Edubuntu LTSP with Netware Authentication
Willis, Ben
BenWillis at anderson5.net
Tue Feb 20 19:20:17 UTC 2007
I have tried this again with a new installation of Edubuntu as well as an install of Ubuntu Edgy. I can't get anything to authenticate.
I am using the following in my common-auth file to get SSH to authenticate to NDS:
#---------BEGIN----------
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
auth sufficient pam_unix.so nullok_secure
#auth sufficient /lib/security/pam_ncp_auth.so -d -a -l -L -u2000,4000,pn,gcd -g2000,4000,pn -zTX -A ndsserver=10.10.50.3:ou=hwec.ou=hs.o=acsd5
#auth sufficient /lib/security/pam_ncp_auth.so -zTX -a -m -u10000,50000,f,c tree=acsd5_tree:A5DO.ADM.acsd5,SWMS.MS.acsd5
auth sufficient /lib/security/pam_ncp_auth.so -zTX3 -a -A -m -u10000,50000,f,c ndsserver=10.10.50.3:ou=a5do.ou=adm.o=acsd5
#auth sufficient /lib/security/pam_ncp_auth.so nullok use_first_pass ndsserver=10.10.50.1:ou=a5do.ou=adm.o=acsd5 -a -d -L -u2000,4000,pn,gcd -g,2000,4000,pn -zATX3 -A
#auth sufficient /lib/security/pam_ncp_auth.so nullok use_first_pass ndsserver=10.10.50.3:ou=a5do.ou=adm.o=acsd5,ou=mcms.ou=ms.o=acsd5 -a -d -zABTX3 -m -u2000,4000,pn,gcds -g2000,4000,pn -zA
#auth sufficient /lib/security/pam_ncp_auth.so nullok use_first_pass ndsserver=10.10.50.3:lsms.ms.acsd5 -a -d -zAX3 -L -u2000,4000,pn,gcds -g2000,4000,pn -A
#auth sufficient /lib/security/pam_ncp_auth.so -d -a -L -u2000,4000,pn,gcd -g2000,4000,pn -zATX3 -m -A ndsserver=10.10.50.3:swms.ms.acsd5
#auth sufficient /lib/security/pam_ncp_auth.so -d -a -l -L -u2000,4000,pn,gcd -g2000,4000,pn -zATX3 -m -A ndsserver=10.10.50.4:ou=a5do.ou=adm.o=acsd5,ou=mcms.ou=ms.o=acsd5,swms.ms.acsd5
#--------------END-----------
As you can see I've tried all kinds of connection strings. I keep getting this in the auth.log but the password is correct:
#---------Begin
eb 20 10:02:24 A5DO-Eduubuntu pam_ncp_auth[1635]: nw_create_verify_conn_to_tree: trying to resolve studentuser.lsms.ms.acsd5
Feb 20 10:02:24 A5DO-Eduubuntu pam_ncp_auth[1635]: trying to login as studentuser.lsms.ms.acsd5
Feb 20 10:02:27 A5DO-Eduubuntu pam_ncp_auth[1635]: Invalid password (-669) when trying to login
Feb 20 10:02:27 A5DO-Eduubuntu pam_ncp_auth[1635]: final PAM retval 7
Feb 20 10:02:29 A5DO-Eduubuntu sshd[1635]: Failed password for invalid user studentuser from 10.10.15.1 port 51325 ssh2
#---------END
Thanks,
Ben
-----Original Message-----
From: edubuntu-devel-bounces at lists.ubuntu.com on behalf of Gavin McCullagh
Sent: Mon 2/19/2007 6:23 PM
To: edubuntu-devel at lists.ubuntu.com
Subject: Re: Edubuntu LTSP with Netware Authentication
On Mon, 19 Feb 2007, Willis, Ben wrote:
> Well its still kickin my butt here. No matter what I do I cant get the
> login via ssh to work for anything other than local users.
Just so we're clear. You seem to be saying that:
1. You were able to modify /etc/pam.d/gdm so that gdm could authenticate
netware users. What did you change to do achieve this?
2. Trying the same approach with ssh, you have not been able to get ssh to
authenticate netware users, only local linux accounts. What exact
changes have you tried?
Am I wrong in interpreting the above? It seems like the exact same change
should be needed for ssh as for gdm (though I can't say I've much
experience of this).
You should get an error printed in /var/log/auth.log after you try the ssh
login. Is there anything informative there?
This page probably isn't relevant to your problem but just on the
off-chance:
http://wiki.novell.com/index.php/OpenSSH_on_NetWare_Gotchas
Gavin
--
edubuntu-devel mailing list
edubuntu-devel at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
More information about the edubuntu-devel
mailing list