Setting up LUM and Novell Client Single Sign-On for SLED 10



Setting up LUM and Novell Client Single Sign-on for SLED 10


Document in PDF form can be downloaded from

  1. Make sure the following modules or newer are installed:
    • pam-
    • pam-modules-10-2.2
    • pam-devel-
    • glibc-devel-2.4-31.2
    • glibc-2.4-31.2
    • gcc-4.1.0-28.4
    • make-3.80-202.2
    • kernel-source-
    • novell-lum-2.2.0-81.12
  2. To determine which of the modules are already installed, issue the following command at the
    bash prompt.

    • rpm -q novell-lum pam pam-modules pam-devel glibc-devel glibc gcc make kernel-source
  3. To install the missing modules, type the flowing command at the bash prompt. (Installation
    Media may be required)

    • yast -i module_name (Replace module_name with name of missing module)
    • example: yast -i novell-lum
  4. Install the Novell Client for Linux
    • Download Novell Client version 1.2 for SUSE Linux Enterprise 10 from
    • Change to the directory where the client was downloaded
      • cd /root/Desktop/
    • Extract the tar ball file
      • tar -xzvf novell-client-1.2-SLE10.tar.gz
    • Change into the NCL_disk directory
      • cd ncl_build_711/NCL_disk/
    • Install the client with the following command
      • ./ncl_install install
  5. Start Novell Client and test functionality
    • Add /opt/novell/ncl/bin to $PATH
      • export PATH=”$PATH:/opt/novell/ncl/bin”
    • Restart Novell Client daemon
      • /opt/novell/ncl/bin/ncl_control restart
    • Test that the Novell Client is functioning by typing the following command at the bash prompt.
      • nwlogin -t treename -s server_address -c context -u username -p password -r
  6. Download and extract SingleSignOn file
  7. Edit SingleSignOn files for your environment
    • Change into SingleSignOn directory
    • cd SingleSignOn
    • Edit login.conf with gedit or editor of your choice
      • gedit files/etc/opt/novell/ncl/login.conf
        • Default_Tree=Tree (Replace Tree with your tree name)
        • Default_Context=Context (Replace Context with your default context)
    • Edit novellsingle
    • gedit files/etc/sysconfig/novellsingle
      • NDSTREE=TreeIP (Replace TreeIP with your edir server’s IP or Tree name)
      • NDSSERVER=ServerIP (Replace ServerIP with your edir server’s IP)
      • NDSLDAP=LDAPIP (Replace LDAPIP with LDAP server’s IP)
    • Edit slp.conf
    • gedit files/etc/slp.conf
      • net.slp.useScopes = Scope_Name (Replace Scope_Name with your scope)
      • net.slp.DAAddresses = DAAddress (Replace DAAddress with your DA IP)

  8. If you have made changes to your /etc/profile file, please delete the profile file under
    SingleSignOn/files/etc/profile. You will need to add the following lines to the bottom of your
    /etc/profile file.

    • . /etc/sysconfig/novellsingle
      /opt/novell/ncl/bin/nwrunscripts -u $USER -t $NDSTREE -c `ldapsearch -h $NDSLDAP -x
      cn=$USER objectclass=dn | grep ^dn | sed -e “s/^dn: cn=$USER,//i” -e “s/ou=//g” -e
      “s/o=//g” -e “s/,/./g”` (from /opt/novell/… on the third line, this is all one line)
  9. Install Single Sign On
    • ./
  10. Import workstation into eDirectory with the following command at the bash prompt
    • namconfig add -a UserDN -r ConfigContext -w WorkstationContext -S LDAPIP:389 -l

      • UserDN= Destinguished name. Example cn=admin,o=novell
      • ConfigContext= organization unit where linux config resides. Example o=novell
      • WorkstationContext= organization unit to import unix workstation. Example ou=workstations,o=novell
      • LDAPIP= IP of LDAP server. Example
      • Example. namconfig add -a cn=admin,o=novell -r o=novell -w
        ou=workstations,o=novell -S -l 636
  11. Add workstation to Linux Enabled group
    • Log into iManager
    • Select Linux User Management
    • Modify Linux Workstation Object
    • Use the object selector to find the workstation in the tree
    • Click Ok
    • Use the object selector to find a Linux Enabled Group Then click Apply

  12. Restart the workstation. Users who are in the Linux Enabled Group should be able to log into
    this workstation.


  1. No Drive Mapping. Each time a user logs in the SingleSignOn script creates and then deletes the /tmp/onauth.log file. If the file is not delete or already exists, then the script will fail to map the network drives. To solve this problem, delete /tmp/onauth.log.
  2. User can not login. Make sure that the user is Linux Enabled and a member of the same Linux Enabled Group as the workstation.


SUSE Linux Enterprise Desktop 10
Novell Client 1.2

(Visited 1 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *

No comments yet