SLES 10 Tip: SLES 10 and VMWare Server 1.0

by Adam Robinson

I wanted to tell you about my experience with SLES 10 and VMWare Server 1.0. I had been running VMWare on an Ubuntu Server and using it to run a server or two and a few workstations for testing software. It was a total pain because I had to make local accounts for each user that needed to use VMWare and the password was not kept in sync anywhere else. Then a few days after SLES 10 came out I had a great idea. I remembered the Linux User Management feature that was on our OES Linux server. I installed SLES 10 and was a little disappointed to see that feature was not included. I could have set up SLES 10 to use LDAP authentication, but I liked how Linux User Management would let you easily restrict which users have access to a machine.

I took these rpms from a SLED 10 install cd:

novell-NLDAPbase-dyn-3.4.1-0.5.i586.rpm
novell-NLDAPsdk-dyn-3.4.1-0.5.i586.rpm
novell-lum-2.2.0-81.12.i586.rpm
yast2-linux-user-mgmt-2.9.83-16.6.noarch.rpm

They installed just fine onto the SLES 10 server. I then configured Linux User Management to authenticate through eDirectory with YaST and made a group called “vmware” containing all the users that needed access. Everything worked great. I knew that VMWare used something called vmware-authd to handle authentications and that it used PAM. I did some searching and I found the file /etc/pam.d/vmware-authd.

Its original contents were:

auth       sufficient       /lib/security/pam_unix2.so shadow nullok
auth       required         /lib/security/pam_unix_auth.so shadow nullok
account    sufficient       /lib/security/pam_unix2.so
account    required         /lib/security/pam_unix_acct.so

I changed the contents of the file to be:

auth       sufficient       /lib/security/pam_unix2.so shadow nullok
auth       sufficient       /lib/security/pam_nam.so
auth       required         /lib/security/pam_unix_auth.so shadow nullok
account    sufficient       /lib/security/pam_unix2.so
account    sufficient       /lib/security/pam_nam.so
account    required         /lib/security/pam_unix_acct.so

After that, all of the users that I had added to the vmware group could login with the VMWare Server Console to this server and just use their normal eDirectory credentials. The only problem I have is the VMWare Management Interface (the web based interface for checking the status of VM or powering it on). When I attempt to login with a LUM enabled user here the web interface crashes. Well anyways, I hope this information might be useful to someone else

(Visited 1 times, 1 visits today)