Linux Enterprise Desktop workstation must be configured with Linux User Management
components. You can set up eDirectory Authentication during the SUSE Linux Enterprise
Desktop installation, or you can use YaST to set it up anytime after installation.
To install and configure LUM during the SUSE Linux Enterprise Desktop installation,
select eDirectory LDAP as the authentication method on the User Authentication Method
page, then complete Step 3 (page 659) through Step 10 (page 661) below. If it is not already
installed, you will be prompted to install the yast2-linux-user-mgmt
package.
To install and configure LUM on a workstation that is already running:
1 On the workstation, launch the YaST Control Center.
GNOME: Click Computer > More Applications > YaST Control Center.
KDE: Click the menu button > System > YaST (Control Center).
2 Click Security and Users > Linux User Management.
3 Specify whether eDirectory is running on the computer itself ( Local System)
or on another computer on the network ( Remote System).
4 If eDirectory is running on a remote system, specify the remote system's IP
address.
5 (Optional) Specify the eDirectory admin name, context, and password, then
click Next.
The admin name and context must be entered in LDAP syntax, which uses a
comma instead of a period (for example, cn=admin,o=novell).
Configuring eDirectory Authentication 659
IMPORTANT
If you don’t have rights to create objects in the eDirectory tree, leave
these fields blank. Contact your eDirectory administrators, give them
the host name of your client, and ask them to create a LUM Workstation
object with your host name. You should also ask where you can
get a copy of the CA certificate for the LDAP server. You should place
this certificate in the /var/nam directory.
The name of the CA certificate matches the name of the “preferredserver”
entry in the /etc/nam.conf file and has a .der extension.
You can type namconfig get preferred-server to get the
name. For example, if namconfig get preferred-server returns
server.xyz.com, your certificate file name is .server.xyz.com
.der.
6 Specify the location of the Linux/UNIX Config object.
The Linux/UNIX Config object stores a list of the locations (contexts) where
Linux/UNIX Workstation objects reside on the network. It also controls the
range of numbers to be assigned as UIDs and GIDs when User and Group
objects are created. This object is created when LUM is configured on the
eDirectory server, and is usually located in an upper container of the eDirectory
tree (for example, o=novell). Contact your eDirectory administrator for
the context.
For more information, see “Understanding eDirectory Objects and Linux”
[http://www.novell.com/documentation/oes/lumadgd/
data/bx3sbv9.html] in the Novell Linux User Management Technology
Guide.
7 (Optional) Specify the location of the LUM Workstation object.
The LUM Workstation object represents the actual computer a user logs in
to. If you have rights to create objects in the eDirectory tree (that is, you were
able to specify the eDirectory admin name, context, and password in Step 5
(page 659)), this object is automatically created as part of the workstation
configuration and is usually placed in an Organization (O) or Organizational
Unit (OU) container in the eDirectory tree. You can also create a LUM
Workstation object by clicking Linux User Management > Create Linux
Workstation Object in iManager.
8 (Optional) If you have disabled anonymous binds to the LDAP server, specify
a proxy user name, context, and password that has rights to the LDAP tree.
9 Click Next to continue.
10 Select which login access methods should use eDirectory for authentication.
11 Click Finish.
Installing and configuring LUM technology sets up the SUSE Linux Enterprise
Desktop workstation to validate login requests against user account information
stored in eDirectory. Before users can log in, they must have eDirectory user
accounts created with iManager and extended for LUM, and their User objects
must be associated with the workstation they will log in to. See Section 34.2,
“Using iManager to Enable Users for eDirectory Authentication” (page 662)
for more information.
0 Response to "Setting Up Workstations to Use eDirectory Authentication"
Posting Komentar