Novell Home

My Favorites

Close

Please to see your favorites.

How to setup LUM on SLED 10.

This document (3994289) is provided subject to the disclaimer at the end of this document.

Environment

Novell Open Enterprise Server (OES)
Novell SUSE Linux Enterprise Desktop 10

Situation

Novell Linux User Management (LUM) lets administrators configure Linux workstations and servers on the network so users can log in to them using user login information stored in Novell eDirectory instead of using user login information stored on each computer.

Resolution

Step-by-Step instructions on how to setup LUM on SLED 10.0

Important Note: Currently a bug has been found with LUM on SLED 10.0. It will affect whether your CD-ROM or Plug-n-Play devices are detected and work. Novell Technical Suppport is working diligently to resolve this issue.

  1. The following rpm versions or newer are required for LUM athentication.
    • novell-lum-2.2.0-81.12
    • novell-NLDAPbase-dyn-3.4.1-0.5
    • novell-NLDAPsdk-dyn-3.4.1-0.5
  2. Determine which of the needed modules are already installed on the workstation.
    • The version numbers above may be different than the ones listed on your workstation.
    • Usage: rpm -q
    • #rpm -q novell-lum novell-NLDAPbase-dyn novell-NLDAPsdk-dyn
      package novell-lum is not installed
      package novell-NLDAP is not installed
  3. Install the rpm modules currently not installed on the workstation.
    • Usage: yast -i
    • # yast -i novell-lum
      # yast -i novell-NLDAPbase-dyn
      # yast -i novell-NLDAPsdk-dyn
  4. Redirect Linux authentication to eDirectory using LUM.
    • Configure LUM to authenticate to a secure eDirectory LDAP server using namconfig.
      • Usage: namconfig add -a -p -r -w -S :389 -l 636 -R backup_server1:389,backup_server2:389
      • Note: You can leave off the -p and wait for the password prompt if desired.
      • # namconfig add -a cn=admin,o=novell -r o=novell -w ou=workstations,o=novell -S ldap_server:389 -l 636
        LDAP INIT - INSIDE NOVELL
        Enter the admin(cn=admin,o=novell) password:
        ldap_simple_bind_s - IN SIDE NOVELL BIND

        NAM Schema is already extended.
        NAM Unique id schema is already extended.
        uidNumber and gidNumber attribute indices already exist in the LDAP server
        Creating the context...done.
        Creating the Unix Config object... already exists
        Creating the Unix Workstation object... done.
        Adding the workstation context...done.
        Stopping the service 'namcd'...done.
        Starting the service 'namcd'... Done.
        Configure done successfully.
      • For more information on namconfig options, see Linux User Management documentation or the man pages.
    • Modify /etc/nsswitch.conf to use LUM for resolution.
      • Move the original /etc/nsswitch.conf to .bak extension.
      • # mv /etc/nsswitch.conf /etc/nsswitch.conf.bak
      • Rename /etc/nsswitch.conf.nam file created during the installation of LUM to /etc/nsswitch.conf.
      • # cp /etc/nsswitch.conf.nam /etc/nsswitch.conf
    • Modify /etc/pam.d files to use LUM for authentication by addingpam_nam.so to auth, account, password, and session sections of the files you would like LUM enabled. Some recommended files are login (telnet and rlogin), sshd (ssh applications), gdm (gnome graphical login) and xdm (xdm graphical login).
      • Backup /etc/pam.d/gdm file.
      • # cp /etc/pam.d/gdm /etc/pam.d/gdm.original
      • Edit the /etc/pam.d/login file.
      • # vi /etc/pam.d/gdm
      • Edit the /etc/pam.d/gdm file look like the one below.
      • /etc/pam.d/gdm
        Note: If you have already installed the Novell Client for Linux, your file may appear slightly different
        Bold indicates lines that were added
        #%PAM-1.0
        auth include common-auth
        account sufficient pam_nam.so
        account include common-account
        password sufficient pam_name.so
        password include common-password
        session optional pam_nam.so
        session include common-session
        session required pam_devperm.so
        session required pam_resmgr.so
      • If desired other pam files can modified in the same manner such as telnet, sshd or kdm.
      • For authentication, add "auth: call_modules=nam" to /etc/security/pam_unix2.conf.
      • /etc/security/pam_unix2.conf
        # debug (account, auth, password, session)
        # nullok (auth)
        # md5 (password / overwrites /etc/default/passwd)
        # bigcrypt (password / overwrites /etc/default/passwd)
        # blowfish (password / overwrites /etc/default/passwd)
        # crypt_rounds=XX
        # none (session)
        # trace (session)
        # call_modules=x,y,z (account, auth, password)
        #
        # Example:
        # auth: nullok
        # account:
        # password: nullok blowfish crypt_rounds=8
        # session: none
        #
        auth:
        account:
        password:
        session: none

        auth: call_modules=nam

    • Run LUM cache daemon instead of the name server cache daemon.
      • Stop name server cache daemon.
      • # /etc/init.d/nscd stop
      • Start the LUM cache daemon.
      • # /etc/init.d/namcd restart
      • Stop the name sever cache daemon from running at startup.
        # chkconfig nscd off
  5. LUM enable users logging in from Linux workstations.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:3994289
  • Creation Date:15-MAR-07
  • Modified Date:26-APR-12
    • SUSESUSE Linux Enterprise Desktop

Did this document solve your problem? Provide Feedback