3.1 Setting Up Linux Computers to Use eDirectory Authentication

Before users can use eDirectory login information to log in, the target workstation or server must be configured with Linux User Management components. You are prompted to set up Linux User Management while installing the operating system. You can also set it up afterwards by using YaST.

IMPORTANT:Setting up Linux User Management requires administrator rights to the container where the Linux User Management objects are created. For more information on rights, refer to Rights Required for Subcontainer Administrators in the OES 11 SP3: Installation Guide.

To use YaST to install and configure Linux User Management on a workstation or server that is already running:

  1. Follow the instructions for your platform for adding services to an existing server or workstation. For more information, see the OES 11 SP3: Installation Guide.

  2. From the OES Services option, select Novell LUM. Click Accept.

  3. Specify the admin password.

  4. Specify the following values:

    1. The Directory Server Address field displays the default LDAP server for this service. If you want to specify an LDAP server other than the default LDAP server, select an LDAP server from the Directory Server Address list.

    2. Browse or enter the Unix Config context in the Unix Config Context field.

      The Unix Config object holds a list of the locations (contexts) of Unix Workstation objects in eDirectory.

    3. Browse or enter the Unix Workstation context in the Unix Workstation Context field.

      Computers running Linux User Management (LUM) are represented by Unix Workstation objects in eDirectory. The object holds the set of properties and information associated with the target computer, such as the target workstation name or a list of eDirectory groups that have access to the target workstation.

    4. Browse or specify the Admin group name with context in the Admin group name with context field.

    5. (Optional) Browse or specify a user with rights to search the LDAP tree for LUM objects in the Proxy User Name with Context field.

    6. Specify a password for the Proxy user in the Proxy user password field.

      This field is disabled if you selected the Use OES Common Proxy User check box.

    7. (Optional) Select the Use OES Common Proxy User option if you want to use an OES common proxy user. Do not change the common proxy user password.

      This option is disabled by default.

    8. The Restrict Access to the Home Directories of Other Users check box is selected by default to restrict read and write access for users other than the owner to home directories. Using the default selection changes the umask setting in /etc/nam.conf from 022 to 077.

    9. Click Next.

  5. (Optional) Click Add to specify one or more external LDAP servers. Ensure that you specify the IP address of a valid LDAP server that is up and running.

  6. Select the services to LUM-enable and click Next to complete the configuration.

Installing and configuring Linux User Management technology sets up the target computer to validate login requests against user account information stored in eDirectory. Before users can log in, they must have eDirectory user accounts created with iManager and extended for Linux User Management. For information on extending user accounts for LUM, see Section 7.1, Using Novell iManager for Linux User Management.