SUSE Conversations


Setting up LUM and Novell Client Single Sign-On for SLED 10



By: coolguys

March 29, 2007 8:04 am

Reads:553

Comments:0

Score:Unrated

Print/PDF

Problem:

Setting up LUM and Novell Client Single Sign-on for SLED 10

Solution:

Document in PDF form can be downloaded from http://www.danville.k12.il.us/ISTechs/Novell_Client_for_Linux_Single_Signon.pdf

  1. Make sure the following modules or newer are installed:
    • pam-0.99.3.0-29.4
    • pam-modules-10-2.2
    • pam-devel-0.99.3.0-29.4
    • glibc-devel-2.4-31.2
    • glibc-2.4-31.2
    • gcc-4.1.0-28.4
    • make-3.80-202.2
    • kernel-source-2.6.16.21-0.8
    • novell-lum-2.2.0-81.12
  2. To determine which of the modules are already installed, issue the following command at the
    bash prompt.

    • rpm -q novell-lum pam pam-modules pam-devel glibc-devel glibc gcc make kernel-source
  3. To install the missing modules, type the flowing command at the bash prompt. (Installation
    Media may be required)

    • yast -i module_name (Replace module_name with name of missing module)
    • example: yast -i novell-lum
  4. Install the Novell Client for Linux
    • Download Novell Client version 1.2 for SUSE Linux Enterprise 10 from http://download.novell.com
    • Change to the directory where the client was downloaded
      • cd /root/Desktop/
    • Extract the tar ball file
      • tar -xzvf novell-client-1.2-SLE10.tar.gz
    • Change into the NCL_disk directory
      • cd ncl_build_711/NCL_disk/
    • Install the client with the following command
      • ./ncl_install install
  5. Start Novell Client and test functionality
    • Add /opt/novell/ncl/bin to $PATH
      • export PATH=”$PATH:/opt/novell/ncl/bin”
    • Restart Novell Client daemon
      • /opt/novell/ncl/bin/ncl_control restart
    • Test that the Novell Client is functioning by typing the following command at the bash prompt.
      • nwlogin -t treename -s server_address -c context -u username -p password -r
  6. Download and extract SingleSignOn file
  7. Edit SingleSignOn files for your environment
    • Change into SingleSignOn directory
    • cd SingleSignOn
    • Edit login.conf with gedit or editor of your choice
      • gedit files/etc/opt/novell/ncl/login.conf
        • Default_Tree=Tree (Replace Tree with your tree name)
        • Default_Context=Context (Replace Context with your default context)
    • Edit novellsingle
    • gedit files/etc/sysconfig/novellsingle
      • NDSTREE=TreeIP (Replace TreeIP with your edir server’s IP or Tree name)
      • NDSSERVER=ServerIP (Replace ServerIP with your edir server’s IP)
      • NDSLDAP=LDAPIP (Replace LDAPIP with LDAP server’s IP)
    • Edit slp.conf
    • gedit files/etc/slp.conf
      • net.slp.useScopes = Scope_Name (Replace Scope_Name with your scope)
      • net.slp.DAAddresses = DAAddress (Replace DAAddress with your DA IP)

  8. If you have made changes to your /etc/profile file, please delete the profile file under
    SingleSignOn/files/etc/profile. You will need to add the following lines to the bottom of your
    /etc/profile file.

    • . /etc/sysconfig/novellsingle
      PATH=$PATH:/opt/novell/ncl/bin
      /opt/novell/ncl/bin/nwrunscripts -u $USER -t $NDSTREE -c `ldapsearch -h $NDSLDAP -x
      cn=$USER objectclass=dn | grep ^dn | sed -e “s/^dn: cn=$USER,//i” -e “s/ou=//g” -e
      “s/o=//g” -e “s/,/./g”` (from /opt/novell/… on the third line, this is all one line)
  9. Install Single Sign On
    • ./install.sh
  10. Import workstation into eDirectory with the following command at the bash prompt
    • namconfig add -a UserDN -r ConfigContext -w WorkstationContext -S LDAPIP:389 -l
      636

      • UserDN= Destinguished name. Example cn=admin,o=novell
      • ConfigContext= organization unit where linux config resides. Example o=novell
      • WorkstationContext= organization unit to import unix workstation. Example ou=workstations,o=novell
      • LDAPIP= IP of LDAP server. Example 192.168.1.1
      • Example. namconfig add -a cn=admin,o=novell -r o=novell -w
        ou=workstations,o=novell -S 192.168.1.1:389 -l 636
  11. Add workstation to Linux Enabled group
    • Log into iManager
    • Select Linux User Management
    • Modify Linux Workstation Object
    • Use the object selector to find the workstation in the tree
    • Click Ok
    • Use the object selector to find a Linux Enabled Group Then click Apply

  12. Restart the workstation. Users who are in the Linux Enabled Group should be able to log into
    this workstation.

Troubleshooting

  1. No Drive Mapping. Each time a user logs in the SingleSignOn script creates and then deletes the /tmp/onauth.log file. If the file is not delete or already exists, then the script will fail to map the network drives. To solve this problem, delete /tmp/onauth.log.
  2. User can not login. Make sure that the user is Linux Enabled and a member of the same Linux Enabled Group as the workstation.

Environment:

SUSE Linux Enterprise Desktop 10
Novell Client 1.2

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading...Loading...

Categories: Uncategorized

Disclaimer: As with everything else at SUSE Conversations, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

Comment

RSS