Novell CLIENT FOR LINUX 1.2 - ADMINISTRATION User Manual
Novell Client for Linux 1.2 Administration Guide
Novell
ClientTM for Linux
novdocx (ENU) 01 February 2006
1.2
July 26, 2006
www.novell.com
ADMINISTRATION GUIDE
Legal Notices
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and
specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims
any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.
reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to
notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the
trade laws of other countries. You agree to comply with all export control regulations and to obtain any required
licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities
on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export
laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses.
Please refer to www.novell.com/info/exports/ for more information on exporting Novell software. Novell assumes no
responsibility for your failure to obtain any necessary export approvals.
Copyright © 2005-2006 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied,
stored on a retrieval system, or transmitted without the express written consent of the publisher.
novdocx (ENU) 01 February 2006
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this
document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S.
patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent
applications in the U.S. and in other countries.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the online documentation for this and other Novell products, and to get
updates, see www.novell.com/documentation.
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/
trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
novdocx (ENU) 01 February 2006
novdocx (ENU) 01 February 2006
Contents
About This Guide 7
1What’s New 9
2 Understanding the Novell Client for Linux 11
2.1 Understanding How the Novell Client for Linux Differs from the Novell Client for Windows 2000/
XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.2 Understanding the Novell Client for Linux Virtual File System. . . . . . . . . . . . . . . . . . . . . . . . . 12
2.2.1 Understanding When the Virtual File System Kernel Module Needs to Be Compiled 12
3 Configuring the Novell Client for Linux 15
3.1 Using the Novell Client Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.1.1 Configuring Login Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.1.2 Configuring Map Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.1.3 Configuring Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.1.4 Configuring Tray Application Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.1.5 Configuring File Browser Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.1.6 Configuring OpenSLP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.2 Using Configuration Files to Preconfigure the Novell Client . . . . . . . . . . . . . . . . . . . . . . . . . . 22
novdocx (ENU) 01 February 2006
4 Managing Login 25
4.1 Setting Up Integrated Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
4.1.1 Installing and Enabling CASA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
4.1.2 Configuring Integrated Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
4.1.3 Managing System Wide Integrated Login Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 27
4.2 Setting Up Login Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.3 Setting Up Login Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.4 Using OpenSLP to Simplify Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4.4.1 Setting Up SLP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4.4.2 Troubleshooting SLP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
5 Managing File Security 31
5.1 Checking File or Folder Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
5.2 Changing Trustee Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
5.3 Adding a Trustee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
5.4 Removing a Trustee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
5.5 Combining Multiple Trustees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
6 Security Considerations 37
6.1 Security Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
6.2 Known Security Threats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
6.3 Security Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
6.3.1 Identification and Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
6.3.2 Authorization and Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5
6.3.3 Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
6.3.4 Security Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
6.4 New and Modified Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
6.4.1 Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
6.4.2 PAM Login Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
6.4.3 User Profile Startup Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
6.4.4 KDE and GNOME Desktop Startup Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
6.4.5 Installation Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
6.5 Other Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
A Compiling the Novell Client Virtual File System Kernel Module 43
A.1 Installing the Required Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
A.2 Compiling the Novell Client Virtual File System Kernel Module . . . . . . . . . . . . . . . . . . . . . . . . 44
A.2.1 Compiling the Novell Client Virtual File System Kernel Module After a Kernel
Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
A.2.2 Compiling the Novell Client Virtual File System Kernel Module on Workstations Running
a Custom Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
B The Novell Client for Linux Commands 47
novdocx (ENU) 01 February 2006
B.1 Shell Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
B.2 GUI Utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
B.3 Using the Novell Client for Linux Man Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
C Documentation Updates 51
C.1 July 26, 2006 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
C.2 December 23, 2005 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
6 Novell Client for Linux 1.2 Administration Guide
About This Guide
This guide describes how to configure the Novell® ClientTM for Linux software.
• Chapter 1, “What’s New,” on page 9
• Chapter 2, “Understanding the Novell Client for Linux,” on page 11
• Chapter 3, “Configuring the Novell Client for Linux,” on page 15
• Chapter 4, “Managing Login,” on page 25
• Chapter 5, “Managing File Security,” on page 31
• Chapter 6, “Security Considerations,” on page 37
• Appendix A, “Compiling the Novell Client Virtual File System Kernel Module,” on page 43
• Appendix B, “The Novell Client for Linux Commands,” on page 47
• Appendix C, “Documentation Updates,” on page 51
novdocx (ENU) 01 February 2006
Audience
This guide is intended for network administrators.
Feedback
We want to hear your comments and suggestions about this manual and the other documentation
included with this product. Please use the User Comments feature at the bottom of each page of the
online documentation, or go to www.novell.com/documentation/feedback.html and enter your
comments there.
Documentation Updates
For the latest version of this documentation, see the Novell Client online documentation (http://
www.novell.com/documentation/linux_client/index.html) Web site.
Additional Documentation
For information on installing the Novell Client for Linux, see the “Novell Client for Linux 1.2
Installation Quick Start”
For information on the Novell Client tray application, see the Novell Client for Linux 1.2 User
Guide.
For information on login scripts, see the Novell Login Scripts Guide.
Documentation Conventions
In this documentation, a greater-than symbol (>) is used to separate actions within a step and items
within a cross-reference path.
A trademark symbol (
trademark.
®
, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
7
novdocx (ENU) 01 February 2006
8 Novell Client for Linux 1.2 Administration Guide
1
What’s New
The following are new features added to the Novell® ClientTM for Linux 1.2:
• The ability to edit login scripts from an option on the tray application menu.
novdocx (ENU) 01 February 2006
1
User authentication and access control are enforced (that is, users must be logged in to edit
their personal login scripts). eDirectory
when administrators do not want their users to be able to edit their personal login scripts. An
administrator can also configure the Novell Client for Linux to disallow the Edit Login Script
option so it is not displayed on the on the tray application menu.
For more information, see “Editing Your Login Script” in the Novell Client for Linux User
Guide.
• An integrated login feature that allows login profiles to be stored for use by subsequent
network login operations.
This functionality makes use of CASA (Common Authentication Services Adapter) for
persistent storage of credentials for a given realm. The overall concept is that if the Novell
Client for Linux 1.2 or later and CASA 1.6 or later are installed on the workstation, users can
have their eDirectory connections, login scripts, and startup drive mappings run when they
initially log in to the workstation. This authentication does not replace the workstation login; it
currently just augments it with eDirectory functionality.
Users must run the normal Novell Login from the tray application menu and save their
Novell Login settings. After saving the Novell Login settings, the next time the same user logs
in to the workstation, eDirectory authentication is automatic and the user’s login script runs at
startup.
For more information, see Section 4.1, “Setting Up Integrated Login,” on page 25.
TM
access control is enforced as well, which is useful
What’s New
9
novdocx (ENU) 01 February 2006
10 Novell Client for Linux 1.2 Administration Guide
2
Understanding the Novell Client
novdocx (ENU) 01 February 2006
for Linux
The Novell® ClientTM for Linux* software allows users of Linux workstations to access and use all
of the services available on servers running Novell eDirectory
power, ease of use, manageability, and security of eDirectory to Linux workstations. The Novell
Client for Linux fully supports NetWare
workstation, including security, file, and print services through Novell iPrint.
This section contains the following information:
• Section 2.1, “Understanding How the Novell Client for Linux Differs from the Novell Client
for Windows 2000/XP,” on page 11
• Section 2.2, “Understanding the Novell Client for Linux Virtual File System,” on page 12
®
, OES, and eDirectory services and utilities on a Linux
2.1 Understanding How the Novell Client for
Linux Differs from the Novell Client for Windows
2000/XP
Using the Novell Client for Linux differs in a few ways from using the Novell Client for Windows*.
For users and network administrators who are familiar with the Novell Client for Windows,
knowing these differences can help the transition to Linux run more smoothly.
TM
. The Novell Client brings the full
2
Installation and Upgrades
• The Novell Client for Linux can be installed and upgraded using either YaST or an installation
script. For more information, see the “Novell Client for Linux 1.2 Installation Quick Start”
• There is no Automatic Client Upgrade available on Linux.
• The Client Configuration Wizard lets you set up a configuration file that can be used to
preconfigure workstations during installation. For more information, see Section 3.2, “Using
Configuration Files to Preconfigure the Novell Client,” on page 22.
Logging In
• When a user logs in to a local workstation and then opens a remote SSH session and logs in as
the same user, the network resources that user has rights to are available to the user.
TM
• The Novell Client for Linux can use the NMAS
NMAS login is not integrated in to the Novell Client for Linux login screen, so the default
login sequence cannot be set in the Novell Client Login screen.
• The Novell Client for Linux uses OpenSLP, whereas the Novell Client for Windows uses
Novell’s implementation of SLP. The network administrator must set up OpenSLP before users
can look up trees, contexts, and servers using the Browse buttons in the Novell Client Login
window. If OpenSLP is not set up, the user must enter a username, tree, and context to connect
to the network. See Chapter 4, “Managing Login,” on page 25 for more information.
login method to authenticate. However, the
Understanding the Novell Client for Linux
11
Because Linux uses OpenSLP, the implementation is different and the user’s experience is
different. For more information, see Section 4.4, “Using OpenSLP to Simplify Login,” on
page 29.
• The Novell Client for Linux does not use the Dynamic Local User or Location Profiles that are
available in Windows.
User Interface
Both a graphical user interface and command line utilities are available to complete client actions
such as mapping drives, setting trustee rights, and copying files.
Login Scripts
Novell has ported the vast majority of login script functionality to the Linux platform. This means
that the login scripts you create in your network can be used for both Windows users and Linux
users with very little difference in functionality.
Some differences do exist, however. For example, mapped drives are implemented by creating
symbolic links and search drives are not available on Linux. Other small differences are created by
the inherent difference between Windows and Linux. All the differences and issues are listed in the
Novell Login Scripts Guide.
novdocx (ENU) 01 February 2006
2.2 Understanding the Novell Client for Linux
Virtual File System
The Novell Client for Linux differs from previous Novell Clients to enable it to work on the Linux
platform. In Windows, the Novell Client loads a single binary that works on multiple operating
system platforms without modifications. The Novell Client for Linux has a Virtual File System that
consists of a kernel module (novfs.ko) that runs as part of the Linux kernel and a daemon
(novfsd) that runs in the user space. Both components must be running on the workstation for the
client to connect to the network.
The daemon can run on any of the supported Linux platforms without modification. The kernel
module, however, is dependent on the kernel version and must be compiled to match the kernel on
the workstation. When the Novell Client is installed, it compiles the kernel module during the
installation process. If this process fails, the kernel module cannot load. It attempts to recompile
when the workstation is restarted.
2.2.1 Understanding When the Virtual File System Kernel
Module Needs to Be Compiled
The following is a list of the instances when you must compile the Novell Client Virtual File System
Kernel Module (novfs.ko):
• You installed the Novell Client and received an error message. This generally occurs because
all the required packages are not installed on a workstation. You must install these packages,
compile the Novell Client Virtual File System Kernel Module (novfs.ko), and restart the
workstation. See “System Requirements” in the Novell Client for Linux Installation Quick Start
for more information.
• You have previously compiled the Novell Client Virtual File System Kernel Module
(novfs.ko) and then made changes to the kernel.
12 Novell Client for Linux 1.2 Administration Guide
• You have a custom kernel of any of the supported versions.
®
• Kernel updates are automatically pushed to the workstation via Red Carpet
.
In all of these instances, you must recompile the Novell Client Virtual File System Kernel Module
(novfs.ko) to ensure that it is compatible with the Linux kernel version on your workstation.
However, when later shipping versions of SLED are provided by Novell, the Novell Client Virtual
File System Kernel Module (novfs.ko) is installed and you do not need to recompile it because
the module is included in the kernel.
For more information, see Appendix A, “Compiling the Novell Client Virtual File System Kernel
Module,” on page 43.
NOTE: If you patch the kernel for any reason, you must make sure that you have the required
packages that correspond to the kernel patch. For a list of the required packages, see “System
Requirements” in the Novell Client for Linux Installation Quick Start. The Novell Client for Linux
then recompiles when the workstation is restarted. Without the corresponding packages, the
recompile fails.
Under certain conditions, your version of novfs.ko could be rolled back when you install a new
kernel module. For example, if you download and install a patched version of novfs.ko, and then
later install an SLED 10 update to your kernel, the Novell Client Virtual File System Kernel Module
patch might be overwritten. You should then reinstall the novfs.ko patch and recompile the
kernel in order to ensure that the kernel module and the kernel are compiled.
novdocx (ENU) 01 February 2006
Understanding the Novell Client for Linux 13
novdocx (ENU) 01 February 2006
14 Novell Client for Linux 1.2 Administration Guide
3
Configuring the Novell Client for
novdocx (ENU) 01 February 2006
Linux
This section explains two ways that you can configure the Novell® ClientTM for Linux settings on a
workstation. Both methods let you configure the file browser, protocol, login, tray application, and
SLP configuration settings available to Novell Client users.
• Using the Novell Client Configuration Wizard (page 15)
• Using Configuration Files to Preconfigure the Novell Client (page 22)
3.1 Using the Novell Client Configuration Wizard
The Novell Client for Linux includes a Novell Client Configuration Wizard to simplify the process
of configuring your Novell Client.
1 Launch the Novell Client Configuration Wizard using either of the following methods:
• In the Novell Client tray application, click System Settings.
• In YaST, click Network Services > Novell Client.
2 Select the Client Configuration Wizard pages that contain the settings you want to configure.
3
You can configure the following settings:
• Login
• Map
• Protocol
• Tray Application
Configuring the Novell Client for Linux
15
• File Browser
• Service Location Protocol (OpenSLP)
3 Click Start Wizard.
4 Follow the instructions in the left panel to configure Novell Client settings.
5 Click Finish.
6 Restart the workstation to ensure that the settings take effect.
7 If you made changes to the Protocol Settings page or the Service Location Protocol (OpenSLP)
Settings page, reboot the machine for those changes to take effect.
Any changes you make to the Novell Client settings are written to a set of configuration (.conf)
files in the /etc/opt/novell/ncl directory. These files are then used by the Novell Client.
IMPORTANT: When the Novell Client software is uninstalled, these settings are not saved.
3.1.1 Configuring Login Settings
Use the Login Settings page in the Novell Client Configuration Wizard to configure the settings
available to users in the Novell Login dialog box.
novdocx (ENU) 01 February 2006
Figure 3-1 Login Settings Page
This page contains the following options:
• Advanced Button: Enables or disables the Advanced button in the Login dialog box. This
option is selected by default.
• NMAS Authentication: Enables or disables Novell Modular Authentication Services
TM
(NMAS
) during login. NMAS authentication can add additional security to the network, but
if the network does not use NMAS, login might take additional time, so you can disable NMAS
authentication by disabling this setting. This option is selected by default.
16 Novell Client for Linux 1.2 Administration Guide