Setting up LUM and Novell Client Single Sign-On for SLED 10
Problem:
Setting up LUM and Novell Client Single Sign-on for SLED 10
Solution:
Document in PDF form can be downloaded from http://www.danville.k12.il.us/ISTechs/Novell_Client_for_Linux_Single_Signon.pdf
- Make sure the following modules or newer are installed:
- pam-0.99.3.0-29.4
- pam-modules-10-2.2
- pam-devel-0.99.3.0-29.4
- glibc-devel-2.4-31.2
- glibc-2.4-31.2
- gcc-4.1.0-28.4
- make-3.80-202.2
- kernel-source-2.6.16.21-0.8
- novell-lum-2.2.0-81.12
- To determine which of the modules are already installed, issue the following command at the
bash prompt.- rpm -q novell-lum pam pam-modules pam-devel glibc-devel glibc gcc make kernel-source
- To install the missing modules, type the flowing command at the bash prompt. (Installation
Media may be required)- yast -i module_name (Replace module_name with name of missing module)
- example: yast -i novell-lum
- Install the Novell Client for Linux
- Download Novell Client version 1.2 for SUSE Linux Enterprise 10 from http://download.novell.com
- Change to the directory where the client was downloaded
- cd /root/Desktop/
- Extract the tar ball file
- tar -xzvf novell-client-1.2-SLE10.tar.gz
- Change into the NCL_disk directory
- cd ncl_build_711/NCL_disk/
- Install the client with the following command
- ./ncl_install install
- Start Novell Client and test functionality
- Add /opt/novell/ncl/bin to $PATH
- export PATH=”$PATH:/opt/novell/ncl/bin”
- Restart Novell Client daemon
- /opt/novell/ncl/bin/ncl_control restart
- Test that the Novell Client is functioning by typing the following command at the bash prompt.
- nwlogin -t treename -s server_address -c context -u username -p password -r
- Download and extract SingleSignOn file
- Download SingleSignOn.tar.gz from www.danville.k12.il.us/ISTechs/SingleSignOn.tar.gz
- Change to the download directory
- cd /root/Desktop
- Extract the tar ball file
- tar -xzvf SingleSignOn.tar.gz
- Edit SingleSignOn files for your environment
- Change into SingleSignOn directory
- cd SingleSignOn
- Edit login.conf with gedit or editor of your choice
- gedit files/etc/opt/novell/ncl/login.conf
- Default_Tree=Tree (Replace Tree with your tree name)
- Default_Context=Context (Replace Context with your default context)
- Edit novellsingle
- gedit files/etc/sysconfig/novellsingle
- NDSTREE=TreeIP (Replace TreeIP with your edir server’s IP or Tree name)
- NDSSERVER=ServerIP (Replace ServerIP with your edir server’s IP)
- NDSLDAP=LDAPIP (Replace LDAPIP with LDAP server’s IP)
- Edit slp.conf
- gedit files/etc/slp.conf
- net.slp.useScopes = Scope_Name (Replace Scope_Name with your scope)
- net.slp.DAAddresses = DAAddress (Replace DAAddress with your DA IP)
- If you have made changes to your /etc/profile file, please delete the profile file under
SingleSignOn/files/etc/profile. You will need to add the following lines to the bottom of your
/etc/profile file.- . /etc/sysconfig/novellsingle
PATH=$PATH:/opt/novell/ncl/bin
/opt/novell/ncl/bin/nwrunscripts -u $USER -t $NDSTREE -c `ldapsearch -h $NDSLDAP -x
cn=$USER objectclass=dn | grep ^dn | sed -e “s/^dn: cn=$USER,//i” -e “s/ou=//g” -e
“s/o=//g” -e “s/,/./g”` (from /opt/novell/… on the third line, this is all one line)
- . /etc/sysconfig/novellsingle
- Install Single Sign On
- ./install.sh
- Import workstation into eDirectory with the following command at the bash prompt
- namconfig add -a UserDN -r ConfigContext -w WorkstationContext -S LDAPIP:389 -l
636- UserDN= Destinguished name. Example cn=admin,o=novell
- ConfigContext= organization unit where linux config resides. Example o=novell
- WorkstationContext= organization unit to import unix workstation. Example ou=workstations,o=novell
- LDAPIP= IP of LDAP server. Example 192.168.1.1
- Example. namconfig add -a cn=admin,o=novell -r o=novell -w
ou=workstations,o=novell -S 192.168.1.1:389 -l 636
- namconfig add -a UserDN -r ConfigContext -w WorkstationContext -S LDAPIP:389 -l
- Add workstation to Linux Enabled group
- Log into iManager
- Select Linux User Management
- Modify Linux Workstation Object
- Use the object selector to find the workstation in the tree
- Click Ok
- Use the object selector to find a Linux Enabled Group Then click Apply
- Restart the workstation. Users who are in the Linux Enabled Group should be able to log into
this workstation.
Troubleshooting
- No Drive Mapping. Each time a user logs in the SingleSignOn script creates and then deletes the /tmp/onauth.log file. If the file is not delete or already exists, then the script will fail to map the network drives. To solve this problem, delete /tmp/onauth.log.
- User can not login. Make sure that the user is Linux Enabled and a member of the same Linux Enabled Group as the workstation.
Environment:
SUSE Linux Enterprise Desktop 10
Novell Client 1.2
No comments yet