\documentclass{ictlab}

% Copyright (c) 2003 by Nick Urbanik <nicku(at)nicku.org>.
% This material may be distributed only subject to the terms and
% conditions set forth in the Open Publication License, v1.0 or later
% (the latest version is presently available at
% http://www.opencontent.org/openpub/).

\RCS $Revision: 1.2 $

\usepackage{verbatim,key,alltt}
\usepackage[hang,bf,nooneline]{caption2}
\ifx\pdftexversion\undefined \else
  \usepackage[pdfpagemode=None,pdfauthor={Nick Urbanik}]{hyperref}
\fi

\newcommand*{\labTitle}{Setting Up Local (Non-LDAP) Accounts}
\providecommand*{\SNMP}{\acro{SNMP}\xspace}
\providecommand*{\MIB}{\acro{MIB}\xspace}
\providecommand*{\ID}{\acro{ID}\xspace}
\providecommand*{\OID}{\acro{OID}\xspace}
\providecommand*{\FAQ}{\acro{FAQ}\xspace}
\renewcommand{\floatpagefraction}{0.75} % default is .5, to increase
% density.
\renewcommand*{\bottomfraction}{0.6} % default is 0.3
\renewcommand*{\topfraction}{0.85} % default is 0.7
\renewcommand*{\textfraction}{0.1} % default is 0.2


\begin{document}

\section{Background}
\label{sec:Background}

When you configure your computer to use \LDAP for authentication using
the program \texttt{authconfig}, a program called the
\emph{automounter} will control access to the \texttt{/home}
directory, and will attempt to mount a network drive whenever you
access any subdirectory of \texttt{/home}.  This prevents you from
creating local user accounts with home directories under
\texttt{/home}.  The solution is to put local users under another
directory, such as \texttt{/home2}, and configure \texttt{useradd} to
create new accounts there instead.  Your \LDAP account will be under
\texttt{/home}, and your local accounts will be under \texttt{/home2}.

\section{Procedure}
\begin{enumerate}
\item Switch to a local console with \key{Alt-Ctrl-F1} and log in as
  \texttt{root}.

\item Create a new directory under which all new local home directories
  should go:
\begin{verbatim}
# mkdir /home2 
\end{verbatim}

%% \item Turn off the automounter so that you can access the local
%%   \texttt{/home} directory:
%% \begin{verbatim}
%% # service autofs stop
%% \end{verbatim}

\item Change the default base for the home directories created by
  \texttt{useradd}:
\begin{verbatim}
# useradd -D -b /home2
\end{verbatim}
  \begin{explanation}
    See the documentation for \texttt{useradd} for more details:
    \texttt{man useradd}
  \end{explanation}
  
%% \item If you already have a local account which you were unable to
%%   access, move the home directory you were trying to access from
%%   \texttt{/home} to \texttt{/home2}:
%% \begin{verbatim}
%% # mv /home/nicku /home2
%% \end{verbatim}

%% \item Update the home directory in the \texttt{/etc/passwd} file,
%%   changing the entry for home directory from \texttt{/home/\ldots} to
%%   \texttt{/home/\ldots}.  The \texttt{vipw} program helps with this:
%% \begin{verbatim}
%% # vipw
%% \end{verbatim}

%% \item You do not need to edit the \texttt{/etc/shadow} file.

%% \item Start the automounter service again:
%% \begin{verbatim}
%% # service autofs start
%% \end{verbatim}

\item \ldots then finally switch back to the X console with
\key{Alt-Ctrl-F7}, and log into your local account.  Now you can log
into both your \LDAP account and your local account.  Any new accounts
created using \texttt{useradd} will be local user accounts, and their
home directories will appear under \texttt{/home2}.

\item \textbf{Warning:} There is one problem with this scheme;
  \texttt{useradd} will, by default, select a user \acro{ID} number
  greater than that of any user on the system.  This will be in the
  \LDAP server.  However, as new accounts are added to the \LDAP
  server, there will be a user \acro{ID} conflict between your local
  accounts and these future \LDAP accounts.  A solution is to specify
  the user \acro{ID} number manually as part of the \texttt{useradd}
  command, with the \texttt{-u} option.  You would need to choose a
  user \acro{ID} number higher than any others in your password file,
  but lower than about 2000, since the \LDAP accounts have user
  \acro{ID} numbers of 2000 and above.
  
  Another (perhaps better) approach is to turn the \LDAP
  authentication off temporarily with \texttt{authconfig}, create a
  number of local accounts, then turn \LDAP authentication back on
  with \texttt{authconfig}.
\end{enumerate}
% [root@localhost /root]# # mkdir /home2
% [root@localhost /root]# # service autofs stop
% [root@localhost /root]# mv /home/nicku/  /home2[1@#[1@ 
% [root@localhost /root]# useradd -D -b /home2
% [root@localhost /root]# vipw[1@#[1@ [1P[1P
% [?25l[?1c[1;25r[?25h[?8c[?25h[?0c[H[J[25;1H"/etc/ptmp" 24L, 872C[1;1Hroot:x:0:0:root:/root:/bin/bash
% bin:x:1:1:bin:/bin:
% daemon:x:2:2:daemon:/sbin:
% adm:x:3:4:adm:/var/adm:
% lp:x:4:7:lp:/var/spool/lpd:
% sync:x:5:0:sync:/sbin:/bin/sync
% shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
% halt:x:7:0:halt:/sbin:/sbin/halt
% mail:x:8:12:mail:/var/spool/mail:
% news:x:9:13:news:/var/spool/news:
% uucp:x:10:14:uucp:/var/spool/uucp:
% operator:x:11:0:operator:/root:
% games:x:12:100:games:/usr/games:
% gopher:x:13:30:gopher:/usr/lib/gopher-data:
% ftp:x:14:50:FTP User:/home/ftp:
% nobody:x:99:99:Nobody:/:
% nscd:x:28:28:NSCD Daemon:/:/bin/false
% mailnull:x:47:47::/var/spool/mqueue:/dev/null
% ident:x:98:98:pident user:/:/bin/false
% rpc:x:32:32:Portmapper RPC user:/:/bin/false
% rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/bin/false
% xfs:x:43:43:X Font Server:/etc/X11/fs:/bin/false
% gdm:x:42:42::/home/gdm:/bin/bash
% a204:x:500:500:a204c student user:/home/a204:/bin/bash[1;1H[?25h[?0c
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% 
% a204:x:500:500:a204c student user:/home/[?25l[?1c
% [1m-- INSERT --[0;10m[25;13H[K[24;40H[?25h[?0c[?25l[?1c2/a204:/bin/bash[24;41H[?25h[?0c[25;1H[K[24;40H[?25l[?1c[?25h[?0c[?25l[?1c
% :[?25h[?0cw[?25l[?1c"/etc/ptmp" 24L, 873C written[24;40H[?25h[?0c[?25l[?1c[25;1H[K[25;1H:[?25h[?0cq[?25l[?1c[?25h[?0c[25;1H[KYou are using shadow passwords on this system.
% Would you like to edit /etc/shadow now [y/n]? n
% [root@localhost /root]# vipwuseradd -D -b /home2[3@# mv /home/nicku /home2[2Pservice autofs stop[7Pmkdir /home2service autofs stop  art
% [root@localhost /root]# # service autofs start[1P[1P
% Starting automount:[60G[  [1;32mOK[0;39m  ]
% [root@localhost /root]# exit
% Script done on Tue Dec  4 13:54:59 2001

\end{document}