it
>>didn't show up in the ncpfs snapins for nwadmn32. I
>>did upgrade from Netware6 to 6.5 this summer and the
>>UIDs were added after the 6.5 upgrade. I also read
>>somewhere that Novell completely rewrote Native File
>>Access for Unix in 6.5. This may be the root of the
>>issue. I just want to make sure UIDs are consistent
>>across multiple K12LTSP servers and that no one loses
>>access to anything that I might have to spend time
>>chasing down.
>>2) The second issue is: Has anyone turned on
>>authentication in squid and had it authenticate
>>against edirectory? I have tried to use LDAP for this
>>but haven't been successful. There was a doc on
>>Novell's cool solution web site but much of the syntax
>>in it was incorrect. I haven't gotten it to work. I
>>was wondering if I could use ncpfs in place of LDAP if
>>no one has any insight on how to get this to work via
>>LDAP. Thanks.
>>Dave
>>
>>
>>__________________________________
>>Do you Yahoo!?
>>Take Yahoo! Mail with you! Get it on your mobile phone.
>>http://mobile.yahoo.com/maildemo
>>
>>_______________________________________________
>>K12OSN mailing list
>>K12OSN at redhat.com
>>https://www.redhat.com/mailman/listinfo/k12osn
>>For more info see <http://www.k12os.org>
>>    
>>
>
>_______________________________________________
>K12OSN mailing list
>K12OSN at redhat.com
>https://www.redhat.com/mailman/listinfo/k12osn
>For more info see <http://www.k12os.org>
>
>  
>


Guy Lessard wrote:

>Is setting UID and GID necessary in eDirectory for ncpfs to work?, i
>did'nt add a single ID to anyone or is this mandatory to maintain the
>K12 servers and Native file access operational?
>
>As for squid/edirectory, i dont know of any solution.
>
>David Tisdell a écrit :
>
>  
>
>>Hi all,
>>Guy Lessard has been helping me out (and doing a great
>>job) but if anyone has any other insight feel free to
>>chime in. I want to raise 2 separate issues:
>>1) With Guy's help, I am switching over to ncpfs. I
>>had been running Novell's native file access for Unix
>>but ran into an unsolvable problem and decided to
>>abandon it in favor of ncpfs. We assigned all of our
>>users UID numbers and a default GID in the unix tab in
>>consoleone. Even though unix info is entered into
>>edirectory, ncpfs doesn't seem to be picking up on it
>>consistently. I had a few select people using Native
>>File access for UNIX since the beginning of last
>>school year. Those UIDS seem to get picked up by
>>ncpfs. We added the rest of the student body this
>>summer. Those newer UIDS don't seem to be seen by
>>ncpfs. I downloaded and installed the ncpfs snapins
>>for nwadmn32. I then viewed a couple of users that had
>>Unix ids from last year and the Unix information was
>>identical to whay I see in Consoleone. I then viewed a
>>couple of users that we added UIDS for this summer and
>>though the unix info could be seen in Consoleone, it
>>didn't show up in the ncpfs snapins for nwadmn32. I
>>did upgrade from Netware6 to 6.5 this summer and the
>>UIDs were added after the 6.5 upgrade. I also read
>>somewhere that Novell completely rewrote Native File
>>Access for Unix in 6.5. This may be the root of the
>>issue. I just want to make sure UIDs are consistent
>>across multiple K12LTSP servers and that no one loses
>>access to anything that I might have to spend time
>>chasing down.
>>2) The second issue is: Has anyone turned on
>>authentication in squid and had it authenticate
>>against edirectory? I have tried to use LDAP for this
>>but haven't been successful. There was a doc on
>>Novell's cool solution web site but much of the syntax
>>in it was incorrect. I haven't gotten it to work. I
>>was wondering if I could use ncpfs in place of LDAP if
>>no one has any insight on how to get this to work via
>>LDAP. Thanks.
>>Dave
>>
>>
>>__________________________________
>>Do you Yahoo!?
>>Take Yahoo! Mail with you! Get it on your mobile phone.
>>http://mobile.yahoo.com/maildemo
>>
>>_______________________________________________
>>K12OSN mailing list
>>K12OSN at redhat.com
>>https://www.redhat.com/mailman/listinfo/k12osn
>>For more info see <http://www.k12os.org>
>>    
>>
>
>_______________________________________________
>K12OSN mailing list
>K12OSN at redhat.com
>https://www.redhat.com/mailman/listinfo/k12osn
>For more info see <http://www.k12os.org>
>
>  
>




More information about the K12OSN mailing list