When Linux User Management components are properly installed, administrators can use eDirectory and iManager to specify which users can access Linux computers on the network. iManager is the browser-based utility for managing eDirectory objects. It runs in a network browser such as Mozilla Firefox or Internet Explorer.
When you create user or group accounts in iManager, you are prompted to enable the User object or Group object for Linux User Management. You can also use iManager to enable existing User or Group objects for Linux.
You can launch iManager by entering the following command in the Address field of a network browser:
http://target_server/nps
Replace target_server with the IP address or domain name of the target server. You are prompted to provide the full context of the admin user (for example, admin.mycompany) and password.
After logging in to iManager, click Roles and Tasks icon on the top bar to ensure that you are in the Roles and Tasks view, then select Linux User Management in the navigation panel on the left.
Figure 3-1 Roles and Tasks View
The Linux User Management category in iManager contains links to help you complete the following tasks:
Enable users for Linux
Enable groups for Linux
Create a Unix Workstation object
Modify Linux/UNIX Configuration objects
Modify Linux Workstation objects
For users to log in by using eDirectory login credentials, the computer must be running Linux User Management components. These components can be installed as part of the operating system installation or can be added afterwards through an RPM.
During the Linux User Management installation, you are prompted to create a Linux Workstation object and place it in the network directory (eDirectory). You are also prompted to specify an existing object or create a new Linux/UNIX Config object in eDirectory.
NOTE:Typical networks require only one Linux/UNIX Config object in eDirectory.
To determine if a computer is running Linux User Management components:
Log in to the target computer.
Open a shell session.
Enter rpm -q novell-lum
This shows whether the Linux User Management software is installed.
Verify that the /etc/nam.conf file exists.
This shows whether Linux User Management is configured.
To view Linux workstations available through eDirectory:
In iManager, click Linux User Management > Modify Linux Workstation Object.
Click the Object Selector icon and browse the eDirectory tree.
Each Linux Workstation object represents a Linux computer on the network.
There might be existing eDirectory Group objects that already provide access to Linux computers on the network.
To view the Groups that can use eDirectory to log in to a Linux computer:
In iManager, click Linux User Management > Modify Linux Workstation Object.
Select a Linux Workstation object, then click OK.
Groups listed in the Group Membership field provide access to the selected Linux workstation.
To view the Linux computers that members of an eDirectory Group can log in to:
In iManager, click Groups > View My Groups.
Select a group, then click Edit.
From the drop-down list, select Linux Profile.
You can enable existing eDirectory users to log in to Linux computers by completing the Enable Users for Linux task.
In iManager, click Linux User Management > Enable Users for Linux.
Select the user (User object) to enable for Linux.
Assign the user to a group.
The group and its corresponding GID are assigned as the user's primary GID. If the selected user account already has a primary GID, this group's GID is assigned to the user as secondary.
You can choose one of three options to assign the user to a group:
Select an Existing eDirectory Group: If the Group object has not yet been enabled for Linux, use this option to extends the its properties to include Linux login attributes. You can click the Object Selector icon to browse the tree for an existing group.
Select an Existing Linux-Enabled Group: This option lets you select an existing eDirectory Group object, but if you use the Object Selector to browse, you can view and select only those Group objects already extended with Linux login attributes.
Create a New Linux-Enabled Group: This option lets you create a new eDirectory Group object. When it is created, the Group object is extended to include Linux login attributes.
Select the workstations that the group is to have access to.
Click Finish to apply the changes.
Users should now be able to use eDirectory user login credentials to log in to Linux computers running Linux User Management technology.