Using Network Accounts on a Linux Client with Open Directory Leopard Server
Posted: December 1st, 2009 | Author: jordan | Filed under: LDAP, Linux, Mac OS X Server, Snow Leopard | 2 Comments »I have two linux machines at home and I want to be able to use my network home directory and network account from my Leopard Open Directory server. One is running Ubuntu 9.10 and the other OpenSuSE 11.2. Here’s what I had to do:
In this post I assume you already have an Open Directory environment and network based user accounts as well as AFP homes setup. In other words, a working Open Directory setup with bound AND working Mac clients.
Exporting User Home Directories with NFS
First we want to make sure that the home directories are being exported via NFS. Open Server Admin and connect to your OD master. At the top of Server Admin click on File Sharing and then your AFP home folder volume. Click on File Sharing up at the top and select your AFP home volume. The click on the “Share Point” button in the bottom pane and then “Protocol Options” (Note: if “Enable Automount” is not checked you either have the wrong volume selected or your configuration is incorrect)
In the Protocol Options drop down select the NFS tab and select a means by which to export the NFS share. I would recommend using subnet and if you know what you’re doing select a minimum security of “Kerberos v5 with data integrity and privacy” however you should only select this if you REALLY know what you’re doing. I will make a walk through for this at a later date. If you don’t know Kerberos like the back of your hand then I would select “Any” for now. Check Allow Subdirectory Mounting. Click OK and you’re done.
Ubuntu 9.10 Authentication
On the Ubuntu Linux client first install the necessary packages:
sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nfs-common nscd
In the following wizard just accept the default answers, they should be correct. Then edit /etc/ldap.conf
and make it sure it contains the following lines. Note this is not a verbatim output of /etc/ldap.conf
# this should be the IP of your OD server or better yet service based CNAME record
host 192.168.1.1
base dc=example,dc=com
# this is of course the ldap search base configured in the OD server
bind_policy soft
Now edit /etc/ldap/ldap.conf
BASE dc=example,dc=com
URI ldap://example.com
/etc/pam.d/common-account
account sufficient pam_ldap.so
account required pam_unix.so
/etc/pam.d/common-auth
auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass
/etc/pam.d/common-password
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5
/etc/pam.d/common-session
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/
session optional pam_ldap.so
/etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
openSuSE 11.2 Authentication
On the command line start yast
Navigate to Network Services and then LDAP client type in your LDAP server IP and search domain, unclick TLS and bam you’re done. God I love Novell 😉
Ubuntu 9.10 & openSuSE 11.2 Automount
Create the directory /Network/Servers
then all that is needed is to create the following line in /etc/auto.master
/Network/Servers /etc/auto.net
Restart autofs
sudo /etc/init.d/autofs restart
After this you should be able to log in and access your home folder.