Article

(View Disclaimer)

by Adam Robinson

I wanted to tell you about my experience with SLES 10 and VMWare Server 1.0. I had been running VMWare on an Ubuntu Server and using it to run a server or two and a few workstations for testing software. It was a total pain because I had to make local accounts for each user that needed to use VMWare and the password was not kept in sync anywhere else. Then a few days after SLES 10 came out I had a great idea. I remembered the Linux User Management feature that was on our OES Linux server. I installed SLES 10 and was a little disappointed to see that feature was not included. I could have set up SLES 10 to use LDAP authentication, but I liked how Linux User Management would let you easily restrict which users have access to a machine.

I took these rpms from a SLED 10 install cd:

novell-NLDAPbase-dyn-3.4.1-0.5.i586.rpm
novell-NLDAPsdk-dyn-3.4.1-0.5.i586.rpm
novell-lum-2.2.0-81.12.i586.rpm
yast2-linux-user-mgmt-2.9.83-16.6.noarch.rpm

They installed just fine onto the SLES 10 server. I then configured Linux User Management to authenticate through eDirectory with YaST and made a group called "vmware" containing all the users that needed access. Everything worked great. I knew that VMWare used something called vmware-authd to handle authentications and that it used PAM. I did some searching and I found the file /etc/pam.d/vmware-authd.

Its original contents were:

auth       sufficient       /lib/security/pam_unix2.so shadow nullok
auth       required         /lib/security/pam_unix_auth.so shadow nullok
account    sufficient       /lib/security/pam_unix2.so
account    required         /lib/security/pam_unix_acct.so

I changed the contents of the file to be:

auth       sufficient       /lib/security/pam_unix2.so shadow nullok
auth       sufficient       /lib/security/pam_nam.so
auth       required         /lib/security/pam_unix_auth.so shadow nullok
account    sufficient       /lib/security/pam_unix2.so
account    sufficient       /lib/security/pam_nam.so
account    required         /lib/security/pam_unix_acct.so

After that, all of the users that I had added to the vmware group could login with the VMWare Server Console to this server and just use their normal eDirectory credentials. The only problem I have is the VMWare Management Interface (the web based interface for checking the status of VM or powering it on). When I attempt to login with a LUM enabled user here the web interface crashes. Well anyways, I hope this information might be useful to someone else

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.