Integrated Login?

[Ron Neilly]

Hi,

We are setting up some SLES 11 servers that will be used by multiple
students remotely (via FreeNX). Has anyone succeeded at setting up NCL with
Integrated Login?

Thanks,

Ron

[W_ Prindl]

If your linux users are edir users (LUM) it does not work - if they are
local users it can work but -of course - every local user can only have
one edir counterpart.

So if you have multiple student accounts, I'd say - not in a manageable
way doable.

--
W. Prindl

[Ron Neilly]

All of our users have accounts in eDir, and all of them have the schema
extensions for LUM. We are not currently using LUM to control authentication
and authorization. Currently we use standard PAM and LDAP for the initial
login to the workstation (ie at GDM/XDM, or via SSH). On our SLED stations
we also install the Novell Client for Linux and iPrint agent so the user can
then perform a second login to eDir to access file and print services.

For the SLED workstations this basically works, although it is much clumsier
than the Windows workstations (I love ZDM and DLU). We have tried to get the
NCL 'Integrated Login' function to work but have generally failed - and by
'we' I really mean not me but my Linux admin/guru.

Now please correct me if I am wrong, but you are saying that there is no way
to set up a SLES box in such a way that:

1. There are no local accounts,
2. eDir is used for Authentication/Authorization to the local workstation
3. Network resources (file, login scripts, print, etc) are setup with a
single login to the workstation.
4. The SLES box can be accessed remotely via NX or VNC using one's eDir
credentials.

If I am correct (and I hope I am not) - then that would mean that using an
all Novell solution is actually less capable (some would say broken) than
using a Novell/Microsoft solution (as in eDir+ZEN/DLU+WinXP). I am sure I
must be wrong because my mind boggles at the thought that Novell, with
complete ownership and control of the entire stack from SLES/SLED box to
OES/(NetWare or Linux) server and the complete Client stack inbetween cannot
produce an equivalent solution to running a mixed OS environment in which
they have no control over the workstation part of the stack (ie Windows).

Sorry for the long sentence - hope I am making sense and that I am wrong.

Thanks for setting me straight....

Ron

[W_ Prindl]

If you want integrated login this will most probably fail as you have
already discovered. If you can live with the fact, that you have to
login a second time for the Novell Client it could work. But personally
I seriously doubt, that this terminal server solution will work
flawlessly.

My experiences with the Novell Client are not really convincing in that
field, because behaviour changes between first and subsequent logins,
sometimes users get access to resources of another user even if this
other user has logged out before the new user logged in. These days
e.g. I have a problem to relogin via gdm after logging out of a
graphical session without bringing the pc down completely (even going
back to init 3 and restarting gdm with init 5 does not help).

IMHO the Novell client for linux is of far inferior quality compared to
the Novell windows clients and has many limitations and is not ripe for
production environments. It is definitely much less capable than the
Windows XP solution you mentioned. It is nice if you want to
occasionally connect to your NCP/NSS resources - for development,
testing and for IT Pros but not for normal users.

I am sure if I took away my (non techie) users their WinXP Desktop and
replaced it with a SLED11 Desktop with NCL their attitude towards Linux
would get much more worse, than it is now. You can only hope, that
there will come soon a solution, which had at least these basic things
sorted out, so that users do not get angry before they even open their
first document to work on it.
--
W. Prindl