SLES 10 Tip: SLES 10 and VMWare Server 1.0
Novell Cool Solutions: Tip
By Adam Robinson
Digg This -
Slashdot This
Posted: 24 Aug 2006 |
I wanted to tell you about my experience with SLES 10 and VMWare Server 1.0. I had been running VMWare on an Ubuntu Server and using it to run a server or two and a few workstations for testing software. It was a total pain because I had to make local accounts for each user that needed to use VMWare and the password was not kept in sync anywhere else. Then a few days after SLES 10 came out I had a great idea. I remembered the Linux User Management feature that was on our OES Linux server. I installed SLES 10 and was a little disappointed to see that feature was not included. I could have set up SLES 10 to use LDAP authentication, but I liked how Linux User Management would let you easily restrict which users have access to a machine.
I took these rpms from a SLED 10 install cd:
novell-NLDAPbase-dyn-3.4.1-0.5.i586.rpm
novell-NLDAPsdk-dyn-3.4.1-0.5.i586.rpm
novell-lum-2.2.0-81.12.i586.rpm
yast2-linux-user-mgmt-2.9.83-16.6.noarch.rpm
They installed just fine onto the SLES 10 server. I then configured Linux User Management to authenticate through eDirectory with YaST and made a group called "vmware" containing all the users that needed access. Everything worked great. I knew that VMWare used something called vmware-authd to handle authentications and that it used PAM. I did some searching and I found the file /etc/pam.d/vmware-authd.
Its original contents were:
auth sufficient /lib/security/pam_unix2.so shadow nullok auth required /lib/security/pam_unix_auth.so shadow nullok account sufficient /lib/security/pam_unix2.so account required /lib/security/pam_unix_acct.so
I changed the contents of the file to be:
auth sufficient /lib/security/pam_unix2.so shadow nullok auth sufficient /lib/security/pam_nam.so auth required /lib/security/pam_unix_auth.so shadow nullok account sufficient /lib/security/pam_unix2.so account sufficient /lib/security/pam_nam.so account required /lib/security/pam_unix_acct.so
After that, all of the users that I had added to the vmware group could login with the VMWare Server Console to this server and just use their normal eDirectory credentials. The only problem I have is the VMWare Management Interface (the web based interface for checking the status of VM or powering it on). When I attempt to login with a LUM enabled user here the web interface crashes. Well anyways, I hope this information might be useful to someone else
SUSE Linux Enterprise Server 10 Cool Stuff
Read other SUSE Linux Enterprise Server 10 Tips and Tricks here
Submit your SUSE Linux Enterprise Server 10 Tips and Tricks here

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com