Integrating Novell Linux Desktop into a Novell NetWare network

Posted: 15 Jun 2005

As I researched the use of Novell Linux Desktop (NLD) in a NetWare 6.5 Network, I became frustrated with the lack of documentation concerning using NLD as a client to a NetWare server. I started out by scouring the Novell site for Documentation TIDS and Cool Solutions. This search turned up very little. I decided that I needed to figure out a path through NetWare's NFAP and LDAP tools to create what I thought would be some crude connectivity. After working for a little while on LDAP authentication I was guided by a fellow Forum reader who had figured out how to get LDAP authentication working by using the directions for authenticating to eDirectory on Linux. Here are those instructions:

1. First go in to ConsoleOne

You need to create an LDAP Proxy User and give it the relevant permissions.

  1. In the Organizational Unit where the LDAP Server and LDAP Group objects are, create a new user called ldapproxy, don't give it a home directory and leave the password blank.
  2. View the properties of the new user. Across the top, click on the restrictions tab.
  3. In the password restrictions uncheck 'Allow user to change password' and 'Require a password.'
  4. Apply the changes and close the user.
  5. Right click the tree root and choose 'Trustees of this object.'
  6. Click Add trustee. Now traverse down the tree and find the LDAP proxy user you just created, select the user and click OK.
  7. Now you will have a box titled 'Rights assigned to selected objects' and two Properties in the box already '[Entry rights]' and '[All Attribute Rights]'. Click 'Add Property.'
  8. You will see a list of properties; the ones we need are not in the list by default. You need to check the box 'Show all properties,' click on 'CN' and press OK. You will see CN added to the list of properties.
  9. Repeat this process with the following attributes:
    • Description
    • O
    • OU
    • Object Class
    • dc
    • gecos
    • gidNumber
    • homeDirectory
    • loginShell
    • memberUid
    • uidNumber
    • uniqueID
  10. Once they are added to the properties, click OK and the LDAP proxy user will be added to the trustees list.
  11. Now find your 'LDAP Group' object and view the properties. You will see an empty box titled 'Proxy user name. Put the LDAP proxy user you have just created here (ensure you specify the full context).
  12. Click Apply and close out.
  13. Finally view the properties on the 'LDAP Server' object and the click the 'Refresh NLDAP Server Now' button.

2. Now you must configure your NDS user account for Linux Logon

  1. Find your user account in ConsoleOne and view the properties.
  2. The fourth tab across is titled 'UNIX Profile.' Click this tab. In the User ID box you must specify a unique number for all your users. I have the following in the fields:
    User Id: 10001 Note: Must be unique for every user
    Primary Group: 100 Note: This is the standard linux users group.
    Login Shell: Bash /bin/bash
    Home Directory: /home/*Username*
  3. Click Apply and Close. Repeat for any other users you need to authenticate.

3. In NLD Administration Settings

  1. From Network Services, Choose LDAP client.
  2. Click the 'Use LDAP' radio button.
  3. In the 'LDAP Base DN' field I have: ou=Users,ou=Bedwas,o=Peters. Enter your own context here.
  4. In the 'Addresses of LDAP Servers' box put the IP Address of your NetWare server.
  5. Check the 'LDAP TLS/SSL' box.
  6. In the Advanced Configuration screen have 'Enable LDAP Users to Log In' checked, and nothing else.
  7. Click Next and you will return to LDAP Client Configuration screen. Click Finish.

4. Automatic home directory creation

The final step is to enable automatic home directory creation.

  1. Open the file '/etc/pam.d/login' in text editor and add the following line above the first line beginning 'session':

    session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022

  2. Now open the file '/etc/pam.d/xdm' in text editor and add the following line above the first line beginning 'session':

    session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022

  3. Now open the file '/etc/pam.d/gdm' (if you are using kde the file will be called kdm) in text editor and add the following line above the first line beginning 'session':

    session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022

This all worked perfectly!

Next I wanted to create and use home directories on the server.

I went to NFSAdmin in ConsoleOne and shared the root of the users' home directory structure. I then went to YAST / NFS Client and figured out that in order to mount an NFS share I needed to create a local folder to *import* the NFS share into, so I created a folder called *NET_Users* on the local drive and imported the NFS share. This, however, did not work. So back to the forums and docs.

I soon stumbled onto the fact that you need to set NFS shares to specific client(physical box) or use an *** to set the share to *all*. This allowed NLD to import the directory structure at boot without error. However NLD kept creating the users home directory in the */Home* folder on the local drive ignoring the network path. I soon realized that the *Unix Profile* home directory path needed to point to the imported share mounted as *NET_Users* on the NLD box. i.e. /NET_Users/Username.

Now with some minor mods to any Linux install you can authenticate and use an eDirectory user and its home directory.



Informacja z serwisu http://www.djack.com.pl