Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.
Absent Member.
1244 views

Prevent login if home directory not AFP-enabled?

Running Kanaka 2.8.0.5 with 10.8.4 clients. I have only enabled AFP for the home directories of some users and the problem is that even users with home directories on servers without AFP support are permitted to login. Doesn't work well since no home directory can be mounted. Anyone have a solution for this? The only workaround I can think of is to move the accounts that should be able to login to separate contexts and limit login to those contexts, but that seems a little clumsy.

Anders Svensson
Jönköping University
Labels (1)
0 Likes
4 Replies
Absent Member.
Absent Member.

anders_s;2279625 wrote:
Running Kanaka 2.8.0.5 with 10.8.4 clients. I have only enabled AFP for the home directories of some users and the problem is that even users with home directories on servers without AFP support are permitted to login. Doesn't work well since no home directory can be mounted. Anyone have a solution for this? The only workaround I can think of is to move the accounts that should be able to login to separate contexts and limit login to those contexts, but that seems a little clumsy.

Anders Svensson
Jönköping University


AFP requires that the user have a Universal Password configured. If the user doesn't have a UP configured then they also wont be able to login.
0 Likes
Fleet Admiral
Fleet Admiral

On 30/08/2013 16:56, joharmon wrote:

> AFP requires that the user have a Universal Password configured. If the
> user doesn't have a UP configured then they also wont be able to login.


Since Universal Password is used and useful for other services, not just
AFP, that seems even more clumsy than moving user accounts to another
context!

HTH.
--
Simon
Novell Knowledge Partner

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Technology Transfer
Partner (TTP) program. See novell.com/ttp for more details.
------------------------------------------------------------------------
0 Likes
Fleet Admiral
Fleet Admiral

On 27/08/2013 12:26, anders s wrote:

> Running Kanaka 2.8.0.5 with 10.8.4 clients. I have only enabled AFP for
> the home directories of some users and the problem is that even users
> with home directories on servers without AFP support are permitted to
> login. Doesn't work well since no home directory can be mounted. Anyone
> have a solution for this? The only workaround I can think of is to move
> the accounts that should be able to login to separate contexts and limit
> login to those contexts, but that seems a little clumsy.


Is the object to stop non-AFP users logging in via Kanaka or to allow
non-AFP users to log in but fix their lack of home directory?

For the latter you could set the Proxy Home directory so that non-AFP
users will get a particular directory. Now whether those users have
write access to the directory or it has directory and/or volume
restriction is down to you.

For the former I think it's more tricky - Kanaka has an option to deny
log in if the home directory attribute is not populated but I'm guessing
your non-AFP users are accessing their home directory via another means
(Novell Client on Windows, mapping drive via CIFS/SMB, etc.) so clearing
their home directory attribute might not be desirable.

Another option might be to stop the Kanaka Proxy Object from reading the
Home Directory attribute for your non-AFP users - depending on how many
users we're talking about you might want to grant/block at context-level
then block/grant at user-level.

HTH.
--
Simon
Novell Knowledge Partner

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Technology Transfer
Partner (TTP) program. See novell.com/ttp for more details.
------------------------------------------------------------------------
0 Likes
Absent Member.
Absent Member.

Thank you for the suggestions! My thinking at the moment is to enable CIFS on all servers and stop having to move AFP users to their own servers. Will try to implement this when rolling out Mavericks.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.