PROBLEM: NCL not integrated with linux login

ENVIRONMENT: NLD 9 sp3, NCL 1.1 and Pam_script 0.1.7

SOLUTION: after completing the steps in this article: http://www.novell.com/coolsolutions/tip/11575.html, you can get LDAP to pass info to NCL and perform a simultaneous login to netware.

After downloading and compiling PAM_script from http://freshmeat.net/projects/pam_script/, you will have to copy the file “pam_script.so” to /etc/security, then edit /etc/pam.d/sshd and add these two lines before the first line in each section of sshd:

auth     required       pam_script.so expose=1
..
session  required       pam_script.so

Then you need to create three scripts:

/etc/security/onauth
/etc/security/onsessionopen
/etc/security/onsessionclose

I have included the sample scripts.

Make sure to mark them executable.

This should do it. All that is left is to get NOVFSD to work with pam_mount and we can get roaming users.

EXAMPLE SCRIPTS:

#/etc/security/onauth
#!/bin/bash
USER=$1
#Lookup the FQN for the user and strip out the context
CONTEXT=`ldapsearch -x cn=${USER} objectclass=dn | grep ^dn | sed -e "s/^dn: cn=${USER},//" -e "s/ou=//g" -e "s/o=//g" -e "s/,/./g"`
/opt/novell/ncl/bin/nwlogin -t TREE -s ServerIP -u $USER -c $CONTEXT -p $PAM_AUTHTOK -r > /home/${USER}/.nw
chmod 600 /home/${USER}/.nw
exit 0

#/etc/security/onsessionopen
#!/bin/bash
USER=$1
sh /home/${USER}/.nw
rm /home/${USER}/.nw
exit 0

#/etc/security/onsessionclose
#!/bin/bash
USER=$1
/opt/novell/ncl/bin/nwlogout -t TREE
exit 0
(Visited 1 times, 1 visits today)

Category: Uncategorized
This entry was posted Tuesday, 28 March, 2006 at 12:00 am
You can follow any responses to this entry via RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *

No comments yet