Netware authentication, pam_ncp_auth and Zenux flags

Maffy · 10-05-2005, 07:06 AM

I'm trying to configure my Novell Linux Desktop 9 test box to authenticate directly to the NDS on logon. I have got the logon stuff working very well, but am having problems with the zenux flags for pam_ncp_auth. It seems to do all I ask of it, except create the ~/.nwinfos file and run zenscript0 and zenscript3.

/etc/pam.d/login (and gdm)

Code:

auth    requisite       pam_nologin.so
auth    required        pam_env.so
auth    sufficient      pam_unix.so
auth    required        pam_ncp_auth.so -a -zINOPX03 -d -l -L -mnovell -u2000,4000,p,gcds -g2000,4000,r ndsserver=<server>:<context>

/var/log/messages

Code:

Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: new default mounting point is "novell"
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: using server <server> ctxs <context> group (null)
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: nw_create_verify_conn_to_tree: trying to resolve  <username>.<context> 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: trying to login as <username>.<context> 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: User <username>.<context> was successfully authorized by NDS server <server> on tree <tree> 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: Auth OK 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: User has DN <username>.<context> 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: start of NW home dir got <volume> <path>  
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: got <volume> 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: end of NW home dir 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: before full name gecos is (null)  
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: after full name gecos is <full name>  
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: start of NW ldap email got <email address> 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: end of NW ldap email GOT [<email address>] 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: using location attribute 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: start of NW location got <Room number>  
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: start of NW location got S:/bin/bash  
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: start of NW location got H:/home/<username>  
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: start of NW location got U:2001  
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: start of NW location got G:600  
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: NWCCGetConnInfo(NWCC_INFO_TREE_NAME) returned <tree> 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: end of retrieve nds user info code: Success 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: FOUND ZF 2480e100 in NDS  
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: APPLYING ZF 0 OFF  
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: USING ZF 2480e100  
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: Remote host and tty port are not checked 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: NW_UPDATE_USER: 2001 600 /home/<username> <full name> /bin/bash 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: NW_UPDATE_USER:updating 2001 600 /home/<username> <full name> /bin/bash 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: return value of update_user_info  0 for <username> 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: DONE writing to /home/<username>/.nwclient 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: saving user_info 
Oct  5 12:23:53 nld9test pam_ncp_auth[6323]: final PAM retval 0

As you can see, it authenticates me, pulls the correct info from the NDS and creates the ~/.nwclient file like asked, but doesn't generate the ~/.nwinfos file that I ask for (-zI) and need for zenscript0 and zenscript3 (-z03) to run. The two scripts at the moment have something simple in, to make sure that they run (touch a file of the same name in my home folder). I have checked permissions and that they are executable.
I think the penultimate line in messages is the creation of ~/.nwinfos but it isn't anywhere on the disk.

I'm unsure what else to try or in which direction to investigate why pam_ncp_auth.so is only processing some of the switches. I am using ncpfs 2.2.4-25.8 installed from Red Carpet, and have tried compiling 2.2.6, with the same results.
PPollet's ncpfs website (which I have scoured for info) lists a requirement of pam_auth_nds.so to be present, but can find no other reference anywhere on the web to that library.

Any help that can shed some light onto this, or point me in a new direction will be gratefully received. I might do some testing with a Debian or Redhat/Fedora installation.