Using Network Accounts on a Linux Client with Open Directory Leopard Server

Posted: December 1st, 2009 | Author: | Filed under: LDAP, Linux, Mac OS X Server, Snow Leopard | 2 Comments »

I have two linux machines at home and I want to be able to use my network home directory and network account from my Leopard Open Directory server. One is running Ubuntu 9.10 and the other OpenSuSE 11.2. Here’s what I had to do:

In this post I assume you already have an Open Directory environment and network based user accounts as well as AFP homes setup. In other words, a working Open Directory setup with bound AND working Mac clients.

Exporting User Home Directories with NFS

First we want to make sure that the home directories are being exported via NFS. Open Server Admin and connect to your OD master. At the top of Server Admin click on File Sharing and then your AFP home folder volume. Click on File Sharing up at the top and select your AFP home volume. The click on the “Share Point” button in the bottom pane and then “Protocol Options” (Note: if “Enable Automount” is not checked you either have the wrong volume selected or your configuration is incorrect)

In the Protocol Options drop down select the NFS tab and select a means by which to export the NFS share. I would recommend using subnet and if you know what you’re doing select a minimum security of “Kerberos v5 with data integrity and privacy” however you should only select this if you REALLY know what you’re doing. I will make a walk through for this at a later date. If you don’t know Kerberos like the back of your hand then I would select “Any” for now. Check Allow Subdirectory Mounting. Click OK and you’re done.

Ubuntu 9.10 Authentication

On the Ubuntu Linux client first install the necessary packages:

sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nfs-common nscd

In the following wizard just accept the default answers, they should be correct. Then edit /etc/ldap.conf and make it sure it contains the following lines. Note this is not a verbatim output of /etc/ldap.conf

# this should be the IP of your OD server or better yet service based CNAME record
base dc=example,dc=com # this is of course the ldap search base configured in the OD server
bind_policy soft

Now edit /etc/ldap/ldap.conf

BASE dc=example,dc=com
URI ldap://


account sufficient
account required


auth sufficient
auth required nullok_secure use_first_pass


password sufficient
password required nullok obscure min=4 max=8 md5


session required
session required skel=/etc/skel/
session optional


passwd: files ldap

group: files ldap

shadow: files ldap

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

openSuSE 11.2 Authentication

On the command line start yast

Navigate to Network Services and then LDAP client type in your LDAP server IP and search domain, unclick TLS and bam you’re done. God I love Novell 😉

Ubuntu 9.10 & openSuSE 11.2 Automount

Create the directory /Network/Servers then all that is needed is to create the following line in /etc/auto.master

/Network/Servers /etc/

Restart autofs

sudo /etc/init.d/autofs restart

After this you should be able to log in and access your home folder.

2 Comments on “Using Network Accounts on a Linux Client with Open Directory Leopard Server”

  1. 1 Kamil Kisiel said at 12:00 am on December 2nd, 2009:

    For bonus points use pam_krb5 instead of pam_ldap :p

  2. 2 » Blog Archive » Open Directory, Kerberos, Single Sign On (SSO) and CentOS with SSH and Kerberized NFS Home Directories said at 12:09 am on May 17th, 2010:

    […] with SSH and Kerberized NFS Home DirectoriesThis article is a pseudo continuation of the article: Using Network Accounts on a Linux Client with Open Directory Leopard Server. In this article I’m going to be going over at a high level the single sign-on environment in […]

Leave a Reply