Setting Up Workstations to Use eDirectory Authentication

Before users can use their eDirectory usernames and passwords to log in, the SUSE

Linux Enterprise Desktop workstation must be configured with Linux User Management

components. You can set up eDirectory Authentication during the SUSE Linux Enterprise

Desktop installation, or you can use YaST to set it up anytime after installation.

To install and configure LUM during the SUSE Linux Enterprise Desktop installation,

select eDirectory LDAP as the authentication method on the User Authentication Method

page, then complete Step 3 (page 659) through Step 10 (page 661) below. If it is not already

installed, you will be prompted to install the yast2-linux-user-mgmt

package.


To install and configure LUM on a workstation that is already running:

1 On the workstation, launch the YaST Control Center.

GNOME: Click Computer > More Applications > YaST Control Center.

KDE: Click the menu button > System > YaST (Control Center).

2 Click Security and Users > Linux User Management.

3 Specify whether eDirectory is running on the computer itself ( Local System)

or on another computer on the network ( Remote System).


4 If eDirectory is running on a remote system, specify the remote system's IP

address.

5 (Optional) Specify the eDirectory admin name, context, and password, then

click Next.

The admin name and context must be entered in LDAP syntax, which uses a

comma instead of a period (for example, cn=admin,o=novell).

Configuring eDirectory Authentication 659

IMPORTANT

If you don’t have rights to create objects in the eDirectory tree, leave

these fields blank. Contact your eDirectory administrators, give them

the host name of your client, and ask them to create a LUM Workstation

object with your host name. You should also ask where you can

get a copy of the CA certificate for the LDAP server. You should place

this certificate in the /var/nam directory.

The name of the CA certificate matches the name of the “preferredserver”

entry in the /etc/nam.conf file and has a .der extension.

You can type namconfig get preferred-server to get the

name. For example, if namconfig get preferred-server returns

server.xyz.com, your certificate file name is .server.xyz.com

.der.

6 Specify the location of the Linux/UNIX Config object.


The Linux/UNIX Config object stores a list of the locations (contexts) where

Linux/UNIX Workstation objects reside on the network. It also controls the

range of numbers to be assigned as UIDs and GIDs when User and Group

objects are created. This object is created when LUM is configured on the

eDirectory server, and is usually located in an upper container of the eDirectory

tree (for example, o=novell). Contact your eDirectory administrator for

the context.

For more information, see “Understanding eDirectory Objects and Linux”

[http://www.novell.com/documentation/oes/lumadgd/

data/bx3sbv9.html] in the Novell Linux User Management Technology

Guide.

7 (Optional) Specify the location of the LUM Workstation object.

The LUM Workstation object represents the actual computer a user logs in

to. If you have rights to create objects in the eDirectory tree (that is, you were

able to specify the eDirectory admin name, context, and password in Step 5

(page 659)), this object is automatically created as part of the workstation

configuration and is usually placed in an Organization (O) or Organizational

Unit (OU) container in the eDirectory tree. You can also create a LUM

Workstation object by clicking Linux User Management > Create Linux

Workstation Object in iManager.

8 (Optional) If you have disabled anonymous binds to the LDAP server, specify

a proxy user name, context, and password that has rights to the LDAP tree.

9 Click Next to continue.

10 Select which login access methods should use eDirectory for authentication.


11 Click Finish.

Installing and configuring LUM technology sets up the SUSE Linux Enterprise

Desktop workstation to validate login requests against user account information

stored in eDirectory. Before users can log in, they must have eDirectory user

accounts created with iManager and extended for LUM, and their User objects

must be associated with the workstation they will log in to. See Section 34.2,

“Using iManager to Enable Users for eDirectory Authentication” (page 662)

for more information.

Subscribe to receive free email updates:

0 Response to "Setting Up Workstations to Use eDirectory Authentication"

Poskan Komentar