Environment
Novell Client
for Linux 1.2
Novell SUSE
Linux Enterprise Desktop 10
Situation
Accomplishes
how to configure a SuSE Enterprise Linux Desktop (SLED) to
perform local authentication to Linux and authentication through
the Novell Client for Linux (NCL) to eDirectory in a single step.
This configuration simplifies not only the user's login process but
also the administration of user accounts. It also allows for login
scripts to be configured and configuration information to be
workstation independent.
Resolution
Step-by-Step
instructions on how to setup a single login for the Novell Client
for Linux.
- Setup LUM athentication on SLED 10.0 from knowledge base article3994289.
- The following rpms version or newer are required.
- pam-0.99.3.0-29.4
- pam-modules-10-2.2
- pam-devel-0.99.3.0-29.4
- glibc-devel-2.4-31.2
- glibc-2.4-31.2
- gcc-4.1.0-28.4
- make-3.80-202.2
- kernel-source-2.6.16.21-0.8
- Determine which of the needed modules are already installed on the workstation.
- The version numbers above may be different than the ones listed on your workstation.
- Usage: rpm -q
- # rpm -q novell-lum pam pam-modules pam-devel glibc-devel glibc gcc make kernel-source
novell-lum-2.2.0-81.12
pam-0.99.3.0-29.4pam-modules-10-2.2
package pam-devel is not installed
glibc-devel-2.4-31.2
glibc-2.4-31.2
gcc-4.1.0-28.4
make-3.80-202.2
kernel-source-2.6.16.21-0.8
- Install the rpm modules currently not installed on the workstation.
- Usage: yast -i
- # yast -i pam-modules
- Install the Novell Client for Linux
- Download Novell Client for Linux 1.2 for SLED 10.0 fromhttps://download.novell.com.
- Change to the directory where the client was downloaded to.
- # cd /home/user/Desktop/
- Extract the tar ball file
# tar -xzvf novell-client-1.2-SLE10.tar.gz - Change into the NCL_disk directory
# cd ncl_build_711/NCL_disk/ - Install the Novell Client from a terminal.
- # ./ncl_install install[ncl_install] ncl_install v2.0 started\..........[ncl_install] Upgrade of the Novell Client for Linux completed successfully.
- Start the Novell Client without rebooting.
- Add /opt/novell/ncl/bin to $PATH.
- # export PATH="$PATH:/opt/novell/ncl/bin"
- Restart the Novell Client daemon.
# /opt/novell/ncl/bin/ncl_control restart
[ncl_control] ncl_control v1.10 started
[ncl_control] mode =[ncl_control] shutting down ncl_tray
Stopping novell-xregd...Starting novell-xregd... done
Stopping novell novfs daemon...
Starting novell novfs daemon...No Config File Found - Using Defaults
novfsd: Novell Client for Linux Daemon
Copyright 1992-2005, by Novell, Inc. All rights reserved.
Version 1.2.0-8done
[ncl_control] completed successfully
- A reboot would also accomplish the two tasks above.
- Test the Novell Client for Linux by running nwlogin.
- Usage: nwlogin -t
-s -c -u -p -r - # nwlogin -s 192.168.1.1 -u lumuser -c users.novell -t 192.168.1.1 -p novell -rPassword:
Executing login script...
Your current context is: users.novell
User: lumuser Context: users.novell
Your current tree is: EDIR-TREE
You are attached to server EDIR-SERVER
Logged in
- Configure and make the pam script module.
- Note this portion of the document in not supported by Novell Support. This module is an open source module.
- Compile pam_script.so using make
- Download pam_script fromhttp://freshmeat.net/projects/pam_script/
- Extract the pam_script tar ball.
# tar -xzvf libpam-script-0.1.10.tar.gz - Change into the pam_script folder.
# cd libpam-script-0.1.10/ - Compile the pam_script.so from the pam_script directory.
- # make
- Rename the current pam_script.so in the /etc/security directory.
# mv /lib/security/pam_script.so /lib/security/pam_script.so.old - Copy the pam_script.so to /lib/security directory.
# cp pam_script.so /lib/security - Change the rights on the pam_script.so module to 755.
- # chmod 755 /lib/security/pam_script.so
- Add pam_script.so expose=1 to /etc/pam.d files that will execute NCL logins on authentication.
- /etc/pam.d/gdm fileNote: The order of the modules are important. Bolded modules need to be added#%PAM-1.0
auth include common-auth
auth sufficient pam_script.so expose=1
auth required pam_ncl_autologin.so
account sufficient pam_nam.so
account include common-account
password sufficient pam_nam.so
password include common-password
session include common-session
session optional pam_nam.so
session required pam_script.so expose=1
session required pam_devperm.so
session required pam_resmgr.so
session required pam_ncl_autologin.so
- Depending on desired authentication, other pam files can be modified in the same manner, such as kdm and sshd.
- Create a file for holding environment specific variables.
- This file is used to determine what tree, server and LDAP server you are authenticating against.
- Create and novell-singlelogin file in the /etc/sysconfig directory with the following contents.
- #/etc/sysconfig/novell-singlelogin#This file is used in the onauth, onsessionopen, and onsessionclose files.TREE="Tree name or IP"SERVER="IP of server"LDAPSERVER="LDAP server IP"
- Create a pam script to run linux client login.
- onauth, onsessionopen and onsessionclose are run by pam_script during auth and session sections of the pam files.
- Create an onauth script in the /etc/security directory with the following contents.
- #/etc/security/onauth# Pulls in the username and assigns it to the variable USER.
USER=$1. /etc/sysconfig/novell-singlelogin# LDAP searches for the context of the user and stores it in a variable called FQN
FQN=`ldapsearch -h $LDAPSERVER -x cn=$USER objectclass=dn | grep ^dn | sed -e "s/^dn: cn=$USER,//i" -e "s/ou=//g" -e "s/o=//g" -e "s/,/./g"`PATH=$PATH:/opt/novell/ncl/bin#Logs in the user to edirectory but does not map the drives. The drives are mapped in the session script.
/opt/novell/ncl/bin/nwlogin -t $TREE -s $SERVER -u $USER -c $FQN -p $PAM_AUTHTOK - Create an onsessionopen script in the /etc/security directory with the following contents.
- #/etc/security/onsessionopen#Pulls in the username and assigns it to the variable USER.
USER=$1. /etc/sysconfig/novell-singlelogin# variable assignments
PATH=$PATH:/opt/novell/ncl/bin
HOME=/home/$USER# This command runs the login scripts and maps the network drives.
# The TREE and LDAPSERVER variables are defined in the novell-singlelogin file.
/opt/novell/ncl/bin/nwrunscripts -u $USER -t $TREE -c `ldapsearch -h $LDAPSERVER -x cn=$USER objectclass=dn | grep ^dn | sed -e"s/^dn: cn=$USER,//i" -e "s/ou=//g" -e "s/o=//g" -e"s/,/./g"` - Create an onsessionclose script in the /etc/security directory with the following contents.
- #/etc/security/onsessionclose. /etc/sysconfig/novell-singlelogin#Logs out the user from the tree/opt/novell/ncl/bin/nwlogout -t $TREE
- Set permissions on onauth, and onsessionopen and onsessionclose to rwxr-xr-x.
- # chmod 755 /etc/security/on*
- Logging from the graphical interface should now work with eDirectory and running the login scripts.
Additional Information
Troubleshooting
Information.
Here is
what a successful install of the Novell Client for Linux
should look like:
#
./ncl_install install [ncl_install]
ncl_install v2.0 started [ncl_install] mode = upgrade [ncl_install] option = [ncl_install]
This script uses the following RPM options: [ncl_install] -U [ncl_install] For a description of these options, [ncl_install] see the RPM documentation. [ncl_install]
Upgrading the Novell Client for Linux. [ncl_install] Please wait... [ncl_install] Upgrading nici... Initializing NICI ... done. [ncl_install]
Upgrading novell-nmasclient... [ncl_install]
Upgrading novell-xtier-base... Running Novell XTier Base pre script... doing rpm install processing done running Novell XTier Base pre script! Running Novell XTier Base post script... Importing Xtier Xml Registry... Using newly installed registry file done importing Xtier Xml Registry doing rpm install processing done running Novell XTier Base post script! [ncl_install]
Upgrading novell-xtier-core... [ncl_install]
Upgrading novell-novfs... novell-novfs post install script Building novfs.ko for 2.6.16.21-0.8-default make: Entering directory `/usr/src/linux-2.6.16.21-0.8-obj/i386/default' make -C ../../../linux-2.6.16.21-0.8 O=../linux-2.6.16.21-0.8-obj/i386/default modules CC [M] /opt/novell/ncl/src/novfs/inode.o CC [M] /opt/novell/ncl/src/novfs/proc.o CC [M] /opt/novell/ncl/src/novfs/profile.o CC [M] /opt/novell/ncl/src/novfs/daemon.o /opt/novell/ncl/src/novfs/daemon.c: In function local_unlink: /opt/novell/ncl/src/novfs/daemon.c:2787: warning: lookup_hash is deprecated (declared at /usr/src/linux-2.6.16.21-0.8/include/linux/namei.h:78) CC [M] /opt/novell/ncl/src/novfs/file.o CC [M] /opt/novell/ncl/src/novfs/scope.o CC [M] /opt/novell/ncl/src/novfs/nwcapi.o LD [M] /opt/novell/ncl/src/novfs/novfs.o Building modules, stage 2. MODPOST CC /opt/novell/ncl/src/novfs/novfs.mod.o LD [M] /opt/novell/ncl/src/novfs/novfs.ko make: Leaving directory `/usr/src/linux-2.6.16.21-0.8-obj/i386/default' copying novfs.ko to /lib/modules/2.6.16.21-0.8-default/updates [ncl_install]
Upgrading novell-novfsd... novell-novfsd pre install script Creating mount point /var/opt/novell/nclmnt optarg = \client\policies\network\ip\address resolution providers\configured value = {A18C57F8-17DA-11d1-8FFF-00A0C925D248} type = REG_SZ valueName = 9 optarg = \Client\Policies value = {FCB72681-D373-11d3-BC08-00A0C9EA53EF} type = REG_SZ valueName = Default Authentication Provider [ncl_install]
Upgrading novell-xplatlib... [ncl_install]
Upgrading novell-ui-base... Updating library cache [ncl_install]
Upgrading novell-qtgui... Updating library cache... Starting SuSEconfig, the SuSE Configuration Tool... Running module gtk2 only Reading /etc/sysconfig and updating the system... Executing /sbin/conf.d/SuSEconfig.gtk2... Finished. [ncl_install]
Upgrading novell-client-script... [ncl_install]
Upgrading yast2-novell-client... yast2-novell-client post install script installing the Novell Client YaST icon files [install_yast_icons]
install_yast_icons v1.4 [install_yast_icons] installing /usr/share/YaST2/theme/NLD/icons/22x22/apps/novell-client.png [install_yast_icons] installing /usr/share/YaST2/theme/NLD/icons/32x32/apps/novell-client.png [install_yast_icons] installing /usr/share/YaST2/theme/NLD/icons/48x48/apps/novell-client.png [install_yast_icons] installing /usr/share/YaST2/theme/SuSELinux/icons/22x22/apps/novell-client.png [install_yast_icons] installing /usr/share/YaST2/theme/SuSELinux/icons/32x32/apps/novell-client.png [install_yast_icons] installing /usr/share/YaST2/theme/SuSELinux/icons/48x48/apps/novell-client.png [ncl_install]
Upgrading novell-client... novell-client post install script [ncl_control]
ncl_control v1.10 started [ncl_control] mode = [ncl_control]
shutting down ncl_tray Stopping novell-xregd...Starting novell-xregd... done Stopping novell novfs daemon... ERROR: Module novfs does not exist in /proc/modules Starting novell novfs daemon... No
Config File Found - Using Defaults novfsd: Novell Client for Linux Daemon Copyright 1992-2005, by Novell, Inc. All rights reserved. Version 1.2.0-8
done [ncl_control]
completed successfully [ncl_install] Do you want to upgrade [ncl_install] the optional novell-konqueror-plugin rpm? [ncl_install] (y/n) y [ncl_install]
Upgrading (optional rpm) novell-konqueror-plugin... Installing [Novell Network] to [Network Browsing]... cat: /opt/kde3/share/config/kio_slprc: No such file or directory cat: /opt/kde3/share/config/kio_slprc: No such file or directory Updating library cache... You must relogin for these changes to take effect. [ncl_install]
Do you want to upgrade [ncl_install] the optional novell-nautilus-plugin rpm? [ncl_install] (y/n) y [ncl_install]
Upgrading (optional rpm) novell-nautilus-plugin... Updating library cache... [ncl_install]
Upgrade of the Novell Client for Linux completed
successfully. |
If
you are have trouble with pam scripting or logging in, use the
onauth and onsessionopen scripts to identify the issue. The pieces
in bold are sever specific information and should be changed for
your environment.
/etc/security/onauth #!/bin/bash USER=$1 FQN=`ldapsearch
-h 137.65.214.107 -x cn=$USER objectclass=dn |
grep ^dn | sed -e "s/^dn: cn=$USER,//i" -e "s/ou=//g" -e "s/o=//g"
-e "s/,/./g"` echo "This is
FQN">> /tmp/onauth.log echo $FQN >> /tmp/onauth.log echo "This is USER">> /tmp/onauth.log echo $USER >> /tmp/onauth.log echo "This is pam_authtok">> /tmp/onauth.log echo $PAM_AUTHTOK >> /tmp/onauth.log PATH=$PATH:/opt/novell/ncl/bin /opt/novell/ncl/bin/nwlogin
-t 137.65.214.107 -s137.65.214.107-u $USER -c $FQN -p
$PAM_AUTHTOK >> /tmp/onauth.log |
USER=$1 PATH=$PATH:/opt/novell/ncl/bin echo $PATH >> /tmp/session.log HOME=/home/$USER echo $HOME >> /tmp/session.log /opt/novell/ncl/bin/nwrunscripts -u $USER -t137.65.214.107-c `ldapsearch -h137.65.214.107-x cn=$USER objectclass=dn | grep ^dn | sed -e "s/^dn: cn=$USER,//i" -e "s/ou=//g" -e "s/o=//g" -e"s/,/./g"` >> /tmp/session.log |