Novell Home

Setting up LUM and Novell Client Single Sign-On for SLED 10

Novell Cool Solutions: Tip
By Sam Ludington

Digg This - Slashdot This

Posted: 29 Mar 2007
 

Problem:

Setting up LUM and Novell Client Single Sign-on for SLED 10

Solution:

Document in PDF form can be downloaded from http://www.danville.k12.il.us/ISTechs/Novell_Client_for_Linux_Single_Signon.pdf

  1. Make sure the following modules or newer are installed:
    • pam-0.99.3.0-29.4
    • pam-modules-10-2.2
    • pam-devel-0.99.3.0-29.4
    • glibc-devel-2.4-31.2
    • glibc-2.4-31.2
    • gcc-4.1.0-28.4
    • make-3.80-202.2
    • kernel-source-2.6.16.21-0.8
    • novell-lum-2.2.0-81.12

  2. To determine which of the modules are already installed, issue the following command at the bash prompt.
    • rpm -q novell-lum pam pam-modules pam-devel glibc-devel glibc gcc make kernel-source

  3. To install the missing modules, type the flowing command at the bash prompt. (Installation Media may be required)
    • yast -i module_name (Replace module_name with name of missing module)
    • example: yast -i novell-lum

  4. Install the Novell Client for Linux
    • Download Novell Client version 1.2 for SUSE Linux Enterprise 10 from http://download.novell.com
    • Change to the directory where the client was downloaded
      • cd /root/Desktop/
    • Extract the tar ball file
      • tar -xzvf novell-client-1.2-SLE10.tar.gz
    • Change into the NCL_disk directory
      • cd ncl_build_711/NCL_disk/
    • Install the client with the following command
      • ./ncl_install install

  5. Start Novell Client and test functionality
    • Add /opt/novell/ncl/bin to $PATH
      • export PATH="$PATH:/opt/novell/ncl/bin"
    • Restart Novell Client daemon
      • /opt/novell/ncl/bin/ncl_control restart
    • Test that the Novell Client is functioning by typing the following command at the bash prompt.
      • nwlogin -t treename -s server_address -c context -u username -p password -r

  6. Download and extract SingleSignOn file

  7. Edit SingleSignOn files for your environment
    • Change into SingleSignOn directory
    • cd SingleSignOn
    • Edit login.conf with gedit or editor of your choice
      • gedit files/etc/opt/novell/ncl/login.conf
        • Default_Tree=Tree (Replace Tree with your tree name)
        • Default_Context=Context (Replace Context with your default context)
    • Edit novellsingle
    • gedit files/etc/sysconfig/novellsingle
      • NDSTREE=TreeIP (Replace TreeIP with your edir server's IP or Tree name)
      • NDSSERVER=ServerIP (Replace ServerIP with your edir server's IP)
      • NDSLDAP=LDAPIP (Replace LDAPIP with LDAP server's IP)
    • Edit slp.conf
    • gedit files/etc/slp.conf
      • net.slp.useScopes = Scope_Name (Replace Scope_Name with your scope)
      • net.slp.DAAddresses = DAAddress (Replace DAAddress with your DA IP)

  8. If you have made changes to your /etc/profile file, please delete the profile file under SingleSignOn/files/etc/profile. You will need to add the following lines to the bottom of your /etc/profile file.
    • . /etc/sysconfig/novellsingle
      PATH=$PATH:/opt/novell/ncl/bin
      /opt/novell/ncl/bin/nwrunscripts -u $USER -t $NDSTREE -c `ldapsearch -h $NDSLDAP -x
      cn=$USER objectclass=dn | grep ^dn | sed -e "s/^dn: cn=$USER,//i" -e "s/ou=//g" -e
      "s/o=//g" -e "s/,/./g"` (from /opt/novell/... on the third line, this is all one line)

  9. Install Single Sign On
    • ./install.sh

  10. Import workstation into eDirectory with the following command at the bash prompt
    • namconfig add -a UserDN -r ConfigContext -w WorkstationContext -S LDAPIP:389 -l 636
      • UserDN= Destinguished name. Example cn=admin,o=novell
      • ConfigContext= organization unit where linux config resides. Example o=novell
      • WorkstationContext= organization unit to import unix workstation. Example ou=workstations,o=novell
      • LDAPIP= IP of LDAP server. Example 192.168.1.1
      • Example. namconfig add -a cn=admin,o=novell -r o=novell -w
        ou=workstations,o=novell -S 192.168.1.1:389 -l 636

  11. Add workstation to Linux Enabled group
    • Log into iManager
    • Select Linux User Management
    • Modify Linux Workstation Object
    • Use the object selector to find the workstation in the tree

    • Click Ok
    • Use the object selector to find a Linux Enabled Group Then click Apply


  12. Restart the workstation. Users who are in the Linux Enabled Group should be able to log into this workstation.

Troubleshooting

  1. No Drive Mapping. Each time a user logs in the SingleSignOn script creates and then deletes the /tmp/onauth.log file. If the file is not delete or already exists, then the script will fail to map the network drives. To solve this problem, delete /tmp/onauth.log.
  2. User can not login. Make sure that the user is Linux Enabled and a member of the same Linux Enabled Group as the workstation.

Environment:

SUSE Linux Enterprise Desktop 10
Novell Client 1.2


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell