How to set up Single Sign-On for Novell Client for Linux on SLED 11.0

  • Document ID:7005012
  • Creation Date:10-Dec-2009
  • Modified Date:29-Oct-2012
    • Micro Focus Products:
      Client for Open Enterprise Server (Novell Client)

Environment

Novell Client for Linux 2.0 SP2 for SLED 11.0
SUSE Linux Enterprise Desktop 11

Situation

How to configure a SuSE Enterprise Linux Desktop (SLED) to perform local authentication to Linux and authentication through the Novell Client for Linux (NCL) to eDirectory in a single step. This configuration simplifies not only the user's login process but also the administration of user accounts. It also allows for login scripts to be configured and configuration information to be workstation independent.

Resolution

How to configure Single Sign-On for the Novell Client for Linux on SLED 11.0

1.      Set up LUM authentication on SLED 11.0 from knowledge base article 7005008

2.      Install the Novell Client for Linux 2.0 SP2 for SLED 11.0 and SLED 11.0 SP1
 
For SLED 11.0 SP1
      a.   Install the Novell Client from the SLED 11.0 SP1 product CD
                   i.   Launch Yast ->Software Install
                   ii.  Choose "Patterns"
                   iv. Left click on "Novell Client for Linux"
                   v.  Right click in the right-hand window and select-all, then click install.
 
 For SLED 11.0 (Shipping)

a.       Download the Novell Client from download.novell.com

b.      Install the Novell Client either by using YaST or from a terminal.

c.       To Install the Novell Client from a terminal do the following:

                                                              i.      Mount the Novell Client ISO image.

#mount –o loop /home/joeuser/Desktop/ novell-client-2.0SP2-sled11-i586-CD1.iso /mnt

#cd /mnt

#./ncl_install install

 

d.      Start-up the tray icon without rebooting the workstation

#/opt/novell/ncl/bin/ncl_tray&

 

3.      Setup the default tree and SLP

a.       Launch Yast

#yast2 novell-client

 

b.      Select the Login and Service Location Protocol option and click Start Wizard

c.       In the Default Tree field, specify the tree name and click Next.

d.      Fill out the Scope List and Directory Agent IP address.

e.       Click Next and then click Finish to close the Novel Client Configuration Wizard.

4.      Modify PAM configuration for Single Sign-On

a.       Open the appropriate PAM login file ( /etc/pam.d/gdm, /etc/pam.d/xdm, or /etc/pam.d/kdm) and do the following:

                                                              i.      Delete the line auth sufficient pam_nam.so

                                                            ii.      Add the line auth sufficient pam_nam.so use_first_pass

5.      Edit the /etc/opt/novell/ncl/login.conf file to allow Single Sign-On for PAM access by executing the following command in a terminal window as root:

#echo Allow_PAM_SSO=true >> /etc/opt/novell/ncl/login.conf

 

6.      Restart the workstation and login as the LUM user.


See: https://www.novell.com/documentation/linux_client/linuxclient_sle11sp1_admin/?page=/documentation/linux_client/linuxclient_sle11sp1_admin/data/bm4kddj.html

Additional Information

Example file for /etc/pam.d/gdm or xdm

auth      optional    pam_ncl_autologin.so
auth      sufficient  pam_nam.so use_first_pass
account   sufficient  pam_nam.so
password  sufficient  pam_nam.so
session   optional    pam_nam.so
#%PAM-1.0
auth     include        common-auth
auth     required      pam_micasa.so
account  include        common-account
password include        common-password
session  required       pam_loginuid.so
session  include        common-session