Novell is now a part of Micro Focus

How to configure LUM on a new SUSE workstation

Novell Cool Solutions: Feature
By Edward van der Maas

Digg This - Slashdot This

Posted: 17 Nov 2005

Software being used: SUSE Open Enterprise Server Sp1
Novell Linux Desktop 9

First, we'll need a SUSE Open Enterprise Server and a Novell Linux Desktop. How to install this server and workstation is out of the scope of this document. Refer to the installation instructions in the documentation. After both machines are set up, you are ready to install the Linux User Management (LUM) components onto the workstation.

From the Open Enterprise Server (OES) CD 3, install NLDAPsdk and NLDAPbase.
Use the following command:

rpm –Uvh NLDAPsdk- NLDAPbase-

Click for larger view of image.

Now that we have the required RPM's installed we can install the LUM component.
From OES CD2, install novell-lum-2.2.0-55.1.i586.rpm
Use the following command:

rpm –Uvh novell-lum-2.2.0-55.1.i586.rpm

All the required components are now installed and we can import the workstation into eDirectory using namconfig.

In order to be able to login to the workstation we need to assign users to this workstation so they are priviliged to authenticate to the workstation. Therefore, we need to have the workstation imported into eDirectory.

To import the workstation we use namconfig.
Use the following command:

namconfig add –a cn=admin,o=novell –r o=novell –w ou=services,
o=novell –S –l 636

What this all means:
-a cn=admin,o=novell. This is the user we are logging in as
-r o=novell. This is the partition root. My test tree only has 1 partition
-w ou=services,o=novell. This is the context where the workstation will be created
-S This is the LDAP server we are using
-l 636. This is the secure LDAP port we are using

Make sure that the context where the workstation will be created matches the context where the Unix config checks for workstation. You can check this from iManager | Linux User Management | Modify Linux/Unix Config Object.

Importing the workstation should produce a message like the following:

Click for larger view of image.

If we now check ConsoleOne we'll see a new Unix workstation object.

We are now ready to setup LUM for a user so that we can login, but we'll need to make some changes first.

In order to be able to login in Xwindows we'll need to modify the pluggable authentication module for the XDM service. We can find this file in /etc/pam.d/xdm.
In the same directory is a file called pam_nam_sample. This file contains the 4 lines we need to add to the xdm pam. Copy the content of pam_nam_sample and paste this into file called xdm. If you want to enable this for other services you can modify the appropriate file.

The file will look like this:

NLD:/etc/pam.d # cat xdm
auth    sufficient      /lib/security/
account sufficient      /lib/security/
password sufficient     /lib/security/
session optional        /lib/security/
auth     required    nullok #set_secrpc
account  required
password required  nullok
password required    nullok use_first_pass use_authtok
session  required    debug # trace or none
session  required
session  required
NLD:/etc/pam.d #

Now restart the workstation.

Last thing we need to do is to enable a user for LUM so the user can login to the workstation. For this whole process we'll use iManager.

We've created a group called Lum-Users and made a our user John Doe member of this group. Now we need to enable this group in LUM.
Within Linux User Management | Click Enable groups for linux and select the Lum-Group we've just created.

Click for larger view of image.

Make sure the "Linux-enable all users in these Groups" is checked.

The next step is to select the workstations. Here, we're need to ensure that our newly created workstation is being added.

Click for larger view of image.

These are all the steps necessary to get LUM running on a NLD workstation.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates