Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

SUSE Linux Enterprise Desktop Deployment Guide
Previous Page Home Next Page

33.1 Setting Up Workstations to Use eDirectory Authentication

Before users can use their eDirectory usernames and passwords to log in, the SUSE Linux Enterprise Desktop workstation must be configured with Linux User Management components. You can set up eDirectory Authentication during the SUSE Linux Enterprise Desktop installation, or you can use YaST to set it up anytime after installation.

To install and configure LUM during the SUSE Linux Enterprise Desktop installation, select eDirectory LDAP as the authentication method on the User Authenticating Method screen, then complete Step 3 through Step 10 below. It it is not already installed, you will be prompted to install the yast2-linux-user-mgmt package.

Figure 33-1 User Authentication Method Screen in the SUSE Linux Enterprise Desktop Installation

To install and configure LUM on an already running workstation:

  1. On the workstation, launch the YaST Control Center.

    GNOME: Click Computer > More Applications > YaST Control Center.

    KDE: Click the menu button > System YaST (Control Center).

  2. Click Security and Users > Linux User Management.

  3. Specify whether eDirectory is running on the computer itself (Local System) or on another computer on the network (Remote System).

  4. If eDirectory is running on a remote system, specify the remote system's IP address.

  5. (Optional) Specify the eDirectory admin name, context, and password, then click Next.

    The admin name and context must be entered in LDAP syntax which uses a comma instead of a period (for example, cn=admin,o=novell).

    IMPORTANT: If you don’t have rights to create objects in the eDirectory tree, leave these fields blank. You will need to contact your eDirectory administrator, give them the host name of your client, and ask them to create a LUM Workstation object with your host name. You should also ask them where you can get a copy of the CA certificate for the LDAP server. You will need to place this certificate in the /var/lib/novell-lum directory.

    The name of the CA certificate matches the name of the “preferred-server” entry in the /etc/nam.conf file and has a .der extension. You can type namconfig get preferred-server to get the name. For example, if namconfig get preferred-server returns server.xyz.com, your certificate file name will be .server.xyz.com.der.

  6. Specify the location of the Linux/UNIX Config object.

    The Linux/UNIX Config object stores a list of the locations (contexts) where Linux/UNIX Workstation objects reside on the network. It also controls the range of numbers to be assigned as UIDs and GIDs when User and Group objects are created. This object is created when LUM is configured on the eDirectory server, and is usually located in an upper container of the eDirectory tree (for example, o=novell). Contact your eDirectory administrator for the context.

    For more information, see “Understanding eDirectory Objects and Linux” in the Novell Linux User Management Technology Guide .

  7. (Optional) Specify the location of the LUM Workstation object.

    The LUM Workstation object represents the actual computer a user logs in to. If you have rights to create objects in the eDirectory tree (that is, you were able to specify the eDirectory admin name, context, and password in Step 5), this object is automatically created as part of the workstation configuration and is usually placed in an Organization (O) or Organizational Unit (OU) container in the eDirectory tree. You can also create a LUM Workstation object by clicking Linux User Management > Create Linux Workstation Object in iManager.

  8. (Optional) If you have disabled anonymous binds to the LDAP server, specify a proxy user name, context, and password that has rights to the LDAP tree.

  9. Click Next to continue.

  10. Select which login access methods should use eDirectory for authentication.

  11. Click Finish.

    Installing and configuring LUM technology sets up the SUSE Linux Enterprise Desktop workstation to validate login requests against user account information stored in eDirectory. Before users can log in, they must have eDirectory user accounts created with iManager and extended for LUM, and their User object must be associated with the workstation they will log in to. See Section 33.2, Using iManager to Enable Users for eDirectory Authentication for more information.

SUSE Linux Enterprise Desktop Deployment Guide
Previous Page Home Next Page

 
 
  Published under the terms of the Open Publication License Design by Interspire