Lockdown allows administrators to turn off application functionality that might be dangerous, confusing, or disruptive in some environments. The following packages have lockdown capabilities: nautilus, gnome-panel, MozillaFirefox, control-center2, gnome-utils, and libgnome.
CASA (Common Authentication Services Adaptor) is a common authentication and security package providing a set of libraries for application and service developers to provide single sign-on to an enterprise network. CASA provides a local on-box credential store that is purely session based in 1.0. This store is populated with your Desktop and Network Login credentials on Novell Linux Desktop, Windows, and Apple workstations.
Novell iPrint is a printing solution that enables you to send documents to printers located throughout the Net. Using Internet technologies---including the industry-standard Internet Printing Protocol(IPP)---iPrint provides you with global access to printers, customizable views of any print environment, flexible print deployment configurations, and secure printing.
The UNIX compress utility (which makes .Z files) is now included with the NLD 9 SP2 release.
The PKCS#11 Version 2.01 API has been implemented for the IBM Crypto cards. This package (openCryptoki and openCryptoki-32bit) includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries).
CASA (Common Authentication Services Adaptor) is a common authentication and security package providing a set of libraries for application and service developers to provide single sign-on to an enterprise network. CASA provides a local on box credential store that is purely session based in 1.0. This store is populated with your Desktop and Network Login credentials on Novell Linux Desktop, Windows, and Apple workstations.
Contains DRM modules.
Contains the source code for the ndiswrapper kernel module. The binary kernel packages require this package to include this module in the resulting binary kernels.
This package contains sources for various WLAN drivers (at76c503, atmelwlandriver, and madwifi).
This package contains the compress and uncompress utilities as described in POSIX. They were the standard on old UNIX systems and are obsoleted by gzip today.
With this program, you can mount NetWare server file systems under Linux. You can also print Linux documents on printers attached to a NetWare server.
Novell iPrint is a printing solution that lets you send documents to printers located throughout the Net. Using Internet technologies--including the industry-standard Internet Printing Protocol (IPP)--iPrint provides you with global access to printers, customizable views of any print environment, flexible print deployment configurations, and secure printing.
This package is high security, and requires workstation users to be defined with lppasswd to install, delete, or administer printers on the workstation. When performing any of these print operations, the user is asked for a password.
Novell iPrint is a printing solution that lets you send documents to printers located throughout the Net. Using Internet technologies--including the industry-standard Internet Printing Protocol (IPP)--iPrint provides you with global access to printers, customizable views of any print environment, flexible print deployment configurations, and secure printing.
This package is low security, and allows all users of the workstation to install, delete, or administer printers and print jobs on the workstation, including printers and print jobs of other users. This package is installed by default when you update NLD to SP2.
Contains the PKCS#11 Version 2.01 api implemented for the IBM Crypto cards. This package includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries).
This is a re-packaged binary rpm. For the package source, please look for the source of the package without the "32bit" ending. The PKCS#11 Version 2.01 api implemented for the IBM Crypto cards. This package includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries).
Arabic localization files for OpenOffice.org.
Catalan localization files for OpenOffice.org.
Greek localization files for OpenOffice.org.
Estonian localization files for OpenOffice.org.
Korean localization files for OpenOffice.org.
German localization files for OpenOffice.org.
Slovene localization files for OpenOffice.org.
Turkish localization files for OpenOffice.org.
This package provides modules for the Red Carpet Daemon.
Contains the Smart Link Soft Modem for Linux version 2.9. It provides a full-featured 56K Voice Fax Modem.
This adds support for a number of new sound cards (most significantly the Intel 915 card).
The minimum hardware requirements for running NLD SP2 are as follows:
Use the bootable CD to perform a new install of NLD SP2. To update an existing NLD 9 system to NLD 9 SP2, see 2.4 Updating NLD 9 to SP2.
You will need access to the original NLD 9 CDs or DVD in order to complete the installation.
Insert NLD 9 SP2 CD 1 in your drive and boot your machine.
A boot screen similar to the original installation of NLD 9 is displayed.
Select Installation to boot the SP kernel from CD.
The kernel will load and the following dialog will appear:
"Make sure that CD number 1 is in your drive."
Insert the original NLD 9 CD 1, then click OK to run the regular installation.
Complete the normal NLD installation steps, such as accepting the license agreement, and selecting a language, default desktop, and other installation settings.
HINT: If you get an error message during the media installation indicating that a certain file couldn't be installed, skip that file and continue to the end. Then run the update again. During the reinstall, only the skipped packages will be installed.
Click Yes, Install to start the installation.
Insert NLD 9 SP2 CD 1 when prompted, followed by NLD 9 SP2 CD 2.
When prompted, insert the original NLD CD 1 again, followed by the original NLD 9 CD 2 and 3.
Continue as usual with the installation (entering a password for root, network configuration, testing your internet connection, activating the ZENworks® Online Update Service, user authentication method, and user name and password).
For instructions on installing NLD, see the Novell Linux Desktop Quick Start or quickstart-en.pdf at the root of the Novell Linux Desktop CD 1 or DVD.
If you have to install many machines, we recommend booting off of the SP2 CD and using a network install server.
After what appears to be a successful installation of NLD on an AMD64 bit machine, the operating system freezes on init. Setting the following kernel parameter provides a workaround for this issue:
acpi=off
You can update an existing NLD installation to NLD SP2 in two ways:
Use Red Carpet to install the packages that will update an existing NLD installation to NLD SP2. An update notice is shown only for software you already have installed that is in a channel to which you are subscribed, and for which there is a newer version than what you already have.
Start the Red Carpet client:
GNOME: Click System > Software Update.
KDE: Click N > System > Configuration > Red Carpet.
If you are not logged in as root, enter the root password, then click OK.
To update to SP2, click Update All on the Updates tab.
After Red Carpet finishes the dependency check, click Continue to install the updated packages.
When the update is finished, the Update tab will show that your system is up-to-date.
Reboot the system.
There are very few changes on Linux that require a reboot, but a reboot is required when a new kernel has been installed. NLD 9 SP2 includes an updated kernel, and for it to take affect, you will need to reboot your system.
In a running NLD system, insert the NLD SP2 CD 1 in your CD drive, then click Yes when the hardware detection notice appears.
NOTE: If the CD isn't autodetected, try reinserting it. If autodetect continues to fail, click System > Administrator Settings > Software, then click Patch CD Update.
If you are not logged in as root, enter the root password when prompted.
The YaST Online Update dialog appears.
Click Next to begin the update process.
The Download and Installation log will track update progress.
HINT: If you see a patch installation error message at any time during the update, click Skip Patch, complete the update, then repeat the update process to install the skipped packages. Only the skipped packages will be installed when the process is repeated.
When prompted for the YOU Patch CD CD2, insert NLD SP2 CD2, then click OK.
NOTE: This prompt will not appear if you are updating from a DVD.
Click Finish when you see Installation Finished reported near the end of the progress log.
If you skipped patches, repeat this update process.
In some cases, monitors are not detected correctly when NLD is installed to a computer that is sharing a monitor through a switch box. This has also been shown to prevent the graphic mode of YaST from starting. In less severe cases, the installation of NLD is successful, but the monitor is not detected and defaults to a resolution of 640 x 480. On the installation screen (before selecting an installation option), press F2 and select a different resolution. If you select a resolution that is too high, you will get an out of range error or the screen will be blank.
If you are using a switch box and get an X server error, try installing while using a dedicated monitor with the computer you are installing to.
If you have installed successfully but a generic monitor has been installed and the resolution has defaulted to 640 x 480, you must manually identify your monitor and reset the resolution. If you cannot reset the resolution to higher than 640 x 480, we recommend using the text mode.
Occasionally, when updating NLD using Red Carpet, the following error appears:
Download Failed, IO Error
To work around this issue, close the error message and click Refresh on the Red Carpet toolbar. Then click Run Now again and the update transaction should resume.
The netapplet program is incompatible with some wireless drivers.
MetFrame XP NFuse/Presentation Server applications are not, by default, associated with the Citrix ICA Client. The associated application is: /usr/lib/ICAClient/wfica
iFolder uses a .desktop file to represent iFolder on the desktop. Because of this, some programs will not recognize iFolder on the desktop. If you want something that will be visible in file selectors, create a symlink in ~/Desktop and remove the iFolder .desktop file.
If you log in to a local Linux workstation with a username that contains uppercase letters then try to run the iFolder client, you might get an Invalid Port = 0 error. When you create your username, YaST warns you that some e-mail systems might have issues with usernames that contain uppercase letters, but it will still let you create the username.
Certain accessibility themes will change fonts when selected in the theme selector. To fix this, click System > Personal Settings > Fonts and return the fonts to your desired settings.
With some monitors, you might receive the following warning dialog:
"Your monitor didn't report its X- and Y-Size, this might cause display problems like unreadable fonts."
This is generally harmless and you can ignore it, but we encourage you to enter your correct screen size in SAX2 and to log a bug so that the monitor information can be added to the database.
With the new kernel 2.6, standby/suspend is now supported with ACPI. Note that this feature is still experimental and is not supported by all hardware. To use it, you need the powersave package. Further information about the package can be found at /usr/share/doc/packages/powersave. A graphical front end can be found in the kpowersave package.
To suspend a laptop, perform the following steps:
mv /etc/sysconfig/powersave/common /etc/sysconfig/powersave/common.orig
cp /usr/share/doc/packages/powersave/contrib/common_ACPI\ /etc/sysconfig/powersave/common
sed -i \ 's/DISABLE_USER_SUSPEND=no/DISABLE_USER_SUSPEND=yes/' /etc/powersave.conf
rcpowersaved restart
You can use the following command (which you can run as a regular user) to test if it works:
powersave --suspend
NOTE: You might see warning messages printed on the screen, but you can ignore them.
If you are using GNOME, right-click on the batt-stat applet and choose "Suspend Computer..." to do the same thing.
Certain VIA Ezra CentaurHauls processors and their associated south bridges can result in machine lock up in certain circumstances, primarily those related to power management. For this reason, the powersave daemon is disabled by default. If you want to use the powersave daemon, we recommend contacting your hardware vendor for a possible hardware or BIOS upgrade.
Firefox (and other applications) outputs Postscript Level 3 when printing. Some older printers cannot handle Level 3. If you get an error page from the printer saying that the Postscript interpreter in your printer is older than the version required, you need to modify your printer configuration.
Select a filter that will convert the output from Firefox to either Postscript level 2 or 1 depending on what you printer can handle. You can do this in the specific printers Properties. Change the "GhostScript pre-filtering" option to "Convert to PS level 2." Try changing it to "Convert to PS level 1" if you still get the same error.
Some printer drivers do not have this option. If the one you are using does not, try a different driver for your printer. If all else fails, use the Generic Postscript printer driver.
The following item only pertains to you if you are mounting remote Windows filesystems directly, via the command line. The common manner of using Windows shares---from your desktop---is unaffected by the following.
The preferred filesystem when using the mount(1) command to mount a remote Windows share is "cifs" instead of "smbfs," which is not supported. To mount a remote Windows share from the command line, use the following syntax:
mount -t cifs [-o <options>] '//server/share/' mount-point
For example:
mount -t cifs '//monopoly/c$' /media/windows
This will mount the "c$" share at "/media/windows" on the "monopoly" machine via CIFS.
When using KDE applications when you are logged into GNOME (including the NLD Help Center, CD burning tool, and Run as Root dialog), the application uses the language set in KDE. This defaults to the language chosen during installation.
To change the default language for the entire system, run YaST (System > Administrator Settings in GNOME.). Click System > Choose Language. This change is persistent across reboots and across all users, but can be overridden by individual user selections.
To change this for the current user when logged into GNOME, run kcontrol (using the terminal or System > Run Program). In the KDE Control Center, click Regional & Accessibility > Country/Region & Language. Add the language you want to use to the top of this list. If the language you want to add is not present in this list, you must first install the kde3-i18n package corresponding to this language.
The Exchange Connector enables you to connect Evolution to Microsoft* Exchange. Novell Linux Desktop includes Exchange Connector 2.0.
Currently there is no support for messages that use PGP/GPG encoding in the text/plain part of a message. However, Evolution does support PGP/GPG when a message has its own specific MIME type.
If the Remember Password option is not enabled, you must authenticate either through the Exchange Component or the Mailer Component before using the Calendar/Tasks/Contacts Components.
Authentication to the international KDE desktop with root user credentials results in several applications reverting to U.S. English. Examples include Red Carpet, Sax2, and Novell iFolder. This functions by design as the root LANG environment variables are unassigned by default in NLD. This system default is required to ensure that all third-party services function correctly.
HINT: Launch an instance of the shell and input the locale command to view the default root LANG environment variables.
Perform the following steps to set the locale environment variables for root to be identical to that of the other users.
The LANG environment variables are unassigned when authenticating to the international NLD GNOME desktop with root user credentials. The international GNOME desktop resources can be invoked manually by performing the following steps.
Click the Language menu displayed on the GNOME Login dialog.
Click the required language, then enter the root username.
Enter the root password in the password input field.
Choose to apply these language settings Just For This Session or Make Default by selecting the appropriate option.
The international GNOME desktop resources appear when authenticated as the root user.
Failure to employ this language selection will result in the display of the U.S. English GNOME desktop.
The dual installation method facilitates the display of the international GNOME and KDE desktops when authenticated as any user, including root.
If a dual desktop machine is mandatory, perform the following steps when commencing the installation of NLD:
Follow the installation as normal until the Select Your Default Desktop installation window appears, then click the GNOME radio button.
Click Change > Software on the Installation Settings screen.
Click Detailed Selection, then click the checkbox next to KDE - The KDE Desktop.
All additional options should remain unchanged.
Click Accept and then proceed with the installation in the typical manner.
Upon completion of the installation, the authentication dialog appears.
Click Sessions and note the availability of both the GNOME and KDE desktops.
Click the required desktop and authenticate using the appropriate login credentials.
The international GNOME and KDE desktops will now be available, irrespective of the user credentials (root/non-root) used for authentication.
In NLD's KDE desktop environment, the new network browser shown on the desktop can be used to display and use services based on SLP and MDNS. Apart from the service:/ URLs, the following types are also supported: slp:/ (to browse SLP services) and mdns:/ (to browse multicast-DNS services).
When using remote access (notably SSH, Telnet, and RSH) between NLD (in its default configuration with UTF-8 enabled) and older versions of the underlying SUSE® Linux Enterprise Server (9.0 and earlier, where UTF-8 is not enabled by default or not supported), terminal applications might display garbled characters.
This is because OpenSSH does not forward locale settings, so system defaults are used which might not match the remote terminal settings. This affects text mode YaST and applications run remotely as nonroot user. The applications run as root are affected only when the user changes the default locales for root (only LC_CTYPE is set by default).
If problems occur with ncurses-based applications running on the text console, simply issuing unicode_stop (reverting keyboard and console from Unicode* mode) should provide a fix.
SUSE LINUX 9.1/SLES 9/NLD 9 SP2 features a new pthread implementation called NPTL, which is faster and better than the old implementation called linuxthreads.
If your old program is incompatible with this new threading implementation, we also provide the old one. To switch to the old version, set the environment variable LD_ASSUME_KERNEL to 2.4.21 by using, for example, export LD_ASSUME_KERNEL=2.4.21 in bash.
Some wireless LAN cards (PrismGT, Centrino, Atmel, ACX100) need firmware to operate. Due to licensing issues, we cannot ship these firmware binaries. Please read /usr/share/doc/packages/wireless-tools/README.firmware for information on how to obtain and install the firmware.
Fresh Novell Linux Desktop installations default to a secure setup of the system to limit possible security concerns to the bare minimum. The ongoing development of the product results in improvements that are not always visible, but that are useful for security. This text is to inform you that the X Server does not listen on port 6000+/tcp any more.
The X Window System uses TCP protocol starting at port 6000, plus the display number used in the X session, to allow for a client to display its window over a network connection, thereby providing network transparency for the X Window System. While using reasonably strong authentication methods to approve or reject client connections which default to deny access to the display, the X Server still exposes port 6000+/tcp on the network. While the use of bare, unencrypted X Windows network protocol can be considered secure enough on a trusted network, it is not reasonable to even offer the service on an untrusted/hostile network environment. Therefore, the new setup defaults to not listen on port 6000+/tcp any more.
As a side effect, one of the two authentication mechanisms in X Windows, the host based authentication using the xhost(1) command, becomes nearly meaningless as only clients that make use of the (local) unix domain socket can connect to the X Server, regardless of the list of remote hosts displayed by the xhost command. The cookie-based X Windows client authentication method remains unchanged.
This means that the command xhost +<hostname> allows clients executed by users not in possession of the necessary credentials for other authentication methods can connect to the Xserver only when started locally (that is, on the same machine the X server runs on).
Network transparency is one of the key strengths of the X Window System, and despite the change in the default setup, there is no need to abstain from it. Either you revert the change on your system by changing the variable DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN in /etc/sysconfig/displaymanager, or you use the ssh command from the openssh package to log on to a remote system. The ssh utility allows for the forwarding of X client connections through the encrypted ssh connection, without the need to set DISPLAY variables or the use of the xhost command. The use of ssh with X11 client connection forwarding is the recommended method to make use of the network transparency of the X Window System.
For the Novell Linux Desktop online documentation, see http://www.novell.com/documentation/nld/index.html.
For the most recent NLD SP2 readme file, see http://www.novell.com/documentation/nld/readme/nld_readme_sp2.html.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
You may not use, export, or re-export this product in violation of any applicable laws or regulations including, without limitation, U.S. export regulations or the laws of the country in which you reside.
Copyright © 2004-2005 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents and one or more additional patents or pending patent applications in the U.S. and in other countries.
Novell, NetWare, Red Carpet, iFolder, ZENworks, and GroupWise are registered trademarks of Novell, Inc. in the United States and other countries.
Evolution is a trademark of Novell, Inc.
SUSE is a registered trademark of SUSE AG, a Novell business.
All third-party trademarks are the property of their respective owners.