How to set up Single Sign-On for Novell Client for Linux on SLED 11.0

  • 7005012
  • 10-Dec-2009
  • 29-Oct-2012


Novell Client for Linux 2.0 SP2 for SLED 11.0
SUSE Linux Enterprise Desktop 11


How to configure a SuSE Enterprise Linux Desktop (SLED) to perform local authentication to Linux and authentication through the Novell Client for Linux (NCL) to eDirectory in a single step. This configuration simplifies not only the user's login process but also the administration of user accounts. It also allows for login scripts to be configured and configuration information to be workstation independent.


How to configure Single Sign-On for the Novell Client for Linux on SLED 11.0

1.      Set up LUM authentication on SLED 11.0 from knowledge base article 7005008

2.      Install the Novell Client for Linux 2.0 SP2 for SLED 11.0 and SLED 11.0 SP1
For SLED 11.0 SP1
      a.   Install the Novell Client from the SLED 11.0 SP1 product CD
                   i.   Launch Yast ->Software Install
                   ii.  Choose "Patterns"
                   iv. Left click on "Novell Client for Linux"
                   v.  Right click in the right-hand window and select-all, then click install.
 For SLED 11.0 (Shipping)

a.       Download the Novell Client from

b.      Install the Novell Client either by using YaST or from a terminal.

c.       To Install the Novell Client from a terminal do the following:

                                                              i.      Mount the Novell Client ISO image.

#mount –o loop /home/joeuser/Desktop/ novell-client-2.0SP2-sled11-i586-CD1.iso /mnt

#cd /mnt

#./ncl_install install


d.      Start-up the tray icon without rebooting the workstation



3.      Setup the default tree and SLP

a.       Launch Yast

#yast2 novell-client


b.      Select the Login and Service Location Protocol option and click Start Wizard

c.       In the Default Tree field, specify the tree name and click Next.

d.      Fill out the Scope List and Directory Agent IP address.

e.       Click Next and then click Finish to close the Novel Client Configuration Wizard.

4.      Modify PAM configuration for Single Sign-On

a.       Open the appropriate PAM login file ( /etc/pam.d/gdm, /etc/pam.d/xdm, or /etc/pam.d/kdm) and do the following:

                                                              i.      Delete the line auth sufficient

                                                            ii.      Add the line auth sufficient use_first_pass

5.      Edit the /etc/opt/novell/ncl/login.conf file to allow Single Sign-On for PAM access by executing the following command in a terminal window as root:

#echo Allow_PAM_SSO=true >> /etc/opt/novell/ncl/login.conf


6.      Restart the workstation and login as the LUM user.


Additional Information

Example file for /etc/pam.d/gdm or xdm

auth      optional
auth      sufficient use_first_pass
account   sufficient
password  sufficient
session   optional
auth     include        common-auth
auth     required
account  include        common-account
password include        common-password
session  required
session  include        common-session