Using Network Accounts on a Linux Client with Open Directory Leopard Server

Posted: December 1st, 2009 | Author: | Filed under: LDAP, Linux, Mac OS X Server, Snow Leopard | 2 Comments »

I have two linux machines at home and I want to be able to use my network home directory and network account from my Leopard Open Directory server. One is running Ubuntu 9.10 and the other OpenSuSE 11.2. Here’s what I had to do:

In this post I assume you already have an Open Directory environment and network based user accounts as well as AFP homes setup. In other words, a working Open Directory setup with bound AND working Mac clients.

Exporting User Home Directories with NFS

First we want to make sure that the home directories are being exported via NFS. Open Server Admin and connect to your OD master. At the top of Server Admin click on File Sharing and then your AFP home folder volume. Click on File Sharing up at the top and select your AFP home volume. The click on the “Share Point” button in the bottom pane and then “Protocol Options” (Note: if “Enable Automount” is not checked you either have the wrong volume selected or your configuration is incorrect)

In the Protocol Options drop down select the NFS tab and select a means by which to export the NFS share. I would recommend using subnet and if you know what you’re doing select a minimum security of “Kerberos v5 with data integrity and privacy” however you should only select this if you REALLY know what you’re doing. I will make a walk through for this at a later date. If you don’t know Kerberos like the back of your hand then I would select “Any” for now. Check Allow Subdirectory Mounting. Click OK and you’re done.

Ubuntu 9.10 Authentication

On the Ubuntu Linux client first install the necessary packages:

sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nfs-common nscd

In the following wizard just accept the default answers, they should be correct. Then edit /etc/ldap.conf and make it sure it contains the following lines. Note this is not a verbatim output of /etc/ldap.conf


host 192.168.1.1
# this should be the IP of your OD server or better yet service based CNAME record
base dc=example,dc=com # this is of course the ldap search base configured in the OD server
bind_policy soft

Now edit /etc/ldap/ldap.conf

BASE dc=example,dc=com
URI ldap://example.com

/etc/pam.d/common-account

account sufficient pam_ldap.so
account required pam_unix.so

/etc/pam.d/common-auth

auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass

/etc/pam.d/common-password

password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5

/etc/pam.d/common-session

session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/
session optional pam_ldap.so

/etc/nsswitch.conf

passwd: files ldap

group: files ldap

shadow: files ldap

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

openSuSE 11.2 Authentication

On the command line start yast

Navigate to Network Services and then LDAP client type in your LDAP server IP and search domain, unclick TLS and bam you’re done. God I love Novell 😉

Ubuntu 9.10 & openSuSE 11.2 Automount

Create the directory /Network/Servers then all that is needed is to create the following line in /etc/auto.master

/Network/Servers /etc/auto.net

Restart autofs

sudo /etc/init.d/autofs restart

After this you should be able to log in and access your home folder.