\documentclass{ictlab} \RCS $Revision: 1.2 $ \usepackage{verbatim,key,alltt} \usepackage[hang,bf,nooneline]{caption2} \ifx\pdftexversion\undefined \else \usepackage[pdfpagemode=None,pdfauthor={Nick Urbanik}]{hyperref} \fi \renewcommand*{\subject}{Operating Systems and Systems Integration} \newcommand*{\labTitle}{Setting Up Local (Non-LDAP) Accounts} \providecommand*{\SNMP}{\acro{SNMP}\xspace} \providecommand*{\MIB}{\acro{MIB}\xspace} \providecommand*{\ID}{\acro{ID}\xspace} \providecommand*{\OID}{\acro{OID}\xspace} \providecommand*{\FAQ}{\acro{FAQ}\xspace} \renewcommand{\floatpagefraction}{0.75} % default is .5, to increase % density. \renewcommand*{\bottomfraction}{0.6} % default is 0.3 \renewcommand*{\topfraction}{0.85} % default is 0.7 \renewcommand*{\textfraction}{0.1} % default is 0.2 \begin{document} \section{Background} \label{sec:Background} When you configure your computer to use \LDAP for authentication using the program \texttt{authconfig}, a program called the \emph{automounter} will control access to the \texttt{/home} directory, and will attempt to mount a network drive whenever you access any subdirectory of \texttt{/home}. This prevents you from creating local user accounts with home directories under \texttt{/home}. The solution is to put local users under another directory, such as \texttt{/home2}, and configure \texttt{useradd} to create new accounts there instead. Your \LDAP account will be under \texttt{/home}, and your local accounts will be under \texttt{/home2}. \section{Procedure} \begin{enumerate} \item Create a new directory under which all new local home directories should go: \begin{verbatim} $ sudo mkdir /home2 \end{verbatim}%$ \item Change the default base for the home directories created by \texttt{useradd}: \begin{verbatim} $ sudo useradd -D -b /home2 \end{verbatim}%$ \begin{explanation} See the documentation for \texttt{useradd} for more details: \texttt{man useradd} \end{explanation} \item \textbf{Warning:} There is one problem with this scheme; \texttt{useradd} will, by default, select a user \acro{ID} number greater than that of any user on the system. This will be in the \LDAP server. However, as new accounts are added to the \LDAP server, there will be a user \acro{ID} conflict between your local accounts and these future \LDAP accounts. There are a number of solutions: \begin{itemize} \item Don't worry about it. This is okay in the laboratory, since the owners of new accounts created on the \LDAP server will not be using your hard disk. \item Another solution is to specify the user \acro{ID} number manually as part of the \texttt{useradd} command, with the \texttt{-u} option. You would need to choose a user \acro{ID} number higher than any others in your password file, but lower than about 2000, since the \LDAP accounts have user \acro{ID} numbers of 2000 and above. \item Another approach (perhaps better for production use) is to turn the \LDAP authentication off temporarily with \texttt{authconfig}, create a number of local accounts, then turn \LDAP authentication back on with \texttt{authconfig}. \end{itemize} \end{enumerate} % [root@localhost /root]# # mkdir /home2 % [root@localhost /root]# # service autofs stop % [root@localhost /root]# mv /home/nicku/  /home2[1@#[1@ % [root@localhost /root]# useradd -D -b /home2 % [root@localhost /root]# vipw[1@#[1@  % [?25l[?1c[?25h[?8c[?25h[?0c"/etc/ptmp" 24L, 872Croot:x:0:0:root:/root:/bin/bash % bin:x:1:1:bin:/bin: % daemon:x:2:2:daemon:/sbin: % adm:x:3:4:adm:/var/adm: % lp:x:4:7:lp:/var/spool/lpd: % sync:x:5:0:sync:/sbin:/bin/sync % shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown % halt:x:7:0:halt:/sbin:/sbin/halt % mail:x:8:12:mail:/var/spool/mail: % news:x:9:13:news:/var/spool/news: % uucp:x:10:14:uucp:/var/spool/uucp: % operator:x:11:0:operator:/root: % games:x:12:100:games:/usr/games: % gopher:x:13:30:gopher:/usr/lib/gopher-data: % ftp:x:14:50:FTP User:/home/ftp: % nobody:x:99:99:Nobody:/: % nscd:x:28:28:NSCD Daemon:/:/bin/false % mailnull:x:47:47::/var/spool/mqueue:/dev/null % ident:x:98:98:pident user:/:/bin/false % rpc:x:32:32:Portmapper RPC user:/:/bin/false % rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/bin/false % xfs:x:43:43:X Font Server:/etc/X11/fs:/bin/false % gdm:x:42:42::/home/gdm:/bin/bash % a204:x:500:500:a204c student user:/home/a204:/bin/bash[?25h[?0c % % % % % % % % % % % % % % % % % % % % % % % a204:x:500:500:a204c student user:/home/[?25l[?1c % -- INSERT --[?25h[?0c[?25l[?1c2/a204:/bin/bash[?25h[?0c[?25l[?1c[?25h[?0c[?25l[?1c % :[?25h[?0cw[?25l[?1c"/etc/ptmp" 24L, 873C written[?25h[?0c[?25l[?1c:[?25h[?0cq[?25l[?1c[?25h[?0cYou are using shadow passwords on this system. % Would you like to edit /etc/shadow now [y/n]? n % [root@localhost /root]# vipwuseradd -D -b /home2[3@# mv /home/nicku /home2service autofs stopmkdir /home2service autofs stop  art % [root@localhost /root]# # service autofs start % Starting automount:[ OK ] % [root@localhost /root]# exit % Script done on Tue Dec 4 13:54:59 2001 \end{document}