{"id":219,"date":"2019-11-07T15:42:13","date_gmt":"2019-11-07T20:42:13","guid":{"rendered":"https:\/\/www.bu.edu\/engit\/?page_id=219"},"modified":"2019-11-12T17:05:05","modified_gmt":"2019-11-12T22:05:05","slug":"nssqidb","status":"publish","type":"page","link":"https:\/\/www.bu.edu\/engit\/knowledge-base\/linux\/nssqidb\/","title":{"rendered":"NssQidb"},"content":{"rendered":"<h3>install and testing procedures<\/h3>\n<ul>\n<li>Install all the rpms in the qidb set<\/li>\n<li>Run the <strong>nss-misc-fix-nsswitch-monde<\/strong> script<\/li>\n<li>Create a bogus skel &#8211; <tt class=\"backtick\">mkdir\\xc2\\xa0-p\\xc2\\xa0\/etc\/empty-skel\/EMPTY<\/tt>, so we know if it&#8217;s safe to remove the dir<\/li>\n<li>Add the following line to <strong>\/etc\/pam.d\/system-auth<\/strong>\n<p>(Note: You may need to use an <a href=\"\/engit\/knowledge-base\/linux\/nssqidb#alternatives\">alternative<\/a> method in order to login from gdm)<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<pre class=\"darkSnippet\">session  required  pam_mkhomedir.so skel=\/etc\/empty-skel umask=0077 pre_exec=\/etc\/pam_mkhomedir\/pre post_exec=\/etc\/pam_mkhomedir\/post`<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>Create a pam_mkhomedir script <strong>\/etc\/pam_mkhomedir\/post<\/strong>\n<ul>\n<li style=\"list-style-type: none;\">\n<pre class=\"darkSnippet\"># sample pam_mkhomedir post script.\r\n# Create a symbolic link to the users eng home directory\r\nUSER=$1\r\n\r\n# pam_mkhomedir will always try to make a home directory if it didn't exist, so we'll need to remove it.\r\n# MAKE SURE there won't be any real data in \/home\/$USER!!!\r\nif [ -d \/home\/$USER\/EMPTY ]; then\r\n    rm -rf \/home\/$USER\r\nfi\r\n\r\nU=${USER:0:1}\r\nS=${USER:1:1}\r\nln -sn \/ad\/eng\/users\/$U\/$S\/$USER \/home\/$USER\r\nexit 0<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li class=\"gap\">Copy your network <a href=\"\/engit\/knowledge-base\/linux\/keytab\">KeyTab<\/a> to <strong>\/etc\/krb5.keytab.nss_qidb<\/strong><\/li>\n<li>Edit <strong>nss_qidb.conf<\/strong> (insert your <a class=\"interwiki\" href=\"http:\/\/en.wikipedia.org\/wiki\/subnet\" title=\"WikiPedia\">subnet<\/a>, not mine)\n<ul>\n<li style=\"list-style-type: none;\">\n<pre class=\"darkSnippet\">primary_principal_name nss-ad-eng\/128.197.55-net@bu.edu<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li class=\"gap\">Replace pam_qidb_group_cussp.conf and nss_qidb_cussp.conf with the ones from the stormy rpms for now.<\/li>\n<li>Edit <strong>\/etc\/pam_qidb_group.conf<\/strong> to make sure you have permission to login.<\/li>\n<\/ul>\n<h2 id=\"Alternativestopammkhomedir\">Alternatives to pam_mkhomedir<\/h2>\n<p>gdm doesn&#8217;t seem to work with pam_mkhomedir, see bottom of <a class=\"http\" href=\"http:\/\/www.redhat.com\/magazine\/024oct06\/features\/tips_tricks\/\">this<\/a> page.<\/p>\n<p>You can use Redhat\\&#8217;s oddjob system with pam_oddjob_mkhomedir.so. Same config as the standard pam_mkhomedir, but doesn&#8217;t have the BU additions of pre and post scripts.<\/p>\n<p>You can use an automount program map to directly mount the user&#8217;s folder into home. The only problem I see, is that automount can&#8217;t stat the home directory (until we get host credentials), therefore it can&#8217;t unmount it.<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<pre class=\"darkSnippet\"># automount program map for eng home directories\r\nUSER=$1\r\nOPTS=\"-fstype=nfs,tcp,rw,sec=krb5,hard,nolock,intr\"\r\nU=${USER:0:1}\r\nS=${USER:1:1}\r\necho $OPTS engna1.bu.edu:\/vol\/users\/$U\/$S\/$USER\r\nexit 0<\/pre>\n<\/li>\n<\/ul>\n<p>Automount can also be &#8220;tricked&#8221; into making the symlink for you. Make an automount program map that never returns the mount paramters, but creates the symlink in the process.<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<pre class=\"darkSnippet\"># dont really mount anything, just make a symlink\r\nUSER=$1\r\nU=${USER:0:1}\r\nS=${USER:1:1}\r\n\r\nln -sn \/ad\/eng\/users\/$U\/$S\/$USER \/home\/$USER\r\n\r\nexit 0<\/pre>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>install and testing procedures Install all the rpms in the qidb set Run the nss-misc-fix-nsswitch-monde script Create a bogus skel &#8211; mkdir\\xc2\\xa0-p\\xc2\\xa0\/etc\/empty-skel\/EMPTY, so we know if it&#8217;s safe to remove the dir Add the following line to \/etc\/pam.d\/system-auth (Note: You may need to use an alternative method in order to login from gdm) session required [&hellip;]<\/p>\n","protected":false},"author":16541,"featured_media":0,"parent":868,"menu_order":17,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/engit\/wp-json\/wp\/v2\/pages\/219"}],"collection":[{"href":"https:\/\/www.bu.edu\/engit\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bu.edu\/engit\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/engit\/wp-json\/wp\/v2\/users\/16541"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/engit\/wp-json\/wp\/v2\/comments?post=219"}],"version-history":[{"count":5,"href":"https:\/\/www.bu.edu\/engit\/wp-json\/wp\/v2\/pages\/219\/revisions"}],"predecessor-version":[{"id":878,"href":"https:\/\/www.bu.edu\/engit\/wp-json\/wp\/v2\/pages\/219\/revisions\/878"}],"up":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/engit\/wp-json\/wp\/v2\/pages\/868"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/engit\/wp-json\/wp\/v2\/media?parent=219"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}