e-mail   
 Menu
  Home
  Download
  Top 10 Downloads
  Last 15 New Files
  Web Links
  Tips
  Last 15 New Tips
  NLM Programming
  Admins Club





SUPLA System
Internet of Things




Installation and Administration






Polish Forum SUSE


 
Who's Online

 There are currently,
24 guest(s)
that is (are) online.
 


Technical Information

Back to List of Categories

Technical Information about
  A Little YaST Magic
  A Slideshow for Your KDE Wallpaper
  Add Novell Support to Your Firefox Search Engine
  Adding To The Panels In Gnome.
  Akregator - RSS News Reader
  An Introduction to WBEM and OpenWBEM in SUSE LINUX
  Authenticating SUSE LINUX to eDirectory via LDAP
  Basic Mounting Differences between Windows and Linux
  Beginner's Guide to Using Novell SUSE LINUX's Build Utility
  Browsing Files
  Card Readers on SUSE LINUX 9.2 Professional?
  Changing the Default Browser in Gnome
  Developing Perl CGI scripts on SUSE LINUX
  Do I Have Permission?
  Double SYNC -- Using RSYNC Simultaneously With and Without Branch Office for Data Backup
  Dumb Question: Mounting Linux CDs
  Easy Command-Line Introduction
  Easy Way to Debug SSL Connections
  Enabling an Interactive Startup in Novell/SUSE LINUX
  Exploring MySQL 4.1 and PHP 5 on SUSE LINUX
  Extend Your Panels Using Gnome Drawers.
  Firefox Speed Tip
  Fix Java Errors With ConsoleOne On Linux
  Fix Your Mouse Wheel...
  Gimp -- Closing In on Photoshop...
  Gimp Tips Part 1: Resizing Images
  Gimp Tips Part 2: Rounding Corners
  Gimp Tips Part 3: Fading Photography Edges
  Gimp Tips Part 4: Selective Colorization
  Gimp Tips Part 5: Plugins a Plenty - Adding Light
  Gimp Tips Part 6: Using The Clone Tool
  Google Auto-fill Replica for Linux
  How a Corrupted USB Drive Was Saved by GNU/Linux
  How to Implement Login Scripts into a Pure Linux Environment
  How to install and connect an External Modem on a Linux PC
  How to Install the Novell Client for Linux on SUSE Linux 10.0
  How to launch applications at login in Gnome
  How to Remote Control Linux
  How to setup a Linux application to automatically startup when you login.
  How to share Files and Printers Between Linux and MS Windows with Samba
  How to uninstall the Novell Client for Linux
  How to upgrade the Novell Client for Linux
  How to use SMB without turning off the firewall
  How's the Weather?
  HTML Development Tools in Linux
  Informative Bash Prompt
  Install and Use QEMU on SUSE 9.2
  Install Linux Frequently, Without the Hassle
  Installing Apache, PHP, and MySQL on SUSE LINUX Professional
  Installing RPM Files
  Integrating Novell Linux Desktop into a Novell NetWare network
  Introduction to Oracle 10g R1 (10.1.0.3) on SUSE LINUX Professional 9.3
  iPrint Printers on Novell Linux Desktop
  Linux Scheduling Priorities Explained
  Make a Misbehaving Program Quit
  Manually Mounting a USB Flash Drive in Linux
  Migrating To Linux, Advantages Over Windows 9.x And XP
  Minimize Your Maximizing with Multiple Desktops
  Mounting NetWare Volumes On NLD Illustrated
  Move Your /home to Another Computer
  Mozilla Mail Review
  Need a Backup?
  Novell Client Settings with Windows Terminal Server
  Novell Linux Desktop Equivalents of Windows Software - New and Improved
  Novell Linux Desktop System Upgrade How-To
  Partitioning Hard Drive for Linux Install
  Perform Remote SuSE Installations With Virtual Network Computing
  Quick Intro to Klipper
  Quick Shortcuts in The Gimp
  Reset Your Lost Root Password
  Resizing Your Gnome / KDE Panels
  Runlevels in SUSE LINUX
  Running Existing Win32 Applications on SUSE LINUX
  Service Command in /etc/init.d/
  Setting Shortcut Keys
  Setting up a Linux NFS Install Source for Your LAN
  Should I choose Novell Linux Desktop or SUSE LINUX Professional as my desktop?
  Starting Services From the Command Line On SuSE LINUX
  Sticky Notes for Gnome
  SUSE LINUX 9.3 Professional Review
  Sync Up The Taskbar and the Desktop in Gnome
  System Upgrade How-To
  Taking Screenshots in Linux
  The Basics of Messaging in the Cross-Platform GroupWise Client
  The Novell Client for Linux (beta).
  Transparent Panels in Gnome
  Trick Out Your KDE Desktop
  Understanding the YAST Software Module Options
  Updating Your Software with Red Carpet
  Using dsbk on Linux and Unix
  Using iFolder to Synchronize Firefox Bookmarks
  Using Multiple Swap Partitions In 2.4
  Using openSSH to Securely Access Remote Systems
  What FTP client should I use on Linux?
  What Is Logical Volume Management?
  What is so great about Firefox?
  Which Graphic Formats For What?
  Windows Shortcuts for Firefox Tabs on Linux
  Windows to Linux: A Beginner's Guide
  Windows Users Can Feel at Home Exploring Files in Linux
  WLAN interface as the Default
  Work With User Selection Icons In KDM
  YAST Online Update De-Mystified

Technical Information
 Authenticating SUSE LINUX to eDirectory via LDAP

Printer-friendly version

Posted: 23 Feb 2005

This article serves as a guide to help you authenticate SLES9/NLD 9.0 to eDirectory via LDAP. It corrects some of the inaccuracies in the current NLD 9 Implementation guide.

You can also download the article here: http://homepage.mac.com/hlouey/FileSharing55.html

Purpose

The purpose of this document is to give administrators a step-by-step guide to successfully configure Netware 6.5 so SLES9 and NLD clients can authenticate to eDirectory via LDAP. While this document has been tested only on SLES9 and NLD 9, it should not be too difficult adapt this solution for other Linux distributions.

Requirements

  • Netware 6.5 with Service Pack 2 installed
  • LDAP Server on Netware 6.5 configure and running
  • ConsoleOne 1.2 or later with the appropriate snap-ins installed
  • Appropriate clients installed
  • OpenSSL 0.9.6b or later
  • OpenLDAP 2.0.25 or later
  • Nss_ldap package installed

For this document my Netware 6.5 Server is configured as:

  • IP Address – 10.0.0.253
  • LDAP Server and Group Container – ou=melbourne,o=digitalairlines

Figure 1 - Sample configuration

To minimize pain, make sure SP2 is installed.

Server-side Configuration

Here are the steps to follow for server-side configuration:

1. Create a proxy user for LDAP.

Granted, you should be able to get authentication to work by setting up LDAP access via an anonymous login from the client side. However, I have found this has never successfully parsed back all of the required LDAP attributes from eDirectory to the Linux client.

2. Set a null password for this user and disable password changing.

3. Configure your LDAP Group for use with this proxy user as shown below.

Figure 2 - Proxy user for LDAP Group

4. Make sure your server's LDAP group has an assigned proxy user. Make the proxy user a trustee of [root] and give him Browse [Entry Rights], flag-inheritable.

5. Assign read and compare property rights for the following attributes:

CN
Description
O
OU
Object 
Class
dc
gecos
gidNumber
homeDirectory
loginshell
memberUid
uidNumber
uniqueID

Figure 3 - Property rights

LDAP User Trustee Assignments

1. Create a group for your UNIX users in eDirectory and add the appropriate settings to the UNIX profile tab.

Figure 4 - UNIX users group

Figure 5 - UNIX users group

2. Make sure your UNIX users are members of this group.

3. Create a user in eDirectory and modify the appropriate UNIX schema objects.

Figure 6 - Modifying eDirectory schema objects

4. When setting up the shell for your UNIX user, make sure the path of the intended shell matches the path that is in the file /etc/shells on your intended Linux client.

In the previous example, when asked to select Login Shell, you would select Other and type /bin/bash for the bourne shell. Leaving the default value for bourne shell in ConsoleOne will return an error at the time of login as its path to the bash shell does not match what is in /etc/shells.

Figure 7 - Login Shell data

5. Make sure your selected UNIX shell is in the above file.

6. Make your user a member of the Unix Group.

Testing

A quick way to test that the LDAP server is configured correctly and that your Linux workstation is able to see the correct LDAP attributes for successful authentication is to run the ldapsearch command line utility from your Linux workstation

Run ldapsearch –h 10.0.0.253 –x –b ou=melbourne,o=digitalairlines –s
 sub “(cn=geeko1)”

Figure 8 - ldapsearch results

ldapsearch Command-line Arguments

If successful, the command should return the UNIX schema objects from eDirectory. If unsuccessful, eDirectory authentication will not occur, and you'll need to go back and recheck all your eDirectory settings until it works properly.

Figure 9 - Successful search

Notice the gidNumber and uidNumber attributes have been parsed. as well as homeDirectory and loginShell. Congratulations - the hard part is over!

Client-side Configuration

In order to successfully login via LDAP, we now have to set up and configure the LDAP Client and PAM modules on our intended Linux client.

1. In SLES9 and NLD9 go to YAST -> Network Services -> LDAP Client.

Figure 10 - LDAP client configuration

2. In User Authentication, select Use LDAP.

3. Under LDAP Client, enter the full context to where your LDAP server and group objects are located, as well as the IP address of your LDAP Server.

4. Click Advanced Configuration.

Figure 11 - Advanced configuration screen

5. Under User and Group Settings, select Enable LDAP Users to Log In.

6. Under Access to LDAP Server, enter the full context to the container of your LDAP server and the full-distinguished name of your LDAP proxy user.

7. Click Configure User Management Settings.

8. You will be asked for the password of your proxy user. If the password is configured correctly, just press Enter.

9. Click Next twice to configure and exit the LDAP Client setup utility.

Setting Up the pam.d Files

1. Launch an editor with root privileges by pressing Alt-F2 and entering:

Kdesu gedit /etc/pam.d/login

2. Enter the root password.

3. Add the following to the bottom of the file:

session   required   pam_mkhomedir.so   skel=/etc/skel   

umask=0022

4. Repeat these steps for the /etc/pam.d/xdm and /etc/pam.d/gdm files.

Figure 12 - /etc/pam.d/login

Login via LDAP

If all is well, you should be able to log in with your eDirectory-created objects Appropriate home directories and desktop preference files should be created for you automatically.

Figure 13 - Login successful, with UID and GID variables displayed

Figure 14 - Proof that geeko1 does not exist on the local /etc/passwd file






Since 2003

Portal posiada akceptację firmy Novell Polska
Wszystkie materiały dotyczące produktów firmy Novell umieszczono za zgodą Novell Polska
Portal has been accepted by the Novell Polska
All materials concerning products of Novell firm are placed with Novell Polska consent.
NetWare is a registered trademark of Novell Inc. in the United States and other countries.
Windows is a trademark or a registered trademark of Microsoft Corporation in the United States and other countries.
Sybase is a registered trademark of Sybase Inc. in the United States of America.
Other company and product names are trademarks or registered trademarks of their respective owners.