[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] two more netware/linux questions



No the UID and GID can be dynamically created. I have integrated eDirectory and LTSP and I only enter the new users in to Novell eDirectory ... all the rest happens automatically on the LTSP when a new user logs in for the first time. I hope this helps, as this syntax was a key break-through when I set up my Netware / LTSP integration.

Joe Guenther

= = = = = = = copy of portion of system-auth file = = = = = = = =

## note this following line is ALL ONE LINE - there is not line break
auth sufficient /lib/security/pam_ncp_auth.so nullok use_first_pass ndsserver=DBHSNS1:ou=dbhs.ou=CerdS.o=CE,ou=2005.ou=dbhs.ou=CerdS,ou=2006.ou=dbhs.ou=CerdS,ou=2007.ou=dbhs.ou=CerdS.o=CE,ou=2008.ou=dbhs.ou=CerdS.o=CE -a -d -L -u2000,4000,pn,gcd -g2000,4000,pn -A


## the -a switch seemed to make it magically create a new user in Linux
## from an existing Novell account
##
# -zA = automount
# -A = "Notice the -A argument is necessary for TCP/IP operation and you do not have to load the IPX protocol"
# -d : turn on debugging output
# -v : display reasons login failures on terminal (default)
# -q : do not display login failures
# -s : disallow SUPERVISOR from logging-in
# -S : disallow SUPERVISOR equivalent from logging-in (NYI)
# -uMIN,MAX,CFLAGS,MFLAGS : parameters for user creation
# -gMIN,MAX,CFLAGS : parameters for group creation
#
# r : When creating user, it must take uid from UNIX:UID property. If uid
# is already used, or object does not have UNIX:UID property, user is
# not allowed to login.
# p : When creating user, preffer uid from UNIX:UID property.
# n : When inventing uid for new user, take one which is one greater than
# highest used uid in MIN,MAX range.
# f : When inventing uid #auth sufficient pam_stack.so service=system-authfor new user, take first unused in MIN,MAX range.
# If you specify both 'r' and 'p', or both 'n' and 'f', behavior is undefined.
#
# User modification is enabled by non-empty MFLAGS option in -u parameter.
# MFLAGS can consist of one or more following letters:
# g : Update user's primary gid according to NDS database.
# c : Update user's gecos (comment, full name) according to NDS database.
# d : Update user's home directory according to NDS database.
# s : Update user's shell according to NDS database.
#
# If -g,,r or -g,,p is specified, group's UNIX:GID attribute is read from NDS.
# If attribute does not exist,and 'r' was not used, new gid is invented according
# to min, max and n/f values in -g option.
#
# If -u,,r or -u,,p is specified, user's UNIX:UID attribute is read from NDS.
# If attribute does not exist,and 'r' was not used, new uid is invented according
# to min, max and n/f values in -g option.
#
# During user creation, home directory is retrieved from UNIX:Home Directory,
# login shell from UNIX:Login Shell. If UNIX:Home Directory does not exist,
# /home/$cn is used as home directory for user. If UNIX:Login Shell does not exist,
# /bin/bash is used.





Guy Lessard wrote:


Is setting UID and GID necessary in eDirectory for ncpfs to work?, i
did'nt add a single ID to anyone or is this mandatory to maintain the
K12 servers and Native file access operational?

As for squid/edirectory, i dont know of any solution.

David Tisdell a écrit :



Hi all,
Guy Lessard has been helping me out (and doing a great
job) but if anyone has any other insight feel free to
chime in. I want to raise 2 separate issues:
1) With Guy's help, I am switching over to ncpfs. I
had been running Novell's native file access for Unix
but ran into an unsolvable problem and decided to
abandon it in favor of ncpfs. We assigned all of our
users UID numbers and a default GID in the unix tab in
consoleone. Even though unix info is entered into
edirectory, ncpfs doesn't seem to be picking up on it
consistently. I had a few select people using Native
File access for UNIX since the beginning of last
school year. Those UIDS seem to get picked up by
ncpfs. We added the rest of the student body this
summer. Those newer UIDS don't seem to be seen by
ncpfs. I downloaded and installed the ncpfs snapins
for nwadmn32. I then viewed a couple of users that had
Unix ids from last year and the Unix information was
identical to whay I see in Consoleone. I then viewed a
couple of users that we added UIDS for this summer and
though the unix info could be seen in Consoleone, it
didn't show up in the ncpfs snapins for nwadmn32. I
did upgrade from Netware6 to 6.5 this summer and the
UIDs were added after the 6.5 upgrade. I also read
somewhere that Novell completely rewrote Native File
Access for Unix in 6.5. This may be the root of the
issue. I just want to make sure UIDs are consistent
across multiple K12LTSP servers and that no one loses
access to anything that I might have to spend time
chasing down.
2) The second issue is: Has anyone turned on
authentication in squid and had it authenticate
against edirectory? I have tried to use LDAP for this
but haven't been successful. There was a doc on
Novell's cool solution web site but much of the syntax
in it was incorrect. I haven't gotten it to work. I
was wondering if I could use ncpfs in place of LDAP if
no one has any insight on how to get this to work via
LDAP. Thanks.
Dave


__________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>



_______________________________________________ K12OSN mailing list K12OSN redhat com https://www.redhat.com/mailman/listinfo/k12osn For more info see <http://www.k12os.org>





Guy Lessard wrote:

Is setting UID and GID necessary in eDirectory for ncpfs to work?, i
did'nt add a single ID to anyone or is this mandatory to maintain the
K12 servers and Native file access operational?

As for squid/edirectory, i dont know of any solution.

David Tisdell a écrit :



Hi all,
Guy Lessard has been helping me out (and doing a great
job) but if anyone has any other insight feel free to
chime in. I want to raise 2 separate issues:
1) With Guy's help, I am switching over to ncpfs. I
had been running Novell's native file access for Unix
but ran into an unsolvable problem and decided to
abandon it in favor of ncpfs. We assigned all of our
users UID numbers and a default GID in the unix tab in
consoleone. Even though unix info is entered into
edirectory, ncpfs doesn't seem to be picking up on it
consistently. I had a few select people using Native
File access for UNIX since the beginning of last
school year. Those UIDS seem to get picked up by
ncpfs. We added the rest of the student body this
summer. Those newer UIDS don't seem to be seen by
ncpfs. I downloaded and installed the ncpfs snapins
for nwadmn32. I then viewed a couple of users that had
Unix ids from last year and the Unix information was
identical to whay I see in Consoleone. I then viewed a
couple of users that we added UIDS for this summer and
though the unix info could be seen in Consoleone, it
didn't show up in the ncpfs snapins for nwadmn32. I
did upgrade from Netware6 to 6.5 this summer and the
UIDs were added after the 6.5 upgrade. I also read
somewhere that Novell completely rewrote Native File
Access for Unix in 6.5. This may be the root of the
issue. I just want to make sure UIDs are consistent
across multiple K12LTSP servers and that no one loses
access to anything that I might have to spend time
chasing down.
2) The second issue is: Has anyone turned on
authentication in squid and had it authenticate
against edirectory? I have tried to use LDAP for this
but haven't been successful. There was a doc on
Novell's cool solution web site but much of the syntax
in it was incorrect. I haven't gotten it to work. I
was wondering if I could use ncpfs in place of LDAP if
no one has any insight on how to get this to work via
LDAP. Thanks.
Dave


__________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>



_______________________________________________ K12OSN mailing list K12OSN redhat com https://www.redhat.com/mailman/listinfo/k12osn For more info see <http://www.k12os.org>





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]