How to set up LUM on SLED 11.0

  • Document ID:7005008
  • Creation Date:10-Dec-2009
  • Modified Date:17-Jul-2013
    • Micro Focus Products:
      Client for Open Enterprise Server (Novell Client)
    • SUSE Products:
      SUSE Linux Enterprise Desktop

Environment

SUSE Linux Enterprise Desktop 11
Novell Client for Linux 2.0 SP2

Situation

How to set up Linux User Management on SLED 11.0.

Resolution

Step-by-Step instructions on how to set up LUM on SLED 11.0

  1. The following rpm versions or newer are required for LUM authentication.
    • novell-lum-2.2.0.16-92.21.1
    • yast2-linux-user-mgmt-2.14.1-217.36

  2. Determine which of the needed modules are already installed on the workstation.
    • The version numbers above may be different than the ones listed on your workstation.

#rpm -q rpm -q novell-lum yast2-linux-user-mgmt
package novell-lum is not installed
package yast2-linux-user-mgmt is not installed

  1. Install the rpm modules currently not installed on the workstation.

# yast -i novell-lum

# yast -i yast2-linux-user-mgmt

  1. Check to see if /etc/pam.d/pam_nam_sample exists.

#ls /etc/pam.d/pam_nam_sample 

    • If the file does not exist, create it and insert the following contents.

#vi /etc/pam.d/pam_nam_sample

           

auth      sufficient  pam_nam.so

account   sufficient  pam_nam.so

password  sufficient  pam_nam.so

session   optional    pam_nam.so

  1. Redirect Linux authentication on the workstation to eDirectory using yast2

#yast2 linux-user-mgmt

o    Select Remote System and fill in the required information.

 

o    Enter the context for where the Unix config object will be created or already exists.  Using this object, LDAP searches for the LUM User, LUM Group, and LUM Workstation objects, therefore it must be at the same level or higher than the LUM objects being searched for. Each tree should only have one Unix config object unless there is a concern of traffic going across the WAN. Check to see if you have a Unix config object in your tree.

#ldapsearch -x -h <IP Address of  Server> "(cn=UNIX Config)" | grep dn

o   Enter the LUM workstation context.  This will create a Linux Workstation object in the container specified. Each workstation that is being setup using LUM will be required to have such an object. Each user will then be assigned rights to that specific workstation object.

 

o    The following screen displays what services will be enabled for LUM authentication such as GDM, for Gnome desktops and KDM for KDE desktops. Click Finish. 

 

 

o    After clicking finish, if an error regarding authentication appears, please do the following on the LDAP to resolve it and then re-run Yast2.

#ldapconfig set "Require TLS for Simple Binds with Password=no"<IP Address of LDAP Server>

o    After clicking finish, if an error regarding authentication appears, please do the following on the LDAP server to resolve it.

#  ldapconfig set "Require TLS for Simple Binds with Password=no" -p <IP Address of LDAP Server>

6.      LUM enable users to allow access to a Linux workstation.

    • Users are required to have posix account information to login to Linux. In other words uid, gid, home directory, and shell are required.
    • Either iManager with the LUM plugin or namgroupadd and namuseradd can be used to manager LUM objects.
      • Enable users for LUM using iManager.

1. In iManager, On the left-hand side, choose Linux User Management.

2. Choose Enable Users for Linux.

3. Browse to an eDirectory User and click next

4. Select a LUM enabled group and click next. If one does not exist create one.

5. Browse for the Unix workstation object created earlier and click next.

6. Click Finish.

      • For enabling LUM users using namgroupadd and namuseradd see Linux User Management documentation or the man pages.
    • The LUM enabled users should now resolve on the SLED 11.0 workstation.
      • Verify that LUM users resolve on the Linux workstation.

#id joelum
uid=603(joelum) gid=602(lumgroup) groups=602(lumgroup)