3.2 Using iManager to Enable Users for Linux Access

When Linux User Management components are properly installed, administrators can use Novell eDirectory and iManager to specify which users can access Linux computers on the network. iManager is the browser-based utility for managing eDirectory objects. It runs in a network browser such as Mozilla Firefox, Netscape Navigator, or Internet Explorer.

When you create user or group accounts in iManager, you are prompted to enable the User object or Group object for Linux User Management. You can also use iManager to enable existing User or Group objects for Linux.

3.2.1 Running iManager

You can launch iManager by entering the following command in the Address field of a network browser:

http://target_server/nps

where target_server is the IP address or domain name of the target server. You are prompted to provide the full context of the admin user (for example, admin.mycompany) and password.

After logging in to iManager, make sure you are in the Roles and Tasks view (by clicking Roles and Tasks icon on the top button bar), then select Linux User Management in the navigation panel on the left.

Figure 3-1 Roles and Tasks View

The Linux User Management category in iManager contains links to help you complete the following tasks:

  • Enable users for Linux

  • Enable groups for Linux

  • Create Unix Workstation Object

  • Modify Linux/UNIX Configuration objects

  • Modify Linux Workstation objects

3.2.2 Determining if a Computer Is Running Linux User Management

For users to log in by using eDirectory login credentials, the computer must be running Linux User Management components. These components can be installed as part of the operating system installation or can be added afterwards through an RPM.

During the Linux User Management installation, you are prompted to create a Linux Workstation object and place it in the network directory (eDirectory). You are also prompted to specify an existing object or create a new Linux/UNIX Config object in eDirectory.

NOTE:Typical networks require only one Linux/UNIX Config object in eDirectory.

To determine if a computer is running Linux User Management components:

  1. Log in to the target computer.

  2. Open a shell session.

  3. Enter rpm -q novell-lum

    This shows whether the Linux User Management software is installed.

  4. Verify that the /etc/nam.conf file exists.

    This shows whether Linux User Management is configured.

To view Linux workstations available through eDirectory:

  1. Launch iManager.

  2. Click Linux User Management > Modify Linux Workstation Object.

  3. Click the Object Selector icon and browse the eDirectory tree.

    Each Linux Workstation object Linux Workstation Object represents a Linux computer on the network.

There might be existing eDirectory Group objects that already provide access to Linux computers on the network.

To view the Groups that can use eDirectory to log in to a Linux computer:

  1. Launch iManager.

  2. Click Linux User Management > Modify Linux Workstation Object.

  3. Select a Linux Workstation object, then click OK.

    Groups listed in the Group Membership field provide access to the selected Linux workstation.

To view the Linux computers that members of an eDirectory Group can log in to:

  1. Launch iManager.

  2. Click Groups > View My Groups.

  3. Select a group, then click Edit.

  4. From the drop-down list, select Linux Profile.

3.2.3 Enabling eDirectory Users to Log In to Linux Computers

You can enable existing eDirectory users to login to Linux computers by completing the Enable Users for Linux task.

  1. Select the user (User object) to enable for Linux.

  2. Assign the user to a group.

    The group and its corresponding GID are assigned as the user's primary GID. If the selected user account already has a primary GID, this group's GID is assigned to the user as secondary.

    You can choose one of three ways to assign the user to a group:

    • Select an Existing eDirectory Group: If the Group object has not yet been enabled for Linux, using this option extends the its properties to include Linux login attributes. You can click the Object Selector icon to browse the tree for an existing group.

    • Select an Existing Linux-Enabled Group: This option lets you select an existing eDirectory Group object, but if you use the Object Selector to browse, you can view and select only those Group objects already extended with Linux login attributes.

    • Create a New Linux-Enabled Group: This option lets you create a new eDirectory Group object. When it is created, the Group object is extended to include Linux login attributes.

  3. Select the workstations that the group is to have access to.

  4. Click Finish to apply the changes.

Users should now be able to use eDirectory user login credentials to log in to Linux computers running Linux User Management technology.