SUSE Conversations


LUM-enable a SUSE Linux Enterprise 9 Server



By: ncisrael

February 7, 2006 12:00 am

Reads:117

Comments:0

Rating:0

PROBLEM:

LUM enable a SLES 9 server. A modification of Edward van der Maas’s solution for workstations.

SOLUTION:

Obtain an OES CD 2.

Install these 3 files

  • linux$ rpm -Uvh /suse/i386/NLDAPsdk-8.7.3.4-2.i386.rpm
  • linux$ rpm -Uvh /suse/i386/NLDAPSDK-8.7.3.4-2.i386.rpm
  • linux$ rpm -Uvh /suse/i586/NOVLam-2.2.0-39.i586.rpm

Then, run:

linux$ namconfig add -a cn=admin,o=la -r o=la -w ou=linuxwrks,o=la -S LDAPserer -l 636

where

-a == admin user in ldap format
-r == location of unix config object
-w == context of linux workstation object to be placed
-S == ldap server
-l == secure ldap port

Edit /etc/pam.d/login, /etc/pam.d/su, /etc/pam.d/sshd, and /etc/pam.d/passwd. Place these 5 lines at the top of each:

auth      sufficient  /lib/security/pam_nam.so.0
account   sufficient  /lib/security/pam_nam.so.0
password  sufficient  /lib/security/pam_nam.so.0
session   optional    /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022
session   sufficient  /lib/security/pam_nam.so.0

Use iManager to LUM enable a user, a group, and add the LUM group to the Linux workstation object.

EXAMPLE: Create a lum.txt file that contains:

auth      sufficient  /lib/security/pam_nam.so.0
account   sufficient  /lib/security/pam_nam.so.0
password  sufficient  /lib/security/pam_nam.so.0
session   optional    /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022
session   sufficient  /lib/security/pam_nam.so.

Create a bash script called lum_install that contains:

#! /bin/bash
rpm -Uvh NLDAPsdk-8.7.3.4-2.i386.rpm
rpm -Uvh NLDAPbase-8.7.3.4-2.i386.rpm
rpm -Uvh NOVLam-2.2.0-39.i586.rpm
namconfig add -a cn=admin,o=la -r o=la -w ou=Linuxwrks,o=LA -S primaryldap -l 636
mkdir /etc/pam.d.nambkp
cp /etc/pam.d/* /etc/pam.d.nambkp/
rm /etc/pam.d/login
cp lum.txt /etc/pam.d/login
cat /etc/pam.d.nambkp/login |tee -a /etc/pam.d/login
rm /etc/pam.d/su
cp lum.txt /etc/pam.d/su
cat /etc/pam.d.nambkp/su |tee -a /etc/pam.d/su
rm /etc/pam.d/sshd
cp lum.txt /etc/pam.d/sshd
cat /etc/pam.d.nambkp/sshd |tee -a /etc/pam.d/sshd
rm /etc/pam.d/passwd
cp lum.txt /etc/pam.d/passwd
cat /etc/pam.d.nambkp/passwd |tee -a /etc/pam.d/passwd
clear
echo Please use iManager to add the LUM group to the Linux workstation object

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Categories: Uncategorized

Disclaimer: As with everything else at SUSE Conversations, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

Comment

RSS