SLES 10 Tip: SLES 10 and VMWare Server 1.0
by Adam Robinson
I wanted to tell you about my experience with SLES 10 and VMWare Server 1.0. I had been running VMWare on an Ubuntu Server and using it to run a server or two and a few workstations for testing software. It was a total pain because I had to make local accounts for each user that needed to use VMWare and the password was not kept in sync anywhere else. Then a few days after SLES 10 came out I had a great idea. I remembered the Linux User Management feature that was on our OES Linux server. I installed SLES 10 and was a little disappointed to see that feature was not included. I could have set up SLES 10 to use LDAP authentication, but I liked how Linux User Management would let you easily restrict which users have access to a machine.
I took these rpms from a SLED 10 install cd:
novell-NLDAPbase-dyn-3.4.1-0.5.i586.rpm
novell-NLDAPsdk-dyn-3.4.1-0.5.i586.rpm
novell-lum-2.2.0-81.12.i586.rpm
yast2-linux-user-mgmt-2.9.83-16.6.noarch.rpm
They installed just fine onto the SLES 10 server. I then configured Linux User Management to authenticate through eDirectory with YaST and made a group called “vmware” containing all the users that needed access. Everything worked great. I knew that VMWare used something called vmware-authd to handle authentications and that it used PAM. I did some searching and I found the file /etc/pam.d/vmware-authd.
Its original contents were:
auth sufficient /lib/security/pam_unix2.so shadow nullok auth required /lib/security/pam_unix_auth.so shadow nullok account sufficient /lib/security/pam_unix2.so account required /lib/security/pam_unix_acct.so
I changed the contents of the file to be:
auth sufficient /lib/security/pam_unix2.so shadow nullok auth sufficient /lib/security/pam_nam.so auth required /lib/security/pam_unix_auth.so shadow nullok account sufficient /lib/security/pam_unix2.so account sufficient /lib/security/pam_nam.so account required /lib/security/pam_unix_acct.so
After that, all of the users that I had added to the vmware group could login with the VMWare Server Console to this server and just use their normal eDirectory credentials. The only problem I have is the VMWare Management Interface (the web based interface for checking the status of VM or powering it on). When I attempt to login with a LUM enabled user here the web interface crashes. Well anyways, I hope this information might be useful to someone else
(Visited 1 times, 1 visits today)
No comments yet