Posted: 15 Jun 2005
As I researched the use of Novell Linux Desktop (NLD) in a NetWare 6.5
Network, I became frustrated with the lack of documentation concerning using NLD
as a client to a NetWare server. I started out by scouring the Novell site for
Documentation TIDS and Cool Solutions. This search turned up very little. I
decided that I needed to figure out a path through NetWare's NFAP and LDAP tools
to create what I thought would be some crude connectivity. After working for a
little while on LDAP authentication I was guided by a fellow Forum reader who
had figured out how to get LDAP authentication working by using the directions
for authenticating to eDirectory on Linux. Here are those instructions:
1. First go in to ConsoleOne
You need to create an LDAP Proxy User and give it the relevant
permissions.
- In the Organizational Unit where the LDAP Server and LDAP Group objects
are, create a new user called ldapproxy, don't give it a home directory and
leave the password blank.
- View the properties of the new user. Across the top, click on the
restrictions tab.
- In the password restrictions uncheck 'Allow user to change password' and
'Require a password.'
- Apply the changes and close the user.
- Right click the tree root and choose 'Trustees of this object.'
- Click Add trustee. Now traverse down the tree and find the LDAP proxy user
you just created, select the user and click OK.
- Now you will have a box titled 'Rights assigned to selected objects' and
two Properties in the box already '[Entry rights]' and '[All Attribute
Rights]'. Click 'Add Property.'
- You will see a list of properties; the ones we need are not in the list by
default. You need to check the box 'Show all properties,' click on 'CN' and
press OK. You will see CN added to the list of properties.
- Repeat this process with the following attributes:
- Description
- O
- OU
- Object Class
- dc
- gecos
- gidNumber
- homeDirectory
- loginShell
- memberUid
- uidNumber
- uniqueID
- Once they are added to the properties, click OK and the LDAP proxy user
will be added to the trustees list.
- Now find your 'LDAP Group' object and view the properties. You will see an
empty box titled 'Proxy user name. Put the LDAP proxy user you have just
created here (ensure you specify the full context).
- Click Apply and close out.
- Finally view the properties on the 'LDAP Server' object and the click the
'Refresh NLDAP Server Now' button.
2. Now you must configure your NDS user account for Linux
Logon
- Find your user account in ConsoleOne and view the properties.
- The fourth tab across is titled 'UNIX Profile.' Click this tab. In the
User ID box you must specify a unique number for all your users. I have the
following in the fields:
User Id: |
10001 |
Note: Must be unique for every user |
Primary Group: |
100 |
Note: This is the standard linux users group. |
Login Shell: |
Bash /bin/bash |
|
Home Directory: |
/home/*Username* |
|
- Click Apply and Close. Repeat for any other users you need to
authenticate.
3. In NLD Administration Settings
- From Network Services, Choose LDAP client.
- Click the 'Use LDAP' radio button.
- In the 'LDAP Base DN' field I have: ou=Users,ou=Bedwas,o=Peters. Enter
your own context here.
- In the 'Addresses of LDAP Servers' box put the IP Address of your NetWare
server.
- Check the 'LDAP TLS/SSL' box.
- In the Advanced Configuration screen have 'Enable LDAP Users to Log In'
checked, and nothing else.
- Click Next and you will return to LDAP Client Configuration screen. Click
Finish.
4. Automatic home directory creation
The final step is to enable automatic home directory creation.
- Open the file '/etc/pam.d/login' in text editor and add the following line
above the first line beginning 'session':
session
required /lib/security/pam_mkhomedir.so skel=/etc/skel
umask=0022
- Now open the file '/etc/pam.d/xdm' in text editor and add the following
line above the first line beginning 'session':
session required /lib/security/pam_mkhomedir.so skel=/etc/skel
umask=0022
- Now open the file '/etc/pam.d/gdm' (if you are using kde the file will be
called kdm) in text editor and add the following line above the first line
beginning 'session':
session required
/lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022
This all worked perfectly!
Next I wanted to create and use home directories on the server.
I went to NFSAdmin in ConsoleOne and shared the root of the users' home
directory structure. I then went to YAST / NFS Client and figured out that in
order to mount an NFS share I needed to create a local folder to *import* the
NFS share into, so I created a folder called *NET_Users* on the local drive and
imported the NFS share. This, however, did not work. So back to the forums and
docs.
I soon stumbled onto the fact that you need to set NFS shares to specific
client(physical box) or use an *** to set the share to *all*. This allowed NLD
to import the directory structure at boot without error. However NLD kept
creating the users home directory in the */Home* folder on the local drive
ignoring the network path. I soon realized that the *Unix Profile* home
directory path needed to point to the imported share mounted as *NET_Users* on
the NLD box. i.e. /NET_Users/Username.
Now with some minor mods to any Linux install you can authenticate and use an
eDirectory user and its home directory.
|