SUSE Linux Enterprise Desktop Documentation
Chapter 34. Configuring eDirectory Authentication / 34.2. Using iManager to Enable Users for eDirectory Authentication
PrevChapter 34. Configuring eDirectory Authentication34.3. Turning Off LUM and eDirectory AuthenticationNext

Using iManager to Enable Users for eDirectory Authentication

When Linux User Management components are properly installed, you can use eDirectory and iManager to specify which users can access SUSE Linux Enterprise Desktop computers on the network. iManager is the browser-based utility for managing eDirectory objects. It runs in a network browser such as Mozilla* Firefox*, Netscape* Navigator*, or Internet Explorer.

When you create user or group accounts in iManager, you are prompted to “LUM enable” the User object or Group object. You can also use iManager to enable existing User or Group objects for Linux.

Each time you configure a SUSE Linux Enterprise Desktop workstation for eDirectory authentication, eDirectory users that are LUM enabled must be associated with a workstation before they can log in from that workstation.

  1. Launch iManager by entering the following in the address field of a network browser: http:// target_server/nps/iManager where target_server is the IP address or domain name of the eDirectory server. You are prompted to provide the full context of the admin user (for example, admin.novell) and password.

  2. Make sure you are in the Roles and Tasks view by clicking Roles and Tasks Icon on the top button bar, then select Linux User Management in the navigation panel on the left.

  3. Click Enable Users for Linux, select the User object you want to enable, then click Next.

    When an eDirectory User object is extended to hold Linux user-login properties, it is said to be LUM enabled or enabled for Linux. When enabled for Linux, a user can simply access the Linux computer using Telnet, SSH, or other supported methods (see Step 9) and enter a username and password. The access request is redirected to find the appropriate username and login information stored in eDirectory.

    When extended for Linux, the eDirectory User object holds Linux-related properties, such as user ID, primary group ID, primary group name, location of home directory, and preferred shell.

  4. Assign the user to a group, then click Next.

    The group and its corresponding group ID are assigned as the user's primary GID. If the selected user account already has a primary GID, this group's GID is assigned to the user as secondary. You can choose any of the following ways to assign the user to a group:

    An Existing eDirectory Group

    If the Group object has not yet been enabled for Linux, its properties are extended to include Linux login attributes. You can click the Object Selector icon to browse the tree for an existing group.

    An Existing Linux-Enabled Group

    This option lets you select an existing eDirectory Group object. If you use the Object Selector to browse, you can view and select only those Group objects already extended with Linux login attributes.

    Create a New Linux-Enabled Group

    This option lets you create a new eDirectory Group object. When created, the Group object is extended to include Linux login attributes.

  5. Select the workstations that the users in the group should have access to, then click Next.

  6. Click Finish to apply the changes, then click OK.

    Users should now be able to use their eDirectory user login credentials to log in to their SUSE Linux Enterprise Desktop workstations.

PrevChapter 34. Configuring eDirectory AuthenticationHome34.3. Turning Off LUM and eDirectory AuthenticationNext