Setting up LUM and Novell Client Single Sign-On for SLED 10

Problem:

Setting up LUM and Novell Client Single Sign-on for SLED 10

Solution:

Document in PDF form can be downloaded from http://www.danville.k12.il.us/ISTechs/Novell_Client_for_Linux_Single_Signon.pdf

1. Make sure the following modules or newer are installed:
   • pam-0.99.3.0-29.4
   • pam-modules-10-2.2
   • pam-devel-0.99.3.0-29.4
   • glibc-devel-2.4-31.2
   • glibc-2.4-31.2
   • gcc-4.1.0-28.4
   • make-3.80-202.2
   • kernel-source-2.6.16.21-0.8
   • novell-lum-2.2.0-81.12
2. To determine which of the modules are already installed, issue the following command at the
   bash prompt.
   • rpm -q novell-lum pam pam-modules pam-devel glibc-devel glibc gcc make kernel-source
3. To install the missing modules, type the flowing command at the bash prompt. (Installation
   Media may be required)
   • yast -i module_name (Replace module_name with name of missing module)
   • example: yast -i novell-lum
4. Install the Novell Client for Linux
   • Download Novell Client version 1.2 for SUSE Linux Enterprise 10 from http://download.novell.com
   • Change to the directory where the client was downloaded
   • cd /root/Desktop/
   • Extract the tar ball file
   • tar -xzvf novell-client-1.2-SLE10.tar.gz
   • Change into the NCL_disk directory
   • cd ncl_build_711/NCL_disk/
   • Install the client with the following command
   • ./ncl_install install
5. Start Novell Client and test functionality
   • Add /opt/novell/ncl/bin to $PATH
   • export PATH=”$PATH:/opt/novell/ncl/bin”
   • Restart Novell Client daemon
   • /opt/novell/ncl/bin/ncl_control restart
   • Test that the Novell Client is functioning by typing the following command at the bash prompt.
   • nwlogin -t treename -s server_address -c context -u username -p password -r
6. Download and extract SingleSignOn file
   • Download SingleSignOn.tar.gz from www.danville.k12.il.us/ISTechs/SingleSignOn.tar.gz
   • Change to the download directory
   • cd /root/Desktop
   • Extract the tar ball file
   • tar -xzvf SingleSignOn.tar.gz
7. Edit SingleSignOn files for your environment
   • Change into SingleSignOn directory
   • cd SingleSignOn
   • Edit login.conf with gedit or editor of your choice
   • gedit files/etc/opt/novell/ncl/login.conf
     • Default_Tree=Tree (Replace Tree with your tree name)
     • Default_Context=Context (Replace Context with your default context)
   • Edit novellsingle
   • gedit files/etc/sysconfig/novellsingle
     • NDSTREE=TreeIP (Replace TreeIP with your edir server’s IP or Tree name)
     • NDSSERVER=ServerIP (Replace ServerIP with your edir server’s IP)
     • NDSLDAP=LDAPIP (Replace LDAPIP with LDAP server’s IP)
   • Edit slp.conf
   • gedit files/etc/slp.conf
     • net.slp.useScopes = Scope_Name (Replace Scope_Name with your scope)
     • net.slp.DAAddresses = DAAddress (Replace DAAddress with your DA IP)

8. If you have made changes to your /etc/profile file, please delete the profile file under
   SingleSignOn/files/etc/profile. You will need to add the following lines to the bottom of your
   /etc/profile file.
   • . /etc/sysconfig/novellsingle
     PATH=$PATH:/opt/novell/ncl/bin
     /opt/novell/ncl/bin/nwrunscripts -u $USER -t $NDSTREE -c `ldapsearch -h $NDSLDAP -x
     cn=$USER objectclass=dn | grep ^dn | sed -e “s/^dn: cn=$USER,//i” -e “s/ou=//g” -e
     “s/o=//g” -e “s/,/./g”` (from /opt/novell/… on the third line, this is all one line)
9. Install Single Sign On
   • ./install.sh
10. Import workstation into eDirectory with the following command at the bash prompt
    • namconfig add -a UserDN -r ConfigContext -w WorkstationContext -S LDAPIP:389 -l
      636
      • UserDN= Destinguished name. Example cn=admin,o=novell
      • ConfigContext= organization unit where linux config resides. Example o=novell
      • WorkstationContext= organization unit to import unix workstation. Example ou=workstations,o=novell
      • LDAPIP= IP of LDAP server. Example 192.168.1.1
      • Example. namconfig add -a cn=admin,o=novell -r o=novell -w
        ou=workstations,o=novell -S 192.168.1.1:389 -l 636
11. Add workstation to Linux Enabled group
    • Log into iManager
    • Select Linux User Management
    • Modify Linux Workstation Object
    • Use the object selector to find the workstation in the tree
    

    Click to view.

    • Click Ok
    • Use the object selector to find a Linux Enabled Group Then click Apply
    

    Click to view.

12. Restart the workstation. Users who are in the Linux Enabled Group should be able to log into
    this workstation.

Troubleshooting

1. No Drive Mapping. Each time a user logs in the SingleSignOn script creates and then deletes the /tmp/onauth.log file. If the file is not delete or already exists, then the script will fail to map the network drives. To solve this problem, delete /tmp/onauth.log.
2. User can not login. Make sure that the user is Linux Enabled and a member of the same Linux Enabled Group as the workstation.

Environment:

SUSE Linux Enterprise Desktop 10
Novell Client 1.2