Novell®
www.novell.com
Administration Guide
ClientTM for Linux
novdocx (en) 13 May 2009
AUTHORIZED DOCUMENTATION
2.0 SP3
November 2009
Novell Client 2.0 SP3 for Linux Administration Guide
Legal Notices
Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and
specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims
any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.,
reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to
notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the
trade laws of other countries. You agree to comply with all export control regulations and to obtain any required
licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on
the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws.
You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the
Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on
exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export
approvals.
novdocx (en) 13 May 2009
Copyright © 2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied,
stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc., has intellectual property rights relating to technology embodied in the product that is described in this
document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S.
patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or
more additional patents or pending patent applications in the U.S. and in other countries.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the latest online documentation for this and other Novell products, see
the Novell Documentation Web page (http://www.novell.com/documentation).
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/
trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
novdocx (en) 13 May 2009
novdocx (en) 13 May 2009
4 Novell Client 2.0 SP3 for Linux Administration Guide
Contents
About This Guide 7
1 Understanding the Novell Client for Linux 9
1.1 Understanding How the Novell Client for Linux Differs from the Novell Client for Windows 2000/
XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.1.1 Installation and Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.1.2 Logging In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.1.3 User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.1.4 Login Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.1.5 Mapping Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.2 Understanding the Novell Client for Linux Virtual File System . . . . . . . . . . . . . . . . . . . . . . . . . 11
2 Configuring the Novell Client for Linux 13
novdocx (en) 13 May 2009
2.1 Using the Novell Client Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.1.1 Configuring Login Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.1.2 Configuring Map Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.1.3 Configuring Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.1.4 Configuring Tray Application Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.1.5 Configuring File Browser Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.1.6 Configuring OpenSLP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.2 Configuration Files for Preconfiguring the Novell Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.3 Server Side Configuration for Sending Messages from Client to Users and Groups. . . . . . . . 21
3 Managing Login 23
3.1 Setting Up Integrated Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.1.1 Installing and Enabling CASA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
3.1.2 Configuring Integrated Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
3.1.3 Enabling and Disabling Integrated Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.2 Setting Up Login Scripts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.3 Setting Up Login Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.4 Using OpenSLP to Simplify Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.4.1 Setting Up SLP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.4.2 Troubleshooting SLP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.4.3 Configuring SLP and the SUSE Firewall to Work with the Novell Client for Linux. . . 29
4 Managing File Security 33
4.1 Checking File or Folder Rights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.2 Changing Trustee Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.3 Adding a Trustee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.4 Removing a Trustee. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
4.5 Combining Multiple Trustees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
5 Security Considerations 39
5.1 Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5.2 Known Security Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Contents 5
5.3 Security Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
5.3.1 Identification and Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.3.2 Authorization and Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.3.3 Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.3.4 Security Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.4 New and Modified Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.4.1 Configuration Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5.4.2 PAM Login Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5.4.3 User Profile Startup Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5.4.4 KDE and GNOME Desktop Startup Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5.4.5 Installation Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5.5 Other Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
6 Troubleshooting Tips 45
6.1 Novell Client tray sometimes displays an error message on logging in to a desktop on which LUM
is configured. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
A The Novell Client for Linux Command Line Utilities 47
A.1 Shell Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
A.2 GUI Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
A.3 Using the Novell Client for Linux Man Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
novdocx (en) 13 May 2009
B Novell Client for Linux Man Pages 51
gnwlogin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
login.conf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
mapdrives.conf. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
ncl_install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
ncl_man . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
ncl_tray. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
nwconnections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
nwcopy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
nwflag. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
nwlogin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
nwlogout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
nwmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
nwpurge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
nwrights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
nwsalvage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
nwsend. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
StartupLogin.conf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
StartupMaps.conf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
C Documentation Updates 89
C.1 September, 2009 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
C.2 August, 2008 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
6 Novell Client 2.0 SP3 for Linux Administration Guide
About This Guide
This guide describes how to configure the Novell® ClientTM for Linux software.
Chapter 1, “Understanding the Novell Client for Linux,” on page 9
Chapter 2, “Configuring the Novell Client for Linux,” on page 13
Chapter 3, “Managing Login,” on page 23
Chapter 4, “Managing File Security,” on page 33
Chapter 5, “Security Considerations,” on page 39
Chapter 6, “Troubleshooting Tips,” on page 45
Appendix A, “The Novell Client for Linux Command Line Utilities,” on page 47
Appendix B, “Novell Client for Linux Man Pages,” on page 51
Appendix C, “Documentation Updates,” on page 89
novdocx (en) 13 May 2009
Audience
This guide is intended for network administrators.
Feedback
We want to hear your comments and suggestions about this manual and the other documentation
included with this product. Please use the User Comments feature at the bottom of each page of the
online documentation, or go to www.novell.com/documentation/feedback.html and enter your
comments there.
Documentation Updates
For the latest version of this documentation, see the Novell Client online documentation (http://
www.novell.com/documentation/linux_client/index.html).
Additional Documentation
For information on installing the Novell Client for Linux, see the Novell Client 2.0 SP3 for Linux
Installation Quick Start (http://www.novell.com/documentation/linux_client/ncl20sp3_installqs/
data/ncl20sp3_installqs.html).
For information on the Novell Client tray application, see the Novell Client 2.0 SP3 for Linux User
Guide.
For information on login scripts, see the Novell Login Scripts Guide.
Documentation Conventions
In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and
items in a cross-reference path.
®
A trademark symbol (
trademark.
, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
About This Guide 7
When a single pathname can be written with a backslash for some platforms or a forward slash for
other platforms, the pathname is presented with a backslash. Users of platforms that require a
forward slash, such as Linux or UNIX, should use forward slashes as required by your software.
novdocx (en) 13 May 2009
8 Novell Client 2.0 SP3 for Linux Administration Guide
1
Understanding the Novell Client
novdocx (en) 13 May 2009
for Linux
The Novell® ClientTM for Linux software allows users of Linux workstations or Linux servers to
access and use all of the services available on servers running Novell eDirectory
Client brings the full power, ease of use, manageability, and security of eDirectory to Linux
workstations and Linux servers. The Novell Client for Linux fully supports NetWare
eDirectory services and utilities on a Linux workstation or a Linux server, including security, file,
and print services through Novell iPrint.
This section contains the following information:
Section 1.1, “Understanding How the Novell Client for Linux Differs from the Novell Client
for Windows 2000/XP,” on page 9
Section 1.2, “Understanding the Novell Client for Linux Virtual File System,” on page 11
1.1 Understanding How the Novell Client for
Linux Differs from the Novell Client for Windows
2000/XP
Using the Novell Client for Linux differs in a few ways from using the Novell Client for Windows.
For users and network administrators who are familiar with the Novell Client for Windows,
knowing these differences can help the transition to Linux run more smoothly.
TM
. The Novell
®
, OES, and
1
Section 1.1.1, “Installation and Upgrades,” on page 9
Section 1.1.2, “Logging In,” on page 10
Section 1.1.3, “User Interface,” on page 10
Section 1.1.4, “Login Scripts,” on page 10
Section 1.1.5, “Mapping Volumes,” on page 10
1.1.1 Installation and Upgrades
The Novell Client for Linux can be installed and upgraded by using either YaST or an
installation script. For more information, see the Novell Client 2.0 SP3 for Linux Installation
Quick Start (http://www.novell.com/documentation/linux_client/ncl20sp3_installqs/data/
ncl20sp3_installqs.html).
There is no Automatic Client Upgrade available on Linux.
The Client Configuration Wizard lets you set up a configuration file that can be used to
preconfigure workstations during installation. For more information, see Section 2.2,
“Configuration Files for Preconfiguring the Novell Client,” on page 21.
Understanding the Novell Client for Linux
9
1.1.2 Logging In
When a user logs in to a local workstation and then opens a remote SSH session and logs in as
the same user, the network resources that user has rights to are available to the user.
The Novell Client for Linux can use the NMAS
NMAS login is not integrated in to the Novell Client for Linux login screen, so the default
login sequence cannot be set in the Novell Client Login screen.
The Novell Client for Linux uses OpenSLP, whereas the Novell Client for Windows uses
Novell’s implementation of SLP. The network administrator must set up OpenSLP before users
can look up trees, contexts, and servers using the Browse buttons in the Novell Client Login
window. If OpenSLP is not set up, the user must enter a username, tree, and context to connect
to the network. See Chapter 3, “Managing Login,” on page 23 for more information.
Because Linux uses OpenSLP, the implementation is different and the user’s experience is
different. For more information, see Section 3.4, “Using OpenSLP to Simplify Login,” on
page 27.
The Novell Client for Linux does not use the Dynamic Local User or Location Profiles that are
available in Windows.
TM
login method to authenticate. However, the
novdocx (en) 13 May 2009
1.1.3 User Interface
Both a graphical user interface and command line utilities are available to complete client actions
such as mapping drives, setting trustee rights, and copying files.
For information on using the graphical user interface, see the Novell Client 2.0 SP3 for Linux User
Guide. For information on using the command line utilities, see Appendix A, “The Novell Client for
Linux Command Line Utilities,” on page 47 and Appendix B, “Novell Client for Linux Man Pages,”
on page 51.
1.1.4 Login Scripts
Novell has ported the vast majority of login script functionality to the Linux platform. This means
that the login scripts you create in your network can be used for both Windows users and Linux
users with very little difference in functionality.
Some differences do exist, however. For example, mapped drives are implemented by creating
symbolic links and search drives are not available on Linux. Other small differences are created by
the inherent difference between Windows and Linux. All the differences and issues are listed in the
Novell Login Scripts Guide.
1.1.5 Mapping Volumes
On Windows, mapping volumes enables users to browse through the entire eDir tree. However, on
Linux, only the servers in the eDir tree and their respective volumes are listed under them.
10 Novell Client 2.0 SP3 for Linux Administration Guide
1.2 Understanding the Novell Client for Linux
Virtual File System
The Novell Client for Linux differs from previous Novell Clients to enable it to work on the Linux
platform. In Windows, the Novell Client loads a single binary that works on multiple operating
system platforms without modifications. The Novell Client on Linux uses a Virtual File System
provided by the base operating system itself which is a kernel module (
of the Linux kernel and a daemon (
running on the workstation for the client to connect to the network.
novfsd
) that runs in the user space. Both components must be
novfs.ko
) that runs as part
novdocx (en) 13 May 2009
Understanding the Novell Client for Linux 11
novdocx (en) 13 May 2009
12 Novell Client 2.0 SP3 for Linux Administration Guide
2
Configuring the Novell Client for
novdocx (en) 13 May 2009
Linux
This section explains two ways that you can configure the Novell® ClientTM for Linux settings on a
workstation. Both methods let you configure the file browser, protocol, login, tray application, and
SLP configuration settings available to Novell Client users.
Section 2.1, “Using the Novell Client Configuration Wizard,” on page 13
Section 2.2, “Configuration Files for Preconfiguring the Novell Client,” on page 21
Section 2.3, “Server Side Configuration for Sending Messages from Client to Users and
Groups,” on page 21
2.1 Using the Novell Client Configuration Wizard
The Novell Client for Linux includes a Novell Client Configuration Wizard to simplify the process
of configuring your Novell Client.
1 Launch the Novell Client Configuration Wizard by using either of the following methods:
Click > System Settings.
In YaST, click Network Services > Novell Client.
2 If you are not logged in as
root
, type the
root
password, then click OK.
2
3 Select the Client Configuration Wizard pages that contain the settings you want to configure.
You can configure the following settings:
Login
Configuring the Novell Client for Linux
13
Map
Protocol
Tray Application
File Browser
Service Location Protocol (OpenSLP)
4 Click Start Wizard.
5 Follow the instructions in the left panel to configure Novell Client settings.
6 Click Finish.
7 Restart the workstation to ensure that the settings take effect.
If you made changes to the Protocol Settings page or the Service Location Protocol (OpenSLP)
Settings page, you must reboot the machine for those changes to take effect.
novdocx (en) 13 May 2009
Any changes you make to the Novell Client settings are written to a set of configuration (
files in the
/etc/opt/novell/ncl
directory.
.conf
IMPORTANT: When Novell Client software is uninstalled, these configuration files are also
removed.
2.1.1 Configuring Login Settings
Use the Login Settings page in the Novell Client Configuration Wizard to configure the settings
available to users in the Novell Login dialog box.
Figure 2-1 Login Settings Page
)
14 Novell Client 2.0 SP3 for Linux Administration Guide
This page contains the following options:
novdocx (en) 13 May 2009
NMAS Authentication: Enables or disables Novell Modular Authentication Services
(NMAS
TM
) during login. NMAS authentication can add additional security to the network, but
if the network does not use NMAS, login might take additional time, so you can disable NMAS
authentication by disabling this setting. This option is selected by default.
Clear Previous User Name: Clears the previous username from the User Name field on the
Novell Login dialog box every time you open the dialog box.
Advanced Button: Enables or disables the Advanced button in the Login dialog box. This
option is selected by default.
Integrated Login: Enables the integrated login feature for the entire system. This is set by the
administrator and cannot be overridden by the user.
Display Integrated Login Results: When this option is disabled, all login scripts are run
silently and the script results window is not displayed, but login scripts are still processed.
Delete Integrated Login Profiles: Removes the existing login profiles for all users on this
workstation.
Default Tree: Specify the default tree that Login attempts to log in to. This setting is
overridden by the Login Dialog Tree history.
Default Context: Specify the default context that Login attempts to log in to. This setting is
overridden by the Login Dialog Context history.
For more information on using the Novell Login dialog box, see “Logging In to the Network” in the
Novell Client 2.0 SP3 for Linux User Guide.
2.1.2 Configuring Map Settings
Use the Map Settings page in the Novell Client Configuration Wizard to specify the directory on the
local workstation where symbolic links to network resources are created and to select the first letter
to use when creating these links.
Configuring the Novell Client for Linux 15
Figure 2-2 Map Settings Page
novdocx (en) 13 May 2009
This page contains the following options:
Map Link Default Location: Specify the path to the directory where Map creates symbolic
links to network resources. A value of %HOME (the default) causes Map to create symbolic
links in the user’s home directory.
First Network Drive: Select the first letter for Map to use when creating symbolic links to
network resources. This setting is used in commands such a
Map *1
or
Map next
.
2.1.3 Configuring Protocol Settings
Use the Protocol Settings page in the Novell Client Configuration Wizard to determine the level of
enhanced security support, select the providers to perform name resolution, and enable the Client to
obtain configuration information from your DHCP server.
16 Novell Client 2.0 SP3 for Linux Administration Guide
Figure 2-3 Protocol Settings Page
novdocx (en) 13 May 2009
This page contains the following options:
Name Resolution Providers: Select the providers to perform name resolution. Domain Name
System also uses the
in the active NCP
TM
/etc/hosts
connections. Service Location Protocol queries SLP for eDirectoryTM and
file. NetWare® Core ProtocolTM uses information contained
Bindery names.
NCP Signature Level: Specify the level of enhanced security support. Enhanced security
includes the use of a message digest algorithm and a per connection/per request session state.
The values are as follows:
0=Disabled
1=Enabled but not preferred
2=Preferred
3=Required
Changing the value of this setting to 2 or 3 increases security but decreases performance.
Dynamic Host Configuration Protocol (DHCP): If a DHCP server is set up on your network,
the DHCP server can inform the Novell Client of network-specific configuration information.
This information is made available when a user clicks the Tree, Context, or Server buttons on
the eDirectory tab of the Novell Login dialog box.
If you make changes to the Protocol Settings page, you must reboot the workstation for those
changes to take effect.
Configuring the Novell Client for Linux 17
2.1.4 Configuring Tray Application Settings
Use the Tray Application Settings page in the Novell Client Configuration Wizard to automatically
launch the Novell Client Tray Application when the desktop starts and to determine which options
are available to users on the Tray Application menu.
Figure 2-4 Tray Application Settings Page
novdocx (en) 13 May 2009
This page contains the following options:
Launch Tray Application: Select this option to automatically launch the Novell Client Tray
Application.
Tray Application Menu Options: Enables or disables the options available to users on the
Tray Application menu.
For more information, see “Using the Novell Client Tray Application” in the Novell Client 2.0 SP3
for Linux User Guide.
2.1.5 Configuring File Browser Settings
Use the File Browser Settings page in the Novell Client Configuration Wizard to specify which
Novell Client options are available to users when they right-click Novell file system directories or
files in a file manager, and which tabs are available on the Novell File, Folder, and Volume
Properties pages.
18 Novell Client 2.0 SP3 for Linux Administration Guide
Figure 2-5 File Browser Settings Page
novdocx (en) 13 May 2009
This page contains the following options:
Navigation Panel Icon (KDE only): Enables or disables the File Browser Navigation Panel
icon. This icon is displayed only in KDE.
Novell Properties: Enables or disables the Novell Properties menu option when users right-
click a Novell file system directory or file in a file manager.
Purge Novell Files: Enables or disables the Purge Novell Files menu option when users right-
click a Novell file system directory or file in a file manager.
Salvage Novell Files: Enables or disables the Salvage Novell Files menu option when users
right-click a Novell file system directory or file in a file manager.
File and Folder Information: Enables or disables the File Information and Folder
Information tabs on the File and Folder Properties pages (available when users right-click a
Novell file system directory or file in a file manager and then click Novell Properties).
Novell Rights: Enables or disables the Novell Rights tab on the File and Folder Properties
pages (available when users right-click a Novell file system directory or file in a file manager
and then click Novell Properties).
Vol u me I n fo r mat i on : Enables or disables the Volume Information tab on the Volume
Properties page (available when users right-click a Novell file system volume in a file manager
and then click Novell Properties).
Volume Statistics: Enables or disables the Volume Statistics tab on the Volume Properties page
(available when users right-click a Novell file system volume in a file manager and then click
Novell Properties).
Configuring the Novell Client for Linux 19
2.1.6 Configuring OpenSLP Settings
Use the Service Location Protocol (OpenSLP) Settings page in the Novell Client Configuration
Wizard to specify where and how the Client requests network services.
In an IP-only network, the Novell Client needs a way to resolve the eDirectory tree, context and
server names to an actual IP address of an eDirectory server that can provide authentication. On a
simple LAN, the client can send an IP broadcast to discover this information, but on a multisite
WAN, the SLP scope and Directory Agents must be listed.
Figure 2-6 Service Location Protocol (OpenSLP) Settings Page
novdocx (en) 13 May 2009
This page contains the following options:
Scope List: Specify the scopes that a user agent (UA) or service agent (SA) is allowed when
making requests or registering, or the scopes that a directory agent (DA) must support.
Directory Agent List: Specify the specific DAs that UA and SA agents must use. If this
setting is not used, dynamic DA discovery is used to determine which DAs to use.
Broadcast Only: Select this option to use broadcasting instead of multicasting. This setting is
not usually necessary because OpenSLP automatically uses broadcasting if multicasting is
unavailable.
SLP is designed to use IP multicasting; however, if any SLP Agent does not implement IP
multicasting, then all Agents must use broadcasting to reach that Agent. If a DA does not
support multicasting, we recommend using the Directory Agent List to configure that Directory
Agent rather than using this option.
If the network does not contain a DA, IP servers must use their own SAs to specify the services
that are available. If the SA does not support multicasting and if there are any services
advertised by that SA that are needed by the UA on this machine, then use the Broadcast Only
option.
20 Novell Client 2.0 SP3 for Linux Administration Guide
Broadcasting has the disadvantage of being limited to the local LAN segment.
Maximum Results: Specify a 32-bit integer giving the maximum number of results to
accumulate and return for a synchronous request before the time-out, or the maximum number
of results to return through a callback if the request results are reported asynchronously.
If you make changes to the Service Location Protocol (OpenSLP) Settings page, you must reboot
the workstation for those changes to take effect.
For more information, see Section 3.4, “Using OpenSLP to Simplify Login,” on page 27, SLP
Fundamentals (http://www.novell.com/documentation/edir873/qsedir873/data/aksciti.html), and the
OpenSLP (http://www.openslp.org) Web s ite.
2.2 Configuration Files for Preconfiguring the
Novell Client
novdocx (en) 13 May 2009
These configuration settings can be done using
client
Conf File Path and Name Configuration Settings
/etc/opt/novell/ncl/file_browser.conf
/etc/opt/novell/ncl/login.conf
/etc/novell/ncl/map.conf
/etc/opt/novell/ncl/protocol.conf
/etc/opt/novell/ncl/tray_app.conf
/etc/slp.conf
.
yast2
. It is handled by the rpm
File browser settings
Login settings
Map settings
Protocol settings
Novell Client Tray Application settings
SLP configuration settings
yast2-novell-
2.3 Server Side Configuration for Sending
Messages from Client to Users and Groups
For server side configuration, you must ensure the following:
If user groups are created in a context other than the default context, then the context must be
mentioned in the NDS configuration file
For instance, if a user group is created in the context
/etc/opt/novell/eDirectory/conf/nds.conf
xyz
(organization for example) but the
.
Configuring the Novell Client for Linux 21
novdocx (en) 13 May 2009
default context for the tree is
administrator must add the following line in the nds.conf file:
context=o=xyz
abc
, then to search for the groups from Novell client, the eDir
n4u.nds.bindery-
You must ensure that the nds daemon is restarted after the changes to the config file is
completed. To do this, issue the following command:
rcndsd restart
NOTE: You may specify upto 16 different contexts with n4u.nds.bindery-context. Each
context must be separated by ";". For example,
context=o=xyz;ou=eng,o=acme
When you send a message to a group using the
.
n4u.nds.bindery-
nwsend
command, you must specify only the
groupname and not the FQDN of the groupname. For example, if a group named mygroup is
created in context mycontext, then the mygroup groupname must be specified with the
command instead of mygroup.mycontext.
nwsend
22 Novell Client 2.0 SP3 for Linux Administration Guide
3
Managing Login
You can customize the client login environment with the following tasks to suit your network and
have greater control over what users can access during login:
Section 3.1, “Setting Up Integrated Login,” on page 23
Section 3.2, “Setting Up Login Scripts,” on page 26
Section 3.3, “Setting Up Login Restrictions,” on page 26
Section 3.4, “Using OpenSLP to Simplify Login,” on page 27
For more information, see “Logging In to the Network” and “Logging Out of a Network Location
(Server or Tree)” in the Novell Client 2.0 SP3 for Linux User Guide.
3.1 Setting Up Integrated Login
The Novell® ClientTM 2.0 for Linux provides a single, synchronized login to the SUSE® Linux
desktop or server and your Novell network. Users enter a name and password only once to access all
the resources they are authorized to use.
novdocx (en) 13 May 2009
3
IMPORTANT: The integrated login feature is not available if you log in as the
integrated login feature does not work if a workstation is set up to not ask for a password in the
display manager greeter.
For integrated login to work, the Novell Common Authentication Services Adapter (CASA) must be
installed and enabled. CASA is a common authentication and security package that provides a set of
libraries for application and service developers to enable single sign-on to an enterprise network.
Consider the following scenarios before setting up integrated login:
If Integrated Login is selected in Novell Client Configuration Wizard in YaST (System-Wide
Integrated Login) but the login profile is not saved by a user locally, then integrated login fails
as there is no profile to load at the time of login.
If System-Wide Integrated Login is selected and login profile is saved locally by the user, then
integrated login works.
If System-Wide Integrated Login is not explicitly enabled in YaST but login profile is saved
locally by the user, then integrated login works because the default behavior is to start
integrated login.
If System-Wide Integrated Login is disabled explicitly in YaST, then integrated login fails in all
scenarios.
If Integrated Login is enabled as mentioned in the above scenarios, then it will work after a system
reboot as well as after a logout and a login.
root
user, and the
Section 3.1.1, “Installing and Enabling CASA,” on page 24
Section 3.1.2, “Configuring Integrated Login,” on page 24
Section 3.1.3, “Enabling and Disabling Integrated Login,” on page 25
Managing Login
23
3.1.1 Installing and Enabling CASA
CASA is installed by default with SUSE Linux Enterprise Desktop 10 SP3, but it is not enabled.
Installing CASA
1 Launch the YaST Control Center.
GNOME: Click Computer > More Applications > System > YaST.
KDE: Click the menu button > System > YaST.
novdocx (en) 13 May 2009
2 If you are not logged in as
root
, type the
root
password, then click Continue.
3 Click Software in the left column, then click Software Management in the right column.
4 Click Search in the Filter drop-down list.
5 Type
6 Select the
casa
in the Search field, then click Search.
casa
packages for installation.
7 Click Accept to install all of the selected packages.
YaST displays the progress of the package installation.
8 (Conditional) If a message informs you that other package selections have been made to
resolve dependencies, click Continue.
9 (Conditional) If a message prompts you to insert a CD, put the CD in the CD drive, then click
OK.
10 After all the packages have been installed, click Close to close the YaST Control Center.
Enabling CASA
1 Launch the YaST Control Center.
GNOME: Click Computer > More Applications > System > YaST.
KDE: Click the menu button > System > YaST.
2 Click Security and Users in the left column, then click CASA in the right column.
3 Click Configure CASA, then click OK.
4 Click Finish to close the CASA Configuration Wizard.
3.1.2 Configuring Integrated Login
1 Use one of the following methods to open the Novell Login dialog box:
Click > Novell Login.
GNOME: Click Computer > More Applications > Novell Login.
KDE: Click the menu button > Novell Login.
2 Enter your username and password, then click Advanced.
3 Specify the tree, context, and server information for the server you want to connect to.
4 Click the Startup tab, then make sure Run Novell Client Login at Session Startup is selected (it
is selected by default).
24 Novell Client 2.0 SP3 for Linux Administration Guide
5 Select Save profile after the successful login to save the Novell Login dialog settings to be used
for all subsequent session logins.
You must have the User Name and Password fields and the Tree and Context fields on the
eDirectory tab filled out for this to be saved.
novdocx (en) 13 May 2009
IMPORTANT: An integrated login does not happen at the next session startup without a saved
profile.
6 (Optional) Click Load Profile to populate all fields in the dialog based on the saved settings.
7 (Optional) Click Clear Profile to remove the profile settings.
8 Click OK to log in to the server specified in Step 3.
The next time you log in to your SUSE Linux workstation, you also automatically log into the
Novell server specified in Step 3.
3.1.3 Enabling and Disabling Integrated Login
1 Launch the Novell Client Configuration Wizard by using either of the following methods:
Click > System Settings.
In YaST, click Network Services > Novell Client.
2 Select Login, then click Start Wizard.
3 On the Login Settings page, select or deselect Integrated Login.
This enables or disables the integrated login feature for the entire system. This is set by the
administrator and cannot be overridden by the user.
4 Select Display Integrated Login Results to display the Integrated Login Script Results window
when the user desktop is launched.
If this option is disabled, all login scripts are run silently and the Integrated Login Script
Results window is not displayed, but login scripts are still processed.
Managing Login 25
5 Select Delete Integrated Login Profiles if you want remove the existing login profiles for all
users on this workstation.
6 Click Finish.
3.2 Setting Up Login Scripts
When a user successfully logs in to the network, one or more login scripts are executed that
automatically set up the workstation environment. Login scripts are similar to batch files and are
executed by Novell Login. You can use login scripts to map drives to Novell file system volumes
and directories, display messages, set environment variables, and execute programs or menus.
Login scripts were originally created for use with the Novell Client for Windows. However, the
Novell Client for Linux can take advantage of the majority of the functionality available in
Windows. This means that the login scripts you created for Windows workstations can also be used
with Linux workstations without modification, so you need to administer only one set of login
scripts.
Because login scripts are very flexible and dynamic, offer a high degree of customization, and are
cross-platform, you should customize the scripts to optimize workstation login to your network. For
more information on setting up login scripts, see the Novell Login Scripts Guide.
novdocx (en) 13 May 2009
3.3 Setting Up Login Restrictions
Login restrictions are limitations on user accounts that control access to the network. These
restrictions can be set by an administrator in Novell iManager for each user’s eDirectory
object and include the following:
Requiring a password
You can specify its minimum length, whether it must be changed and how often, whether it
must be unique, and whether the user can change it.
Setting the number of logins with an expired password and the number of incorrect login
attempts allowed
When a user violates login restrictions by entering an incorrect password or exceeding the
number of logins with an expired password, the account is disabled and no one can log in using
that username. This prevents unauthorized users from logging in.
Setting account limits such as an account balance or expiration date
Limiting disk space for each user by specifying the maximum blocks available for each user on
a volume
Specifying the number of simultaneous connections a user can have
Specifying (by node address) which workstations users can log in on
Restricting the times when users can log in (you can assign all users the same hours or you can
restrict users individually)
TM
User
To manage user login restrictions:
1 Launch iManager by entering the following in the Address field of a network browser:
http://server_IP_address/iManager.html
2 Log in using your username and password.
26 Novell Client 2.0 SP3 for Linux Administration Guide
You have access only to those features you have rights to. To have full access to all Novell
iManager features, you must log in as Supervisor/Administrator of the tree.
3 Make sure you are in the Roles and Tasks view by clicking on the top button bar, then select
Users > Modify User in the navigation panel on the left.
4 Type the name and context of the User object you want to modify, or use the search feature to
find it, then click OK.
5 Click the Restrictions tab (or drop-down list, depending on the browser you are using).
novdocx (en) 13 May 2009
The following options appear. They open pages that display various properties:
Password Restrictions
Login Restrictions
Time Restrictions
Address Restrictions
Account Balance
Intruder Lockout
6 Make your changes, then click Apply to preview or OK to save.
3.4 Using OpenSLP to Simplify Login
The service location protocol (SLP) was developed so that networking applications such as the
Novell Client for Linux could discover the existence, location, and configuration of networked
services in enterprise networks. Without SLP, users must supply the hostname or network address of
the service that they want to access.
Managing Login 27
Loading...