1 / 91

SUSE Linux Enterprise Desktop Administration

SUSE Linux Enterprise Desktop Administration. Chapter 13 Integrate SUSE Linux Enterprise Desktop 10 into Existing Environments. Objectives. Objective 1—Integrate SUSE Linux Enterprise Desktop 10 into an OpenLDAP Environment

maurer
Download Presentation

SUSE Linux Enterprise Desktop Administration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SUSE Linux Enterprise Desktop Administration Chapter 13 Integrate SUSE Linux Enterprise Desktop 10 into Existing Environments

  2. Objectives • Objective 1—Integrate SUSE Linux Enterprise Desktop 10 into an OpenLDAP Environment • Objective 2—Integrate SUSE Linux Enterprise Desktop 10 into an Active Directory Environment • Objective 3—Integrate SUSE Linux Enterprise Desktop 10 into a Novell eDirectory Environment • Objective 4—Understand the Novell Client for Linux • Objective 5—Install and Configure Novell iFolder SUSE Linux Enterprise Desktop Administration

  3. Objective 1—Integrate SUSE Linux Enterprise Desktop 10 into an OpenLDAP Environment • OpenLDAP • The most popular Open Source LDAP • Provides applications and tools to control and query the server and to develop LDAP-based software • OpenLDAP authentication is frequently combined with NFS (Network File System) for file access SUSE Linux Enterprise Desktop Administration

  4. LDAP Basics • Directory • A specialized database that is optimized for reading, browsing, and searching • Contains descriptive, attribute-based information, and then supports sophisticated filtering • Directory services are tuned to give quick response to high-volume lookup or search operations • Directory services can be local or global • LDAP stores information in objects that can be associated to object classes SUSE Linux Enterprise Desktop Administration

  5. LDAP Basics (continued) • Classes determine which attributes an object can or must have • By including schemas, you are able to access predefined object classes • Each object is a collection of attributes that has a globally unique distinguished name (DN) • Attributes are typically mnemonic strings • The syntax of values depends on the attribute type • In LDAP, objects are arranged in a hierarchical tree structure SUSE Linux Enterprise Desktop Administration

  6. LDAP Basics (continued) • You can distinguish between two kinds of objects: • Container objects • Leaf objects • If you use LDAP for user management, the structure (DIT, Directory Information Tree) normally reflects one of the following: • Organizational structure (See Figure 13-1) • Domain system (See Figure 13-2) SUSE Linux Enterprise Desktop Administration

  7. Figure 13-1 LDAP organizational structure SUSE Linux Enterprise Desktop Administration

  8. Figure 13-2 LDAP domain system SUSE Linux Enterprise Desktop Administration

  9. YaST LDAP Client Module • YaST makes integrating clients into an existing LDAP structure very easy • Start YaST and select Network Services > LDAP Client • See Figure 13-3 • When you select Finish, the configuration changes are written to several files on the system, including: • /etc/security/pam_unix2.conf, /etc/ldap.conf, /etc/nsswitch.conf, and /etc/passwd SUSE Linux Enterprise Desktop Administration

  10. Figure 13-3 YaST LDAP Client Configuration dialog SUSE Linux Enterprise Desktop Administration

  11. Import File Systems Using NFS • Network file system basics • NFS is designed for sharing files and directories over a network • Requires configuration of an NFS server and NFS clients • Directories such as /home/, /opt/, and /usr/ are good candidates for export via NFS • Using NFS for home directories only makes sense with central user management • See Figure 13-4 SUSE Linux Enterprise Desktop Administration

  12. Figure 13-4 Mounting the /home/ directory SUSE Linux Enterprise Desktop Administration

  13. Import File Systems Using NFS (continued) • How NFS works • NFS is an RPC (Remote Procedure Call) service • An essential component of RPC services is the portmapper • Manages the services and needs to be started first • When an RPC service starts up, it binds to a port in the system • NFS supports file locking, which means that only one user at a time has write access to files SUSE Linux Enterprise Desktop Administration

  14. Import File Systems Using NFS (continued) • Configure NFS client access with YaST • NFS directories exported on a server can be mounted in the file system tree of a client • The easiest way to do this is to use the YaST NFS Client module • To use YaST to configure the NFS client, start the YaST Control Center and then select Network Services >NFS Client • See Figure 13-5 SUSE Linux Enterprise Desktop Administration

  15. Figure 13-5 YaST NFS Client Configuration dialog SUSE Linux Enterprise Desktop Administration

  16. Import File Systems Using NFS (continued) • Exercise 13-1: Import Network File System (NFS) • In this exercise, create an /import/sled10 directory and use it as a mount point to import the /export/sled10 directory from da1 using NFS • Create an /etc/fstab entry to mount the directory automatically at boot time • You can use the command-line interface or YaST to do this SUSE Linux Enterprise Desktop Administration

  17. Import File Systems Using NFS (continued) • Mount home directories automatically • The /usr/sbin/automount program • Mounts directories when needed and unmounts them after some time when not needed any longer • The primary configuration of automount is contained in /etc/auto.master • The /etc/auto.misc file shows what can be configured • To start autofs, enter (as root) in a terminal window the rcautofs start command • rcautofs status lists the configured and the active mount points SUSE Linux Enterprise Desktop Administration

  18. Import File Systems Using NFS (continued) • Mount home directories automatically (continued) • The automounter creates the /misc directory when it is started • The automounter can be used for home directories as well SUSE Linux Enterprise Desktop Administration

  19. OpenLDAP and Automounter • The automounter usually reads its information from the /etc/auto.master file • As well as the files referenced within that file • Using files on clients is cumbersome when changes affecting many clients need to be made • The files on all clients have to be modified • If the information is kept within the LDAP directory, the information must be updated in only one place • The automounter queries the LDAP directory for automount information SUSE Linux Enterprise Desktop Administration

  20. Exercise 13-2: Integrate a SLED 10 into an LDAP Environment • In this exercise, you integrate your SUSE Linux Enterprise Desktop 10 into an LDAP environment for authentication and activate the automounter SUSE Linux Enterprise Desktop Administration

  21. Objective 2—Integrate SUSE Linux Enterprise Desktop 10 into an Active Directory Environment • Microsoft Active Directory (AD) • A directory service based on LDAP, Kerberos, and other services • Used by Microsoft Windows to manage resources, services, and people • Provides information on these objects, restricts access to them, and enforces policies • Shares provided by Windows file servers use the Server Message Block (SMB) protocol • Can be accessed with the help of Samba SUSE Linux Enterprise Desktop Administration

  22. Use Active Directory to Authenticate Users • Benefits of using SLED in an Active Directory environment • Offline authentication • Windows password change • Single-sign-on through Kerberized applications • Background information for Linux AD support • The most common components needed are shown in Figure 13-7 SUSE Linux Enterprise Desktop Administration

  23. Figure 13-7 The most common components for Linux AD support SUSE Linux Enterprise Desktop Administration

  24. Use Active Directory to Authenticate Users (continued) • Background information for Linux AD support (continued) • Protocols shared by the client with the server: • LDAP • Kerberos • Client components process account and authentication data: • Winbind • NSS (Name Service Switch) • PAM (Pluggable Authentication Modules) SUSE Linux Enterprise Desktop Administration

  25. Use Active Directory to Authenticate Users (continued) • Join an Active Directory domain • During domain join, the server and the client establish a secure relationship • The following tasks need to be performed: • The Windows domain controller providing both LDAP and KDC (Key Distribution Center) services is located • A machine account for the joining client is created in the directory service • An initial ticket granting ticket (TGT) is obtained for the client and stored in its local Kerberos credential cache • NSS and PAM configurations are adjusted to enable the client to authenticate against the domain controller SUSE Linux Enterprise Desktop Administration

  26. Use Active Directory to Authenticate Users (continued) • Join an Active Directory Domain (continued) • Domain login and user homes • The login managers of GNOME and KDE have been extended to allow the handling of AD domain login • User authentication is mediated by a number of PAM modules • The Windows error codes are translated into appropriate user-readable error messages • Offline service and policy support • To enable users to log in to a disconnected machine, extensive caching was integrated into the winbind daemon SUSE Linux Enterprise Desktop Administration

  27. Use Active Directory to Authenticate Users (continued) • Configure a Linux client for Active Directory • Before your client can join an AD domain, you must make some adjustments to your network setup • To ensure a flawless interaction of client and server • These adjustments affect: • DNS • NTP • DHCP • Firewall • AD account SUSE Linux Enterprise Desktop Administration

  28. Use Active Directory to Authenticate Users (continued) • Log in to an AD domain • If your machine has been configured to authenticate against Active Directory and you have a valid Windows user identity: • You can log in to your machine using the AD credentials • Login is supported for both desktop environments (GNOME and KDE), the console, SSH, and any other PAM-aware application SUSE Linux Enterprise Desktop Administration

  29. Use Active Directory to Authenticate Users (continued) • Change passwords • SLED 10 has the ability to help a user choose a suitable new password • Must meet the corporate security policy • The underlying PAM module retrieves the current password policy settings from the domain controller • GDM and KDM provide feedback about password expiration and prompt for new passwords • To change your Windows password, you can use the standard Linux utility, passwd • Instead of having to manipulate this data on the server SUSE Linux Enterprise Desktop Administration

  30. Exercise 13-3: Join an Active Directory Domain • In this exercise, set your DNS name resolution to point to the Windows 2003 Server and join an Active Directory Domain using your SUSE Linux Enterprise Desktop 10 computer SUSE Linux Enterprise Desktop Administration

  31. Import File Systems Using Samba • Understand Samba • Server Message Block (SMB) protocol • A network protocol that provides file and print services in a Windows network • Samba enables Linux to use SMB so that Linux can be integrated in a Windows environment • SMB services are provided by the NetBIOS protocol • NetBIOS makes its own namespace available • Can be accessed with the Universal Naming Convention (UNC) notation SUSE Linux Enterprise Desktop Administration

  32. Import File Systems Using Samba (continued) • Understand Samba (continued) • You can use Samba for the following purposes: • Browse shared files and folders with SMB • Share files and folders with SMB • Access and manipulate user data on the Windows Server • Use Nautilus to access and create Samba shares • Use Nautilus to access Samba shares • See Figure 13-10 SUSE Linux Enterprise Desktop Administration

  33. Figure 13-10 Use Nautilus to access Samba shares SUSE Linux Enterprise Desktop Administration

  34. Import File Systems Using Samba (continued) • Use Nautilus to access and create Samba shares (continued) • Use Nautilus to share directories using Samba • Samba needs to run on the computer and the Samba configuration has to permit users to share directories • To start Samba, enter rcnmb start; rcsmb start • Now a user can share directories that he or she owns • See Figures 13-12 and 13-14 SUSE Linux Enterprise Desktop Administration

  35. Figure 13-12 Sharing directories with the Nautilus file manager SUSE Linux Enterprise Desktop Administration

  36. Import File Systems Using Samba (continued) Figure 13-14 Dialog informs you if changes to the permissions of the directory are necessary SUSE Linux Enterprise Desktop Administration

  37. Import File Systems Using Samba (continued) • Use Nautilus to access and create Samba shares (continued) • Use Samba command-line tools to access shares • Use nmblookup • You can resolve NetBIOS names into IP addresses with the nmblookup tool • Use smbclient • You can access SMB shares on the network with the smbclient tool • Browse shares provided by an SMB server • Access files provided by an SMB server SUSE Linux Enterprise Desktop Administration

  38. Import File Systems Using Samba (continued) • Use Nautilus to access and create Samba shares (continued) • Use Samba command-line tools to access shares (continued) • Mount SMB shares into the Linux file system • You can mount a share into the file system like a hard disk partition or a CD-ROM drive • The basic mount command: mount -t cifs //Fileserver/data /mnt SUSE Linux Enterprise Desktop Administration

  39. Exercise 13-4: Mount Geeko’s Share • In this exercise, you mount a Samba share on a Linux system • Mount the home directory on da1 of Geeko to the /mnt directory on your computer SUSE Linux Enterprise Desktop Administration

  40. Objective 3—Integrate SUSE Linux Enterprise Desktop 10 into a Novell eDirectory Environment • You can use Novell Linux User Management (LUM) to configure SLED 10 workstations on your network • Users can log in to them using their Novell eDirectory usernames and passwords • Using LUM and eDirectory to manage user login information • Eliminates the need to create local users in the /etc/passwd and /etc/shadow files • The user account information stored in eDirectory lets users access file and printer resources SUSE Linux Enterprise Desktop Administration

  41. Set Up eDirectory Authentication • Activate Linux User Management on workstations • Before users can use their eDirectory usernames and passwords to log in • You must configure the SUSE Linux Enterprise Desktop workstation with Linux User Management components • See Figure 13-16 • Use Novell iManager to enable users for eDirectory Authentication • Use eDirectory and Novell iManager to specify which users can access SUSE Linux Enterprise Desktop computers on the network SUSE Linux Enterprise Desktop Administration

  42. Figure 13-16 The User Authentication Method page SUSE Linux Enterprise Desktop Administration

  43. Set Up eDirectory Authentication (continued) • Use Novell iManager to enable users for eDirectory authentication (continued) • Novell iManager • The browser-based utility for managing eDirectory objects • Runs in a network browser such as Mozilla Firefox, Netscape Navigator, or Internet Explorer • When you create user or group accounts in Novell iManager • You are prompted to ‘‘LUM enable’’ the User object or Group object SUSE Linux Enterprise Desktop Administration

  44. Turn Off eDirectory Authentication • You can permanently turn off the ability to accept logins from eDirectory • By removing the LUM software from the workstation • You can temporarily disable eDirectory authentication by stopping the namcd daemon • To stop namcd, open a shell window and enter rcnamed stop • To turn on eDirectory authentication and LUM, open a shell window and enter rcnamed start SUSE Linux Enterprise Desktop Administration

  45. Objective 4—Understand the Novell Client for Linux • This section contains the following information: • Understanding the Novell Client for Linux Virtual File System • Configuring the Novell Client for Linux • Using Configuration Files to Preconfigure the Novell Client SUSE Linux Enterprise Desktop Administration

  46. Understanding the Novell Client for Linux Virtual File System • The Novell Client for Linux has a Virtual File System • Consists of a kernel module (novfs.ko) that runs as part of the Linux kernel and a daemon (novfsd) that runs in the user space • Both components must be running on the workstation for the client to connect to the network SUSE Linux Enterprise Desktop Administration

  47. Using the Novell Client Tray Application • Starting and stopping the Novell Client Tray application • Select to see the menu Figure 13-17Novell Client Tray menu SUSE Linux Enterprise Desktop Administration

  48. Using the Novell Client Tray Application (continued) • Logging in to the network • When you log in to the network, you gain access to directories and files • As well as other services provided by network servers • See Figure 13-18 • Running Novell login scripts during login • When you successfully log in to the network, one or more login scripts are executed • Login scripts can be used to automatically map drives and search drives to directories, display messages, set environment variables, and execute programs SUSE Linux Enterprise Desktop Administration

  49. Figure 13-18 Novell Client for Linux login dialog SUSE Linux Enterprise Desktop Administration

  50. Using the Novell Client Tray Application (continued) • Logging out of a network location (server or tree) • You can log out of a network location in either of the following ways: • To log out of all existing connections, select >Novell Logout >Logout • If you are logged in to multiple trees and want to log out of a specific server or tree, select > Novell Connections, select the tree or server that you want to log out of, and then select Detach • Viewing your network connections • Novell Connections allows you to see what servers and trees you are logged in to SUSE Linux Enterprise Desktop Administration

More Related