Managing User Accounts

Setting up an eDirectory user account involves creating a User object and setting properties to control login and the user's network computing environment. You can use a template object to facilitate these tasks.

You can create login scripts to cause users to be connected automatically to the files, printers, and other network resources they need when they log in. If several users use the same resources, you can put the login script commands in container and profile login scripts.

This section contains the following information:


Creating and Modifying User Accounts

A user account is a User object in the eDirectory tree. A User object specifies a user's login name and supplies other information used by eDirectory to control the user's access to network resources.

This section contains the following information:


Creating a User Object

  1. In Novell iManager, click the Roles and Tasks button Roles and Tasks button.

  2. Click Users > Create User.

  3. Specify a user name and a last name for the user.

  4. Specify a container to create the user in.

  5. Specify any additional (optional) information you want, then click OK.

    Click Help button for more information on the available options.

  6. Click OK.


Modifying a User Account

  1. In Novell iManager, click the Roles and Tasks button Roles and Tasks button.

  2. Click Users > Modify User.

  3. Specify the name and context of the User or Users you want to modify, then click OK.

  4. Edit the property pages you want.

    Click Help button for more information on specific properties.

  5. Click OK.


Enabling a User Account

  1. In Novell iManager, click the Roles and Tasks button Roles and Tasks button.

  2. Click Users > Enable Account.

  3. Specify the name and context of the User, then click OK.


Disabling a User Account

  1. In Novell iManager, click the Roles and Tasks button Roles and Tasks button.

  2. Click Users > Disable Account.

  3. Specify the name and context of the User, then click OK.


Setting Up Optional Account Features

After creating a User object, you can set up the user's network computing environment and implement extra login security features.


Setting Up a User's Network Computing Environment

  1. In Novell iManager, click the Roles and Tasks button Roles and Tasks button.

  2. Click Users > Modify User.

  3. Specify the name and context of the User or Users you want to modify, then click OK.

  4. On the General tab, select the Environment page.

  5. Fill in the property page.

    Click Help button for more information on specific properties.

  6. Click OK.


Setting Up Extra Login Security for a User

  1. In Novell iManager, click the Roles and Tasks button Roles and Tasks button.

  2. Click Users > Modify User.

  3. Specify the name and context of the User or Users you want to modify, then click OK.

  4. On the Restrictions tab, fill in the property pages you want.

    Click Help button for details on any page.

    Page Description

    Password Restrictions

    Sets up a login password.

    Login Restrictions

    • Enable or disable the account.
    • Limit the number of concurrent login sessions.
    • Set a login expiration and lockout date.

    Time Restrictions

    Restricts the times when the user can be logged in. If you set a restriction and the object is logged in when the restricted time arrives, the system issues a five-minute warning and then (after five minutes) logs the object out if it isn't logged out already.If the user will log in remotely, see Login Time Restrictions for Remote Users.

    Address Restrictions

    Restricts the network locations (workstations) that this user can log in from. If you don't set restrictions on this page, the user can log in from any network location.

    Account Balance

    Sets up an accounting of this user's server usage.

    Intruder Lockout

    Lets you work with this account if it has been locked because of intruder detection. To manage the intruder detection setup, use the Intruder Detection property page of the parent container.

  5. Click OK.


Setting Up Intruder Detection for All Users in a Container

  1. In Novell iManager, click the Roles and Tasks button Roles and Tasks button.

  2. Click eDirectory Administration > Modify Object.

  3. Specify the name and context of a container object, then click OK.

  4. On the General tab, select the Intruder Detection page.

  5. Select from the following options:

    Option Description

    Detect Intruders

    Enables the intruder detection system for the user accounts in the container.

    Incorrect Login Attempts

    Specifies the number of consecutive failed login attempts that are allowed before intruder detection is activated. If a person uses any of the user accounts in this container to log in and fails consecutively more than this number of times, intruder detection is activated. The number is stored in the Login Intruder Limit property of the container.

    Intruder Attempt Reset Interval

    Specifies the time span in which consecutive failed logins must occur for intruder detection to be activated. Enter the number of days, hours, and minutes.

    Lock Account After Detection

    Specifies whether to disable login if intruder detection is activated on a user account in this container. If you don't check this check box, no action is taken when intruder detection is activated. If you check this check box and the system locks a user account due to intruder detection, you can unlock the account by unchecking the Account Locked check box on the Intruder Lockout property page of the User object.

    Days, Hours, Minutes

    These three fields specify the length of time that login is disabled when intruder detection is activated on a user account in this container. Enter the number of days, hours, and minutes you want, or accept the default of 15 minutes. After the specified time elapses, the system re-enables login for the user account. The contents of these fields are stored in the Intruder Lockout Reset Interval property of the container.

  6. Click OK.


Setting Up Login Scripts

A login script is a list of commands that executes when a user logs in. It is typically used to connect the user to network resources like files and printers. Login scripts execute on the user's workstation in the following order:

  1. Container login script
  2. Profile login script
  3. User login script

During login, if the system doesn't find one of these login scripts, it skips to the next one in the list. If none are found, the system executes a default script that maps a search drive to a folder on the user's default server. The default server is set on the Environment property page of the user object.


Creating a Login Script

  1. In Novell iManager, click the Roles and Tasks button Roles and Tasks button.

  2. Click eDirectory Administration > Modify Object.

  3. Specify the name and context of the object that you want to create the login script on.

    To Have the Login Script Apply To Create It On

    One user only

    The User object

    One or more users that haven't been created yet

    A Template object

    All the users in a container

    The container object

    A set of users in one or more containers

    A Profile object

  4. Click OK.

  5. On the General tab, select the Login Script page.

  6. Enter the login script commands you want.

    See the Login Script Commands Guide for more information.

  7. Click OK.


Assigning a Profile to a User

Associating a profile with a User object causes the profile's login script to execute during the user's login. Make sure that the user has Browse rights to the Profile object and Read rights to the Login Script property of the profile object.

See Viewing Effective Rights to an eDirectory Object or Property for more information.

  1. In Novell iManager, click the Roles and Tasks button Roles and Tasks button.

  2. Click User > Modify User.

  3. Specify the name and context of the User object that you want to create the login script on.

  4. Click OK.

  5. On the General tab, select the Login Script page.

  6. To associate a profile object with this object, enter the name and context of the profile object in the Profile field.

  7. Click OK.


Login Time Restrictions for Remote Users

On the Time Restrictions property page of a User object, you can restrict the times when the user can be logged in to eDirectory. (By default, there are no login time restrictions.) If you set a login time restriction and the user is logged in when the restricted time arrives, the system issues a warning to log out within five minutes. If the user is still logged in after five minutes, he or she is logged out automatically and loses any unsaved work.

If a user logs in remotely from a different time zone than the server processing the login request, any login time restrictions that have been set for the user are adjusted for the time difference. For example, if you restrict a user from logging in Mondays from 1:00 a.m. to 6:00 a.m. and the user logs in remotely from a time zone that is one hour later than the server, the restriction effectively becomes 2:00 a.m. to 7:00 a.m. for that user.

  1. In Novell iManager, click the Roles and Tasks button Roles and Tasks button.

  2. Click Users > Modify User.

  3. Specify the name and context of the User or Users you want to modify, then click OK.

  4. On the Restrictions tab, click Time Restrictions.

  5. Select from the following options:

    Option Description

    Time Grid

    Each cell in the time grid represents a half hour on a particular day of the week. Red cells represent restricted times (when this object cannot be logged in). Gray cells represent unrestricted times (when the object can be logged in). To create a time restriction, click the desired times to make them dark gray. You can also select multiple times by holding down the Shift key, clicking a cell, then dragging across the corresponding cells. The login time restrictions you set are stored in the Login Allowed Time Map property of this object.

    Add Time Restrictions

    To add a time restriction, select a gray cell, then select this option.

    Remove Time Restrictions

    To remove a time restriction, select a red cell, then select this option.

    Update

    Click this button to enable the selection.

    Reset

    Click this button to reset the time grid to the way it was before you opened this property page.

  6. Click OK.


Deleting User Accounts

  1. In Novell iManager, click the Roles and Tasks button Roles and Tasks button.

  2. Click Users > Delete User.

  3. Specify the name and context of the User or Users you want to delete.

  4. Click OK.