How to setup Novell Client for Linux Single Sign-on for SLED 10.0

  • Document ID:3416680
  • Creation Date:15-Mar-2007
  • Modified Date:26-Apr-2012
    • Micro Focus Products:
      Client for Open Enterprise Server (Novell Client)

Environment

Novell Client for Linux 1.2
Novell SUSE Linux Enterprise Desktop 10

Situation

Accomplishes how to configure a SuSE Enterprise Linux Desktop (SLED) to perform local authentication to Linux and authentication through the Novell Client for Linux (NCL) to eDirectory in a single step. This configuration simplifies not only the user's login process but also the administration of user accounts. It also allows for login scripts to be configured and configuration information to be workstation independent.

Resolution

Step-by-Step instructions on how to setup a single login for the Novell Client for Linux.
  1. Setup LUM athentication on SLED 10.0 from knowledge base article3994289.
  2. The following rpms version or newer are required.
    • pam-0.99.3.0-29.4
    • pam-modules-10-2.2
    • pam-devel-0.99.3.0-29.4
    • glibc-devel-2.4-31.2
    • glibc-2.4-31.2
    • gcc-4.1.0-28.4
    • make-3.80-202.2
    • kernel-source-2.6.16.21-0.8
  4. Determine which of the needed modules are already installed on the workstation.
    • The version numbers above may be different than the ones listed on your workstation.
    • Usage: rpm -q
    • # rpm -q novell-lum pam pam-modules pam-devel glibc-devel glibc gcc make kernel-source
      novell-lum-2.2.0-81.12
      pam-0.99.3.0-29.4
      pam-modules-10-2.2
      package pam-devel is not installed
      glibc-devel-2.4-31.2
      glibc-2.4-31.2
      gcc-4.1.0-28.4
      make-3.80-202.2
      kernel-source-2.6.16.21-0.8
  6. Install the rpm modules currently not installed on the workstation.
    • Usage: yast -i
    • # yast -i pam-modules
  8. Install the Novell Client for Linux
    • Download Novell Client for Linux 1.2 for SLED 10.0 fromhttps://download.novell.com.
    • Change to the directory where the client was downloaded to.
    • # cd /home/user/Desktop/
    • Extract the tar ball file
    • # tar -xzvf novell-client-1.2-SLE10.tar.gz
    • Change into the NCL_disk directory
    • # cd ncl_build_711/NCL_disk/
    • Install the Novell Client from a terminal.
    • # ./ncl_install install
      [ncl_install] ncl_install v2.0 started\
      ....
      ...
      ...
      [ncl_install] Upgrade of the Novell Client for Linux completed successfully.
    • Start the Novell Client without rebooting.
      • Add /opt/novell/ncl/bin to $PATH.
      • # export PATH="$PATH:/opt/novell/ncl/bin"
      • Restart the Novell Client daemon.

      • # /opt/novell/ncl/bin/ncl_control restart

        [ncl_control] ncl_control v1.10 started
        [ncl_control] mode =

        [ncl_control] shutting down ncl_tray
        Stopping novell-xregd...Starting novell-xregd... done
        Stopping novell novfs daemon...
        Starting novell novfs daemon...

        No Config File Found - Using Defaults
        novfsd: Novell Client for Linux Daemon
        Copyright 1992-2005, by Novell, Inc. All rights reserved.
        Version 1.2.0-8

        done

        [ncl_control] completed successfully

      • A reboot would also accomplish the two tasks above.
    • Test the Novell Client for Linux by running nwlogin.
      • Usage: nwlogin -t -s -c -u -p -r
      • # nwlogin -s 192.168.1.1 -u lumuser -c users.novell -t 192.168.1.1 -p novell -r
        Password:
        Executing login script...
        Your current context is: users.novell
        User: lumuser Context: users.novell
        Your current tree is: EDIR-TREE
        You are attached to server EDIR-SERVER
        Logged in
  10. Configure and make the pam script module.
    • Note this portion of the document in not supported by Novell Support. This module is an open source module.
    • Compile pam_script.so using make
      • Extract the pam_script tar ball.
      • # tar -xzvf libpam-script-0.1.10.tar.gz
      • Change into the pam_script folder.
      • # cd libpam-script-0.1.10/
      • Compile the pam_script.so from the pam_script directory.
      • # make
      • Rename the current pam_script.so in the /etc/security directory.
      • # mv /lib/security/pam_script.so /lib/security/pam_script.so.old
      • Copy the pam_script.so to /lib/security directory.
      • # cp pam_script.so /lib/security
      • Change the rights on the pam_script.so module to 755.
      • # chmod 755 /lib/security/pam_script.so
      • Add pam_script.so expose=1 to /etc/pam.d files that will execute NCL logins on authentication.
      • /etc/pam.d/gdm file
        Note: The order of the modules are important. Bolded modules need to be added
        #%PAM-1.0
        auth include common-auth
        auth sufficient pam_script.so expose=1
        auth required pam_ncl_autologin.so
        account sufficient pam_nam.so
        account include common-account
        password sufficient pam_nam.so
        password include common-password
        session include common-session
        session optional pam_nam.so
        session required pam_script.so expose=1
        session required pam_devperm.so
        session required pam_resmgr.so
        session required pam_ncl_autologin.so
    • Depending on desired authentication, other pam files can be modified in the same manner, such as kdm and sshd.
  12. Create a file for holding environment specific variables.
    • This file is used to determine what tree, server and LDAP server you are authenticating against.
    • Create and novell-singlelogin file in the /etc/sysconfig directory with the following contents.
    • #/etc/sysconfig/novell-singlelogin
      #This file is used in the onauth, onsessionopen, and onsessionclose files.
      TREE="Tree name or IP"
      SERVER="IP of server"
      LDAPSERVER="LDAP server IP"
  14. Create a pam script to run linux client login.
    • onauth, onsessionopen and onsessionclose are run by pam_script during auth and session sections of the pam files.
    • Create an onauth script in the /etc/security directory with the following contents.
    • #/etc/security/onauth
      # Pulls in the username and assigns it to the variable USER.
      USER=$1
      . /etc/sysconfig/novell-singlelogin
      # LDAP searches for the context of the user and stores it in a variable called FQN
      FQN=`ldapsearch -h $LDAPSERVER -x cn=$USER objectclass=dn | grep ^dn | sed -e "s/^dn: cn=$USER,//i" -e "s/ou=//g" -e "s/o=//g" -e "s/,/./g"`
      PATH=$PATH:/opt/novell/ncl/bin
      #Logs in the user to edirectory but does not map the drives. The drives are mapped in the session script.
      /opt/novell/ncl/bin/nwlogin -t $TREE -s $SERVER -u $USER -c $FQN -p $PAM_AUTHTOK
    • Create an onsessionopen script in the /etc/security directory with the following contents.
    • #/etc/security/onsessionopen
      #Pulls in the username and assigns it to the variable USER.
      USER=$1
      . /etc/sysconfig/novell-singlelogin
      # variable assignments
      PATH=$PATH:/opt/novell/ncl/bin
      HOME=/home/$USER
      # This command runs the login scripts and maps the network drives.
      # The TREE and LDAPSERVER variables are defined in the novell-singlelogin file.
      /opt/novell/ncl/bin/nwrunscripts -u $USER -t $TREE -c `ldapsearch -h $LDAPSERVER -x cn=$USER objectclass=dn | grep ^dn | sed -e"s/^dn: cn=$USER,//i" -e "s/ou=//g" -e "s/o=//g" -e"s/,/./g"`
    • Create an onsessionclose script in the /etc/security directory with the following contents.
    • #/etc/security/onsessionclose
      . /etc/sysconfig/novell-singlelogin
      #Logs out the user from the tree
      /opt/novell/ncl/bin/nwlogout -t $TREE
    • Set permissions on onauth, and onsessionopen and onsessionclose to rwxr-xr-x.
    • # chmod 755 /etc/security/on*
    • Logging from the graphical interface should now work with eDirectory and running the login scripts.

Additional Information

Troubleshooting Information.
Here is what a successful install of the Novell Client for Linux should look like:
# ./ncl_install install
[ncl_install] ncl_install v2.0 started
[ncl_install] mode = upgrade
[ncl_install] option =
[ncl_install] This script uses the following RPM options:
[ncl_install] -U
[ncl_install] For a description of these options,
[ncl_install] see the RPM documentation.
[ncl_install] Upgrading the Novell Client for Linux.
[ncl_install] Please wait...

[ncl_install] Upgrading nici...
Initializing NICI ... done.
[ncl_install] Upgrading novell-nmasclient...
[ncl_install] Upgrading novell-xtier-base...
Running Novell XTier Base pre script...
doing rpm install processing
done running Novell XTier Base pre script!
Running Novell XTier Base post script...
Importing Xtier Xml Registry...
Using newly installed registry file
done importing Xtier Xml Registry
doing rpm install processing
done running Novell XTier Base post script!
[ncl_install] Upgrading novell-xtier-core...
[ncl_install] Upgrading novell-novfs...
novell-novfs post install script
Building novfs.ko for 2.6.16.21-0.8-default
make: Entering directory `/usr/src/linux-2.6.16.21-0.8-obj/i386/default'
make -C ../../../linux-2.6.16.21-0.8 O=../linux-2.6.16.21-0.8-obj/i386/default modules
CC [M] /opt/novell/ncl/src/novfs/inode.o
CC [M] /opt/novell/ncl/src/novfs/proc.o
CC [M] /opt/novell/ncl/src/novfs/profile.o
CC [M] /opt/novell/ncl/src/novfs/daemon.o
/opt/novell/ncl/src/novfs/daemon.c: In function local_unlink:
/opt/novell/ncl/src/novfs/daemon.c:2787: warning: lookup_hash is deprecated (declared at /usr/src/linux-2.6.16.21-0.8/include/linux/namei.h:78)
CC [M] /opt/novell/ncl/src/novfs/file.o
CC [M] /opt/novell/ncl/src/novfs/scope.o
CC [M] /opt/novell/ncl/src/novfs/nwcapi.o
LD [M] /opt/novell/ncl/src/novfs/novfs.o
Building modules, stage 2.
MODPOST
CC /opt/novell/ncl/src/novfs/novfs.mod.o
LD [M] /opt/novell/ncl/src/novfs/novfs.ko
make: Leaving directory `/usr/src/linux-2.6.16.21-0.8-obj/i386/default'
copying novfs.ko to /lib/modules/2.6.16.21-0.8-default/updates
[ncl_install] Upgrading novell-novfsd...
novell-novfsd pre install script
Creating mount point /var/opt/novell/nclmnt
optarg = \client\policies\network\ip\address resolution providers\configured
value = {A18C57F8-17DA-11d1-8FFF-00A0C925D248}
type = REG_SZ
valueName = 9
optarg = \Client\Policies
value = {FCB72681-D373-11d3-BC08-00A0C9EA53EF}
type = REG_SZ
valueName = Default Authentication Provider
[ncl_install] Upgrading novell-xplatlib...
[ncl_install] Upgrading novell-ui-base...
Updating library cache
[ncl_install] Upgrading novell-qtgui...
Updating library cache...
Starting SuSEconfig, the SuSE Configuration Tool...
Running module gtk2 only
Reading /etc/sysconfig and updating the system...
Executing /sbin/conf.d/SuSEconfig.gtk2...
Finished.
[ncl_install] Upgrading novell-client-script...
[ncl_install] Upgrading yast2-novell-client...
yast2-novell-client post install script
installing the Novell Client YaST icon files
[install_yast_icons] install_yast_icons v1.4
[install_yast_icons] installing /usr/share/YaST2/theme/NLD/icons/22x22/apps/novell-client.png
[install_yast_icons] installing /usr/share/YaST2/theme/NLD/icons/32x32/apps/novell-client.png
[install_yast_icons] installing /usr/share/YaST2/theme/NLD/icons/48x48/apps/novell-client.png
[install_yast_icons] installing /usr/share/YaST2/theme/SuSELinux/icons/22x22/apps/novell-client.png
[install_yast_icons] installing /usr/share/YaST2/theme/SuSELinux/icons/32x32/apps/novell-client.png
[install_yast_icons] installing /usr/share/YaST2/theme/SuSELinux/icons/48x48/apps/novell-client.png
[ncl_install] Upgrading novell-client...
novell-client post install script
[ncl_control] ncl_control v1.10 started
[ncl_control] mode =
[ncl_control] shutting down ncl_tray
Stopping novell-xregd...Starting novell-xregd... done
Stopping novell novfs daemon...
ERROR: Module novfs does not exist in /proc/modules
Starting novell novfs daemon...
No Config File Found - Using Defaults
novfsd: Novell Client for Linux Daemon
Copyright 1992-2005, by Novell, Inc. All rights reserved.
Version 1.2.0-8
done
[ncl_control] completed successfully

[ncl_install] Do you want to upgrade
[ncl_install] the optional novell-konqueror-plugin rpm?
[ncl_install] (y/n) y
[ncl_install] Upgrading (optional rpm) novell-konqueror-plugin...
Installing [Novell Network] to [Network Browsing]...
cat: /opt/kde3/share/config/kio_slprc: No such file or directory
cat: /opt/kde3/share/config/kio_slprc: No such file or directory
Updating library cache...
You must relogin for these changes to take effect.
[ncl_install] Do you want to upgrade
[ncl_install] the optional novell-nautilus-plugin rpm?
[ncl_install] (y/n) y
[ncl_install] Upgrading (optional rpm) novell-nautilus-plugin...
Updating library cache...
[ncl_install] Upgrade of the Novell Client for Linux completed successfully.
If you are have trouble with pam scripting or logging in, use the onauth and onsessionopen scripts to identify the issue. The pieces in bold are sever specific information and should be changed for your environment.
/etc/security/onauth
#!/bin/bash
USER=$1
FQN=`ldapsearch -h 137.65.214.107 -x cn=$USER objectclass=dn | grep ^dn | sed -e "s/^dn: cn=$USER,//i" -e "s/ou=//g" -e "s/o=//g" -e "s/,/./g"`
echo "This is FQN">> /tmp/onauth.log
echo $FQN >> /tmp/onauth.log
echo "This is USER">> /tmp/onauth.log
echo $USER >> /tmp/onauth.log
echo "This is pam_authtok">> /tmp/onauth.log
echo $PAM_AUTHTOK >> /tmp/onauth.log

PATH=$PATH:/opt/novell/ncl/bin
/opt/novell/ncl/bin/nwlogin -t 137.65.214.107 -s137.65.214.107-u $USER -c $FQN -p $PAM_AUTHTOK >> /tmp/onauth.log
USER=$1
PATH=$PATH:/opt/novell/ncl/bin
echo $PATH >> /tmp/session.log
HOME=/home/$USER
echo $HOME >> /tmp/session.log
/opt/novell/ncl/bin/nwrunscripts -u $USER -t137.65.214.107-c `ldapsearch -h137.65.214.107-x cn=$USER objectclass=dn | grep ^dn | sed -e "s/^dn: cn=$USER,//i" -e "s/ou=//g" -e "s/o=//g" -e"s/,/./g"` >> /tmp/session.log