Novell Linux User Management (LUM) lets administrators configure Linux workstations and servers on the network so users can log in to them using user login information stored in Novell eDirectory instead of using user login information stored on each computer.

Step-by-Step instructions on how to setup LUM on SLED 10.0

Important Note: Currently a bug has been found with LUM on SLED 10.0. It will affect whether your CD-ROM or Plug-n-Play devices are detected and work. Novell Technical Suppport is working diligently to resolve this issue.

1. The following rpm versions or newer are required for LUM athentication.
2. • novell-lum-2.2.0-81.12
   • novell-NLDAPbase-dyn-3.4.1-0.5
   • novell-NLDAPsdk-dyn-3.4.1-0.5
3. Determine which of the needed modules are already installed on the workstation.
4. • The version numbers above may be different than the ones listed on your workstation.
   • Usage: rpm -q

   • #rpm -q novell-lum novell-NLDAPbase-dyn novell-NLDAPsdk-dyn package novell-lum is not installed package novell-NLDAP is not installed

5. Install the rpm modules currently not installed on the workstation.
6. • Usage: yast -i

   • # yast -i novell-lum # yast -i novell-NLDAPbase-dyn # yast -i novell-NLDAPsdk-dyn

7. Redirect Linux authentication to eDirectory using LUM.
8. • Configure LUM to authenticate to a secure eDirectory LDAP server using namconfig.
   • • Usage: namconfig add -a -p -r -w -S :389 -l 636 -R backup_server1:389,backup_server2:389
     • Note: You can leave off the -p and wait for the password prompt if desired.

     • # namconfig add -a cn=admin,o=novell -r o=novell -w ou=workstations,o=novell -S ldap_server:389 -l 636 LDAP INIT - INSIDE NOVELL Enter the admin(cn=admin,o=novell) password: ldap_simple_bind_s - IN SIDE NOVELL BIND NAM Schema is already extended. NAM Unique id schema is already extended. uidNumber and gidNumber attribute indices already exist in the LDAP server Creating the context...done. Creating the Unix Config object... already exists Creating the Unix Workstation object... done. Adding the workstation context...done. Stopping the service 'namcd'...done. Starting the service 'namcd'... Done. Configure done successfully.

     • For more information on namconfig options, see Linux User Management documentation or the man pages.
   • Modify /etc/nsswitch.conf to use LUM for resolution.
   • • Move the original /etc/nsswitch.conf to .bak extension.

     • # mv /etc/nsswitch.conf /etc/nsswitch.conf.bak

     • Rename /etc/nsswitch.conf.nam file created during the installation of LUM to /etc/nsswitch.conf.

     • # cp /etc/nsswitch.conf.nam /etc/nsswitch.conf

   • Modify /etc/pam.d files to use LUM for authentication by addingpam_nam.so to auth, account, password, and session sections of the files you would like LUM enabled. Some recommended files are login (telnet and rlogin), sshd (ssh applications), gdm (gnome graphical login) and xdm (xdm graphical login).
   • • Backup /etc/pam.d/gdm file.

     • # cp /etc/pam.d/gdm /etc/pam.d/gdm.original

     • Edit the /etc/pam.d/login file.

     • # vi /etc/pam.d/gdm

     • Edit the /etc/pam.d/gdm file look like the one below.

     • /etc/pam.d/gdm Note: If you have already installed the Novell Client for Linux, your file may appear slightly different Bold indicates lines that were added #%PAM-1.0 auth include common-auth account sufficient pam_nam.so account include common-account password sufficient pam_name.so password include common-password session optional pam_nam.so session include common-session session required pam_devperm.so session required pam_resmgr.so

     • If desired other pam files can modified in the same manner such as telnet, sshd or kdm.
     • For authentication, add "auth: call_modules=nam" to /etc/security/pam_unix2.conf.

     • /etc/security/pam_unix2.conf # debug (account, auth, password, session) # nullok (auth) # md5 (password / overwrites /etc/default/passwd) # bigcrypt (password / overwrites /etc/default/passwd) # blowfish (password / overwrites /etc/default/passwd) # crypt_rounds=XX # none (session) # trace (session) # call_modules=x,y,z (account, auth, password) # # Example: # auth: nullok # account: # password: nullok blowfish crypt_rounds=8 # session: none # auth: account: password: session: none auth: call_modules=nam

   • Run LUM cache daemon instead of the name server cache daemon.
   • • Stop name server cache daemon.

     • # /etc/init.d/nscd stop

     • Start the LUM cache daemon.

     • # /etc/init.d/namcd restart

   • • Stop the name sever cache daemon from running at startup.

       # chkconfig nscd off

9. LUM enable users logging in from Linux workstations.
10. • Users are required to have posixaccount information to login to Linux. In other works uid, gid, home directory, and shell are required.
    • Either iManager with the LUM plugin or namgroupadd and namuseradd can be used to manager LUM objects.
    • • Enable users for LUM using iManager.

      • 1. In iManager, On the left-hand side, choose Linux User Management. 2. Choose Enable Users for Linux. 3. Browse to an an eDirectory Userand click next 4. Select a LUM enabled group and click next. If one does not exist create one. 5. Browse for a Unix workstation object and click next. 6. Click Finish.

      • For enabling LUM users using namgroupadd and namuseradd see Linux User Management documentation or the man pages.
    • The LUM enabled users should now resolve on the SLED 10.0 workstation.
    • • Verify that LUM users resolve on the Linux workstation .
    • • Usage: id

        #id joelum uid=603(joelum) gid=602(lumgroup) groups=602(lumgroup)

+ Quickly Configuring a Linux High Availability Cluster on SLES10