[FreeNX-kNX] How to avoid nxserver --useradd & --passwd?

Felix Schumacher felix.schumacher at debeka.de
Tue Sep 13 06:29:09 UTC 2005 

> -----Ursprüngliche Nachricht-----
> Von: Peter Van den Wildenbergh [mailto:pvdw at criticalcontrol.com] 
> Gesendet: Montag, 12. September 2005 21:34
> An: User Support for FreeNX Server and kNX Client
> Betreff: Re: [FreeNX-kNX] How to avoid nxserver --useradd & --passwd?
> 
> 
> 
> Hi Felix :
> 
> What I would like to do is what I have done here:
> http://www.novell.com/coolsolutions/author/1228.html
> but now with NX clients and not LTS clients...
I think we were talking about different kinds of integration.
If I read the article right, you are creating local accounts
when the user logs in. We are using nds as a ldap posixAccount
provider. The user will not be created locally.
For the setup we use, the users will have a posixAccount class in
nds/ldap
and and all the important attributes filled in, like uidNumber, cn,
gidNumber, ...
If you then configure nss to use ldap/nds (on suse this can be done by 
installing nss_ldap and putting the following lines into
/etc/nsswitch.conf

passwd: compat ldap
group:  compat ldap

Now the ldap/nds groups and users should show up in your system.
If you want to authenticate users against ldap/nds you can install
pam_ldap or use pam_unix2 (again I am speaking about suse).
For this you have to configure the file ldap.conf in /etc/openldap.conf
( or 
sometimes /etc/ldap.conf ) to speak to your nds/ldap server. This can be
done with

host your.nds.server your2.nds.server
base dc=my,dc=base
pam_password nds
ssl     no
nss_map_attribute       uniqueMember member
pam_filter      objectclass=posixAccount
nss_base_passwd ou=user,dc=my,dc=base
nss_base_group  ou=groups,dc=my,dc=base

(No ssl encryption between nds and your nx server!)

If you want to use pam_unix2.so you will have to make it use ldap by
editing /etc/security/pam_unix2.conf

auth:   call_modules=ldap nullok
account:   call_modules=ldap

Or 

auth: use_ldap nullok
account: use_ldap nullok

Now you will have to configure your pam system to use pam_unix2.so or
pam_ldap.so.
On NDS side you will have to enable simple password.
Thats it. If you want to mount home Directories, you will have to do it
with
another pam module or by using nfs, afs or what ever.
> 
> I have a whole bunch of restrictions as to what can be done 
> on the server...
Like what?

Bye 
 Felix

More information about the FreeNX-kNX mailing list