Lab Exercise 6.2: Implementing LUM

 <  Day Day Up  >  

In this lab, you're going to configure LUM to redirect user authentication to eDirectory. Complete the following steps:

  1. Start iManager by opening a web browser and navigating to https :// your_server's_IP_address /nps/iManager.html.

  2. Authenticate to iManager as your admin user with a password of novell .

  3. Create a group in your IF.CLE container named IFEmployees .

    1. In iManager, scroll down to the eDirectory Administration role and select Create Object .

    2. In the Available Object Classes field, select Group .

    3. Click OK .

    4. In the Group Name field, enter IFEmployees .

    5. In the Context field, enter IF.CLE .

    6. Click OK .

    7. When prompted that the group has been created, click OK .

    8. When prompted to convert the group to a LUM group, click Cancel . We'll convert the group at a later point.

  4. Populate the IFEmployees group with all the users in the IF container by following these steps:

    1. In iManager, select Modify Object .

    2. In the Object Name field, enter IFEmployees.IF.CLE .

    3. In the drop-down list, select Members .

    4. In the Members field, browse to and select each user in the IF container except for the eGuide, iFolder, and admin user objects.

    5. Click OK .

  5. Repeat this process to create a group object named SLCEmployees in the SLC.CLE container. Make each user in the SLC container a member of the group.

  6. Convert the IFEmployees and the SLCEmployees groups to LUM groups by completing the following steps:

    1. In the left frame, scroll down to the Linux User Management role.

    2. Select Convert eDirectory Group to LUM Group .

    3. In the Select Group field, browse to and select the IFEmployees group.

    4. Select OK .

    5. When prompted to select the workstations you want the group added to, select Linux Workstations .

    6. In the Linux Workstations field, browse to and select your UNIX Workstation “ CLE1 object, located in the IF.CLE container.

    7. Click OK .

    8. When prompted that the LUM group was created, select Repeat Task .

    9. Repeat these steps to convert the SLCEmployees.SLC.CLE group to a LUM group.

    10. When prompted that SLCEmployees.SLC.CLE has been converted, click OK .

  7. Convert each user in the IF.CLE container to a LUM user by completing the following steps:

    1. Under the Linux User Management role, select Convert eDirectory User to LUM User .

    2. In the Select User field, browse to and select the first user in your IF.CLE container.

      Warning

      Don't convert your admin user object.

    3. Click OK .

    4. When prompted to specify the primary group for the user, browse to and select your IFEmployees group in IF.SLC.

    5. Deselect the option to convert the user to a Samba user object.

    6. Click OK .

    7. Select Repeat Task .

    8. Repeat these steps for each user in the IF container except for the eGuide, iFolder, and admin user objects.

  8. Repeat these steps to convert each user in the SLC.CLE container to LUM a user. Besure to associate these users with the SLCEmployees.SLC.CLE group.

Now it's time to test the system to verify that LUM is working properly. You will first use iMonitor to configure a directory services trace. Then you will log in as users in your tree and verify that eDirectory was used for authentication. Complete the following steps:

  1. Configure a trace so you can observe authentication requests by completing these steps:

    1. Open a second browser window and navigate to https:// your_server_IP_address :8010/nds.

    2. Authenticate to iMonitor as admin with a password of novell .

    3. Select the Trace Configuration icon at the top of the screen.

    4. Select Clear All .

    5. Under the DS Trace Options heading, check Authentication .

    6. Select Trace On .

    7. In the left frame under Trace , select Trace History and then select the Trace icon at the top of the screen. The DS Trace screen should be displayed, as shown in Figure 6.18.

      Figure 6.18. DS Trace.

      graphics/06fig18.jpg


  2. Try to authenticate as CGrayson.IF.CLE by completing the following steps:

    1. Switch to a shell prompt by pressing Ctrl+Alt+F2 if you are running in a graphical environment. If you are working from the text-based shell prompt without the X Window System, press Alt+F2 .

    2. At the login prompt, enter CGrayson and supply a password of novell . You should see a message indicating that a new home directory is being created in /home for CGrayson.

    3. At the shell prompt, enter env . Notice that the shell being used is the sh shell. When we converted the user objects over to LUM users, we didn't configure the default shell, so the system defaulted to sh.

    4. At the shell prompt, enter logout .

    5. Switch back to the main console by pressing Alt+F7 if you're using the X Window System or Alt+F1 if you're working with only text-based consoles.

    6. Check your trace results by selecting Update in iMonitor.

    7. Scroll down and locate the authentication event for CGrayson, as shown in Figure 6.19.

      Figure 6.19. DS Trace results.

      graphics/06fig19.jpg


    8. Close your iMonitor browser window.

  3. Reconfigure your CGrayson user object to use the bash shell by completing the following steps:

    1. In iManager, select Modify Object under eDirectory Administration .

      Warning

      If it's been more than a few minutes since you last used iManager, you may need to reauthenticate as your admin user.

    2. In the Object Name field, browse to and select the CGrayson.IF.CLE user object.

    3. Click OK .

    4. In the drop-down list, select Linux Profile Page .

    5. In the Login Shell field, enter /bin/bash .

    6. Click OK .

    7. Switch back to the alternate server console by pressing Ctrl+Alt+F2 or Alt+F2 .

    8. Authenticate as CGrayson with a password of novell .

    9. At the shell prompt, enter env . You should see that the default shell has changed to the bash shell.

    10. Enter logout and switch back to your first console by pressing Ctrl+Alt+F7 or Alt+F1 .

Congratulations! You've successfully configured your Linux system to use eDirectory for authentication. Because of the way the /etc/nsswitch.conf file is configured, you can still use users from the passwd file (such as root and student) as well as eDirectory users from your tree.

 <  Day Day Up  >  


Novell Certified Linux Engineer (CLE) Study Guide
Novell Certified Linux Engineer (Novell CLE) Study Guide (Novell Press)
ISBN: 0789732033
EAN: 2147483647
Year: 2004
Pages: 128
Authors: Robb H. Tracy

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net