Environment
Situation
How to configure a SuSE Enterprise Linux Desktop (SLED) to perform local authentication to Linux and authentication through the Novell Client for Linux (NCL) to eDirectory in a single step. This configuration simplifies not only the user's login process but also the administration of user accounts. It also allows for login scripts to be configured and configuration information to be workstation independent.
Resolution
How to configure Single Sign-On for the Novell Client for Linux on SLED 11.0
1. Set up LUM authentication on SLED 11.0 from knowledge base article 7005008
i. Launch Yast ->Software Install
ii. Choose "Patterns"
iv. Left click on "Novell Client for Linux"
v. Right click in the right-hand window and select-all, then click install.
a. Download the Novell Client from download.novell.com
b. Install the Novell Client either by using YaST or from a terminal.
c. To Install the Novell Client from a terminal do the following:
i. Mount the Novell Client ISO image.
#mount –o loop /home/joeuser/Desktop/ novell-client-2.0SP2-sled11-i586-CD1.iso /mnt #cd /mnt #./ncl_install install |
d. Start-up the tray icon without rebooting the workstation
#/opt/novell/ncl/bin/ncl_tray& |
3. Setup the default tree and SLP
a. Launch Yast
#yast2 novell-client |
Select the option and click
c. In the Default Tree field, specify the tree name and click Next.
d. Fill out the Scope List and Directory Agent IP address.
e. Click
4. Modify PAM configuration for Single Sign-On
a. Open the appropriate PAM login file ( /etc/pam.d/gdm, /etc/pam.d/xdm, or /etc/pam.d/kdm) and do the following:
i. Delete the line auth sufficient pam_nam.so
ii. Add the line auth sufficient pam_nam.so use_first_pass
5. Edit the /etc/opt/novell/ncl/login.conf file to allow Single Sign-On for PAM access by executing the following command in a terminal window as root:
#echo Allow_PAM_SSO=true >> /etc/opt/novell/ncl/login.conf |
6. Restart the workstation and login as the LUM user.
Additional Information
auth optional pam_ncl_autologin.so
auth sufficient pam_nam.so use_first_pass
account sufficient pam_nam.so
password sufficient pam_nam.so
session optional pam_nam.so
#%PAM-1.0
auth include common-auth
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session