\documentclass{ictlab}

\RCS $Revision: 1.2 $

\usepackage{verbatim,key,alltt}
\usepackage[hang,bf,nooneline]{caption2}
\ifx\pdftexversion\undefined \else
  \usepackage[pdfpagemode=None,pdfauthor={Nick Urbanik}]{hyperref}
\fi
\renewcommand*{\subject}{Operating Systems and Systems Integration}

\newcommand*{\labTitle}{Setting Up Local (Non-LDAP) Accounts}
\providecommand*{\SNMP}{\acro{SNMP}\xspace}
\providecommand*{\MIB}{\acro{MIB}\xspace}
\providecommand*{\ID}{\acro{ID}\xspace}
\providecommand*{\OID}{\acro{OID}\xspace}
\providecommand*{\FAQ}{\acro{FAQ}\xspace}
\renewcommand{\floatpagefraction}{0.75} % default is .5, to increase
% density.
\renewcommand*{\bottomfraction}{0.6} % default is 0.3
\renewcommand*{\topfraction}{0.85} % default is 0.7
\renewcommand*{\textfraction}{0.1} % default is 0.2


\begin{document}

\section{Background}
\label{sec:Background}

When you configure your computer to use \LDAP for authentication using
the program \texttt{authconfig}, a program called the
\emph{automounter} will control access to the \texttt{/home}
directory, and will attempt to mount a network drive whenever you
access any subdirectory of \texttt{/home}.  This prevents you from
creating local user accounts with home directories under
\texttt{/home}.  The solution is to put local users under another
directory, such as \texttt{/home2}, and configure \texttt{useradd} to
create new accounts there instead.  Your \LDAP account will be under
\texttt{/home}, and your local accounts will be under \texttt{/home2}.

\section{Procedure}
\begin{enumerate}
\item Create a new directory under which all new local home directories
  should go:
\begin{verbatim}
$ sudo mkdir /home2 
\end{verbatim}%$

\item Change the default base for the home directories created by
  \texttt{useradd}:
\begin{verbatim}
$ sudo useradd -D -b /home2
\end{verbatim}%$
  \begin{explanation}
    See the documentation for \texttt{useradd} for more details:
    \texttt{man useradd}
  \end{explanation}
  
\item \textbf{Warning:} There is one problem with this scheme;
  \texttt{useradd} will, by default, select a user \acro{ID} number
  greater than that of any user on the system.  This will be in the
  \LDAP server.  However, as new accounts are added to the \LDAP
  server, there will be a user \acro{ID} conflict between your local
  accounts and these future \LDAP accounts.

  There are a number of solutions:
  \begin{itemize}
  \item Don't worry about it.  This is okay in the laboratory, since
    the owners of new accounts created on the \LDAP server will not be
    using your hard disk.
  
  \item Another solution is to specify the user \acro{ID} number
    manually as part of the \texttt{useradd} command, with the
    \texttt{-u} option.  You would need to choose a user \acro{ID}
    number higher than any others in your password file, but lower
    than about 2000, since the \LDAP accounts have user \acro{ID}
    numbers of 2000 and above.
  
  \item Another approach (perhaps better for production use) is to
    turn the \LDAP authentication off temporarily with
    \texttt{authconfig}, create a number of local accounts, then turn
    \LDAP authentication back on with \texttt{authconfig}.
  \end{itemize}

  
\end{enumerate}
% [root@localhost /root]# # mkdir /home2
% [root@localhost /root]# # service autofs stop
% [root@localhost /root]# mv /home/nicku/  /home2[1@#[1@ 
% [root@localhost /root]# useradd -D -b /home2
% [root@localhost /root]# vipw[1@#[1@ [1P[1P
% [?25l[?1c[1;25r[?25h[?8c[?25h[?0c[H[J[25;1H"/etc/ptmp" 24L, 872C[1;1Hroot:x:0:0:root:/root:/bin/bash
% bin:x:1:1:bin:/bin:
% daemon:x:2:2:daemon:/sbin:
% adm:x:3:4:adm:/var/adm:
% lp:x:4:7:lp:/var/spool/lpd:
% sync:x:5:0:sync:/sbin:/bin/sync
% shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
% halt:x:7:0:halt:/sbin:/sbin/halt
% mail:x:8:12:mail:/var/spool/mail:
% news:x:9:13:news:/var/spool/news:
% uucp:x:10:14:uucp:/var/spool/uucp:
% operator:x:11:0:operator:/root:
% games:x:12:100:games:/usr/games:
% gopher:x:13:30:gopher:/usr/lib/gopher-data:
% ftp:x:14:50:FTP User:/home/ftp:
% nobody:x:99:99:Nobody:/:
% nscd:x:28:28:NSCD Daemon:/:/bin/false
% mailnull:x:47:47::/var/spool/mqueue:/dev/null
% ident:x:98:98:pident user:/:/bin/false
% rpc:x:32:32:Portmapper RPC user:/:/bin/false
% rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/bin/false
% xfs:x:43:43:X Font Server:/etc/X11/fs:/bin/false
% gdm:x:42:42::/home/gdm:/bin/bash
% a204:x:500:500:a204c student user:/home/a204:/bin/bash[1;1H[?25h[?0c
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% a204:x:500:500:a204c student user:/home/[?25l[?1c
% [1m-- INSERT --[0;10m[25;13H[K[24;40H[?25h[?0c[?25l[?1c2/a204:/bin/bash[24;41H[?25h[?0c[25;1H[K[24;40H[?25l[?1c[?25h[?0c[?25l[?1c
% :[?25h[?0cw[?25l[?1c"/etc/ptmp" 24L, 873C written[24;40H[?25h[?0c[?25l[?1c[25;1H[K[25;1H:[?25h[?0cq[?25l[?1c[?25h[?0c[25;1H[KYou are using shadow passwords on this system.
% Would you like to edit /etc/shadow now [y/n]? n
% [root@localhost /root]# vipwuseradd -D -b /home2[3@# mv /home/nicku /home2[2Pservice autofs stop[7Pmkdir /home2service autofs stop  art
% [root@localhost /root]# # service autofs start[1P[1P
% Starting automount:[60G[  [1;32mOK[0;39m  ]
% [root@localhost /root]# exit
% Script done on Tue Dec  4 13:54:59 2001

\end{document}