12.5 Policy

There are several options available in Novell Kanaka for Mac to direct the behavior of the client. These options offer some flexibility in the setup to allow a more customized fit for individual installations. There are options for User Management, and for Managed Client Settings. The Mobility managed client option requires Mac OS X v10.4 and above, and Mobility Synchronization requires Mac OS X v10.4 and above.

12.5.1 User Management

Figure 12-6 User Management Page

Novell Kanaka for Mac clients request various items of user-related information from eDirectory. The following options allow you to configure how these items are obtained as well as the operation of the clients themselves.

Figure 12-7 Password Management Settings

These two self-explanatory settings are selected by default.

Figure 12-8 UID Management Settings

The UID is a User ID that is unique for each user logging in to the Mac. This option allows you to use an existing number or use a randomly generated number from a range of numbers defined by Novell Kanaka for Mac.The auxiliary attribute class is posixAccount. The attribute is uidNumber.

Figure 12-9 GID Management Settings

The GID is a primary Group ID for a user. It defines security levels on the Mac. By default, the GID is set to 20 (equivalent to “staff” on OS X) in Novell Kanaka for Mac. If you want your users to have admin privileges on the Mac, you can set the GID to 80 (equivalent to “admin” on OS X), but this is not recommended for lab environments. The auxiliary attribute class is posixAccount. The attribute is gidNumber.

The third option is based on an extended attribute that is added during the Kanaka installation. The class in eDirectory is named cccKanakaGidNumberClass and the attribute name is cccKanakaGidNumber. You can use this attribute to define the GID for users individually.

For example, if you want students to have a GID of 20 (staff) and teachers or administrators to have a GID of 80 (admin), you can set the cccKanakaGidNumber attribute for the teachers or administrators to a value of 80 and choose the Use Kanaka alternate GID attribute option.

Figure 12-10 Full Name Management Options

This region lets you specify how the name is displayed in the Kanaka Plug-in Console, Desktop Client, and the logout option.

Figure 12-11 Home Directory Management Settings

This setting gives you the option to allow the user to log in or not if the Home Directory attribute is not populated. If you choose the proxy directory option, you need to add and configure a proxy home directory for your environment. This is a directory with limited rights, and you can display a message to explain (such as a document or HTML page) that the user does not have a home directory defined, and perhaps direct them to a contact at the Help Desk.

Figure 12-12 Settings for Invalid Home Directory Path

This setting indicates whether Novell Kanaka for Mac should actually test for the existence of the path specified in the home directory attribute. This can take a lot of time. By default, this option should be turned off. If you do test for existence and the path doesn’t exist, you have the option to use the proxy directory or deny login.

Figure 12-13 Shell Management Setting

This is the default shell for running a terminal session on the Mac.

Figure 12-14 Identity Driven Access Settings

These settings enable the mounting of additional storage other than the user’s home directory.

Enable Kanaka Identity Driven Access: Selecting this option enables you to select the options below.

Enable Group storage lookup: During the installation of Novell Kanaka for Mac, Group objects are extended with an attribute called ccx-FSFManagedPath. In its simplest explanation, it is analogous to having a home directory attribute on a Group object.

NOTE:The base class is not extended until the first collaborative storage is defined in Novell Kanaka for Mac.

Enable Container Collaborative storage lookup: With the release of Novell Kanaka for Mac 2.8, container objects can also be extended with an attribute named ccx-FSFManagedPath. In its simplest explanation, it is analogous to having a home directory attribute on a Container object. It treats users in a container as if they were members of a group, without having to manage a group object for those users.

Enable Auxiliary storage lookup: This option works only when you have Novell Storage Manager implemented with Auxiliary storage defined and enabled. Auxiliary Storage is like having multiple home directory attributes.

Enable Storage Location Object lookup: These are traditional Storage Location Objects in eDirectory. Novell Kanaka for Mac supports only NCP Storage Location Objects.

Figure 12-15 Login Script Settings

By enabling the Login Script Parser, the Kanaka Plug-In and the Kanaka Desktop Client parse any login scripts associated with the user. Login scripts are parsed with the same criteria as NetStorage logins.

Figure 12-16 Mounted Storage

12.5.2 Managed Client Settings

For several years, Apple has had a technology for managing workstations and the user experience, often referred to as MCX, or Managed Client for OS X via a Workgroup Manager server. Novell Kanaka for Mac gives the administrator the ability to choose between Novell Kanaka for Mac or a Workgroup Manager server to deliver these settings to the workstation.

Figure 12-17 Managed Client Settings Page

Novell Kanaka for Mac clients can receive Managed Client Settings (MCX) configured in the Kanaka policy or from a properly configured OS X server. The following options instruct the client to use MCX settings generated by Novell Kanaka for Mac or to use settings obtained from an OS X server.

Figure 12-18 MCX Settings

If you choose the setting for Workgroup Manager, you will need to verify that your LDAP v3 settings in the Mac Directory Utility point to that server.

Figure 12-19 Dock Settings

This option displays an icon on the Dock for the user’s home directory and for any group storage that is configured.

NOTE:You see a house icon if Mobility is not enabled and a folder icon if Mobility is enabled.

Figure 12-20 Desktop Settings

These options place a mount point on the user’s desktop. This mount point is at the root of the volume, so users will need to drill down to get to the folders and files they have rights to.

NOTE:Users can only see files they have rights to.

Figure 12-21 Kanaka Plug-in Console Setting

This setting enables the Kanaka Plug-in Console to automatically start after a login.

Figure 12-22 Mobility Settings

Create mobile account when user logs in to network account: This setting allows Novell Kanaka for Mac to create a local “mobile” account on the workstation and keep the user’s profile and other information local. This option has the most performance benefits, because it can read the profile locally much more quickly than from the network. If you do not create a mobile account, the user profile information is created in the user’s home directory on the network.

Create home using network home with default sync settings: Novell Kanaka for Mac creates a local home directory with login/logoff sync enabled. This could potentially slow down Novell Kanaka for Mac.

Require confirmation before creating mobile account: Warns the user of a mobile account that is created during login.

Figure 12-23 Mobility Synchronization Settings

These options synchronize the contents of the user’s network and local home directory at login or logout. The options are very network intensive and will cause delays in the login and logout process.

These settings are active only when the first option is selected.

The Synchronization interval in seconds option allows you to schedule syncing while you are logged in.