SUSE Conversations


Novell Client for Linux not Integrated With Linux Login



By: coolguys

March 28, 2006 12:00 am

Reads:220

Comments:0

Rating:0

PROBLEM: NCL not integrated with linux login

ENVIRONMENT: NLD 9 sp3, NCL 1.1 and Pam_script 0.1.7

SOLUTION: after completing the steps in this article: http://www.novell.com/coolsolutions/tip/11575.html, you can get LDAP to pass info to NCL and perform a simultaneous login to netware.

After downloading and compiling PAM_script from http://freshmeat.net/projects/pam_script/, you will have to copy the file “pam_script.so” to /etc/security, then edit /etc/pam.d/sshd and add these two lines before the first line in each section of sshd:

auth     required       pam_script.so expose=1
..
session  required       pam_script.so

Then you need to create three scripts:

/etc/security/onauth
/etc/security/onsessionopen
/etc/security/onsessionclose

I have included the sample scripts.

Make sure to mark them executable.

This should do it. All that is left is to get NOVFSD to work with pam_mount and we can get roaming users.

EXAMPLE SCRIPTS:

#/etc/security/onauth
#!/bin/bash
USER=$1
#Lookup the FQN for the user and strip out the context
CONTEXT=`ldapsearch -x cn=${USER} objectclass=dn | grep ^dn | sed -e "s/^dn: cn=${USER},//" -e "s/ou=//g" -e "s/o=//g" -e "s/,/./g"`
/opt/novell/ncl/bin/nwlogin -t TREE -s ServerIP -u $USER -c $CONTEXT -p $PAM_AUTHTOK -r > /home/${USER}/.nw
chmod 600 /home/${USER}/.nw
exit 0

#/etc/security/onsessionopen
#!/bin/bash
USER=$1
sh /home/${USER}/.nw
rm /home/${USER}/.nw
exit 0

#/etc/security/onsessionclose
#!/bin/bash
USER=$1
/opt/novell/ncl/bin/nwlogout -t TREE
exit 0
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Categories: Uncategorized

Disclaimer: As with everything else at SUSE Conversations, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

Comment

RSS