Linux Desktop Software


Setting up Novell Client Single Sign-on on a Multiplied SUSE Linux Enterprise Desktop System


Novell Cool Solutions Tip by Sam Ludington.

Following is a detailed description of how Danville Public Schools set up Novell Single Sign-on on their Multiplied SUSE Linux Enterprise Desktops in their K-12 classrooms.

Problem


How do you set up Linux User Management and Novell Client Single Sign-on SLED 10 desktops running the Linux Desktop Multiplier.

Solution


Document in PDF form can be downloaded from www.danville.k12.il.us/ISTechs/Novell_Client_for_Linux_Single_Signon.pdf

  1. Make sure the following modules or newer are installed:
    • pam-0.99.3.0-29.4
    • pam-modules-10-2.2
    • pam-devel-0.99.3.0-29.4
    • glibc-devel-2.4-31.2
    • glibc-2.4-31.2
    • gcc-4.1.0-28.4
    • make-3.80-202.2
    • kernel-source-2.6.16.21-0.8
    • novell-lum-2.2.0-81.12

  2. To determine which of the modules are already installed, issue the following command at the bash prompt.
    • rpm -q novell-lum pam pam-modules pam-devel glibc-devel glibc gcc make kernel-source

  3. To install the missing modules, type the flowing command at the bash prompt. (Installation Media may be required)
    • yast -i module_name (Replace module_name with name of missing module)
    • example: yast -i novell-lum

  4. Install the Novell Client for Linux
    • Download Novell Client version 1.2 for SUSE Linux Enterprise 10 from http://download.novell.com
    • Change to the directory where the client was downloaded
      • cd /root/Desktop/
    • Extract the tar ball file
      • tar -xzvf novell-client-1.2-SLE10.tar.gz
    • Change into the NCL_disk directory
      • cd ncl_build_711/NCL_disk/
    • Install the client with the following command
      • ./ncl_install install

  5. Start Novell Client and test functionality
    • Add /opt/novell/ncl/bin to $PATH
      • export PATH="$PATH:/opt/novell/ncl/bin"
    • Restart Novell Client daemon
      • /opt/novell/ncl/bin/ncl_control restart
    • Test that the Novell Client is functioning by typing the following command at the bash prompt.
      • nwlogin -t treename -s server_address -c context -u username -p password -r

  6. Download and extract SingleSignOn file

  7. Edit SingleSignOn files for your environment
    • Change into SingleSignOn directory
    • cd SingleSignOn
    • Edit login.conf with gedit or editor of your choice
      • gedit files/etc/opt/novell/ncl/login.conf
        • Default_Tree=Tree (Replace Tree with your tree name)
        • Default_Context=Context (Replace Context with your default context)
    • Edit novellsingle
    • gedit files/etc/sysconfig/novellsingle
      • NDSTREE=TreeIP (Replace TreeIP with your edir server's IP or Tree name)
      • NDSSERVER=ServerIP (Replace ServerIP with your edir server's IP)
      • NDSLDAP=LDAPIP (Replace LDAPIP with LDAP server's IP)
    • Edit slp.conf
    • gedit files/etc/slp.conf
      • net.slp.useScopes = Scope_Name (Replace Scope_Name with your scope)
      • net.slp.DAAddresses = DAAddress (Replace DAAddress with your DA IP)

  8. If you have made changes to your /etc/profile file, please delete the profile file under SingleSignOn/files/etc/profile. You will need to add the following lines to the bottom of your /etc/profile file.
    • . /etc/sysconfig/novellsingle
      PATH=$PATH:/opt/novell/ncl/bin
      /opt/novell/ncl/bin/nwrunscripts -u $USER -t $NDSTREE -c `ldapsearch -h $NDSLDAP -x
      cn=$USER objectclass=dn | grep ^dn | sed -e "s/^dn: cn=$USER,//i" -e "s/ou=//g" -e
      "s/o=//g" -e "s/,/./g"` (from /opt/novell/... on the third line, this is all one line)

  9. Install Single Sign On
    • ./install.sh

  10. Import workstation into eDirectory with the following command at the bash prompt
    • namconfig add -a UserDN -r ConfigContext -w WorkstationContext -S LDAPIP:389 -l 636
      • UserDN= Destinguished name. Example cn=admin,o=novell
      • ConfigContext= organization unit where linux config resides. Example o=novell
      • WorkstationContext= organization unit to import unix workstation. Example ou=workstations,o=novell
      • LDAPIP= IP of LDAP server. Example 192.168.1.1
      • Example. namconfig add -a cn=admin,o=novell -r o=novell -w
        ou=workstations,o=novell -S 192.168.1.1:389 -l 636

  11. Add workstation to Linux Enabled group
    • Log into iManager
    • Select Linux User Management
    • Modify Linux Workstation Object
    • Use the object selector to find the workstation in the tree


    • Click Ok
    • Use the object selector to find a Linux Enabled Group Then click Apply



  12. Restart the workstation. Users who are in the Linux Enabled Group should be able to log into this workstation.

Troubleshooting

  1. No Drive Mapping. Each time a user logs in the SingleSignOn script creates and then deletes the /tmp/onauth.log file. If the file is not delete or already exists, then the script will fail to map the network drives. To solve this problem, delete /tmp/onauth.log.


  2. User can not login. Make sure that the user is Linux Enabled and a member of the same Linux Enabled Group as the workstation.

Environment


  • SUSE Linux Enterprise Desktop 10
  • Linux Desktop Multiplier
  • Novell Client 1.2
© 2010 Omni Technology Solutions, Inc. All Rights Reserved. All trademarks are property of their respective owners.
Omni Technology Solutions Inc.   •   #1200, Bell Tower  •  10104 - 103 Avenue  •  Edmonton  •  Alberta  •  Canada  •  T5J 0H8
Tel +1 780.423.4200  •  Fax +1 780.423.4711  •  Send an Email