Documente Academic
Documente Profesional
Documente Cultură
Administration
Manual
3104
www.novell.com
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Legal Notices
Novell, Inc., makes no representations or warranties with respect to the contents
or use of this documentation, and specifically disclaims any express or implied
warranties of merchantability or fitness for any particular purpose. Further,
Novell, Inc., reserves the right to revise this publication and to make changes to
its content, at any time, without obligation to notify any person or entity of such
revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any
software, and specifically disclaims any express or implied warranties of
merchantability or fitness for any particular purpose. Further, Novell, Inc.,
reserves the right to make changes to any and all parts of Novell software, at any
time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be
subject to U.S. export controls and the trade laws of other countries. You agree to
comply with all export control regulations and to obtain any required licenses or
classification to export, re-export or import deliverables. You agree not to export
or re-export to entities on the current U.S. export exclusion lists or to any
embargoed or terrorist countries as specified in the U.S. export laws. You agree
to not use deliverables for prohibited nuclear, missile, or chemical biological
weaponry end uses. See the Novell International Trade Services Web page (http:/
/www.novell.com/info/exports/) for more information on exporting Novell
software. Novell assumes no responsibility for your failure to obtain any
necessary export approvals.
Copyright 2009 Novell, Inc. All rights reserved. No part of this publication
may be reproduced, photocopied, stored on a retrieval system, or transmitted
without the express written consent of the publisher.
Novell, Inc., has intellectual property rights relating to technology embodied in
the product that is described in this document. In particular, and without
limitation, these intellectual property rights may include one or more of the U.S.
patents listed on the Novell Legal Patents Web page (http://www.novell.com/
company/legal/patents/) and one or more additional patents or pending patent
applications in the U.S. and in other countries.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the latest online documentation for
this and other Novell products, see the Novell Documentation Web
page (http://www.novell.com/documentation).
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://
www.novell.com/company/legal/trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Contents
Introduction
Course Design
Course Objectives
10
Course Audience
10
11
Classroom Agenda
11
Course Setup
12
Exercise Guidelines
SECTION 1
Objective 1
Exercise 1-1
Objective 2
Exercise 1-2
Objective 3
Exercise 1-3
SECTION 2
Objective 1
Exercise 2-1
Objective 2
Exercise 2-2
Version 1
10
12
13
Exercise Conventions
13
Workbook
14
Course Feedback
14
15
16
Configure X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Activate Compiz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Activate Compiz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Customize the GNOME User Interface
24
User-Defined Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Default Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Customize the GNOME User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Customize Applications
30
OpenOffice.org 3.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Firefox. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Customize Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Summary
36
37
38
43
gconf-editor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
gconftool-2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Set Mandatory Values for Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 3
Exercise 2-3
Objective 4
Exercise 2-4
47
47
48
52
57
58
58
61
63
65
Summary
66
69
Objective 1
70
Objective 2
SECTION 3
Exercise 3-1
73
Connect to Wired Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Specify Connection Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Access Wired Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Objective 3
Objective 4
Configure VPN
Exercise 3-2
Objective 5
79
Connect to a Wireless Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Configure Your Wireless Card as an Access Point. . . . . . . . . . . . . . . . . . . . . . . . . 81
83
87
Configure GSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Configure CDMA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Objective 6
SECTION 4
91
Summary
93
95
Objective 1
Objective 2
Exercise 4-1
Configure DSL
96
IPv6 Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
IPv6 Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
IPv6 Address Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
101
IPv6 Autoconfiguration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting an IPv6 Address Using YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Managing IPv6 Addresses Using the Command Line Tools . . . . . . . . . . . . . . . .
Connecting to Other IPv6 Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
101
102
105
105
111
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
SECTION 5
Objective 1
Summary
112
113
114
Exercise 5-1
Exercise 5-2
Objective 3
Exercise 5-3
SECTION 6
Objective 1
124
124
134
134
136
138
139
147
149
150
Exercise 6-1
Objective 3
Exercise 6-2
Exercise 6-3
Objective 4
Exercise 6-4
Version 1
160
Installing the Novell Client for Linux on SLED 11 . . . . . . . . . . . . . . . . . . . . . . . 160
Install the Novell Client for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Configuring the Novell Client on SLED 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Authenticating to eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Mapping Directories to Server Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Logging Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting SLP Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Novell Client for Linux Shell Commands . . . . . . . . . . . . . . . . . . . . . . . . .
Configure the Novell Client for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Integrated Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Integrated Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use Novell iPrint on SLED 11
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
184
184
186
191
192
196
198
198
203
204
204
209
210
213
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 5
214
SECTION 7
Objective 1
Exercise 7-1
Objective 2
Exercise 7-2
Objective 3
Exercise 7-3
Exercise 7-4
SECTION 8
Objective 1
214
216
217
224
229
234
234
235
235
237
239
241
242
LDAP Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
YaST LDAP Client Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OpenLDAP and Automounter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Integrate a SLED 11 into an LDAP Environment. . . . . . . . . . . . . . . . . . . . . . . . .
Printing to CUPS Printers
242
245
247
249
250
Configure CUPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Change Your Printer Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Manage Print Jobs and Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Understand How CUPS Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Manage Printers from the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
250
268
268
275
281
Summary
282
285
286
Exercise 8-1
Objective 3
Exercise 8-2
291
300
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 4
307
SECTION 9
Objective 1
Exercise 9-1
Objective 2
Exercise 9-2
SECTION 10
Objective 1
Exercise 10-1
Objective 2
Exercise 10-2
SECTION 11
Objective 1
Summary
308
309
Use Banshee
310
Import Music. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Play Your Music . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Ripp Your Music . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Listen to Internet Radio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Listen to Podcasts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use Banshee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use Moonlight
311
313
314
315
316
318
319
322
Configure Email
323
324
324
324
337
353
354
Installing Novell GroupWise Client for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Using the GroupWise Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
Install and Configure the GroupWise Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Summary
373
375
376
Exercise 11-1
Objective 3
Exercise 11-2
Version 1
381
381
382
384
385
386
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 4
Exercise 11-3
Exercise 11-4
Objective 5
Exercise 11-5
Objective 6
Exercise 11-6
Objective 7
Exercise 11-7
Objective 8
Exercise 11-8
Objective 9
Exercise 11-9
Objective 10
390
Create Branches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use an if Control Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Create Loops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use a while Loop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use Arithmetic Operators
399
402
405
408
411
415
SECTION 12
Objective 1
390
394
394
398
415
415
416
416
417
419
421
Summary
423
427
428
Exercise 12-1
Objective 3
437
Objective 4
438
Exercise 12-2
432
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
441
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Introduction
Introduction
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Course Design
The following provides information about the design of the course to help you
evaluate whether or not this course provides the type of SLED 11 training you need
(in a classroom environment or for self-study):
Course Objectives
This course teaches SUSE Linux Enterprise Desktop 11 theory as well as practical
application with hands-on labs of the following SUSE Linux Enterprise Desktop 11
Administration topics:
1.
2.
3.
4.
5.
6.
7.
8.
9.
Course Audience
This course is addressed to administrators that are CLA11-certified (or those who
have a comparable Linux administration knowledge) and who now want to gain indepth knowledge on tasks a Linux administrator has to perform routinely on
SLED11.
10
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Introduction
As with all Novell certifications, course work is recommended. To achieve the Novell
CLDP 11 certification, you are required to pass the Novell CLDP 11 exam.
The following illustrates the training and testing path for Novell CLDP11:
Figure Intro-1
NOTE: For more information about Novell certification programs and certification exams, see
Novells certification website (http://www.novell.com/training/certinfo/).
Classroom Agenda
This course is designed to be taught as a 5-day course with the following basic
agenda:
Table Intro-1
Course Agenda
Day 1
Version 1
Module
Duration (hh:mm)
Introduction
00:30
02:30
03:00
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
11
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Day 2
Day 3
Day 4
Day 5
Module
Duration (hh:mm)
04:30
02:00
03:00
03:30
03:00
02:00
00:30
Configure Email
01:00
05:30
01:00
Course Setup
The setup in this course are based on running a SLED 11 called DA-HOST. On DAHOST runs a virtual server with four virtual machines:
DA1. A SUSE Linux Enterprise Server 11. This virtual machine provides
services you need for the exercises (like DNS).
DA-SLED. A SLED 11 workstation. This virtual machine is used to test and use
services during various exercises.
Exercise Guidelines
The following information provides guidelines to help you make the most of the
exercises provided in this course:
12
Workbook on page 14
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Introduction
DA1. A SUSE Linux Enterprise Server 11. This virtual machine provides
services (like DNS) you need for the exercises.
Exercise Conventions
The exercises use conventions that indicate information you need to enter that is
specific to your server.
The following describes the most common conventions:
italicized/bolded text. This represents a variable value, such as the host name of
your server.
For example, if the host name of your server is DA3 and you see the following:
hostname.da.com
you would enter
DA3.da.com
Select. The word select is used in exercise steps to indicate a variety of actions
including clicking a button on the interface and selecting a menu item.
Enter and Type. The words enter and type have distinct meanings.
The word enter means to type text in a field or type text at a command line
prompt and press the Enter key. The word type means to type text without
pressing the Enter key.
If you are directed to type a value, make sure you do not press the Enter key or
you might activate a process that you are not ready to start.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
13
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Workbook
The SUSE Linux Enterprise Desktop 11 Administration
Workbook provides all the exercises in the course, as well as instructions for setting
up the SUSE Linux Enterprise Desktop 11 host computer and VMware virtual
machines you need to complete the exercises.
Course Feedback
Your feedback is valuable to Novell Training Services. To provide feedback on the
course materials, use the web services tool (http://www.novell.com/training/
contactus.html).
14
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
SECTION 1
In this section, you learn how to configure the graphical environment of your SUSE
Linux Enterprise Desktop 11 (SLED 11). This includes the X configuration as well as
the configuration of the GNOME environment.
Section Objectives
Version 1
1.
2.
3.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
15
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 1
Figure 1-1
Xgl is a new Xserver architecture layered on top of OpenGL. Xgl can perform
intricate graphical operations noticeably faster than other available Xservers that do
not use OpenGL.
More important than speed alone, Xgl accelerates complex composite operations,
making possible new stunning visual effects on OpenGL-enhanced composition/
window managers like Compiz, the compositor utility that was developed in
conjunction with Xgl.
Compiz is a combination of a window manager and a composite manager using
OpenGL for rendering. A window manager allows the manipulation of the multiple
applications and dialog windows that are presented on the screen. A composite
manager allows windows and other graphics to be combined to create composite
images, such as those used to create transparency effects. Compiz achieves its
stunning effects by performing both of these functions.
When you activate Compiz, it replaces the window manager of your desktop
environment (Metacity in GNOME and kwin in KDE).
16
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure X on page 17
Configure X
In most cases, X is automatically configured during installation by YaST. If you want
to change the configuration, you can use either of the following:
SaX2 on page 17
The YaST Graphics Card and Monitor Module uses SaX2 for the X configuration. To
be able to use Compiz, activate 3D acceleration by checking the Activate 3D
Acceleration option, as shown at the bottom in the following dialog:
Figure 1-2
SaX2
It is also possible to use SaX2 directly, without YaST. You should start SaX2 from a
text terminal in runlevel 3 to avoid any possible interference with the currently
running X session.
Enter sax2 when you are logged in as root.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
17
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
First, SaX2 checks the hardware; then the following dialog appears:
Figure 1-3
18
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 1-4
In the Monitor section, you can change different aspects of the X configuration (such
as graphics card details, monitor type, screen resolution, and number of colors
displayed) that concern the graphics card and monitor.
Selecting one of the categories on the left opens different dialogs that allow you to
change the respective settings.
When you are done with the configuration, select OK. In the next dialog, you can
choose to test the configuration, to save it, or to cancel the changes.
Figure 1-5
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
19
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
We recommend testing the configuration before saving it. A dialog to adjust the size
and position of the screen appears.
Figure 1-6
Activate Compiz
The packages needed to activate Compiz are part of the GNOME pattern used during
a default installation. These include the following:
compiz
xgl
xgl-hardware-list
gnome-session
libwnck
Once 3D acceleration has been activated, log in as a normal user to GNOME and
activate Compiz.
Select the Computer icon in the lower left corner of the desktop, open the Control
Center, and start the Desktop Effects control panel in section Look and Feel.
20
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 1-7
Version 1
Key Combination
Effect
Ctrl+Alt+Left
Ctrl+Alt+Shift+Left
Ctrl+Alt+Right
Ctrl+Alt+Shift+Right
Ctrl+Alt+Mouse Button 1
Ctrl+Alt+Down
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
21
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
NOTE: More information on xgl can be found at the OpenSUSE website (http://en.opensuse.org/
Xgl).
More information on Compiz can be found at the OpenSUSE website (http://en.opensuse.org/
Compiz).
22
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 1-1
Activate Compiz
In this exercise, you configure Compiz, provided the hardware supports it.
In the first part, using YaST, verify that 3D support is enabled for your graphics
adapter.
If 3D support is enabled, activate Compiz for the Gnome desktop in the second part.
You will find this exercise in the workbook.
(End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
23
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 2
A per-user daemon, gconfd-2, controls these settings. It reads the current settings
from various sources when a user logs in, notes any changes the user makes to the
settings, and informs the affected applications. In this way, changed settings take
effect immediately. Changes are written to the file system at regular intervals.
NOTE: A more detailed description of the GConf repository structure is contained in the GNOME
Desktop System Administration Guide (http://library.gnome.org/admin/system-admin-guide/stable/
).
To understand how the user environment is configured, you need to know the
following:
User-Defined Settings
When a user defines the settings for his or her workstation, using the preference
dialogs of GNOME applications or the gconf-editor tool, the settings are written to a
%gconf.xml file in a directory beneath ~/.gconf.
To see how a user-defined setting is stored, suppose a user decided to change the
default double-click used to launch applications to a single click.
24
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
To change this default behavior, start Nautilus by double-clicking the folder icon
representing the home directory. Select Edit > Preferences > Behavior > Single
Click to Activate Items. This change takes effect immediately.
The setting is stored in ~/.gconf/apps/nautilus/preferences/
%gconf.xml:
<?xml version="1.0"?>
<gconf>
<entry name="click_policy" mtime="1233756154" type="string">
<stringvalue>single</stringvalue>
</entry>
...
</gconf>
The same effect can be achieved with gconf-editor. Open a terminal window, type
gconf-editor, and press Enter. The various options available are displayed in a
tree-like structure:
Figure 1-8
The gconf-editor
To change the value of a key, double-click the key in the right part of the window and
change its value in the dialog that appears.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
25
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Depending on the application, gconf-editor might offer more settings than the
preference dialog of the respective application itself.
You can also use the gconftool-2 command line tool to change the GConf
settings. To change the default click policy to single, enter the following on the
command line:
geeko@da10:~> gconftool-2 --set --type string /apps/nautilus/
preferences/click_policy single
Default Values
Default values are used for any preferences that are not set specifically by the user.
When looking for the value of a variable, GConf scans a couple of files in /etc/gconf
before looking in the users configuration file. The names of the files and the order
can be seen in the /etc/gconf/2/path file.
The sequence of the configuration sources in the path file ensures that mandatory
preference settings override user preference settings. The sequence also ensures that
user preference settings override default preference settings. That is, GConf applies
preferences in the following order of priority:
1.
Mandatory preferences
2.
User-specified preferences
3.
Default preferences
GConf also uses schema files which are contained in files in /etc/gconf/
schemas/. Schemas list the possible preferences for applications or desktop
settings. For the GNOME desktop background, the respective file is called
desktop_gnome_background.schemas:
<?xml version="1.0"?>
<gconfschemafile>
<schemalist>
<schema>
<key>/schemas/desktop/gnome/sound/default_mixer_device</key>
<applyto>/desktop/gnome/sound/default_mixer_device</applyto>
<owner>gnome</owner>
<type>string</type>
<default></default>
<locale name="C">
<short>Default mixer device</short>
26
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
This file contains keys, their type (integer, boolean, string, float, or list), default
value, and descriptions in several languages.
You can change the system-wide default values using either gconf-editor or
gconftool-2.
Change Defaults Using gconf-editor
To use gconf-editor for this purpose, make sure you are logged in as root when
you start it. You can right-click a key and select Set as Default or Set as Mandatory
from the pop-up menu.
Figure 1-9
To see all default settings, select File > New Defaults Window. To see all mandatory
settings, select File > New Mandatory Window. A new window opens and lets you
change settings as explained in User-Defined Settings on page 24.
To remove a key from the default or mandatory configuration, right-click the key and
select Unset Key in the New Mandatory Window.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
27
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Users who do not have an entry in their ~/.gconf/ directory trees defining a
different background image will see the new background image the next time they
log in. They are still able to change their own background images.
Setting preferences that cannot be changed by the user is covered in Configure X,
Xgl, and Compiz on page 16.
28
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 1-2
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
29
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 3
Customize Applications
Due to the number of applications available on SLED 11, it is not possible within this
course to go into any great detail on customizing them. Some, like OpenOffice.org,
are so comprehensive they deserve a course of their own.
However, as desktop administrator, you should understand how applications usually
store their configurations and you should be able to provide users with useful
configuration defaults.
The /etc/skel/ directory contains all the files that are copied to a new users
home directory when the account is created.
By default, this directory already contains various configuration files (such as
.bashrc) or directories (such as Desktop, bin, or public_html). As an
administrator, you can add files or directories to /etc/skel/ that you want to see
in the home directories of new users.
Configuration files or directories are usually hidden, which means that their name
starts with a .. These files are ASCII files, which can be edited with any text editor.
However, it is preferable to use the respective application to write the configuration
and to use the resulting file as a template. This template is then copied to /etc/
skel/ or to the home directory of another user.
NOTE: /etc/skel/ can not be used for user-specific configurations.
This objective covers two examples of configuration settings that can be made
available to all users:
Firefox on page 32
OpenOffice.org 3.0
The following topics are covered for OpenOffice 3.0:
Templates on page 31
Language Settings
Depending on the users language, you might want to change OpenOffice.orgs menu
language. Many different languages are available, but they are contained in separate
packages that you have to install. German, for example, is contained in the
OpenOffice_org-I10n-de package, while French is in OpenOffice_org-I10n-fr.
To install a language, open a terminal window and enter, as root, yast2 sw_single,
search for Office, and select the package for the desired language. If spell check
30
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
dictionaries are available for the selected language, they are installed automatically as
well.
Within a users home directory, the configuration directory for OpenOffice.org on
SUSE Linux Enterprise Desktop 11 is ~/.ooo-3. The above settings are written to
the Setup.xcu and Office/Linguistic.xcu files in the ~/.ooo-3/
user/registry/data/org/openoffice/ directory.
Templates
Companies usually develop their own templates for business letters, presentations,
forms, or other company-specific documents. It is easy to make these available to
OpenOffice.org users.
OpenOffice.org looks for templates in subdirectories of the system wide /usr/
lib/ooo3/basis3.0/share/template/language/ directory and in the
users home directory in ~/.ooo3/user/template/.
As system administrator, you can store the templates in a Companyname directory
in the system-wide OpenOffice.org template directory.
Users can store any templates they need in the template directory in their home
directories. If a user selects File > New > Templates and Documents > Templates,
the user will find the company templates in a directory (e.g., Digitalairlines), while
those in the users home directory are accessible via the entry My Templates:
Figure 1-10
Templates can be stored in any other directory as well. To make them available within
OpenOffice.org, select Tools > Options > OpenOffice.org > Paths > Templates.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
31
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 1-11
To add or delete template directories, select Edit and make the changes in the dialog
that appears.
Figure 1-12
Firefox
Firefox can be configured extensively via Edit > Preferences. Several tabs cover
various aspects of the configuration.
32
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 1-13
Firefox Preferences
You can access the preferences listed above, as well as additional preferences, at
about:config. After the warning dialog, you can select an entry with a doubleclick to open a dialog to change the value of the respective parameter:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
33
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 1-14
Changed values are stored in the home directory of the user in ~/.mozilla/
firefox/xxxxxxxx.default/prefs.js. To make them available for all
users, copy the file to /usr/lib/firefox/defaults/profile/
prefs.js. Users can still make their own changes and override the values in the
system-wide file.
34
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 1-3
Customize Applications
In this exercise, you create an OpenOffice.org template.
In the first task, create a header of letters. In the second task, create a new letter using
the header, you created in task I.
You will find this exercise in the workbook.
(End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
35
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Summary
The following is a summary of what you learned in the course objectives.
Objective
Customize Applications
36
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
SECTION 2
If the user only sees what he is allowed to access, system security is increased. In this
section different methods of locking down SUSE Linux Enterprise
Desktop 11 (SLED 11) are described.
Encrypted file systems can also improve security.
Section Objectives
Version 1
1.
2.
3.
4.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
37
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 1
gnome-mount
Depending on company policy or the use of the workstation, you might have to
prevent users from reading from or writing to removable media or mounting
removable devices such as USB drives or sticks.
There are various ways to configure this. Which one you choose depends mainly on
how difficult you want to make it for any user who tries to circumvent the restrictions
you impose.
/media/dvd
auto
noauto,defaults
0 0
Figure 2-1
NOTE: More about GConf you will learn in Configure X, Xgl, and Compiz on page 16.
38
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
You can use other programs instead of /usr/bin/true as well. The following
example (in one line in /etc/modprobe.conf.local) will cause an email
notice to be sent when someone inserts such a device:
install usb_storage /usr/bin/mail -s "USB-Stick inserted on
$HOSTNAME" desktopadmin@digitalairlines.com
NOTE: You could disable USB completely by adding similar lines for usbcore and other USB
modules (use lsmod to find which ones). But this might not be practical because that would
disable a USB keyboard and mouse as well.
You could rename or remove the USB kernel modules. However, the next kernel
update would bring them back and enable USB storage again.
Block devices are created. In this example one for the new device (sdb) and one
for the partition (sdb1).
When removing the USB stick the block devices should be removed like in the
following.
UDEV [1243465458.031639] remove
/devices/pci0000:000000:00:1d.2/
usb7/7-2/7-2:1.0/host6/target6:0:0/6:0:0:0/block/sdb/sdb1 (block)
...
UDEV [1243465458.035093] remove
/devices/pci0000:000000:00:1d.2/
usb7/7-2/7-2:1.0/host6/target6:0:0/6:0:0:0/block/sdb (block)
udev is very flexible and can be configured by writing rules to *.rules files in
the /etc/udev/rules.d/ directory.
NOTE: More udev rules you can find in /lib/udev/rules.d/.
You can create your own rules in /etc/udev/rules.d/. To ensure that your
rules are used, the filename should start with a smaller number than the other
files in the directory (e.g., 10-local.rules)
A rule to disable devices that require the usb_storage module could look like the
following:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
39
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The ignore_device option will ensure that no action is taken and, thereforee,
no device file is created to access the device. The last_rule option prevents
later rules from changing this rule.
Much more fine-grained control than shown above is possible. You could, for
instance, write rules allowing a specific USB device based on its serial number,
and ignoring other devices.
NOTE: The manual page for udev and the udev HOWTO (http://www.reactivated.net/
writing_udev_rules.html) provide more information on how to write udev rules.
Using PolicyKit
PolicyKit is an application-level toolkit for defining and handling the policy that
allows unprivileged processes to speak to privileged processes: It is a framework
for centralizing the decision-making process with respect to granting access to
privileged operations for unprivileged applications.
PolicyKit is covered in detail in Use PolicyKit to Configure Application
Policies on page 47.
To prevent users from mounting removable medias (like DVDs or USB sticks),
you have to add the following line to your local rules in the /etc/polkitdefault-privs.local file.
org.freedesktop.hal.storage.mount-removable auth_admin_keep_always
When the user inserts a DVD or USB stick, an authentication dialog appears:
40
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 2-2
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
41
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 2-1
42
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 2
gconf-editor
To set or change mandatory settings, you must be logged in as root when you use
gconf-editor. The steps you take depend on what you need to do:
As root user, start gconf-editor. The left part of the window lists the available keys.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
43
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 2-3
Browse the tree to the key you want to set as mandatory and set it to the desired
value. Then select the entry with the right mouse button; in the submenu, select Set as
Mandatory.
If you select on the entry to change it again, an error message tells you that this is not
possible.
Change Existing Mandatory Preferences
As root user, start gconf-editor; then select File > New Mandatory Window. The left
part of the window lists those mandatory settings that have already been set in the /
etc/gconf/gconf.xml.mandatory/ repository tree. You can change them as
explained in Change Defaults Using gconf-editor on page 27.
To remove a key from the mandatory preferences, right-click the entry and select
Unset Key.
Values that have not been set to a mandatory value previously do not show up in the
repository tree on the left of this gconf-editor dialog.
44
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 2-4
gconftool-2
You can also use the gconftool-2 command line tool to set preferences to a mandatory
value. (When you use gconftool-2, the gconf-editor can be helpful to browse the
configuration repository tree to find the correct key and its path.)
Lets assume that the security policy of the company requires the screens of desktops
to be locked after 5 minutes of inactivity. As administrator, it is your task to configure
the workstations accordingly and to make sure this policy is followed by all users.
Using gconf-editor as a normal user, you browse the repository tree and find out that
the keys for this purpose are /apps/gnome-screensaver/lock_enabled
and /apps/gnome-screensaver/idle_delay. To set these to mandatory
values, log in as root and use the following commands:
killall gconfd-2
da10:~ # gconftool-2 --direct --config-source xml:readwrite:/etc/
gconf/gconf.xml.mandatory --set --type bool /apps/gnome-screensaver/
lock_enabled true
Resolved address "xml:readwrite:/etc/gconf/gconf.xml.mandatory" to a
writable configuration source at position 0
da10:~ # gconftool-2 --direct --config-source xml:readwrite:/etc/
gconf/gconf.xml.mandatory --set --type int /apps/gnome-screensaver/
idle_delay 5
Resolved address "xml:readwrite:/etc/gconf/gconf.xml.mandatory" to a
writable configuration source at position 0
The next time a user logs in and tries to change the respective screensaver settings in
the GNOME Control Center, the user will not be able to change these values.
NOTE: Not all key-value pairs that can be set seem to have the desired effect. For example, setting
the /apps/firefox/general/homepage_url key to a certain value does not seem to have
any effect on the default home page of the firefox browser. Other such key-value pairs might not
behave as expected either. Thereforee, you should test your settings to make sure they have the
desired effect and cannot be changed by the user before you rely on your settings.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
45
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 2-2
46
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 3
The two parts of the program are in different processes and communicate through
some IPC mechanism such as pipes or the system message bus (D-Bus). In some
instances the Mechanism can be seen as part of the OS and the policy agent as part of
the desktop stack.
The Mechanism should never trust any application that tries to use it. First the
Mechanism has to evaluate all data and requests passed to it from the application.
An example where this model is used are HAL and NetworkManager:
Figure 2-5
The entities that a Mechanism cares about can be split into three groups:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
47
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Object. Some canonical representation of the object; (e.g., device file, a network
connection, a reference to the power management subsystem).
Action. What the subject is attempting to do to the object (e.g., mounting a block
device, establishing a dial-up connection, putting the system into a suspended
state, changing the time zone, gaining access to a webcam).
The Mechanism identifies the subject, using ConsoleKit, and collects all the relevant
information about the subject. This information includes:
User ID
Process ID
An identifier for the desktop session and whether the session is active (e.g.,
currently showing on a display), whether it's local and if it's remote, the address
of the remote display
Second, the Mechanism creates an object that represents the action that the subject
wants to be executed. One example of such an object is
org.freedesktop.hal.storage.mount-removable, what represents the action of
mounting a removable device.
Based on this information request, the authorization database decides whether the
action can be executed, executed after another required authentication, or not
executed.
48
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 2-6
In the left frame you see a tree structure where all possible actions are listed and
grouped. The right frame has three parts:
Action. Identifier, Description, and Vendor of the software module are shown
here.
Implicit Authorizations. Shows the authorizations that based for all users that
fulfill certain criteria (they are on a local console, for example). Implicit
Authorizations are stored in /var/lib/PolicyKit-public/.
Explicit Authorizations. Shows the authorizations that are set for single users.
Explicit Authorizations are stored in /var/lib/PolicyKit/. (You can
define explicit authorizations only for users that have an account on the system.)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
49
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Implicit Authorization
Console. All users that are logged in to a console (active and inactive sessions).
Active Console. All users that are logged in to an active console (e.g., currently
showing on a display).
NOTE: The ConsoleKit daemon determines whether a session is active or inactive, or local or not.
ConsoleKit is a framework for defining and tracking users, login sessions, and seats. For more
information see the freedesktop.org-wiki (http://www.freedesktop.org/wiki/Software/ConsoleKit).
If you want to change the implicit authorizations, select Edit and another dialog
appears.
Figure 2-7
50
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Explicit Authorization
In this part, you can authorize or prevent the execution of a task by system users. Use
the Grant button to specify the users that are allowed to execute the task. Block
allows you to specify the users that are not allowed to execute the task.
The dialog that appears is the same for Grant and Block so the following shows how
to authorize users.
Figure 2-8
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
51
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
In the Beneficiary part, you can select a user that will receive the authorization. Select
Show system users to display system users (like root and bin) in the pull-down
menu.
In the lower part of the dialog, you can determine constraints:
None.
You can edit the file directly using a text editor. You can also use some command line
tools to edit PolicyKit.conf. The most important are
polkit-action
polkit-action is used to list and modify the PolicyKit actions that are registered
on the system. To list the registered PolicyKit action, use polkit-action without
any parameter:
da10:~ # polkit-action
org.gnome.clockapplet.mechanism.settimezone
org.gnome.clockapplet.mechanism.settime
org.gnome.clockapplet.mechanism.configurehwclock
org.freedesktop.hal.lock
52
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
org.opensuse.yast.scr.read
org.opensuse.yast.scr.write
org.opensuse.yast.scr.execute
org.opensuse.yast.scr.dir
...
no
auth_admin_one_shot
auth_admin
auth_admin_keep_session
auth_admin_keep_always
auth_self_one_shot
auth_self
auth_self_keep_session
auth_self_keep_always
yes
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
53
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
With the --show-obtainable option, all actions that can be obtained via
authentication and for which an authorization does not exist are listed.
da10:~ # polkit-auth --show-obtainable
org.gnome.clockapplet.mechanism.settimezoneac
org.gnome.clockapplet.mechanism.settime
org.gnome.clockapplet.mechanism.configurehwclock
org.freedesktop.hal.lock
org.freedesktop.hal.dockstation.undock
org.gnome.gconf.defaults.set-system
org.gnome.gconf.defaults.set-mandatory
...
To prevent a user from executing an action, use --block action. For example
(all in one line):
da10:~ # polkit-auth --user geeko --block
org.gnome.clockapplet.mechanism.settime
To revoke all authorizations for an action, use --revoke action. For example
(all in one line):
da10:~ # polkit-auth --user geeko --revoke
org.gnome.clockapplet.mechanism.settime
54
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
You can also add contraints to --grant and --block. Thereforee, add the -constraint constraints option. The following values for constraints
are the most important ones:
Typically the active contraint is used together with a local constraint to ensure that the
caller is only authorized if his session is in the foreground. This is typically used for
fast user switching (multiple sessions on the same console) to prevent inactive
sessions from performing privileged operations like spying (using a webcam or a
sound card) on the current active session.
polkit-config-file-validate
/etc/polkit-default-privs.local
/etc/polkit-default-privs.standard
/etc/polkit-default-privs.restrictive
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
55
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The first column lists the privilege names. The second column lists the PolicyKit
default setting. A default setting consists of three values separated by colons, as in the
following:
org.freedesktop.hal.device-access.cdrom auth_admin_keep_always:yes:yes
If all three values are the same, only one value may be specified without a colon to
shorten the line, as in the following:
org.freedesktop.hal.device-access.modem
auth_admin_keep_always
56
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 2-3
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
57
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 4
58
Expert Partitioner
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
When you add a new partition or edit an existing partition, you can activate file
system encryption. Therefore you have to (re-)format the partition.
Figure 2-10
Edit a Partition
When you activate Encrypt file system and selecting Finish, you are prompted to
enter a password that is used later for the decryption.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
59
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 2-11
60
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Mount Manually
When you activate the partition that is mounted automatically during the system boot,
you are prompted to enter the decryption password during the boot process:
Figure 2-13
Boot Process Prompts for the Key to Mount an Encrypted File System
Responsible for this is are the two start scripts /etc/init.d/boot.crypto and
/etc/init.d/boot.crypto-early.
When the system is running and you entered the decryption password correctly, there
is an entry in the /etc/fstab file similar to the follwing.
/dev/mapper/cr_sda3
/data
ext3
acl,user_xattr,noauto
0 0
/dev/sda3
none
none
The second column specifies the special block device that should hold the
encrypted data (/dev/sda3).
The third column specifies a file containing the raw binary key to use for
decrypting (none).
If this is none, the key (e.g., password) will be read interactively from the
console.
The fourth column specifies setup options associated with the encryption process
(none).
NOTE: /etc/cypttab and the mapper device are not generated when you deactivate the mount
option in the YaST Expert Partitioner.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
61
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
To mount the encrypted partition during system boot, you have to make sure that the
start script boot.crypto is available in /etc/init.d/. If not, create it by
entering insserv boot.crypto.
Mount Manually
To understand what is going on in the automatic mount process, you have to know
how to mount an encrypted file system manually.
If you try to mount an encrypted file system manually, an error message appears:
da10:~ # mount /dev/sda3 /mnt
mount: unknown filesystem type 'crypto_LUKS'
da10:~ #
The technology used to mount encrypted file systems is called dm-crypt (dm
means device mapper). This technology has been available in the Linux kernel
since version 2.6.
In SUSE Linux Enterprise 11 a technology called LUKS is used that allows you to
use multiple passphrases for the partition.
There are two steps to mount an encryped partition:
1.
You are prompted to enter the password for the file system encryption.
If the password is correct, you can see the device mapper file in /dev/
mapper/.
da10:~ # ls /dev/mapper/
control cr_sda3
da10:~ #
2.
62
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
If you do not do anything else, you are able to remount the patition again at any time
without being prompted for the password.
To securely unmount an encrypted partition, you have to remove the device mapper
after the umount command. Therefore you also use cryptsetup with the
following syntax:
cryptsetup luksClose dm_name
For example:
da10:~
da10:~
mount:
da10:~
Once the partition is formatted, you can create the device mapper now.
da10:~ # cryptsetup luksOpen /dev/sda3 cr_sda3
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.
da10:~ #
Now you can create a file system on the encrypted partition. For example:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
63
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Then you are able to mount the new encrypted file system.
da10:~ # mount /dev/mapper/cr_sda3 /mnt
da10:~ #
NOTE: For more information about cryptsetup, read the manual page (man 8
cryptsetup).
64
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 2-4
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
65
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Summary
The following is a summary of what you learned in the course objectives.
Objective
Control Mounting of CD-ROM, DVD, and USB Removable media are usually mounted
Devices
automatically. You can disable this automatic
mounting by
Using udev
Removing hardware
gconf-editor
gconftool-2
66
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective
polkit-config-file-validate.
Validates the PolicyKit.conf file.
polkit-policy-file-validate.
Validates a PolicyKit policy file.
set_polkit_default_privs. Installs
default settings for privileges that are
granted automatically to locally logged-in
users.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
67
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
68
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
SECTION 3
Figure 3-2
Section Objectives
Version 1
1.
2.
3.
4.
5.
6.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
69
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 1
Figure 3-3
However, NetworkManager is not a suitable solution for all cases, so you can still
choose between the traditional method for managing network connections (ifup) and
NetworkManager.
On SLED 11, NetworkManager is enabled by default.
Some differences between ifup and NetworkManager include:
root Privileges. If you use NetworkManager for network setup, you can easily
switch, stop, or start your network connection at any time from within your
desktop environment using an applet. NetworkManager also makes it possible to
change and configure wireless card connections without requiring root
privileges. For this reason, NetworkManager is the ideal solution for a mobile
workstation.
Traditional configuration with ifup also provides some ways to switch, stop, or
start the connection with or without user intervention, like user-managed devices,
but it always requires root privileges to change or configure a network device.
This is often a problem for mobile computing, where it is not possible to
preconfigure all connection possibilities.
70
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
From the GNOME Control Center by selecting System > Network Connections
or
By right-clicking the NetworkManager icon in the system tray and selecting Edit
Connections.
NOTE: If your system tray does not display the GNOME NetworkManager applet, the applet is
probably not started. You can start it manually by entering nm-applet at the command line.
The GNOME dialog shows tabs for all types of network connections:
Wired
Wireless
Mobile Broadband
VPN
DSL
NOTE: NetworkManager also supports connections to 802.1X protected networks (see section
802.1x Security on page 74).
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
71
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
72
System connections can be shared by all users and are made available right after
NetworkManager is startedbefore any users log in. In case of system
connections, all credentials must be provided at the time the connection is
created. Such system connections can be used to automatically connect to
networks that require authorization.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 2
Figure 3-5
Enter a connection name and your connection details in the 802.1x Security and
IPv4 Settings tabs (see Specify Connection Details on page 74). If more than one
physical device per connection type is available (for example, your machine is
equipped with two ethernet cards or two wireless cards), specify the MAC address of
the device in order to tie the connection to this device.
When editing each connection, you can also define if NetworkManager should
automatically use this connection (activate Connect Automatically) or
should use this connection system-wide (activate Available to all users).
Such system connections can be shared by all users and are made available right after
NetworkManager is startedbefore any users log in.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
73
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Click Apply to confirm your settings. To create and edit system connections, root
permission is required and you have to authenticate. The newly configured network
connection now appears in the list of available networks you get by left-clicking the
NetworkManager applet.
In the following, we will have a closer look at:
Available Connections
To switch to another network, select it from the list. To switch off all network
connections (both wired and wireless), right-click the applet icon and uncheck
Enable Networking.
802.1x Security
IEEE 802.1x is an authorization standard for computer networks. At net entry point
(e.g., a physical port in a LAN), an Authenticator is responsible for the users
authentication. The Authenticator proofs the users authentication information by
requesting an authentication server. Based on the result, the Authenticator allows or
denies access to the offered services (LAN, VLAN oder WLAN).
74
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 3-7
If your network is protected by 802.1x, you can activate the Use 802.1X
security for this connection option and specify the needed information.
The following authentication methods can be used:
TLS
Tunneled TLS
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
75
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
IPv4 Settings
In this tab, you can specify DHCP, DNS, and routes information.
Figure 3-8
From the Method menu, you can select one of the following methods:
76
Automatic (DHCP). You want to get IP address and DNS server information
from a DHCP server available in your network.
Manual. You have to specify the IP address and the DNS information manually.
Link-Local Only. Your computer is not connected to a network and you need
only the internal virtual network.
Shared to other computers. This option is useful if you have at least two
network devices and one is already configured to access the Internet. You can
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
create a network connection for the second device and share your Internet
connection with the other computers connected to this shared device.
The internet connection appears in the list of available connections on the clients.
This option configures a private network with NAT, allowes forwarding, and runs
a light DHCP server on it.
To enter your IP address(es) manually, select Add. Then you can enter IP Address,
Netmask, and Gateway in the Addresses list.
To configure DNS, enter the IP address of your DNS server in the textbox labeled
DNS Servers. In Search Domains you can specify the domains the DNS server is
responsible for.
The DHCP Client ID is an arbitrary identifier sent to the DHCP server to reserve a
specific IP address for your machineusually the MAC address or some other
unique ID is used.
Click Routes if you want to configure the routes manually. A dialog appears.
Figure 3-9
To enter your routes manually, select Add. Than you can enter IP Address,
Netmask, Gateway and Metric values in the left frame.
Activate Ignore automatically obtained routes if you want the routes
provided via DHCP to be ignored.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
77
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 3-1
78
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 3
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
79
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 3-10
Select a WLAN
If the network is encrypted, a dialog opens. Choose the type of Wireless Security the
network uses and enter the appropriate password.
Figure 3-11
To connect to a network that does not broadcast its service set identifier (SSID) and,
thereforee cannot be detected automatically, left-click the NetworkManager icon and
choose Connect to Other Wireless Network.
In the dialog that opens, enter the SSID and set encryption parameters if necessary.
80
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
To disable wireless networking, right-click the applet icon and uncheck Enable
Wireless. This can be very useful if you are on a plane or in any other environment
where wireless networking is not allowed.
You also can configure your WLAN access in the Network Connections dialog.
Figure 3-12
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
81
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 3-13
Depending on the selected security, you have to specify some more parameters.
NOTE: Unprotected wireless networks are a security risk
If you set Wireless Security to None, everybody can connect to your network, reuse
your connectivity, and intercept your network connection. To restrict access to your
access point and to secure your connection, use encryption. You can choose between
various WEP and WPAbased encryptions.
The IPv4 Settings tab is similar to the same tab in the wired connection configuration
dialog (see section IPv4 Settings on page 76).
82
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 4
Configure VPN
NetworkManager supports several Virtual Private Network (VPN) technologies:
NovellVPNpackage NetworkManager-novellvpn
OpenVPNpackage NetworkManager-openvpn
To use VPN with NetworkManager, install the appropriate VPN packages first. You
need two packages for each VPN technology: one of the packages above (providing
the generic support for NetworkManager), and the respective desktop-specific
package for your applet.
For GNOME, choose one of the following:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
83
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The next dialog depends on your section. For OpenVPN it looks like this:
Figure 3-15
At Gateway, enter the IP address of the VPN server you want to connect to.
You can select between four authentication types:
Certificates (TLS). Specify the files of the user certificate, the certificate of the
Certification Authority (CA), and the clients private key.
You also have to enter the password for the private key. If you activate Show
passwords, the entered password is displayed.
84
Password. Enter your user name on the VPN server and your password, and
specify the file of the CA certificate.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Password with Certificates (TLS). Combination of the first two options. All
described inforation has to be entered.
Static Key. Specify the key file and the local IP address.
If you want to connect to a VPN server, select the NetworkManager icon in the
system tray; then select the connection from the VPN Connections menu.
Figure 3-16
The icon in the system tray changes, when the connection is established.
Figure 3-17
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
85
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 3-2
86
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 5
Figure 3-18
Configure GSM
GSM (Global System for Mobile Communications) is a standard for fully digital
mobile connections. Mostly used for mobile telephone calls but also for data transfer.
When you create a GSM connection in NetworkManager, you have to fill out the
following dialog:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
87
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 3-19
88
3G (UMTS/HSPA)
2G (GPRS/EDGE)
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
PIN. If your phone card is locked with a PIN, you can specify the PIN here.
PUK. If your phone card is locked with a PUK, you can specify the PIN here.
Configure CDMA
CDMA (Code Division Multiple Access) allows you to transfer various information
on one frequency at the same time.
The American 3G standard cdma2000 is based on CDMA.
When you select the option to create CDMA, the following dialog appears:
Figure 3-20
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
89
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
90
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 6
Configure DSL
To configure a DSL connection with NetworkManager, select the DSL tab in the
Network Connection dialog (see Figure 3-4 on page 71); then select Add.
Figure 3-21
If you have more than one DSL card in your computer, you can specify the MAC
address of the card you want to use in the Wired tab.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
91
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 3-22
92
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Summary
The following is a summary of what you learned in the course objectives.
Objective
Wired
Wireless
Mobile Broadband
VPN
DSL
Automatic (DHCP)
Manual
Link-Local Only
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
93
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective
Configure VPN
NovellVPNpackage NetworkManagernovellvpn
OpenVPNpackage NetworkManageropenvpn
Configure DSL
94
GSM
CDMA
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
SECTION 4
IPv6 (Internet Protocol Version 6) was designed by the Internet Engineering Task
Force (IETF) to replace the current Internet Protocol version, IPv4. IPv6 not only
overcomes the most obvious shortcoming of IPv4, the imminent shortage of available
IP addresses, but also adds improvements in other areas, like routing and network
autoconfiguration.
This section explains IPv6 and its configuration on SUSE Linux Enterprise Desktop
11.
Objectives
Version 1
1.
2.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
95
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 1
IPv6 Features
IPv6 addresses the shortcomings of IPv4 with features that include the following:
Simplified header.
IPv6 Addresses
IPv6 addresses consist of 128 zeroes and ones, which is very unwieldy for humans.
To make them somewhat easier to deal with, they are represented in hexadecimal
format, with four bits (a nibble) represented by digits or characters from 0-9 and af (10-15). To improve readability, a colon is inserted after every four hexadecimal
values (representing 16 bits):
ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
96
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
fe80:0000:0000:0000:0211:11ff:fec2:35f4
For simplification, leading zeroes in each block can be omitted, and one sequence of
16 bit blocks containing only zeroes can be replaced by ::. The above address
could, thereforee, be written as follows:
fe80::211:11ff:fec2:35f4
can be shortened to
::1
To be able to differentiate the different IPv6 address types, you need to understand
the following:
Localhost on page 97
Localhost
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
97
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Packets with this address as source or destination are not supposed to leave the
machine.
Unspecified Address
or in short:
::
State
LISTEN
LISTEN
The third colon in the output above separates the address from the port number.
Network Addresses
Link local addresses are valid only on a link of an interface. A packet with a link local
address would not pass a router. They begin with the following (x is any hex
character, but usually 0):
fe8x
fe9x
feax
febx
This address type begins with fdxx. (It could also begin with fcxx, but currently this
prefix is not used.)
A part of the prefix (40 bits) is generated using a pseudo-random algorithm
(described in RFC 4193). While it is not impossible that two generated prefixes could
98
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The following addresses are reserved for examples and documentation and should be
filtered on border routers to the Internet:
3fff:ffff::/32
2001:0DB8::/32
Multicast addresses start with ffxy, where x is hex number and y indicates the scope
(such as y=1: node local; y=2: link local; y=3: site local).
Depending on the host part of the address, different multicast types are addressed
(RFC 4291 / IP Version 6 Addressing Architecture):
All Nodes Address: 1. Addresses all hosts on the local node (ff01:0:0:0:0:0:0:1)
or the connected link (ff02:0:0:0:0:0:0:1).
Other types, such as anycast addresses, are not covered in this course.
Host Addresses
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
99
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
When automatically computed, the MAC address is used and expanded according to
the IEEE-Tutorial Extended Unique Identifier EUI-64 (http://standards.ieee.org/
regauth/oui/tutorials/EUI64.html).
For instance, with a MAC address of 00:11:11:C2:35:D4, the resulting 64-bit
interface identifier is 0211:11ff:fec2:35d4. Together with a network prefix (for
instance, one used for Globally Unique Local IPv6 Unicast Addresses), the following
IPv6 address results:
fd7b:5c7e:40bf:1234:0211:11ff:fec2:35d4
NOTE: The above way of creating the interface identifier has some privacy implications, especially
for mobile devices. When connecting to the Internet using different providers, the network part of
the address changes, while the interface identifier remains the same. This can allow tracking of the
mobile device. RFC 4941 describes ways to mitigate this issue.
Simpler addresses might be easier to remember. You might want such an address. It is
possible to assign an additional address for some servers to the interface, such as
fd7b:5c7e:40bf:1234::1
In the automatically set address, the seventh most significant bit (with the count
starting with 1) of the host address is set to 1 when calculating the automatic address.
You must set this bit to 0 when setting a host address manually. The reason for this is
convenience; otherwise, the above address would be
fd7b:5c7e:40bf:1234:0200::1
instead of
fd7b:5c7e:40bf:1234::1
Also some other bit combinations are reserved for anycast addresses, such as all host
bits set to 0 for the subnet router.
NOTE: The Linux IPv6 HOWTO (http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/ (http://
www.tldp.org/HOWTO/Linux+IPv6-HOWTO/)) contains more information on IPv6.
100
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 2
Managing IPv6 Addresses Using the Command Line Tools on page 105
IPv6 Autoconfiguration
One design goal of IPv6 was to make IP autoconfiguration easier. Even without a
DHCP server, interfaces can obtain a valid IP address.
In the context of IPv6 autoconfiguration, you need to understand the following:
You can use this address to test the link using ping6:
da10:~ # ping6 -I eth0 fe80::219:d1ff:fe9f:1787
PING fe80::219:d1ff:fe9f:1787(fe80::219:d1ff:fe9f:1787) from
fe80::219:d1ff:fe9f:17f4 eth0: 56 data bytes
64 bytes from fe80::219:d1ff:fe9f:1787: icmp_seq=1 ttl=64 time=5.47
ms
When pinging a link local address, the -I interface option is required, because
every interface has a link local address and the kernel doesnt know which one to use.
You can detect IPv6 active hosts by using ping6 to ping the link local, all-node
multicast address:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
101
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Unlike in IPv4, where replies to a ping to the broadcast address can be disabled using
the /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts file, this behavior cannot be
disabled currently in IPv6, except by local IPv6 firewalling.
Stateless Autoconfiguration
To access the Internet, a host needs an IPv6 address with global scope. The steps to
obtain such an address are as follows:
1.
Using its link-local address, the host sends a Solicitation Message to the ff02::2
multicast address (all routers on the local link), asking for an IPv6 prefix.
2.
3.
Using this prefix and its MAC address, the host creates an IPv6 address.
4.
Using Duplicate Address Detection (DAD, RFC 4862), the host checks if the
address is already in use in the network.
If the address is unused, the host assigns the address to the NIC and activates it.
5.
The client can now contact other hosts within the local network using its IPv6
addresses and, depending on the network topology, hosts outside the local
network as well.
The router distributes the network prefix and information on the default route only.
Information that goes beyond this, such as information on DNS or other routes, needs
to be added manually to the configuration or distributed using DHCP6.
102
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 4-1
Type the IPv6 address in its usual format and the netmask in the CIDR notation, such
as /64, as shown in the figure above.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
103
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Select Next. The data you typed appears in the Network Settings Overview:
Figure 4-2
Select OK to close the dialog. YaST writes the configuration information to files in /
etc/sysconfig/network/, such as the ifcfg-eth0 file.
After installation, you can reach the same dialogs by selecting Computer > YaST >
Network Devices > Network Settings.
The settings are written to the /etc/sysconfig/network/ifcfg-ethx file,
as shown below:
BOOTPROTO='static'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR='fd7b:5c7e:40bf:1234::2/64'
MTU=''
NAME='82566DM Gigabit Network Connection'
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
USERCONTROL='no'
NETMASK=''
104
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
dev eth0
dev eth0
6to4-Tunneling
ISPs do not yet provide IPv6 addresses as a general practice. However, because one
of the design goals of IPv6 was to make a smooth transition from IPv4 to IPv6
possible, you start using IPv6 immediately even if you get only an IPv4 address from
your ISP.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
105
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Following the method outlined in RFC 3056, a site with a globally unique IPv4
address can be assigned a globally unique IPv6 address based on its IPv4 address.
This is considered an interim solution until the ISP assigns a native IPv6 prefix.
IPv6 addresses used for this purpose have the following format (taken from RFC
3056):
| 3 | 13 |
32
|
16
|
64 bits
|
+---+------+-----------+--------+--------------------+
|FP | TLA |IPv4 Addr | SLA ID |
Interface ID
|
|001|0x0002|
|
|
|
+---+------+-----------+--------+--------------------+
All such addresses, thereforee, start with 2002. The abbreviations used above have
the following meaning:
The other end of the tunnel needs to be capable of dealing with the packetstaking
the IPv6 packet out of the IPv4 packet and then routing it within the IPv6 network.
To facilitate the use of IPv6, the IPv4 anycast address 192.88.99.1 is used to reach the
nearest 6to4 relay router.
Depending on your network topology, you need to do one of the following:
Assuming a unique IPv4 address of 1.2.3.4, the steps to configure a 6to4 tunnel are as
follows:
1.
106
Make sure there is a sit0 device visible in the output of ip link show; if not,
load the sit kernel module:
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Add your local IPv6 address to the tunnel interface using a prefix length of 16:
Add a route to the global IPv6 network using the IPv4 anycast address for all
6to4 routers:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
107
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The website of ipv6.org (http://www.ipv6.org/) has a link to a list with such sites.
(At the time of this writing, www.ipv6.org itself also has an IPv6 address.)
Connect the Network behind your 6to4 Gateway
If you have a second NIC on your host acting as your 6to4 gateway and want to IPv6enable the network connected to that NIC, there are a few additional steps you need
to take:
When you connect a network to the second NIC of your 6to4 gateway, that host takes
the function of a router. The Router Advertisement Daemon (radvd) distributes the
autoconfiguration information that the clients need to configure their IPv6 addresses
automatically.
The Router Advertisement Daemon is contained in the radvd package, which can be
installed with the yast -i radvd command. Its configuration is contained in the
/etc/radvd.conf file and looks similar to the following:
interface eth0
{
AdvSendAdvert on;
#
#
#
#
#
#
#
#
#
108
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The above example is suitable for a fixed IPv4 address. The configuration file that is
contained in the radvd package also includes an example on how to deal with
dynamic IP addresses that change every time a new connection is established with the
ISP.
Before starting radvd, it is necessary to turn on IPv6 forwarding. This is done with the
following command:
da10:~ # echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
If you want IPv6 forwarding to be turned on every time the system boots, set the
variable IPV6_FORWARD in the /etc/sysconfig/sysctl file to yes:
## Type:
yesno
## Default:
no
#
# Runtime-configurable parameter: forward IPv6 packets.
#
IPV6_FORWARD="yes"
After IPv6 forwarding is turned on, you can start radvd using the rcradvd start
command.
Add a Route to Your 6to4 Gateway
For packets to be routed properly, the following route has to be set on your gateway
host:
da10:~ # ip -6 route add 2002:0102:0304:1234:/64 dev eth0
In the above command (and in the radvd.conf file) 1234 is the site level
aggregator; you can choose this according to your local networking needs.
NOTE: After the above steps are complete, all machines in your network can access IPv6 hosts in
the Internet and all machines in your network are accessible from the Internet using IPv6. You
should set appropriate ip6tables filter rules to prevent attacks on the hosts within your network.
If you are connected to the Internet using a DSL connection, edit the /etc/
radvd.conf file according to the comments in that file that cover dynamic Internet
connections.
When using DSL, you can include the commands to set up the 6to4 tunnel in the /
etc/ppp/ip-up.local file:
# /etc/ppp/ip-up.local
# Build IPv6 Tunnel
/sbin/modprobe sit
# $4 contains the local IP on the ppp interface.
/sbin/ip tunnel add tun6to4 mode sit ttl 63 remote any \ local $4
/sbin/ip link set dev tun6to4 mtu 1280 up
# $4 contains the local IP on the ppp interface.
/sbin/ip -6 addr add $(printf \ "2002:%02x%02x:%02x%02x::1/16" `echo
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
109
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
110
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 4-1
Configure IPv6
In this exercise, you configure and use different aspects of IPv6.
In the first part you ping6 da1 from da-sled, using the link local IPv6 address. In the
second part, you set a globally unique IPv6 address and configure the router
advertisement daemon to distribute your IPv6 prefix to other machines.
You will find this exercise in the workbook.
(End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
111
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Summary
Objective
Summary
112
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
SECTION 5
Version 1
1.
2.
3.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
113
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 1
Browsing Shared Files and Folders with the Server Message Block (SMB)
Protocol: Users can use Nautilus or Konqueror file managers to browse shared
network resources through SMB.
Sharing Files and Folders with SMB: Users can use Nautilus or Konqueror to
share folders and files.
Accessing and Manipulating User Data on the Windows Server: Users can
access data on Windows servers. They can create, modify, and delete files and
folders.
Offline Authentication: Users can log in to the local Linux system even if they
are offline (when using a laptop, for example) or if the domain controller is
unreachable.
114
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The earliest version of the SMB protocol was developed by IBM in the 1980s. The
protocol was later integrated natively into the Windows desktop and server operating
systems. SMB support has also been integrated into Linux as well. Using the Samba
package, a Linux server or desktop can participate in a Windows network using the
SMB protocol.
SMB uses sharing. Shared resources, such as directories and printers, are referenced
using the Universal Naming Convention (UNC). UNC uses the following syntax to
identify a share:
\\server_name\share_name
For example, if you had a Windows server named DA-W2K3, you could create a
directory named C:\shared as a place for network users to store their files. Using
SMB, you could share this directory as Shared. To reference the share, you would
use a UNC of \\DA-W2K3\Shared.
You can also use a URL to reference an SMB share, as shown below:
smb://server_name/share_name
SMB operates at the Application and Presentation layers of the OSI model. SMB
provides clients with access to the file system and printers on a server. SMB uses the
internal security of the server file system to determine what the client can and cannot
do.
Because its an upper-layer protocol, SMB cant operate alone. It must be
implemented in conjunction with a middle-layer protocol. A common
implementation is to use SMB in conjunction with the Network Basic Input/Output
System (NetBIOS) protocol on top of IP.
NetBIOS was original developed in the mid-1980s and is used as the basic
networking protocol for the Windows operating system. NetBIOS operates at the
Session layer of the OSI model. As such, it has no routing capabilities. To make
NetBIOS routable, you have to use it in conjunction with a Network-layer protocol,
such as IPX or IP. This relationship is shown in the figure below:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
115
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 5-1
When you attempt to open an SMB connection, the NetBIOS protocol is used to
establish a connection at the Session layer between the sending and receiving
systems. Once a NetBIOS session has been established, clients and servers
communicate with each other at the upper layers of the OSI model with the SMB
protocol, using Server Message Blocks (SMBs).
NetBIOS uses a 16-byte, 15-character alpha-numeric name to uniquely identify
network hosts. The very last byte of a NetBIOS name (called the NetBIOS Suffix) is
not used for the name value. Instead, it is used to identify the type of host. A
workstation will have a value of 00 (hex). A server will have a hex value of 20. A
primary domain controller (PDC) or a backup domain controller (BDC) will have a
hex value of 1C.
Any given system can have both a NetBIOS name and a host name. These two names
are completely separate. Because NetBIOS works on top of IP, you need to be able to
resolve NetBIOS names into IP addresses, just as you need to resolve host names and
DNS names into IP addresses.
116
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
If a WINS server is not detected, the NetBIOS computer will simply broadcast its
NetBIOS name on the network when it boots.
If another system is already using that NetBIOS name, an error will be generated,
indicating that a name conflict exists.
Hosts still need to be able to resolve NetBIOS names into IP addresses. To do this
without a WINS server, a NetBIOS host that needs to contact another host sends
out a broadcast. The host with the requested NetBIOS name responds back with
its IP address.
Workgroups
Workgroups dont require a server, although they arent prevented from participating
in a workgroup. Windows 9x, ME, NT, 2000, XP, Server 2003, Vista, and Server
2008 systems can all share resources in a workgroup.
In addition, a Samba server or client on Linux can participate in a Windows
workgroup. The other Windows systems in the workgroup dont know the difference
between a Linux Samba system and other Windows hosts.
However, workgroups have a major shortcoming that limits their usefulness. Each
computer system has to maintain its own separate set of user accounts. If users want
to access resources on another system in the workgroup, they must have a user
account configured on the remote system. If users need to use resources located on
multiple systems, they must authenticate separately to each host.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
117
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
If the user passwords are the same on all hosts, this process works relatively well.
However, if different usernames or passwords are used on each system, access is
denied. Keeping user accounts synchronized in a large workgroup can quickly
become a difficult administrative task.
In addition, because of the way NetBIOS uses broadcasts, it can be difficult to
implement a workgroup on a routed network.
Domains
For the reasons listed above, workgroups usually arent implemented in large
organizations. Instead, most large Windows networks are configured to use domains.
A Windows domain is a logical grouping of computer systems on a network, much
like a workgroup.
Unlike a workgroup, however, a domain uses a central database of user accounts
which all systems that are members of the domain use for authentication. One or
more servers are configured with the user account database (the domain).
Domains overcome the weaknesses associated with workgroups. First, domains can
span multiple network segments. In addition, domains also create a single point of
administration.
Domains also eliminate the need for multiple user logins. Because access to all
resources in the domain is controlled by the domain database, users need to
authenticate only once to the domain. After they are authenticated, they can access
whatever domain resources they have access to.
Domain Controllers
The system that hosts the domain database is called the domain controller. The
domain controller is a server that runs a service called the Security Account Manager
(SAM).
Every domain must have one or more domain controllers. On a Windows network,
one server is configured as a primary domain controller (PDC). The PDC is the
authoritative source of domain data.
Each domain can have only one PDC. However, for fault-tolerance purposes, more
than one domain controller should be configured. For redundancy purposes, a
Windows network can be configured with a backup domain controller (BDC). A
BDC has a copy of the domain database from the PDC. If the PDC goes down, the
BDC jumps in and takes over, ensuring that the network keeps working. A domain
can have multiple BDCs.
A BDC is non-authoritative in a Windows network. You cant directly update the
domain database on a BDC. Instead, you make all changes to the PDC domain
database. The PDC then synchronizes the domain with all BDCs in the domain at
periodic intervals. A user can use either a PDC or a BDC to authenticate to the
domain.
118
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Its also possible for a server to exist in a domain without being a PDC or a BDC. Its
called a member server.
To communicate with the Active Directory service, the SLED 11 client must have the
following protocols configured:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
119
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 5-2
120
Name Service Switch (NSS): NSS provides name service information using
nss_winbind. This module interacts directly with the winbind daemon.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
You join a domain using the YaST Domain Membership module. You can join a
domain during installation of the SLED 11 workstation or after the system has been
installed.
When you join a domain, the Windows server and the Linux client establish a secure
relationship. On the client, the following tasks need to be completed to integrate into
the LDAP and Kerberos SSO environment provided by the AD domain controller:
1.
The AD domain controller providing both LDAP and Key Distribution Center
(KDC) services is located.
2.
3.
An initial ticket granting ticket (TGT) is obtained for the SLED 11 client and
stored in its local Kerberos credential cache. The client needs this TGT to get
further tickets allowing it to contact other AD services.
4.
NSS and PAM are reconfigured to enable the SLED 11 client to authenticate
against the domain controller.
5.
During client boot, the winbind daemon is started and retrieves the initial
Kerberos ticket for the machine account.
6.
7.
The winbind daemon periodically queries the domain controller to keep track of
the current account policies.
Login Support
The GNOME and KDE login managers both support AD domain logins. Users can
choose to log in to the primary domain the SLED 11 client has joined or to a trusted
domain.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
121
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Account Locked Out: A message is displayed indicating the users account has
been locked and that the user should contact the system administrator.
Password Has To Be Changed: The user is allowed to log in, but a warning is
displayed indicating that the user's password needs to be changed soon. This
warning is sent three days before that password expires. After expiration, the user
cannot log in again.
Invalid Logon Hours: This message is displayed when a user is only allowed to
log in during specified hours and tries to log in outside those hours. A message is
displayed indicating login is not currently possible.
Account Expired: This message is displayed when you have set an expiration
time for a user account. If the user tries to log in after that time has passed, the
user sees a message indicating the account has expired.
SUSE Linux Enterprise Desktop supports local home directories for AD users. If
configured through YaST as described in Joining SLED 11 to an Active Directory
Domain on page 124, user homes are created at the first login of a Windows (AD)
user into the Linux client. These home directories look and feel entirely the same as
standard Linux user home directories and work independently of the AD domain
controller.
Home Directory Support
SLED 11 supports the creation of local home directories for users in the AD domain.
If configured using YaST, user home directories are created the first time an AD user
logs in from the SLED 11 client. These home directories function in exactly the same
manner as standard Linux users home directories. They are independent of the AD
domain controller.
122
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Using local home directories, its possible for users to access their data on the SLED
11 workstation, even if the AD server is not reachable. To make this work, however,
the SLED 11 client has to be configured to support offline authentication.
NOTE: Configuring offline authentication is discussed in the next objective in this section.
Users in a corporate environment frequently need the ability to roam. For example,
they may need to switch networks or even work disconnected for some time.
To enable users to log in to a disconnected machine, extensive caching has been
integrated into the winbind daemon. The winbind daemon continues to enforce
password policies even in the offline state. It tracks the number of failed login
attempts and reacts according to the policies configured in Active Directory.
Offline authentication is disabled by default and must be explicitly enabled in the
YaST Domain Membership module.
Even if the domain controller is unreachable, users can still access network resources
(other than those on the domain controller server itself) with valid Kerberos tickets
that were acquired before losing the connection. However, password changes cannot
be processed until the domain controller is back online.
When the domain controller is available again, the SLED 11 client acquires a new
Kerberos ticket the next time the user locks and then unlocks the desktop (for
example, using the desktop screen saver).
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
123
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 2
A DNS server that can forward DNS requests to the AD DNS server
WARNING: The AD DNS server must be configured as the first DNS server in your SLED 11
workstations list of name servers.
NTP: To authenticate via Kerberos, the SLED 11 client must have its time set
accurately. We recommend you use a central NTP time server for this purpose;
however, you can also use the NTP service running on your AD domain
controller.
If the time difference between your SLED 11 workstation and the domain
controller exceeds a certain limit, Kerberos authentication will fail and the client
will be logged in using weaker NTLM (NT LAN Manager) authentication.
124
DHCP. If your SLED 11 client uses dynamic network configuration via DHCP,
you should configure DHCP to provide the same IP address and hostname to the
client each time.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Start YaST on the SLED 11 workstation you want to add to the AD domain by
selecting Computer > YaST.
2.
3.
Figure 5-3
4.
In the Domain or Workgroup field, enter the name of the domain you want to
join.
If the DNS settings on your workstation point to the Windows DNS server, enter
the AD domain name using DNS syntax. If you enter the short name of your
domain, YaST must rely on NetBIOS name resolution instead of DNS to find the
correct domain controller.
Version 1
5.
Select Also Use SMB Information for Linux Authentication to use the domain
controller for Linux authentication.
6.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
125
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
7.
Select Offline Authentication to allow your domain users to log in even if the
domain controller is unreachable.
NOTE: For offline authentication to work, users must log in successfully at least once.
8.
(Optional) If you want to allow users to share their directories, select Allow
Users to Share Their Directories.
This allows users who are members of the group listed in the Permitted Group
field to share the directories they own with other users. You can limit the number
of shares users can create by entering the appropriate figure in the Maximum
Number of Shares field.
You can also permit access shares on the SLED workstation without
authentication by selecting Allow Guest Access.
9.
Figure 5-4
b.
126
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
c.
Figure 5-5
d.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
127
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 5-6
e.
In the Address field, enter the DNS name or IP address of your domains
NTP time provider.
In the figure above, the NTP service on the domain controller itself was
automatically detected and entered.
f.
128
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 5-7
g.
h.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
129
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 5-8
i.
j.
Select OK.
You are returned to the Windows Domain Membership screen.
You are prompted that the workstation is not a member of the domain, as shown
below:
130
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 5-9
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
131
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 5-10
Wait while the SLED workstation is added to the domain. When complete, you
should be prompted that the domain join was successful, as shown below:
132
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 5-11
If necessary, insert your SLED 11 installation media into your optical drive.
b.
Select Install.
Wait while the packages are installed and the system configuration is written.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
133
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 5-1
In the Login menu at the bottom of the screen, select your domain from the list
displayed.
An example is shown below:
Selecting a Domain For Login
Figure 5-12
2.
Type your domain username in the Username field and press Enter.
3.
134
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 5-13
Notice in the figure above that a new home directory was created for the tuxpenguin
user because the Create Home Directory on Login option was marked when the
workstation was added to the domain.
In this configuration, all domain users have their home directories created within the
/home/domain_name directory when they first authenticate to the system. In the
example above, the tuxpenguin domain users home directory is created in /home/
DIGITALAIRLINES/tuxpenguin, as shown below:
Figure 5-14
NOTE: The process for logging in to the domain from the KDE desktop is similar.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
135
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
In addition to logging in from GNOME and KDE, you can also authenticate to the
domain from the login: prompt. To do this, enter domain_name\user_name at the
login: prompt and then provide the domain users password.
You can also log into the SLED 11 workstation remotely as a domain user via SSH.
On the remote system, enter ssh domain_name\\user@hostname at the shell prompt,
followed by the domain users password.
The password change will not be successful unless all requirements configured in the
domain and/or domain controller security policies have been met.
To change your password from the shell prompt, do the following:
1.
2.
3.
4.
If your new password does not comply with the domain security policies, an error
message is displayed and you are prompted to use a different password.
You can also change your domain password from within the GNOME desktop. Do
the following:
1.
2.
136
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 5-15
Version 1
3.
4.
5.
Select OK.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
137
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 5-2
138
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 3
Using the Samba service on your SLED 11 workstation, you can mount a shared
folder from the Windows domain into the file system of your workstation. To do this,
complete the following:
1.
Open a terminal window and switch to your root user account using the su command.
2.
At the shell prompt, use the mkdir command to create the local directory where
you want to mount the remote share (if necessary).
3.
At the shell prompt, mount the remote share using the following command:
mount -t cifs //server_name/share_name /point_point
For example, if a remote share named data resides on a server named da1 and
you want to mount it in the /mnt directory, you would enter the following:
mount -t cifs //da1/data /mnt/samba
NOTE: For a list of options you can use when using the mount command to mount a Windows
share, enter man mount.cifs at the shell prompt of your SLED 11 workstation.
4.
Enter mount at the shell prompt to verify that the remote share was mounted.
You can also use the smbclient command to view the shared resources available
on a Samba/Windows server. This is done by entering smbclient -L
server_address at the shell prompt.
You can use the gvfs-mount command to mount a remote Samba/Windows share in
much the same manner as you use mount. Enter gvfs-mount smb://
server_address/share at the shell prompt. When you do, the remote file
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
139
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
system will be mounted in a subdirectory of the ~/.gvfs directory and an icon will
be created for you automatically on your GNOME desktop.
Browsing Shared Folders from GNOME
You can also browse shared folders in the domain and mount them from within the
GNOME File Browser. Do the following:
1.
2.
3.
Figure 5-16
4.
5.
Double-click the server where the shared folder you want to access resides.
A list of shares on the server is displayed, as shown below:
140
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 5-17
6.
Right-click the share you want to access; then select Mount Volume.
When you do, a shortcut is added to your desktop that you can use to access the
share, as shown below:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
141
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 5-18
7.
8.
If you want to disconnect from the share, right-click the link on the desktop; then
select Unmount Volume.
2.
3.
4.
5.
Under Use Another Print Server or Use a Network Printer Directly, select
Connection Wizard.
6.
On the left under Print Via Print Server Machine, select Microsoft Windows/
SAMBA (SMB/CIFS).
The following is displayed:
142
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 5-19
7.
8.
Server (NetBIOS Host Name). Enter your print servers NetBIOS name.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
143
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 5-20
9.
Select OK.
11. Select the appropriate driver for your shared printer from the list displayed.
144
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
12. In the Set Name field, enter a queue name for your printer. You can use letters,
numbers, and underscores in the queue name. It must start with a letter.
13. Select OK.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
145
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 5-3
146
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Summary
The following is a summary of what you learned in the course objectives.
Objective
Summary
Describe How SLED 11 Integrates with Active With SLED 11, you can join existing Active
Directory
Directory (AD) domains and integrate your
Linux machine into a Windows environment.
Users can authenticate using domain user
accounts and access shared domain
resources.
Active Directory is a directory service based
on LDAP and Kerberos used by Microsoft
Windows networks to manage resources,
services, and users.
AD represents these network resources as
objects within the directory service. It stores
information about these objects, manages
access, and enforces policies.
With SLED 11 configured as an AD client and
joined to a domain, you can take advantage of
the following benefits:
Offline authentication
DNS
NTP
DHCP
Firewall
AD account
AD Administrator account
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
147
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
148
Objective
Summary
Shared folders
Shared printers
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
SECTION 6
In this section, you learn how to integrate SLED 11 into a Novell eDirectory
environment.
Section Objectives
Version 1
1.
Describe How the Novell Client for Linux Works on page 150
2.
Install and Configure the Novell Client for Linux on SLED 11 on page 160
3.
4.
5.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
149
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 1
The Role and Function of the Novell Client for Linux on page 158
When working with eDirectory, you need to be familiar with the following:
eDirectory Components
150
Tree: The eDirectory tree is a hierarchical structure that stores and organizes
objects. It includes the tree object as well as container objects. The eDirectory
tree lets you view the logical organization of network resources in the Directory
database.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Schema: The schema defines the types of objects that can be created in your tree
(such as users, printers, and groups) and what information is required or optional
at the time an object is created.
Figure 6-1
Values: A value is the data contained within a property. For example, a user
object has an attribute (or property) called Last Name which, in turn, has a
value, such as Johnson.
eDirectory Objects
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
151
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The schema defines the object classes and properties, along with the rules of
containment, which specify which containers can contain which object types.
eDirectory object classes can be divided into three categories: Tree, Container, and
Leaf, as shown in the following figure:
Figure 6-2
Tree Root
DA
Container
eDirectory
Object
Types
SLC
Leaf
The tree object (also called the tree root) is created when you install the first
eDirectory server in your network. As the top-most object in the tree, it can hold only
organization objects, country objects, or alias objects. There is only one tree object
per eDirectory instance. The name of the tree object is also the name of the
eDirectory tree itself.
Container objects contain leaf or additional container objects. They are used to
logically group and organize the objects of your Directory. They can represent
countries, locations within countries, companies, departments, responsibility centers,
workgroups, or shared resources. The following figure shows several classes of
container objects:
152
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-3
Domain
License Container
Organization
Organizational Unit
Security Container
The table below describes some of the more commonly used container objects:
Table 6-1
Description
Country (C)
Version 1
Domain (DC)
Organization (O)
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
153
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Leaf objects represent network resources, such as users, workstations, servers, and
volumes. Several classes of leaf objects are shown below:
Figure 6-4
Server
Application
Organizational Role
Directory Map
Printer
(Non-NDPS)
Group
Print Server
(Non-NDPS)
LDAP Group
Profile
LDAP Server
Unknown
License Certificate
User
NDPS Broker
NDPS Manager
Volume
NDPS Printer
Workstation
The following table lists some of the most commonly used eDirectory leaf objects:
Table 6-2
Description
Alias
154
Group
Organizational role
Print server
Printer
Profile
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Leaf Objects
Description
Server
Template
User
Volume
eDirectory Context
Login BJohnson?
DA
SLC
BJohnson
BJohnson
The context for the BJohnson object on the left is BJohnson.SLC.DA. The context
for the BJohnson object on the right is BJohnson.DA.
The term context can also refer to your current position in the eDirectory tree. When
you navigate to a location in the eDirectory tree, your context is your current position,
or current context, in the tree. It does not refer to where your user object resides in the
eDirectory tree.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
155
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
eDirectory Naming
eDirectory uses naming conventions to allow you to precisely identify and locate
objects in your tree. You must provide eDirectory with enough information to locate
the object in the eDirectory tree. You specify this information in the object name.
For example, in the following figure, two user objects named BJohnson exist in
separate containers in the Directory. If you log in as BJohnson, which user object
should eDirectory use?
Figure 6-6
Login BJohnson?
DA
SLC
BJohnson
BJohnson
An object name identifies an object in the eDirectory tree. In the figure above, the
object names contain information that uniquely identifies each object and their
location in the eDirectory tree.
The name of each object you create in the eDirectory tree consists of the following:
Name value
The attribute type of the object name determines if the object will be accessed as a
container or leaf object in the eDirectory tree. The name value of the object is the
name you enter for the object when you create it.
The following name attribute types are assigned to the most common eDirectory
objects:
An objects distinguished name is a combination of its common name and its context.
This identifies the object all the way to the top, or root, of the tree. An object is
exactly identified with a distinguished name. Two objects in the same tree cannot
have the same distinguished name.
A distinguished name starts with a leading period. The objects in the name are
separated by periods. The names of all objects, from the tree object to the object
being named, are included in the distinguished name.
156
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
In the figure below, the distinguished name for the user object BJohnson in the
organizational unit SLC in the organization DA is .CN=BJohnson.OU=SLC.O=DA.
The distinguished name for the user object BJohnson in the organization DA is
.CN=BJohnson.O=DA.
Figure 6-7
O=DA
OU=SLC
CN=BJohnson
CN=BJohnson
.CN=BJohnson.OU=SLC.O=DA
.CN=BJohnson.O=DA
A relative distinguished name, on the other hand, lists the path of objects leading
from the object being named to the container representing the current context, or
current location, in the eDirectory tree. A relative distinguished name does not start
with a leading period, but does use periods to separate objects in the name.
For example, if your current context is O=DA, you could refer to each BJohnson user
object as shown in the following:
Figure 6-8
O=DA
OU=SLC
CN=BJohnson
CN=BJohnson
Valid Names
CN=BJohnson.OU=SLC
Version 1
CN=BJohnson
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
157
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
When you use a relative distinguished name, eDirectory must build a distinguished
name from it. This is accomplished by appending the relative distinguished name to
the current context:
Relative Distinguished Name + Current Context = Distinguished Name
eDirectory naming can also be either typeful or typeless. A typeful name uses
attribute type abbreviations (such as CN or OU) to distinguish between the different
container types and leaf objects in an objects distinguished or relative distinguished
name. Although not mandatory, using types helps avoid confusion that can occur
when using typeless naming. For example, .CN=BJohnson.O=DA is a typeful name.
A typeless name does not include the object attribute type. For example, the typeless
distinguished name for .CN=BJohnson.OU=SLC.O=DA is .BJohnson.SLC.DA.
SUSE Linux Enterprise Desktop 10: Novell Client for Linux 1.2
SUSE Linux Enterprise Desktop 10 SP1 (32- and 64-bit versions): Novell
Client for Linux 2.0
SUSE Linux Enterprise Desktop 10 SP2 (32- and 64-bit versions): Novell
Client for Linux 2.0 SP1
openSUSE 10.3 (32-bit or 64-bit): Novell Client for Linux 2.0 SP1
SUSE Linux Enterprise Desktop 11: Novell Client for Linux 2.0 SP2
openSUSE 11.1 (32-bit or 64-bit): Novell Client for Linux 2.0 SP2
IMPORTANT: Do not install the 32-bit version of the Novell Client Linux onto a 64-bit operating
system. If you do so, you will lose the ability to log in to the GUI credential provider. You will see
the error message Authentication Failed and will be unable to log in.
158
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The Novell Client for Linux has been modified from the Windows version to enable
it to function on the Linux platform. In Windows, the Novell Client loads a single
binary that works on multiple operating system platforms without modifications.
The Novell Client for Linux, on the other hand, uses a virtual file system that consists
of the following components:
Both components must be running on the workstation for the client to connect to the
network. The daemon can run on any of the supported Linux platforms without
modification. The kernel module, however, is dependent on the kernel version and
must be compiled to match the kernel on the workstation.
When the Novell Client is installed, it compiles the kernel module during the
installation process. If this process fails, the kernel module cannot load and it
attempts to recompile when the workstation is restarted.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
159
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 2
Once the download is complete, use one of the following options to install the Novell
Client for Linux:
160
Installing the Novell Client from the Shell Prompt on page 161
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The first option for installing the Novell Client for Linux is to run an installation
script at the shell prompt of the workstation.
An installation script named ncl_install is provided in the Novell Client for
Linux installation media. The ncl_install script is located at the root of the install
media files, as shown in the figure below:
Figure 6-10
You can use the options shown in the following table with the ncl_install script:
Table 6-3
Version 1
Description
ncl_install install
ncl_install upgrade
ncl_install uninstall
ncl_install verify
ncl_install information
ncl_install files
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
161
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
To install the Novell Client for Linux 2.0 SP2 on SLED 11, you need to complete the
following steps:
1.
Mount the Novell Client for Linux ISO file in a directory in your SLED
workstations file system, such as /mnt. A sample command for doing this is
shown below:
mount -o loop /tmp/novell-client-2.0-sp2.sle11-i586.iso /mnt
2.
3.
4.
At the shell prompt, switch to your root user account by entering su - at the
shell prompt; then enter your root users password.
5.
At the shell prompt, use the cd command to switch to the directory where your
Novell Client for Linux 2.0 SP2 ISO image is mounted.
For example: cd /mnt
6.
Figure 6-11
7.
162
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
You are again prompted to confirm the size of the download. Enter YES.
Wait while the packages are installed. This may take up to 5 minutes to complete,
depending upon your workstation hardware.
After a few minutes, you are prompted to install the Novell Konqueror plugin, as
shown below:
Installing the Novell Konqueror Plugin
Figure 6-12
9.
10. When prompted to confirm the size of the plugin installation, enter YES.
After a few minutes, you are prompted to install the Novell Nautilus plugin, as
shown below:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
163
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-13
Restart the workstation: This is the best way to ensure that the Novell
Client for Linux is installed and started correctly. To do this, enter init 6
(while still logged in as root) at the shell prompt.
Manually start the Novell Client: To manually start the Novell Client, enter
/opt/novell/ncl/bin/ncl_control start (while still logged in
as root) at the shell prompt. This command loads all the Novell Client
daemons.
14. Once the installation is complete and the client has been started, you can verify
164
a.
If necessary, open a terminal session and switch to your root user account
using the su - command.
b.
c.
d.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-14
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
165
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-16
In addition to installing the Novell Client for Linux from the shell prompt, you can
also install it using a graphical user interface from YaST. To do this, complete the
following:
1.
2.
Open a terminal session, switch to root using the su - command, and then
enter yast2 at the shell prompt.
From within the Gnome desktop environment, select Computer > YaST.
3.
4.
166
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-17
5.
Select Add.
6.
In the Media Type screen, select Local ISO Image; then select Next.
7.
In the Path to ISO Image field, browse to and select the Novell Client for Linux
ISO file you downloaded from Novell Download (http://download.novell.com).
8.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
167
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-18
9.
10. In the Software Manager screen, select Patterns from the filter drop-down list.
11. In the left frame, scroll down to and double-click the Novell Client for Linux
168
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-19
Restart the workstation: This is the best way to ensure that the Novell
Client for Linux is installed and started correctly.
Manually start the Novell Client: To manually start the Novell Client, open
a terminal session, switch to your root user account using the su - command,
and then enter /opt/novell/ncl/bin/ncl_control start at the
shell prompt.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
169
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 6-1
2.
Launch the Novell Client Configuration Wizard by doing one of the following:
In the System Tray, select the N icon; then select System Settings.
170
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-20
3.
4.
Version 1
Select the configuration pages that contain the settings you want to configure.
You can select from the following:
Login
Map
Protocol
Tray Application
File Browser
SLP
Select Start Wizard. If you selected Login in the Introduction screen, the Login
Settings screen is displayed, as shown in the following:
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
171
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-21
You can use this wizard page to specify the settings that will be available to users
in the Novell Login dialog box:
172
Allow Dots in User Name: Allows periods (.) to be used in the User Name
field.
Clear Previous User Name: Clears the previous username from the User
Name field every time you open the login dialog in the Client.
Integrated Login: Enables the integrated login feature for the entire system.
This is set by the administrator and cannot be overridden by the user.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
5.
Delete Integrated Login Profiles: Removes the existing login profiles for
all users on this workstation.
Default Context: Specifies the default user context when logging in.
Mark the appropriate options in the Login Settings screen; then select Next.
If you marked Map in the first wizard screen, the Map Settings screen is
displayed, as shown below:
Figure 6-22
You use the Map Settings page to specify the directory on the local workstation
where symbolic links to network resources are created. You can also select the
first drive letter to use when creating these links.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
173
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Map Link Default Location: Specifies the path to the directory where Map
creates symbolic links to network resources on the server. The default value
of %HOME creates symbolic links in the users home directory.
First Network Drive: Specifies the first drive letter for Map to use when
creating symbolic links to network resources on the server if a specific drive
letter is not included in a users login script.
NOTE: The Novell Client for Linux creates a symbolic link to server volumes when the
Map command is called in a login script. The link appears as a directory named with a
drive letter. In the Windows version of the client, server volumes are mapped to specific
drive letters. Even though the Linux file system does not use the concept of drive letters,
the term is still used to maintain continuity between the Windows and Linux versions of
the Client.
6.
174
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-23
Version 1
DNS
NCP
SLP
NCP Signature Level: Specifies the level of security required by the client,
including the use of a message digest algorithm and a per connection/per
request session state. You can select one of the following levels:
0: Disabled
2: Preferred
3: Required
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
175
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The default value is 1. You can change this to a higher security level (2 or 3)
but doing so will slightly impact performance.
DHCP Settings: If your DHCP server has been configured to deliver Novell
Client login settings as DHCP options, you can enable the Client to use these
settings by marking one or more of the following:
Tree
Context
Server
File Caching: Enables or disables the caching of network files on the local
workstation. This option is enabled by default.
NOTE: If you make any changes in this wizard page, you must reboot the workstation for the
changes to take effect.
7.
176
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-24
You use the Tray Application Settings page to configure the Novell Client Tray
Application to automatically launch when the system starts and to determine
which options on the Tray Application menu are available to users.
This page contains the following options:
Version 1
Novell Login
Novell Logout
Novell Connections
Change Password
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
177
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
8.
Novell Utilities
User Administration
System Settings
Figure 6-25
You use the File Browser Settings page to specify which Novell Client options
are available to users when they right-click server directories or files in a file
manager, and which tabs are available on the Novell File, Folder, and Volume
Properties pages.
178
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Navigation Panel Icon (KDE only): Enables or disables the File Browser
Navigation Panel icon. This icon is displayed only in KDE.
Purge Novell Files: Enables or disables the Purge Novell Files menu option
when users right-click a server directory or file in a file manager.
Salvage Novell Files: Enables or disables the Salvage Novell Files menu
option when users right-click a server directory or file in a file manager.
File and Folder Information: Enables or disables the File Information and
Folder Information tabs on the File and Folder Properties pages.
NOTE: These pages are available when users right-click a server directory or file in a
file manager and then select Novell Properties.
9.
Novell Rights: Enables or disables the Novell Rights tab on the File and
Folder Properties pages.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
179
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-26
You use the Service Location Protocol (OpenSLP) Settings page to specify where
and how the Client locates network services.
In an IP-only network, the Novell Client needs a way to locate the IP address of
network services, such as eDirectory trees and servers, prior to authenticating to
the network.
To do this, the Client must be able to resolve the tree and server names you enter
in the Client login screen into IP addresses.
NOTE: After authentication, the Client uses addressing information in the eDirectory tree to
locate network resources.
180
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
NOTE: Alternatively, you could manually configure an entry in each workstations hosts file.
While this may be possible on a small network, it really isnt feasible on a large network.
To address these issues, Novell helped develop the Service Location Protocol
(SLP) standard. On Linux, SLP is provided by the OpenSLP service.
NOTE: The SLP standard is defined in RFC 2165 (SLP version 1) and RFC 2608 (version 2).
With SLP, services register their availability with an SLP agent when they are
brought up. The agent keeps track of which services are available and where they
are located. When a service is shut down, it deregisters itself with the agent.
From a high-level viewpoint, the information that SLP maintains about a service
is simply the service name and the IP address of the host (normally a server) that
is running this service.
SLP uses the following components to represent and discover services on the
network:
Service Agent (SA). The SA is a software entity that works on behalf of the
services running on its server. The SA replies to UAs who request services
that are running on its server. The SA can register its services with DAs.
Version 1
The UA on the client workstation can send multicast requests to all network
hosts configured to listen on the multicast address when it needs to locate a
particular resource. If a host has the resource being requested, it responds to
the requesting system with the appropriate address information, as shown
below:
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
181
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-27
Multicast Request
UA
SA
SA
SA
Unicast Response
Figure 6-28
SA
SA
DA
SA
Unicast
Request
Unicast
Response
UA
You use the Service Location Protocol (OpenSLP) Settings page in the Client
wizard to specify how SLP will be configured on the workstation. You have the
following options:
Scope List: Specifies the scopes that the UA on the workstation is allowed to
use to locate network resources.
Directory Agent List: Specifies the DAs on the network that the UA on the
workstation must use to locate services. If this setting is not used, dynamic
DA discovery is used to determine which DAs to use.
182
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
NOTE: If you make changes to the Service Location Protocol (OpenSLP) Settings page, you
must reboot the workstation for those changes to take effect.
10. Make the appropriate changes to your SLP configuration; then select Next.
When you do, the summary page is displayed in the wizard, as shown below:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
183
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 3
Authenticating to eDirectory
To authenticate to eDirectory using the Novell Client for Linux, do the following:
1.
Log in to your SLED 11 workstation using a Linux user account and password.
2.
3.
Figure 6-29
4.
184
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-30
5.
Tree name
Context
Server
6.
Select OK.
7.
Verify that you are logged in correctly by selecting the N icon; then select Novell
Connections.
You should see the name of the tree, server, and user that you used to
authenticate, as shown in the following:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
185
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-31
8.
Select Close.
186
Select the N icon in the system tray; then select Novell Map Directory. The
following is displayed:
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-32
Version 1
2.
In the Workstation File System field, enter the path to where you want the
mapped folder to reside. By default, your users home directory is displayed.
3.
In the Enter a Name... field, enter a name for the mapped folder or select a drive
letter from the drop-down list.
4.
In the Novell File System field, browse to and select the server, volume, and
directory that the mapped folder should point to. This is shown in the following:
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
187
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-33
188
5.
(Optional) If you want the folder to be mapped every time you log in, mark Map
This Drive At Startup.
6.
Select Map.
7.
When prompted that the mapped directory has been created, select OK. You can
also select Browse to view the newly mapped directory. In the following figure,
the DATA_on_DA3 folder in the geeko users home directory has been mapped
to the DATA volume on the DA3 server:
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-34
If you double-click the mapped folder, you should see the contents of the path on the
server volume that the folder points to, as shown in the following:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
189
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-35
What you can do with files and directories within the mapped folder is controlled by
the file system rights that have been assigned to your user object in the eDirectory
tree.
If you need to disconnect a mapped folder, do the following:
1.
Select the N icon in the system tray; then select Disconnect Novell Mapped
Directory.
A screen similar to the following is displayed:
190
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-36
2.
Select the mapped directory you want to disconnect; then select Disconnect.
3.
Select Close.
Logging Out
To log out from the eDirectory tree, do the following:
1.
Select the N icon in the system tray; then select Novell Logout.
A screen similar to the following is displayed:
Logging Out
Figure 6-37
2.
Version 1
Select Logout.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
191
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
If you see this error, first verify that OpenSLP has been installed and configured on
your workstation. You can verify that the package has been installed by opening a
terminal session, switching to root with the su - command, and then entering rpm
-q openslp at the shell prompt. You should see results similar to the following if
the package has been installed:
Figure 6-39
You should then verify that SLP has been configured properly. This is done using the
Novell Client for Linux Wizard, as discussed earlier in this course. You can access
the wizard by selecting Configure SLP in the error window shown in the figure
above or by selecting the N icon in the system tray and selecting System Settings.
192
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Next, you need to verify that the host firewall on the workstation has been configured
to allow SLP traffic through it. The procedure you need to complete depends upon
your SLP configuration.
If you are using UAs and SAs without DAs, then you need to configure your host
firewall to allow multicast traffic. Complete the following:
1.
Open the Firewall module in YaST. This can be done in several ways:
Start YaST, enter your root users password, and then select Security and
Users > Firewall.
Figure 6-40
Version 1
2.
Select Interfaces.
3.
Select Advanced.
4.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
193
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
5.
In the Interface Zone drop-down list, select Internal Zone, as shown below:
6.
Select Broadcast.
Changing the Interface Zone
Figure 6-41
7.
Select OK.
WARNING: You should do this only if your network is protected from the Internet by a
separate firewall. The internal interface zone has a lower level of security than the external
interface zone. You should not do this if the workstation is connected directly to the Internet.
8.
9.
Close YaST.
At this point, you should be able to browse for network resources using SLP
multicasts. For example, to view a list of eDirectory trees on your network, select
Trees in the Novell Login dialog. After a few seconds, a list of available eDirectory
trees is displayed, as shown below:
194
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-42
If your network has been set up with UAs, SAs, and DAs, then you need to open the
SLP ports for unicasts in your host firewall. Do the following:
1.
2.
3.
Select Advanced.
4.
In the TCP Ports and UDP Ports fields, enter 427 197 113 39.
5.
Select OK.
6.
Select Broadcast.
7.
Select Add.
8.
In the Service drop-down list, select SLP Browsing; then select Add.
This is shown below:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
195
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-43
9.
196
Description
ncl_tray
nwconnections
nwcopy
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Command
Description
nwflag
nwlogin
nwlogout
map
nwrights
To view the syntax for using any of these commands, open a terminal window and
enter man command_name at the shell prompt.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
197
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 6-2
Enable CASA
For integrated login to work, the Novell Common Authentication Services Adapter
(CASA) must be installed and enabled on the workstation. CASA is a common
authentication and security package that provides a set of libraries for application and
service developers to enable single sign-on to the network.
WARNING: Before you can enable CASA, you must first update the Mono packages on your
SLED 11 workstation to the latest versions. Otherwise, integrated login wont work on your system.
198
1.
2.
3.
4.
5.
In the Packages Listing field, identify the CASA packages, as shown below:
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Installing CASA
Figure 6-44
6.
CASA
CASA-kwallet
CASA-gui
CASA_auth_token_client
yast2-CASA
7.
Select Apply.
8.
If prompted that the CASA packages are unsupported, select OK to continue the
installation.
9.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
199
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-45
2.
3.
4.
Select Finish.
5.
Close YaST.
Once CASA has been enabled, you need to configure the workstation to use
integrated login.
To do this, you first need to enable integrated login system-wide on the SLED 11
workstation by doing the following:
200
1.
2.
3.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
4.
5.
Select Display Integrated Login Results to display the Integrated Login Script
Results window when the user desktop is launched.
If this option is disabled, all login scripts are run silently and the Integrated Login
Script Results window is not displayed, but login scripts are still processed.
NOTE: You can also delete stored profiles by selecting Delete Integrated Login Profiles.
6.
Select Next.
7.
Next, you need to configure integrated login in the Novell Client Login dialog. Do
the following:
1.
2.
3.
Figure 6-46
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
201
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
4.
5.
Tree name
Context
Server
Figure 6-47
6.
7.
8.
9.
When prompted that the login profile has been saved, select OK.
Now, the next time you log in to your SLED 11 workstation, you will also
automatically log in to the eDirectory tree as the user you specified.
202
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 6-3
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
203
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 4
Using iPrint, mobile users no longer need to contact the Help Desk to request a
printers name and context, and the required printer driver. Instead, mobile users
work within a familiar web browser to locate nearby printers using iPrints Printer
List web page or maps created by the system administrator.
Companies can also lower communication costs by reducing the need to fax
documents between offices. Instead, companies can use their existing Internet
connections to print documents to remote printers.
204
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
iPrint uses the Internet Printing Protocol (IPP), an industry standard, to eliminate the
complexities of printing over the Internet and to make location-based printing a
reality. The benefits of IPP include the following:
It provides a standard print protocol for all platforms (such as Linux, Macintosh,
and Windows).
Location-based printing
For secure printing needs, iPrint integrates with eDirectory to ensure that only
authorized users can access the printer. Users are required to authenticate with their
eDirectory username and password. Print data is also encrypted to ensure that
sensitive print data is kept secure and unaltered.
iPrint on an OES 2 Linux server consists of three main components: the Print
Manager, the Driver Store, and the iPrint Client. Other supporting components
include Apache Web Server, Novell iManager, and eDirectory.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
205
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-49
iPrint Components
Print Manager
The Print Manager is an object in the eDirectory tree as well as software that runs on
an OES server. The Print Manager provides a platform for Printer Agents to reside on
the server. Printer Agents are representations of actual printers. Print jobs are
submitted to the Print Manager; the print job is then forwarded to a printer when the
printer is ready.
206
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-50
A single Print Manager can handle print jobs for multiple printers. Depending on
your network configuration (for example, remote locations), you can create
additional Print Managers on other servers, but only one Print Manager can exist on
any one server.
Driver Store
The Driver Store is an eDirectory object. It is a repository of printer drivers for your
print system. Only one Driver Store is required on a network, but you can create
additional Driver Stores if required.
When the first user of a printer installs that printer, the Print Manager requests the
associated printer driver from the Driver Store, and the Print Manager saves the
printer driver to disk for future use.
iPrint Client
To send jobs to an iPrint printer, the iPrint Client must first be installed on the users
workstation. iPrint Clients are available for Linux, Windows, and Macintosh
workstations.
The Linux iPrint client includes the following components:
Browser plug-in. The iPrint client contains a browser plug-in for Mozilla-based
browsers. This plug-in lets you install printers through your web browser.
Console utility. The Linux iPrint client includes the iprntcmd utility that lets you
install printers, print test pages, and upload drivers to a Driver Store from a
console prompt.
CUPS Integrator. The client integrates with the CUPS back end and uses the
CUPS local spooler to send print jobs to the Print Manager.
The Linux iPrint Client is packaged in two different installations that control access
to the print system. The following table explains the differences between the two
clients:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
207
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Table 6-5
Workstation
Access
Description
novell-iprint-xclient-sh-version.i586.rpm
Security high.
Limited access to
the print system.
novell-iprint-xclient-sl-version.i586.rpm
Security low.
This client allows all users of
Unlimited access
the workstation to install,
to the print system. delete, or administer printers
and print jobs on the
workstation, including printers
and print jobs of other users.
By default, the iPrint Printer
List Web page installs this
RPM.
The security level of the above clients does not affect installation of the iPrint Client,
just access to the workstation print system. To install either iPrint Client, you still
need root permissions.
When installing a secure iPrint printer, you might be prompted twice for your
username and password. First, you are prompted to provide your network credentials
to verify that you have access to the printer; it would be no use installing a printer that
would not allow you to print. The second prompt is for CUPS printers to ensure you
have rights to install printers on the client machine. You need to provide the root
password or be defined in the CUPS lppasswd file.
Printing to secure printers is supported only when you are logged in to the desktop. If
for any reason the CUPS iPrint back end cannot deliver the job to a secure printer, the
job is requeued to the client with a hold. You can then see the held job and release it
after you log in to the desktop.
The iPrint Client does not support printing from terminal screens unless the GUI is
running on the host workstation.
Apache Web Server
iPrint uses the Apache 2.0 Web server. The Web server serves up HTML pages,
handles secure (SSL/TLS) and nonsecure requests, and utilizes LDAP for
authentication. iPrint can use any port specified on Apache; however, iPrint defaults
to two primary ports:
208
Port 443. All secure printing occurs over port 443 using SSL.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The iPrint client also supports TLS. If your system, including the client, is configured
to use TLS, all secure and non-secure printing occurs over port 631.
During the OES 2 for Linux installation of the iPrint software, the CUPS back-end
components are disabled on the server to avoid port 631 conflicts. Because iPrint uses
CUPS to render print jobs before sending the print job to the Print Manager, printing
from the server itself using CUPS or iPrint is not available.
iManager
You use Novell iManager to create, configure, and manage your iPrint system. For
complete management, including uploading printer drivers and PPD files, you need
to access iManager from a workstation with the iPrint client installed.
Figure 6-51
2.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
209
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
3.
In the iPrint Client Installation page, select Install the iPrint Client.
4.
5.
6.
7.
Change to your root user account by entering su - at the shell prompt followed
by your root users password.
8.
9.
Install the iPrint Client software at the shell prompt, by entering rpm -Uhv ./
novell-iprint-xclient-security_levelversion.architecture.rpm.
Figure 6-52
210
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
2.
Select the printer from the list provided, you want to install.
When you do, a screen similar to the following is displayed:
Selecting a Printer for Installation
Figure 6-53
3.
(Optional) Select Set Printer As Default if you want the printer to be your
default printer.
4.
5.
Once done, you can then send print jobs to the printer using your applications
standard print dialog, just as you would for a locally-connected printer. For example,
the Firefox browsers print dialog is used below to send a print job to the DAPrinter
iPrint printer.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
211
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-54
212
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 6-4
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
213
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 5
Web Admin Console: The Web Admin Console is an administrative tool used to
manage the iFolder system, user accounts, and user iFolders.
Web Access Console: The Web Access console provides remote access to
iFolders on the iFolder enterprise server.
The iFolder Client: The iFolder Client integrates with the users operating
system to provide iFolder services in a native desktop environment.
An iFolder session begins when the user logs in to their iFolder account and ends
when the user logs out of the account or exits the iFolder client. iFolder synchronizes
files with the enterprise server only when a session is active and the computer has an
active connection to the network or Internet.
Users can access data in their local iFolders at any time; it does not matter if they are
logged in to their server accounts or if they are connected to the network or Internet.
Consider the following example: Suppose a user named Ulrik owns an iFolder named
Denmark and shares it via his iFolder enterprise account with three other users named
Nigel, Luc, and Alice.
214
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Nigel travels frequently, so he also set up the iFolder on his laptop. Any iFolder
member can upload and download files from the Denmark iFolder from anywhere,
using the iFolder Web Access server.
In addition, Alice shares a non-work iFolder named Scooters with her friend Ulrik.
This is shown below:
Figure 6-55
iFolder Example
The iFolders are stored centrally for all iFolder members. The iFolder server
synchronizes the most recent version of documents to all authorized users of the
shared iFolder. All that the iFolder owner and iFolder members need is an active
network connection and the iFolder client.
Novell iFolder provides the following benefits:
Version 1
It guards against local data loss by automatically backing up local files to the
iFolder server and multiple workstations.
It transparently updates a users iFolder files to the iFolder enterprise server and
multiple member workstations with the iFolder client.
It tracks and logs changes made to iFolder files while users work offline, and
synchronizes those changes when they go online.
It provides access to user files on the iFolder server from any workstation
without the iFolder client using a Web browser and an active Internet or network
connection.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
215
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Makes files on the iFolder server available for your regularly-scheduled backup.
2.
Figure 6-56
216
3.
4.
Open a terminal session and change to your root users account using the su command.
5.
6.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
7.
Extract the files from the compressed tar archive by entering tar -zxvf ./
ifolder3-version.tar.gz at the shell prompt.
8.
9.
Use the cd command at the shell prompt to switch to the directory appropriate
for your workstations architecture.
The first time you start your iFolder client software, you are prompted to
configure your iFolder account, as shown below:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
217
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-57
2.
218
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-58
3.
In the Server Address field, enter the DNS name or IP address of your iFolder
server; then select Forward.
The following is displayed:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
219
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-59
4.
5.
Select Forward.
6.
In the Verify and Connect screen, review the information you entered.
If correct, select Connect.
7.
220
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-60
8.
If you want to create an iFolder folder, mark Download Default iFolder; then
enter the appropriate path to be used as an iFolder in the Location field.
The default path is /home/linux_user/iFolder/iFolder_user/
Default.
9.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
221
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-61
You can configure your iFolder client preferences after it is installed by doing the
following:
1.
With the iFolder client software running, right-click the iFolder icon in the
system tray; then select Preferences.
The following is displayed:
222
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-62
2.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
223
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Table 6-6
Description
3.
Notify of Conflicts
Synchronization
Select Close.
Creating iFolders
In addition to the default iFolder that you can create during the initial client
installation, you can also create your own iFolders. In this part of this objective, you
learn how to do the following tasks:
Creating an iFolder
You can create an iFolder using a file manager such as Nautilus. To do this, complete
the following:
224
1.
Locate or create the folder you want to convert to an iFolder using Nautilus.
2.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-63
3.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
225
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-64
After an iFolder has been created, you can customize how it functions by configuring
its properties. Do the following:
1.
With the iFolder client started, right-click on the iFolder icon in the system tray
and select iFolders.
2.
226
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 6-65
3.
4.
If you want to share the iFolder with other users, do the following:
a.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
227
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configuring Sharing
Figure 6-66
228
b.
Select Add.
c.
Select the user you want to share the iFolder with; then select Add.
d.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Summary
The following is a summary of what you learned in this section.
Objective
eDirectory Components
eDirectory Objects
eDirectory Context
eDirectory Naming
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
229
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective
Authenticating to eDirectory
Logging out
230
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
231
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
232
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
SECTION 7
This section explains how to access files stored on a Unix server with your SUSE
Linux Enterprise Desktop 11 (SLED 11). The technology used for this is
NFS.
In a Unix world for authentication, LDAP is used for printing CUPS. It also explain,
how to configure these services.
This course focuses on the client side. Server configuration for these services is
covered in detail in SUSE Linux Enterprise Server 11
Administration (Course 3103).
Section Objectives
Version 1
1.
2.
3.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
233
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 1
234
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 7-1
A computer can be both an NFS server and an NFS client. It can supply file systems
over the network (export) and mount file systems from other hosts (import).
NFS Internals
NFS is an RPC (Remote Procedure Call) service. An essential component of RPC
services is the portmapper that manages the services and has to be started first. The
portmap daemon is activated by default on SUSE Linux Enterprise Desktop 11.
When an RPC service starts up, it binds to a port in the system (just like any other
network service), but it also registers this port and the service it offers (such as NFS)
with the portmapper.
Because every RPC program must be registered by the portmapper when the RPC
program is started, RPC programs must be restarted after the portmapper.
NFS supports file locking, which means that only one user at a time has write access
to files. The NFS lock manager (NLM) kernel module is responsible for file locking
and is loaded on the server side when starting the NFS server and on the client side
when mounting a directory exported on the server using NFS.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
235
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 7-2
236
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
From this dialog, you can configure the directory to mount in your file system tree.
Configure the directory by doing the following:
1.
In the NFS Server Hostname field, enter the NFS servers host name or find and
select the NFS server from a list of NFS servers on your network by selecting
Choose.
2.
In the Remote File System field, enter the name of the exported directory on the
NFS server you want to mount or find and select the available directory by
selecting Select.
3.
In the Mount Point (local) field, enter the mount point in your local file tree to
mount the exported directory or browse to and select the mount point by
selecting Browse.
4.
In the Options field, enter any options you would normally use with the mount
command. For a list of these options, enter man mount.
5.
After these steps, select OK. You are returned to the NFS Client Configuration
dialog.
Save the NFS client settings by selecting OK. The settings are saved in /etc/
fstab, services are restarted, and the exported directories are mounted in your local
file system tree.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
237
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The following are the most important mount options (-o) used with NFS:
soft (opposite: hard). If the attempt to access the NFS server extends beyond the
default number of tries (or the value set with the retrans= option), the mount
attempt will be aborted.
If the hard option (or neither soft nor hard) is specified, the client attempts to
mount the exported directory until it receives feedback from the server that the
attempt was successful.
If a system tries to mount an NFS file system at boot time, the hard option can
cause the boot process to hang because the process will stop at this point when it
attempts to mount the NFS directory.
For directories that are not essential for the system to function, you can use the
option soft. For directories that must be mounted (such as home directories), you
can use the option hard.
bg (default: fg). If you use the bg option and the first attempt is unsuccessful, all
further mount attempts are run in the background.
This prevents the boot process from hanging when NFS exports are
automatically mounted, with attempts to mount the directories continuing in the
background.
rsize=n. Sets the number of bytes (n, positive integral multiple of 1024,
maximum 1,048,576) that NFS reads from the NFS server at one time.
If this value is not set, client and server negotiate the highest possible value that
both client and server support.
The negotiated value is shown in /proc/mounts.
wsize=n. Sets the number of bytes (n, positive integral multiple of 1024,
maximum 1,048,576) that can be written to the NFS server.
If this value is not set, client and server negotiate the highest possible value that
both client and server support.
The negotiated value is shown in /proc/mounts.
retry=n. Sets the number of minutes (n) an attempt can take to mount a directory
through NFS. The default value for foreground mounts is 2 minutes; for
background mounts, it is 10,000 minutes (approximately one week).
nosuid. Disables any interpretation of the SUID and SGID bits on the
corresponding file system.
For security reasons, always use this option for any file system that might be
susceptible to tampering.
If you do not use this option, there is a possibility that a user can obtain root
access to the local file system by putting a SUID root executable on the imported
file system.
238
nodev. Disables any interpretation of device files in the imported file system. We
recommend that you use this option for security reasons.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Without setting this option, someone could create a device such as /dev/hda
on the NFS export, then use it to obtain write permissions for the hard disk as
soon as the file is accessed from the client side.
exec (opposite: noexec). Permits or does not allow the execution of binaries on
the mounted file system.
You can use the command umount to unmount a file system. However, you can
only do this if the file system is currently not being accessed.
NOTE: For additional information on nfs, mount options, and on the file /etc/fstab, enter man
5 nfs, man 8 mount, or man 5 fstab.
The /etc/auto.misc file (contained in the autofs package) shows what can be
configured:
# This is an automounter map and it has the following format
# key [ -mount-options-separated-by-comma ] location
# Details may be found in the autofs(5) manpage
cd
-fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
239
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
#floppy
#floppy
#e2floppy
#jaz
#removable
-fstype=auto
-fstype=ext2
-fstype=ext2
-fstype=ext2
-fstype=ext2
:/dev/fd0
:/dev/fd0
:/dev/fd0
:/dev/sdc1
:/dev/hdd
To start autofs, you need to enter in a terminal window as root the rcautofs
start command; rcautofs status lists the configured and the active mount
points, as in the following example:
da10:~ # rcautofs status
Checking for service autofs:
running
Configured Mount Points:
-----------------------/usr/sbin/automount /misc file /etc/auto.misc
Active Mount Points:
-------------------/usr/sbin/automount /misc file /etc/auto.misc
Using the above configuration, the automounter creates the /misc directory when it
is started. This directory will be empty at first, but if you enter ls /misc/cd, you
will see the content of the CDROM drive as it is automatically mounted:
da10:~ # ls /misc
da10:~ # ls /misc/cd
ARCHIVES.gz content.key
...
da10:~ # ls /misc
cd
da10:~ #
COPYRIGHT.de
-fstype=nfs
-fstype=nfs
da2:/home/tux
da3:/home/geeko
When tux logs in now, his home directory, /home/tux, on da2 is mounted to /
home on this machine. When geeko logs in, his home directory is mounted from da3.
To avoid having to enter a line for every user, automounter also supports wildcards,
like in the following example:
*
-fstype=nfs
da2:/home/&
240
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 7-1
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
241
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 2
Authentication to LDAP
OpenLDAP is the most popular open source LDAP (Lightweight Directory Access
Protocol) suite. It provides not only the LDAP server itself but also applications and
tools to control and query the server and to develop LDAP-based software.
This objective covers the LDAP client configuration used to integrate the SLED 11
for user authentication into an existing LDAP infrastructure.
OpenLDAP authentication is frequently combined with NFS (Network File System)
for file access.
The following is described:
LDAP Basics
A directory is a specialized database that is optimized for reading, browsing, and
searching. Directories contain descriptive, attribute-based information, and then
support sophisticated filtering. Directories can be used for many different purposes.
Very often they are used as databases for user authentication.
Directory services are tuned to give quick response to high-volume lookup or search
operations. They can replicate information widely in order to increase availability
and reliability, while reducing response time.
There are many different ways to provide a directory service. Different methods
allow different kinds of information to be stored in the directory; place different
requirements on how that information can be referenced, queried, and updated; and
determine how the information is protected from unauthorized access.
Some directory services are local, providing service to a restricted context (such as
the finger service on a single machine). Other services are global, providing service
to a much broader context (such as the entire Internet).
LDAP that is a commonly used directory service stores information in objects that
can be associated to object classes. The classes determine which attributes an object
can or must have. By including schemas, you are able to access pre-defined object
classes.
Frequently used object classes are include the following:
242
alias
country
locality
organization
organizationalUnit
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
organizationalRole
person
sn. (surname).
Object classes that LDAP uses for user authentication include the following
posixAccount
shadowAccount
posixGroup
Some of the attributes that are used in these classes include the following:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
243
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
In LDAP, objects are arranged in a hierarchical tree structure. You can distinguish
between two kinds of objects:
Container objects. Container objects are objects that can have subordinate
objects. Five classes of container objects are used:
Root
c (country)
o (organization)
ou (organizational unit)
dc (domain component)
Leaf objects. Leaf objects cannot have any subordinate objects. They are the end
of a tree branch. For example
cn (common name)
If you use LDAP for user management, the structure (DIT, Directory Information
Tree) normally reflects one of the following:
Figure 7-4
The country, organization, organizational unit, and leaf objects (such as users)
are under the root of the tree.
244
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 7-5
Domain Stytem
The domain components like com, digitalairlines, and then organizational unit
and leaf objects (such as users) are under the root of the tree.
An object of the tree is referenced by its DN that is constructed by taking the name of
the entry itself (called the relative distinguished name or RDN) and concatenating the
names of its ancestor objects.
For example, the entry for Geeko Chameleon in the preceding example has a DN of
cn=geeko,ou=slc,dc=digitalairlines,dc=com.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
245
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 7-6
In this dialog, activate the use of LDAP and enter information on which server to
contact and the base DN (distinguished name) to use. Because the LDAP protocol
transmits passwords in clear text, the communication between client and server needs
to be protected using TLS/SSL. You should not use an LDAP server for
authentication without TLS/SSL.
You can select Start Automounter to activate the autofs daemon that is used to
automatically mount home directories for users logging in on this computer.
Checking this option adds ldap to the automount line in /etc/
nsswitch.conf; the configuration of the automounter itself has to exist already,
either in the /etc/auto.master and /etc/auto.home files (see Mount
Home Directories Automatically on page 239) or within the LDAP directory (see
OpenLDAP and Automounter on page 247).
Select Create Home Directory on Login when the home directories are not provided
by a central file server.
When you click OK, the configuration changes are written to several files on the
system, including /etc/security/pam_unix2.conf, /etc/ldap.conf, /
etc/nsswitch.conf, and /etc/passwd.
246
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
This means that automount information is searched for in the following sequence:
files (/etc/auto.*) are checked for the autofs configuration first; NIS is checked
next, and then LDAP is checked. To avoid possible confusion, you should remove
any /etc/auto.* files, because they might conflict with the configuration stored
in the LDAP directory.
The automounter queries the LDAP directory for automount information. The needed
schema files are already included in the OpenLDAP server package used on SUSE
Linux Enterprise 11. The automount information is included in the /etc/
openldap/schema/rfc2307bis.schema file on SUSE Linux Enterprise 11.
The information that is otherwise available in the /etc/auto.* files now has to
exist within the LDAP directory. In the following sample LDIF file, a Services
organizational unit is created that holds the information needed by the automounter:
# Organizational Unit Services
dn: ou=Services,dc=digitalairlines,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Services
Then the entries for auto.master and auto.home can be created using the following
LDIF files:
# auto.master
dn: nisMapName=auto.master,ou=Services,dc=digitalairlines,dc=com
objectclass: top
objectclass: nisMap
nismapname: auto.master
dn: cn=/
home,nisMapName=auto.master,ou=Services,dc=digitalairlines,dc=com
nismapname: auto.master
objectclass: top
objectclass: nisObject
nismapentry: ldap:172.17.8.101:nismapname=auto.home,ou=Services,
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
247
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
dc=digitalairlines, dc=com
cn: /home
# auto.home
dn: nisMapName=auto.home,ou=Services,dc=digitalairlines,dc=com
objectclass: top
objectclass: nisMap
nismapname: auto.home
dn: cn=/,nisMapName=auto.home,ou=Services,dc=digitalairlines,dc=com
objectclass: nisObject
cn: /
nismapentry: 172.17.8.101:/home/&
nismapname: auto.home
After you enter the root password for the LDAP directory, the information is added to
the directory.
248
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 7-2
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
249
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 3
Configure CUPS
YaST provides printer installation and configuration functionality. To configure a
printer, you need to know the following:
250
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 7-7
NOTE: Note that during installation, only locally connected printers are detected
automatically and listed under Printer.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
251
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 7-8
After installation. You can change your printer configuration settings from the
YaST Control Center by selecting Hardware > Printer.
You can also start the YaST printer configuration module directly from a terminal
window with the yast2 printer command.
CUPS Packages
Package
Content
cups
cups-client
cups-libs
cups-drivers
These files are installed automatically if YaST is used for printer configuration.
YaST also creates the symbolic links in runlevel directories to ensure that the CUPS
daemon is started automatically when booting.
252
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The Printer Configuration dialog used to configure your printer is the same during
and after installation. You can access the dialog either by selecting YaST >
Hardware > Printer or by entering in a terminal window as root yast2 printer.
The following dialog appears:
Figure 7-9
In the left part of the dialog, you can select different aspects of the printer
configuration. The right part of the dialog shows the configuration options available
for your selection.
The left part offers the following selections:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
253
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Printer Configurations
The Printer Configurations dialog gives you an overview over the configured printers
and allows you to add, edit, or delete existing print queues.
To add a printer that does not show up in the Printer Configuration dialog, select
Add. The following appears:
Figure 7-10
NOTE: If you want to change the suggested name of the new print queue, you have to do it at this
point in the Set Name box.
When you click More Connections, the local connections are scanned again and any
newly detected printers are added to the page. Click OK to add them to the list of
configured printers.
254
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 7-11
You can add the same printer more than once. This might be useful if you want to
have queues for the same printer with different settings. Select the new entry and
click Edit to change the settings for this queue. Should you have no use for the new
entry, select it and click Delete.
A click on Connection Wizard in the Add New Printer Configuration dialog opens
the following dialog:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
255
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 7-12
Connection Wizard
Selecting an item on the left opens a dialog on the right where you can enter the
specific parameters for your choice.
Selecting an item under Directly Connected Device on the left and then clicking OK
leads to the Add New Printer Configuration Dialog (see Figure 7-10 on page 254).
The dialogs that belongs to the items under Directly Connected Device look very
similar to each other.
256
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 7-13
Depending on what type of network printer you select on the left, the dialog on the
right lists the parameters needed to access that type of printer. The following shows
the dialog for the TCP port Connection Settings.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
257
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 7-14
Enter the IP address of the printer and its manufacturer. To test the connection, you
can click the Test Connection button. Click OK to continue.
You are returned to the Add New Printer Configuration dialog, but when configuring
a network printer, you have to manually select a driver from the list of available
drivers, as shown in the following:
Select the driver for your printer and click OK. You are returned to the initial Printer
Configuration dialog with your new printer listed.
To access a printer that is connected to a print server, in the Connection Wizard
dialog, select the type of print server your printer is connected to.
The dialog on the right allows you to enter the configuration values needed to access
the printer. The following shows the dialog to access a CUPS server with some values
already entered manually:
258
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 7-15
A click on OK returns you to the Add New Printer Configuration dialog where you
can select a driver and change the queue name. Clicking OK once more returns you
to the Printer Configuration dialog with the new printer listed as a local printer.
CUPS supports the IPP, LPD, SMB, IPX, and socket protocols. After selecting the
entry Specify Arbitrary Device URI, you can enter the device URI (Universal
Resource Identifier) to access printers using these protocols (see Add a Printer from
the Command Line on page 266).
LPD (Line Printer Daemon). The LPD protocol is described in RFC 1179
(Requests For Comments (http://www.ietf.org/rfc.html)).
Because some job-related data, such as the printer queue, is sent before the actual
print data, a printer queue must be specified when configuring the LPD protocol
for data transmission.
The implementations of most printer manufacturers are flexible enough to accept
any name as the printer queue. The printer manual might indicate which name to
use (such as LPT, LPT1, or LP1).
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
259
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
IPP (Internet Printing Protocol). IPP is a relatively new protocol (since 1999)
that is based on the HTTP protocol. Compared to other protocols, you will find it
possible to transmit much more job-related data.
CUPS uses IPP for the internal data transmission. This is the preferred protocol
for a forwarding queue between CUPS servers.
The port number for IPP is 631.
Device URI example: ipp://cupsserver/printers/printqueue.
The entry Print via Network in the main Printer Configurations window allows you
to connect to other CUPS servers in the network.
260
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 7-16
CUPS servers can communicate to the available printers using a mechanism called
browsing. The CUPS server that has printers connected sends out broadcast packets
at regular intervals publishing the available printers. A local CUPS server makes
these printers available to the local users.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
261
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 7-17
CUPS Browsing
If this function is enabled, the server broadcasts the printer information every 30
seconds. This printer information typically uses only 80 bytes per printer; therefore,
you can add a large number of servers and printers.
The box Use CUPS to Print Via Network has the following options:
Do not Receive Printer Information from Remote CUPS Servers. When this
option is selected, printers that are published by other CUPS servers using the
browsing mechanism are not made available locally.
Any printers you want to use have to be set up as described in Printer
Configurations on page 254.
Receive Printer Information from Remote CUPS Servers. When this option is
selected, the local CUPS server uses the browsing information broadcasted
within the network to make printers available locally. Using the drop-down menu
under Accept Information from the Following Servers, you can limit the
servers from which browsing information is accepted.
This option is probably the most conveniant as any printers that other CUPS
servers advertise using the broadcast mechanism are available automatically.
262
Do All Your Printing Directly Via One Remote CUPS Server. When this
option is selected, no local CUPS server is running. All print jobs are sent to the
single print server you enter in the Hostname/IP Address field.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The entry Share Printers in the main Printer Configurations window allows you to
determine how the CUPS server can be accessed from the network and whether or not
it advertises its available printers to the clients using browsing.
Figure 7-18
Version 1
Share Printers
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
263
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Deny Remote Access. When this option is selected, the CUPS server binds only
to localhost (127.0.0.1) and is not accessible from any attached network.
Allow Remote Access. Here you can decide if you only want to allow remote
access, or if you additionally want to turn on browsing.
For computers within the local network. Selecting this option (and no
other) allows access on all local interfaces (eth0, eth1, ...) but does not turn
on browsing.
Publish printers by default in the local network. This includes the
previous choice but turns on browsing on all local interfaces as well.
Via network interfaces specified below. Instead of allowing access with or
without browsing on all local interfaces as above, you can make this choice
separately for each interface by selecting Add.
Select the interface and check Publish printers by default via the interface
below if you want to activate browsing on this interface. Then select OK.
For Experts. Here you can define more specific limitations based on IP
addresses or networks for access and browsing.
Policies
264
Operation Policies. These are the rules used for each operation in CUPS.
Error Policies. These are the policies used when CUPS fails to send a print job
to the printer device.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 7-19
CUPS Policies
Stop the printer and keep the job for future printing
Re-send the job from the beginning after waiting some time
Abort and delete the job and proceed with the next job
Default
Easy
Paranoid
Autoconfig Settings
The settings you make on this page determine how CUPS deals with printers when
they are connected to a USB port.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
265
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 7-20
Autoconfig Settings
Besides using YaST, you can also configure CUPS with command line tools. After
collecting the information you need (such as the PPD (Postscript Printer Description)
file and the name of the device), use the lpadmin command to add a printer
lpadmin
-p
queue
-v
device-URI
-P
PPD-file
-E
The -p option specifies the print queue name of the printer, the -v option sets the
device URI attribute of the printer queue, and the -P option is used to specify the
PPD file.
Do not use -E as the first option. For all CUPS commands, -E as the first argument
implies the use of an encrypted connection, and -E at the end enables the printer to
accept print jobs.
For example, to enable a parallel printer, enter a command similar to the following
(on one line):
lpadmin -p ps -v parallel:/dev/lp0 -P
/usr/share/cups/model/Postscript.ppd.gz -E
To enable a network printer, enter a command similar to the following (on one line):
266
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
lpadmin -p ps -v socket://10.0.0.200:9100/
/usr/share/cups/model/Postscript-level1.ppd.gz
Version 1
-P
-E
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
267
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 7-3
Berkeley style (Berkeley style commands are identical to those used with the
LPRng printing system)
System V style
Compared with Berkely style, System V provides a somewhat more extensive range
of features for printer administration.
To manage printer queues, you need to know how to do the following:
268
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
For example
geeko@da10:~ # lpr -P color chart.ps
or
geeko@da10:~ # lp -d color chart.ps
With these commands, the file chart.ps is submitted to the color queue.
If no queue is specified, the job is printed to the default queue.
The -o parameter needs to be used whenever any additional print options are
specified.
geeko@da10:~ # lpr -P lp -o duplex=none order.ps
or
geeko@da10:~ # lp -d lp -o duplex=none order.ps
This submits the order.ps file to the lp queue and also disables duplex printing for
the corresponding device (duplex=none). To view possible options, enter
lpoptions -l -d queue (see Configure Queues on page 272).
You have to give the command in a slightly different form to print through a remote
queue.
For example
geeko@da10:~ # lpr -P lp -H da10.digitalairlines.com /etc/motd
or
geeko@da10:~ # lp -d lp -h da10.digitalairlines.com /etc/motd
This submits the /etc/motd file to the lp queue located on the print server
da10.digitalairlines.com.
NOTE: For more information on these command line tools, enter man lpr and man lp,
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
269
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
To display active print jobs of the default queue, use the lpq command as shown in
the following:
geeko@da10:~ # lpq
draft is ready and printing
Rank
Owner
Job
File(s)
active root
14
fstab
Total Size
1024 bytes
To list the same information in a slightly different format, use lpq -l.
To display the print jobs of another queue, enter the -P queue as shown in the
following:
geeko@da10:~ # lpq -P printer
printer is ready
no entries
To display the active print jobs of all available queues, enter lpq -a as shown in the
following:
geeko@da10:~ # lpq -a
no entries
4 16:06:53
270
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
NOTE: For more information on these commands, enter man lprm and man cancel.
Manage Queues
In addition to controlling single jobs in a queue, you can also control the queue as
such:
Accept print jobs again on a queue that rejected them by entering /usr/sbin/
accept destination.
By using this command, you can reset the print queue to begin accepting new
print jobs.
NOTE: If the queue is also disabled, actual printing starts only after enabling the queue again.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
271
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Queues
Printer-specific options that affect the physical aspects of the output are stored in the
PPD (PostScript Printer Description) file for each queue in the following directory:
/etc/cups/ppd/
PPD is the computer language that describes the properties (such as resolution) and
options (such as duplex unit) of PostScript printers. These descriptions are necessary
to use the various printer options in CUPS.
During the installation of SUSE Linux Enterprise 11, a lot of PPD files are
preinstalled. In this way, even printers that do not have built-in PostScript support can
be used.
If a PostScript printer is configured, the best approach is to get a suitable PPD file and
store it in the /usr/share/cups/model/ directory. You can then select the PPD
file during the installation. If the model does not show up, select Add Driver in the
Add New Printer Configuration dialog (Figure 7-10 on page 254) and follow the
simple steps to add the PPD file to the database.
Users can see the current settings of a local queue by entering
lpoptions -p queue -l
NOTE: The sequence of options is important. If you specify -l first, the settings of the default
queue are listed, no matter what you specify after -p.
272
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The * symbol in front of a value indicates the currently active setting. The
significance of some of these options is as follows:
InputSlot/Media Source. This option allows you to select the tray for your print
job if your printer has different paper trays.
PageSize/Page Size. This option specifies the physical size of the paper in the
selected paper tray.
Resolution/Resolution. This option specifies the resolution used for the print
queue.
To change any of the options for a local queue, enter a command with the following
syntax:
lpoptions -p queue -o option=value
The following command changes the page size of the lp queue to Letter:
da10:~ # lpoptions -p lp -o PageSize=Letter
However, the range of users affected by the new settings varies, depending on which
user has actually changed the settings:
If a normal user (such as geeko) enters the previous command, the changes only
apply to that user and are stored in the ~/.lpoptions file (in the users home
directory).
If root enters the command, changes apply to all users on the corresponding host,
they are then used as default and stored in the /etc/cups/lpoptions file.
The PPD file of the queue, however, is not modified by this.
A way for root to change the defaults in the PPD file of any local queue exists. Such
changes would apply network wide to all users submitting print jobs to the
corresponding queue.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
273
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
CUPS provides collections of printers called printer classes. Jobs sent to a class are
forwarded to the first available printer in the class. You can also use the lpadmin
command to
Edit such classes (by adding a queue to a class or deleting a queue from a class).
Delete classes.
NOTE: You can also get information on the commands covered above in a browser using the URL
http://localhost:631/help/ and selecting Man Pages.
As the root user, you can start or stop cupsd manually with the following commands:
274
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
2.
The file destined for the printer is stored in a print queue, which creates two files
per print job in the following directory: /var/spool/cups/
One of the files contain the actual data to print. The other one contains
information about the print job; for example, it might contain the identity of the
user who created the print job and the printer to use.
3.
The cupsd printer daemon acts as the print spooler. It is responsible for watching
all print queues and for starting the filters required to convert data into the
printer-specific format.
4.
b.
c.
d.
e.
Cupsd will start the appropriate filter to convert data into the printer-specific
format if the selected printer is not a PostScript printer
One of these filter programs is /usr/lib/cups/filter/
cupsomatic that, in turn, relies on ghostscript for conversion.
Filters are responsible for processing all printer-specific options, including
resolution, paper size, and others.
f.
Version 1
CUPS uses another type of filter, or back end, depending on how the printer
is connected to the host, for the actual transfer of the data stream to the
printer device.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
275
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
da10:~
canon
epson
hp
5.
# ls /usr/lib/cups/backend/
hpfax lpd
serial socket
http
parallel smb
usb
ipp
scsi
snmp
Once the print job has been transferred to the printer, the print spooler deletes the
job from the queue and starts processing the next job. When the job is deleted,
the print data file in /var/spool/cups/ is removed.
The file that has information about the print job is not deleted. The filename for
the first print job is labeled c00001. The number in each of the following print
jobs is increased by one.
Figure 7-21
Print Queues
With CUPS, printer devices are addressed using print queues. Rather than being sent
directly to the printer, print jobs are sent to a print queue associated with the device.
On a print server, each print queue is registered with its name in the /etc/cups/
printers.conf file.
Among other things, this file defines through which queues the printer is addressed,
how it is connected, and which interface it is connected to.
Several print queues can be defined for one printer, as in the following example:
# Printer configuration file for CUPS v1.3.9
# Written by cupsd on 2009-02-05 14:06
<DefaultPrinter hp_draft>
Info HP LaserJet 6mp Foomatic/hpijs, hpijs 2.8.7.3
DeviceURI parallel:/dev/lp0
State Idle
StateTime 1233839191
Accepting Yes
Shared Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
OpPolicy default
ErrorPolicy stop-printer
276
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
</Printer>
<Printer hp_normal>
Info HP LaserJet 6mp Foomatic/hpijs, hpijs 2.8.7.3
DeviceURI parallel:/dev/lp0
State Idle
StateTime 1233839040
Accepting Yes
Shared Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
OpPolicy default
ErrorPolicy stop-printer
</Printer>
...
For instance, in the case of color printers, it can be useful to have two queues, one for
black-and-white printing of text documents and one for color printing.
The following explains some entries in /etc/cups/printers.conf:
State Idle. Currently, this print queue does not have any print jobs.
JobSheets none none. Starting and ending banner will not be printed.
Each existing queue has its own configuration file that is stored on the print server in
the /etc/cups/ppd/ directory.
These files contain settings to configure the paper size, the resolution, and the other
settings.
By contrast, on the client side, the names of queues are registered in the /etc/
printcap file:
da10:~ # cat /etc/printcap
# This file was automatically generated by cupsd(8) from
# the /etc/cups/printers.conf file. All changes to this
# file will be lost.
hp_normal|HP LaserJet 6mp Foomatic/hpijs, hpijs
2.8.7.3:rm=da10.digitalairlines.com:rp=hp_normal:
hp_draft|HP LaserJet 6mp Foomatic/hpijs, hpijs
2.8.7.3:rm=da10.digitalairlines.com:rp=hp_draft:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
277
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Log Files
The access_log file lists each HTTP resource that is accessed by a web browser
or CUPS/IPP client.
Lines in the log file look like the following:
localhost - - [05/Feb/2009:14:18:22 +0100]
CUPS-Get-Printers successful-ok
localhost - - [05/Feb/2009:14:18:22 +0100]
CUPS-Get-Classes successful-ok
localhost - - [05/Feb/2009:14:18:22 +0100]
CUPS-Get-Default successful-ok
localhost - - [05/Feb/2009:14:18:22 +0100]
HTTP/1.1" 200 982 Print-Job successful-ok
The host field contains the name of the host (in the example, localhost).
The user field contains the authenticated user name of the requesting user.
If a user name and password are not supplied for the request, this field contains a
dash sign ().
The date-time field shows the date and time of the request in local time (for
example, [05/Feb/2009:14:18:22 +0100]).
The format is [DD/MON/YYYY:HH:MM:SS +ZZZZ] where ZZZZ is the time
zone offset in hours and minutes from coordinated universal time (UTC).
278
The method field is the HTTP method used (such as, GET, PUT, and
POST)
The resource field is the filename of the requested resource. Possible resources
are
/admin/
/printers/
/jobs/
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The status field contains the HTTP result status of the request.
Usually it is 200, but other HTTP status codes are possible. For example,
401 indicates unauthorized access.
The error_log file lists messages from the scheduler (such as errors and
warnings).
I [05/Feb/2009:14:18:22 +0100]
"none".
I [05/Feb/2009:14:18:22 +0100]
I [05/Feb/2009:14:18:22 +0100]
by "root".
I [05/Feb/2009:14:18:22 +0100]
"root".
I [05/Feb/2009:14:18:22 +0100]
filter/texttops (PID 28773)
I [05/Feb/2009:14:18:22 +0100]
filter/pstops (PID 28774)
I [05/Feb/2009:14:18:22 +0100]
filter/foomatic-rip-hplip (PID
I [05/Feb/2009:14:18:22 +0100]
backend/parallel (PID 28776)
I [05/Feb/2009:14:18:24 +0100]
E. An error occurred.
I. Informational message.
D. Debugging message.
The date-time field contains the date and time of the entry, for example, when a
page started printing.
The format of this field is identical to the date-time field in the access_log
file.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
279
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The printer field contains the name of the printer that printed the page (in this
example, hp_normal).
If you send a job to a printer class, this field contains the name of the printer that
was assigned the job.
The user field contains the name of the user that submitted this file for printing.
The job-id field contains the job number of the page being printed (in this
example, 14).
The date-time field contains the date and time the page started printing.
The format of this field is identical to the date-time field in the access_log file.
The page-number field contains the number of pages (in this example, 1).
The num-pages field contains the number of copies (in this example, 1).
For printers that cannot produce copies on their own, the num-pages field will
always be 1.
The job-billing field contains a copy of the job-billing attribute provided with
the IPP create-job or print-job requests or (if none was provided).
The hostname field contains the name of the host that originated the print job (in
this example, localhost).
For debugging and troubleshooting, set the log level to debug or debug2. After
changing the configuration, restart CUPS by entering rccups restart.
280
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 7-4
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
281
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Summary
The following is a summary of what you learned in the course objectives.
Objective
282
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
283
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
284
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
SECTION 8
You can remotely access the desktop of a SUSE Linux Enterprise 11 system using
Novell Open Mobile Agile Desktop (Nomad). In this section, you learn how to install
and configure Nomad on SLED 11 workstations.
Section Objectives
Version 1
1.
2.
3.
4.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
285
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 1
RDP is a multi-channel, client-server protocol that runs on TCP port 3389. It provides
separate virtual channels that carry presentation data from the RDP server as well as
encrypted client mouse and keyboard events from the RDP client. RDP supports up
to 64,000 separate channels for data transmission.
The RDP server uses its own video driver to render display information into network
packets using RDP protocol and then sends them over the network to the RDP client.
The RDP client receives the rendering data through its network interface and
reconstructs the packets into the corresponding graphics API calls.
Mouse and keyboard events from the RDP client are redirected to the RDP server.
The server then uses its own keyboard and mouse drivers to process these events.
286
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Clipboard: You can copy and paste data between an RDP session and local
applications.
Printer support: You can send print jobs from the RDP session to locally
connected printers.
Sound support: Sounds generated on the RDP server can be sent to the sound
board on the RDP client.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
287
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 8-2
Nomad runs desktop sessions detached from the graphics hardware. It consists of the
following core components:
288
Session Manager: The session manager is responsible for spawning and keeping
track of desktop sessions that can be accessed remotely.
Client Program: The client program is a special RDP client used by SLED 11. It
implements Nomad-specific extensions for X11 protocol forwarding and the
ability to composite remote desktops locally when appropriate compositing
manager plug-ins are loaded.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Receiver: This is the local RDP client system where the remote desktop is
displayed. The receiver can be a server, desktop, thin-client, or notebook system.
Sender: This is the remote RDP server system where the desktop and
applications actually run. The sender can be a server, desktop, or notebook
system. It can be a server in a data-center, an instance in a cloud, or even a virtual
machine.
As discussed earlier, the RDP protocol supports virtual channels. A virtual channel
can carry any kind of data; for example, forwarding storage devices and clipboard
data. When establishing an RDP connection, the sender and the receiver will
determine the channels that can be supported.
Nomad uses virtual channel called rdpx11. This channel provides X forwarding that
is very similar to the X forwarding used by the SSH service.
Some of the advantages of Nomad over other remote access solutions (such as VNC)
include the following:
Linux RDP receivers can connect to any RDP server, including Windows servers.
Any RDP client, including Windows workstations, can connect to a Linux RDP
sender.
Unlike VNC, RDP encrypts transmissions. You can set the encryption level to
low, medium, or high in the /etc/xrdp/xrdp.ini file, as shown in the following.
[globals]
bitmap_cache=yes
bitmap_compression=yes
port=3389
crypt_level=low
channel_code=1
[xsessions]
path=/usr/share/xsessions
lib=libdmx.so
username=ask
password=ask
ip=127.0.0.1
port=-1
[failsafe]
name=Failsafe Terminal
exec=xterm
lib=libvnc.so
username=ask
password=ask
ip=127.0.0.1
port=-1
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
289
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
290
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 2
NOTE: The RDP packages on the SLED 11 Gold Master still have some open bugs. There should
be an update available in the meantime.
Install the Nomad packages on the system that will function as the RDP server.
Complete the following:
a.
Start YaST by selecting Computer > YaST on the system that will be the
RDP server.
b.
c.
d.
Select All.
e.
f.
Version 1
compiz
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
291
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
compiz-plugins-dmx
compiz-gnome
compiz-fusion-plugins-main
compiz-fusion-plugins-extra
compiz-branding-SLE
Figure 8-3
292
g.
If any of these packages have not been installed, double click them to specify
that they be installed.
h.
i.
Double click the xrdp package to mark it for installation, as shown in the
following:
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 8-4
j.
Repeat the above steps to mark the following packages for installation:
xorg-x11-server-dmx
xorg-x11-server-rdp
k.
Select Apply.
l.
3.
Version 1
Open a terminal session and switch to your root user account using the su command.
b.
Restart the X11 display system. The easiest way to do this is to restart the system.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
293
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Once the system has been rebooted, the xrdp daemon should have been
automatically started. You can also manually manage the daemon using the
following commands at the shell prompt:
4.
Start YaST by selecting Computer > YaST on the system that will be the
RDP server.
b.
c.
d.
e.
Figure 8-5
f.
294
Select Next.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
g.
Select Finish.
h.
Close YaST.
On SLED 11, you can also enable the RDP daemon on your sending system using
YaST. Start YaST and then select Network Devices > Remote Administration
(RDP). The following is displayed:
Figure 8-6
Mark Allow Remote Administration and open the RDP port in the host firewall.
When done, select Finish.
Version 1
Start YaST by selecting Computer > YaST on the system that will be the RDP
client.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
295
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
2.
3.
4.
Select All.
5.
6.
rdesktop
tsclient
296
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 8-7
7.
8.
compiz
compiz-plugins-dmx
compiz-gnome
compiz-fusion-plugins-main
compiz-fusion-plugins-extra
compiz-branding-SLE
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
297
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 8-8
9.
298
If any of these packages are missing, double click them and select Apply. If no
packages are missing, select Cancel.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 8-1
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
299
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 3
-f: Enables full-screen mode. Full-screen mode can be toggled at any time by
pressing Ctrl+Alt+Enter.
-a color_depth: Sets the color depth for the connection. You can enter a value of
8, 15, 16 or 24 bits per pixel. The color depth may be limited by the senders
configuration. The default value is the depth of the root window.
300
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
At this point, you can enter the password for the user and select your window
manager, such as GNOME, IceWM, TWM, etc.
After selecting OK, the remote desktop is displayed in an rdesktop window, as shown
below:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
301
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 8-10
RDP desktop sessions are independent and do not conflict with regular display
managers such as GDM or KDM.
NOTE: To learn more about the various rdesktop options available, enter man rdesktop at the shell
prompt.
302
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Running tsclient
Figure 8-11
2.
Figure 8-12
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
303
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
3.
4.
In the Host field, enter the IP address or DNS name of the RDP server you want
to connect to.
5.
In the Username field, enter the username on the remote system you want to
connect as.
6.
7.
In the size fields, specify the window size you want to use. You can select from
the following:
8.
Fullscreen
Figure 8-13
9.
In the Connection Type drop-down list, specify your bandwidth. You can select
from the following:
Default
Modem
Broadband
LAN
10. In the Color Depth drop-down list, specify the color depth to be used by the
remote desktop. You can select from the following bits-per-pixel settings:
15
16
24
The remote desktop connection is added to the Terminal Server Client window,
as follows:
304
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 8-14
At this point, you can open the remote connection by double clicking the icon in the
Terminal Server Client window. When you do, the remote desktop is displayed in an
rdesktop window, as shown below:
Figure 8-15
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
305
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 8-2
306
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 4
Verify that the xrdp package is installed on the server system providing the
remote desktop.
2.
Verify that the xrdp daemon is running on the server by entering rcxrdp status at
the shell prompt.
If the daemon isnt running, start it manually by running rcxrdp start as root at
the shell prompt.
3.
Notice that two processes should be running after starting the xrdp service:
xrdp
xrdp-sesman
If one of them fails to start, you can try starting these processes manually in the
foreground. This will allow you to view error messages that will likely tell you
what is wrong.
To start the processes manually, run the following commands at the shell prompt
as root:
/usr/sbin/xrdp-sesman -n
/usr/sbin/xrdp -nodaemon
4.
Check the xrdp-sesman output in the /var/log/xrdp-sesman.log file and the xrdp
output in the /var/log/messages file for error messages.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
307
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Summary
The following is a summary of what you learned in the course objectives.
Objective
Proxy X Server
Session Manager
Connection Handle
Client Program
rdesktop
tsclient
308
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
SECTION 9
This section explains introduces some multimedia features of SUSE Linux Enterprise
Desktop 11. Some desktop administrators are also responsible for help desk tasks. So
it is good to know about this.
Section Objectives
Version 1
1.
2.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
309
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 1
Use Banshee
Banshee is a GNOME media management and playback application that lets you:
Import CDs
Sync your music and video collection to an iPod or other digital audio player
Play music directly from an iPod (or other digital audio player)
Banshee also supports streaming audio through its Internet Radio plug-in.
The first time you open Banshee, the Musik Library window opens ready to import
music and videos, or add Internet radio stations.
NOTE: Free and open music you can find for example at Open Music Contest.org (http://
www.openmusiccontest.org/) or at on the partnersites of the Open Music Source project (http://
www.openmusicsource.net/partnersites/).
Figure 9-1
310
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Import Music
Banshee can import music from a file, folder, CD, or an alternate music source (such
as a digital audio player). In the File menu there are two import entries:
Import Media
Import Media
Local Folder
Local Files
Home Directory
If you have an iPod (or another digital audio player) connected, this will also appear
in the pull-down menu.
When you click Import Media Source, you can select the folders or files, you want to
import. The files appear in your music library.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
311
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 9-3
Import Playlist
Once you have music files imported to your music library, you can create a playlist
by selecting Media > New Playlist. A entry New Playlist appears in the Music
Library folder in the left Banshee frame.
Audio files can be added to a playlist by rightclicking the file and selecting Add to
Playlist.
When you right-click a playlist in the left frame, you can rename the playlist and you
can export the playlist.
Figure 9-4
Export a Playlist
312
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Navigation Buttons
Use the other buttons in the upper left corner to pause a song or play the next or
previous song. You can also use the items on the Playback menu to repeat or shuffle
songs. Use the loudspeaker button on the right to adjust the volume.
Figure 9-6
Banshee also has an integrated CD player. When you insert a music CD, your CD title
appears in the left panel. Select the title and click the play button to play your full CD.
The following features are usefull when listening music:
You can keep Banshee hidden in the system tray when you are not interacting with it
by minimizing the Banshee window. You will only see pop-up bubbles identifying
the current song when track changes happen.
If you move the mouse pointer over the icon, you get some song information
displayed.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
313
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 9-7
If you do not want to see these pop-ups, select Edit > Preferences > Extensions >
Notification Area Icon > Disable.
Music Recommendations
Banshee automatically recommends music that you might like, based on the currently
playing song. It finds artists and popular songs that people with similar musical tastes
enjoy.
Figure 9-8
Banshees Recommendations
If you do not want to receive recommendations, click View, then deselect Show
Recommendations.
Select the CD title in the source list on the left, then click Import CD in the upper
right corner.
314
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 9-10
Import an Audio CD
Genre
Name
URL
Enter this information in the Add New Radio Station dialog, then click Save.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
315
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Listen to Podcasts
Banshee lets you subscribe, download, and listen to your favorite Podcasts.
Podcasting is a form of audio blogging where users subscribe to a feed of shows, and
the shows's episodes are downloaded and managed for offline listening.
The configured Podcasts are shown under Podcasts in the left frame.
To add an Podcast, right click Podcasts in the left frame and select Subscribe to
Podcast from the pop-up menu. A dialog appears.
Figure 9-12
Subscribe to a Podcast
316
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 9-13
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
317
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 9-1
Use Banshee
In task I of this exercise you add some audio files to your music library. In task II you
create your personal playlist, and in task III you subscribe to an Novell Open Radio
Podcast.
You will find this exercise in the workbook.
(End of Exercise)
318
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 2
Use Moonlight
Moonlight is an open source implementation of Microsofts Silverlight (http://
silverlight.net/). The goal of Silverlight is to run Silverlight applications on Linux
and to provide a Linux Software development kit for Silverlight.
Microsoft Silverlight is a cross-platform Web browser plug-in for .NET based
multimedia and interactive Web applications.
Moonlight is part of the Mono Project (http://www.mono-project.com/Moonlight).
SLED 11 includes Moonlight 1.0 that is compatible to Silverlight 1.0 and scriptable
with the Web browser JavaScript. Moonlight 1.0 is the first Moonlight release that
uses Microsoft's Media Pack 1.0 for playing back video and audio.
NOTE: Microsoft is already offering Silverlight 2, and the Moonlight team plans to be compatible
with Silverlight 2 by the end of year 2009.
Once you enter a Web page including video or audio content created with Silverlight,
you will be prompted by Moonlight to install the Microsoft Media Pack for
Moonlight available from Microsoft.
Figure 9-14
After clicking Install Codecs, you have to accept the license of the Microsoft Media
Pack.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
319
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 9-15
320
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 9-2
Use Moonlight
In this exercise, you test the Moonlight capabilities and install the Microsoft Media
Pack to test Moonlight.
In Task I you test the Moonlight capabilities. In Task II you install Microsoft Meda
Pack to view Silverlight videos.
(End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
321
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Summary
The following is a summary of what you learned in the course objectives.
Objective
Use Banshee
322
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
SECTION 10
Configure Email
In this section, you learn how to configure email client software on SLED 11 to work
with several popular email servers.
Section Objectives
Version 1
1.
2.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
323
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 1
Novell GroupWise
Microsoft Exchange
Local delivery
USENET News
Configuring Evolution
Before you can use the Evolution client to manage your communications, you must
first configure it to work with your mail server. The first time you run Evolution, the
Setup Assistant is displayed. This utility allows you to do the following:
When you configure Evolution, it creates a new hidden directory in your home
directory named .evolution. This is the directory where Evolution stores all of its
local data.
If you need to modify an account in Evolution after completing the Setup Assistant,
you can select Edit > Preferences > Mail Accounts in the Evolution window. Select
the account you want to change and then select Edit.
324
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
2.
3.
Figure 10-1
4.
Version 1
If you want to restore Evolution from a backup file, mark Restore Evolution
from the Backup File, then select the appropriate Evolution archive from
the drop down list.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
325
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 10-2
5.
6.
Select Forward.
The following is displayed:
326
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Figure 10-3
7.
Version 1
IMAP: Select this option if your email server supports the IMAP protocol.
IMAP allows you to leave your messages on the mail server.
IMAP4rev1: Select this option if your email server supports the IMAPrev1
protocol.
POP: Select this option if your email server supports the POP3 protocol.
POP downloads your messages to your local system and deletes them from
the server.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
327
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
USENET News: Select this option if you want to connect to a news server
and download a list of available news digests.
Local Delivery: Select this option if you want to move messages from your
local mail spool and store it in your home directory. If you select this option,
you need to provide the path to the mail spool you want to use.
NOTE: If you want to leave mail in your systems spool files, use the Standard Unix
Mbox Spool option instead.
Maildir Format Mail Directories: Select this option if you download your
mail using Qmail or another maildir-style program. You need to provide the
path to the mail directory you want to use.
Standard Unix Mbox Spool or Directory: Select this option if you want to
read and store mail in the mail spool on your local system. If you choose this
option, you need to provide the path to the mail spool you want to use.
None: Select this option if you do not plan to access mail with this account.
No configuration options exist.
The next screen displayed will vary based on the server type you selected.
8.
328
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Figure 10-4
9.
Version 1
Use Secure Connection: Select one of the following, as appropriate for your
network:
No Encryption
TLS Encryption
SSL Encryption
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
329
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 10-5
Mailbox: If the mail box path is different from the username, enter the
mailbox path also.
330
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Figure 10-6
Use Secure Connection: Select one of the following, as appropriate for your
server:
No Encryption
TLS Encryption
SSL Encryption
11. After configuring the settings specific to your server type, select Forward.
The screen displayed next depends upon which server type you selected. For
example, if you selected Microsoft Exchange, the following is displayed:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
331
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 10-7
332
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Specify whether you want to apply filters to new messages in the inbox.
Specify whether you want to check new messages for Junk contents.
Specify whether you want to check for new messages in all folders.
Specify whether you want to apply filters to new messages in the Inbox
on the server.
Specify whether you want to check new messages for Junk content.
Specify whether you want to only check for Junk messages in the Inbox
folder.
Specify whether you want to automatically synchronize remote mail
locally.
Enter your POA SOAP port in the Post Office Agent SOAP Port field.
If youre connecting to the mail server via IMAP, configure the following
receiving options:
Specify whether you want to apply filters to new messages in the Inbox.
Specify whether you want to check new messages for Junk content.
Specify whether you want to check for Junk messages in the Inbox
folder.
Specify whether you want to automatically synchronize remote mail
locally.
If youre connecting to the mail server via POP, configure the following:
12. When youre done configuring your receiving options, select Forward.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
333
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 10-8
13. When you have completed Step 1 to Step 12, enter an account name of your
334
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Figure 10-9
14. After you have selected Forward, select your time zone from the drop-down list
When you do, the Evolution client opens and logs into your server, as shown in
the following:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
335
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 10-10
If you need to add another account in Evolution after completing the Setup Assistant,
select Edit > Preferences > Mail Accounts in the Evolution window. The following
is displayed:
336
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Figure 10-11
Select Add. When you do, the Evolution Account Assistant is displayed, allowing
you to add a new account in the same manner as discussed previously.
Using Evolution
Once youre done creating your mail accounts in Evolution, you are ready to use it to
manage your communications. Evolution is similar to other email clients. For
example:
Version 1
Evolution can send and receive email in HTML or as plain text and makes it easy
to send and receive multiple file attachments.
Evolution can sort and organize your email in a wide variety of ways with
folders, searches, and filters.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
337
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
However, Evolution differs from other email programs in essential ways. First, its
built to handle very large amounts of mail. The junk email, message filtering, and
searching functions are designed for speed and efficiency.
In addition, Evolution includes search folders that provide you with an advanced
organizational feature not found in most email clients. If you get a lot of email or if
you need to retain every message you receive, youll find this feature especially
useful.
In this part of this objective, the following topics are addressed:
338
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Folder List: Gives you a list of the available folders for each account. To see the
contents of a folder, select the folder name, and the contents are displayed in the
message list.
Search Tool: Lets you search for items in either the current account or in all
accounts. You can filter emails, contacts, calendar entries, and tasks using
different criteria. The Search Tool can also save frequently used searches in a
search folder.
Message List: Displays a list of messages you have received. To view an item in
the preview pane, select it in the message list.
Preview Pane: Displays the contents of the item selected in the message list.
Shortcut Bar: Lets you switch between folders. At the bottom of the shortcut bar
you will find tool buttons that let you switch tools; and above that you will find a
list of all the available folders for the current tool. If you have the Evolution
Connector for Microsoft Exchange installed, you have an Exchange button in
addition to buttons for the other tools.
Managing Email
Evolution allows you to send and receive email messages. To send a new message, do
the following:
1.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
339
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 10-13
2.
3.
Select Send.
To read a received message, select the appropriate folder; then select the message
from the displayed. An example is shown below:
340
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Figure 10-14
Managing Folders
Evolution allows you to sort and manage your mail items using folders. To manage
your folders, simply right click an existing folder; then select from the following
options:
Mark Messages As Read: Marks all the messages in the folder as read.
Properties: Displays the number of total and unread messages in a folder. If the
folder is a remote folder, you can also copy the folder to your local system for
offline access.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
341
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 10-15
You can also rearrange folders and messages by dragging and dropping them. Like
other mail clients, a folders label is displayed in bold any time new mail arrives
displaying the number of new messages.
You can also save a search in a search folder. To do this, do the following:
1.
2.
342
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Figure 10-16
3.
4.
Configure your rule criteria. For example, you could specify that the subject
contains a certain user name or the subject contain a certain term. Rule elements
include the following:
String
You can add additional rule criteria. You can specify that any or all criteria must
evaluate as true for the rule to be applied.
5.
6.
Select OK.
The new search folder is added to your list of search folders, and its contents are
automatically generated, as shown below:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
343
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 10-17
In addition to managing email, you can also use Evolution to manage your calendar.
To begin using the calendar, select Calendars. By default, your personal calendar is
displayed with todays date selected, as shown below:
344
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Figure 10-18
Month Pane: Displays a small calendar. You can also click and drag to select a
range of days in the month pane to display a custom range of days in the
appointment list.
Tasks: Displays your tasks. Tasks are similar to appointments in that they are
assigned to a user. However, unlike an appointment, tasks generally dont have a
time or date associated with them. You can see a larger view of your task list by
selecting Tasks in the shortcut bar.
Memos: Displays a list of notes in the form of memos. Memos, like tasks, dont
have time or dates associated with them. You can see a larger view of your Memo
list by selecting Memos in the shortcut bar.
Meeting: Select this option to set up an appointment with yourself and other
users.
The following is displayed:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
345
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 10-19
2.
Add the desired attendees from your address book. Note that you can assign
attendees to the following roles:
Chair Person
Required Participant
Optional Participant
Resources
3.
4.
5.
6.
7.
346
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Figure 10-20
Managing Contacts
Evolution is also a powerful contact manager. The Evolution Contacts tool provides
address book functionality. Evolution can synchronize with Palm OS devices and use
LDAP address books across the network.
To use the Contacts tool, select Contacts in the shortcut bar. The following is
displayed:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
347
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 10-21
Managing Contacts
By default, all of your contacts are displayed in alphabetical order using a minicardstyle view. You can select other views, such as List View or By Company, from the
View menu. You search contacts in the same way that you search mail folders using
the Search tool on the right side of the toolbar.
You can create a new contact by right clicking the list of contacts and selecting New
Contact. The following is displayed:
348
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Figure 10-22
Fill out the appropriate fields, then select OK. You can also create a new contact by
opening a sent or received item in a folder and right clicking on it.
Managing Tasks
Evolution can also be used to manage tasks. To view your tasklist, select Tasks in the
shortcut bar. The following is displayed:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
349
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 10-23
Viewing Tasks
350
Assigned Task: Select this option to create a task for another user.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Figure 10-24
2.
Add the desired users from your address book. Note that you can assign users to
the following roles:
Chair Person
Required Participant
Optional Participant
Resources
3.
4.
5.
6.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
351
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 10-25
352
Viewing Tasks
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Exercise 10-1
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
353
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 2
Windows
Linux
Macintosh
In this objective, you learn how to install and configure the GroupWise 8 Client on
SLED 11. The following topics are addressed:
To install the GroupWise Linux Client software, your workstation must meet the
following system requirements:
Next, you need to access to the GroupWise Linux Client installation files. This can be
done in a variety of ways.
354
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
For example, you can install the GroupWise Linux Client directly from the
installation media. Consider the following options:
Download the GroupWise 8 Linux Client archive file (tar.gz) from http://
download.novell.com. At the time this course was written, the following files
were available:
gw800_client_linux_multi.tar.gz
gw800_client_linux_en.tar.gz
You can also install the GroupWise Linux Client from the software distribution
directory on your GroupWise server. This is /opt/novell/groupwise/software by
default on a Linux GroupWise Server. You can provide users with access to the
software distribution directory by doing one of the following:
Create an NFS export for your software distribution directory. You can
expose your software distribution directory to end users running Linux
workstations by creating an NFS export.
Create a Samba share for your software distribution directory. You can also
expose your software distribution directory to end users running Linux
workstations by creating an Samba share.
While the GroupWise Client can be installed from many types of installation sources,
were going to focus on installing it with YaST from the SLED 11 installation media.
Do the following:
Version 1
1.
Start YaST.
2.
3.
4.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
355
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Installing GroupWise
Figure 10-26
5.
Select Apply.
Wait while the GroupWise Client is installed.
6.
356
You should see the GroupWise icon added to the Communicate menu when
completed, as shown below:
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Figure 10-27
7.
Close YaST.
8.
9.
GroupWise User ID
Password
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
357
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Logging in to GroupWise
Figure 10-28
10. Log in; your users GroupWise mailbox is displayed, as shown in the following:
The GroupWise Mailbox
Figure 10-29
358
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Your main work area in the GroupWise Client is called the Home View, as shown in
the following figure:
Figure 10-30
Schedule appointments.
Manage contacts.
Today's calendar
Your tasklist
A panel is an area of the screen reserved for selected data along with the display
settings for the data. The three default panels are shown:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
359
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 10-31
Starting with the default layout, you can easily customize your Home View. For
example, you can resize the existing panels or move them by dragging and dropping
them. For more powerful customization options, select the drop-down list in the
upper right corner of any panel:
Figure 10-32
Editing a Panel
When you select Edit in the drop-down list, the following is displayed:
360
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Figure 10-33
Editing a Panel
Configure the name of the panel and the folder displayed in the panel on the
General tab.
Configure display settings for the panel on the Display tab. This tab allows you
to specify the folder view, sort order, column display, item types, date range, and
other settings.
Configure the filter for the panel on the Filter tab. This tab allows you to restrict
the list of items displayed by sender, recipients, subject line, item text,
attachments, category, or other criteria for the panel.
In addition to editing your existing panels, you can also add panels to your Home
View by selecting Add Panel in the drop-down list to add a new panel. The following
is displayed:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
361
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 10-34
Adding a Panel
Unread Items
Calendar
Summary Calendar
Tasklist
Recent Activity
Custom. You can also add a custom panel that you define yourself.
Web: You can add a Web panel that displays a web page within a panel.
As with other email clients, you use the GroupWise Client to send and receive mail
messages. To create a new message, do the following:
1.
362
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Figure 10-35
2.
3.
Select Send.
To read a received item, double click on the item in the appropriate folder.
You can assign categories to items in your mailbox to organize and sort them. Four
default categories are available for you to immediately assign to items:
Follow-Up
Low Priority
Personal
Urgent
You can modify or delete any of the default categories. You can also create and
customize your own categories. As you do, you can assign each category a unique,
identifying color. When you assign an item to a particular category, the item is
displayed in the color you specified. If you assign one of the default GroupWise 8
categories to an item you are sending, the item arrives in the recipients Mailbox with
that category assigned.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
363
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
If, on the other hand, you assign a custom category to an item you are sending, the
item arrives in the recipients Mailbox with no category assigned. You can also assign
more than one category to an item and specify which category is the primary one. The
color of the primary category is used to identify the item. When you reply to an item
that has been assigned a category, the same category is assigned to the reply message.
You can assign a category to an item in two ways. First, you can select the items
icon; then select a category from the list displayed, as in the following:
Figure 10-36
The ten most recently used categories are listed. They are displayed alphabetically by
default.
The second option for assigning a category is as follows:
1.
2.
3.
b.
Once applied, you can use categories to search for and sort your items.
Managing Your Calendar
You can also use the GroupWise client to manage your schedule. If you select the
Home view or the Calendar view, your calendar is displayed, as follows:
364
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Figure 10-37
Day
Week
Month
Year
Tasklist
Project planner
Multi-user
2.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
365
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 10-38
3.
4.
To: Enter the addresses of the contact you want to send the appointment to.
Start Date: Enter the start date and time of the appointment.
Select Send.
The GroupWise 8 Client can also be used to manage your contacts, both business and
personal.
A Contacts folder provides a convenient view of your address book information. The
Frequent Contacts folder is created automatically for you and is associated with your
Frequent Contacts address book.
When you create a new address book, the new address book is automatically added as
a new Contacts folder. Likewise, when you create a new Contacts folder, a
corresponding personal address book is created automatically.
366
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Any modification you make in a Contacts folder is also made in the corresponding
address book. For example, when you add a new contact to a Contacts folder, it is
added to the corresponding address book.
Two ways to add a new contact exist:
By dragging and dropping an item from someone new into a Contacts folder. A
contact record for that person is automatically created.
In the Folder List, select the Contacts folder where you want to add the contact.
2.
Figure 10-39
Version 1
3.
4.
5.
Select OK.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
367
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
GroupWise can be used to send, receive, and manage tasks as well as email messages
and calendar items. You can post a task for yourself or accept a task from another
person.
After it is accepted, the task appears on the Calendar on its start date and carries over
to each succeeding day. When the due date is past, the task is displayed in red on the
Calendar. After you finish a task, you can mark it as complete.
If you are the originator of an assigned task, you can have GroupWise send you a
notification when the task is marked as complete. A Completed status, including the
date and time the task was marked as complete, is placed in the Properties window
for the task.
The Tasklist folder is a system folder that is used to keep track of GroupWise tasks
and other items that require action. Think of it as a master list for all of your tasks. A
typical Tasklist folder is shown below:
Figure 10-40
When you post or accept a task, it automatically appears in the Tasklist folder. In
addition, any email, appointment, task, reminder note, or phone message can also be
placed in the Tasklist folder. For example, you can place an email message in the
Tasklist folder to remind you to act on it.
Items in the Tasklist folder may or may not appear on your Calendar. Only items with
a due date appear on the Calendar. If you want an item in the Tasklist folder to appear
on your Calendar, you must assign that item a due date.
After you have placed an item in the Tasklist folder, you can
368
Mark it as complete.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
2.
(Optional) Select the position in the Tasklist where you want to add a new item.
For example, if you want the new item to appear after the third Tasklist item,
select the existing third item.
3.
To create a new task that you will assign to another user, select New Task.
To create a posted task for yourself, select the down arrow next to New Task
and select Posted Task.
To create a Tasklist item, right click in the Tasklist folder; then select New >
Tasklist Item.
Figure 10-41
Version 1
4.
(Optional) To create a new task, enter the recipients who will receive the task.
5.
6.
7.
Select Send.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
369
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
In addition, you can also place items in the Tasklist folder by moving items from
other folders. For example, you might receive an appointment for a meeting where
you will give a presentation. You can drag the meeting appointment to your Tasklist
folder to remind you that you need to prepare your presentation.
You can also mark an item to be displayed in the Tasklist folder. If you do this, the
item stays in its original folder, but also appears in the Tasklist folder where you can
To mark an item to appear in the Tasklist folder, right click the item and select Show
in Tasklist. You can then mark these items as complete in either the original folder or
the Tasklist folder.
You can also track progress by specifying a completion percentage for any item in
your Tasklist folder. Do the following:
1.
2.
Figure 10-42
370
3.
4.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
The completion percentage is automatically saved when you close the item. You can
show completion percentages for items in your Tasklist folder. However, the
percentage complete column is not displayed (by default). To display the % Complete
column, do the following:
1.
2.
Right click the column headers in the Tasklist folder and select More Columns.
3.
4.
5.
6.
Select OK.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
371
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 10-2
372
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Configure Email
Summary
The following is a summary of what you learned in the course objectives.
Objective
Configure the Evolution Email Client on SLED Evolution is a powerful email client included
11
with SLED 11. Evolution makes storing,
organizing, and retrieving your personal and
business communications easy, allowing you
to work and collaborate effectively with others.
Evolution is a highly evolved groupware
program. It handles email, contacts, and
calendars. It also includes advanced features
such as search folders. Search folders look
like ordinary email folders, but they allow you
to save searches instead.
Evolution can be configured to work with a
variety of different mail and news servers.
Some of these are listed below:
Novell GroupWise
Microsoft Exchange
Local delivery
USENET News
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
373
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective
Windows
Linux
Macintosh
374
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
SECTION 11
Bash scripts play a key role in the administration of SUSE Linux Enterprise 11. All
start scripts in the /etc/init.d/ directory, for instance, are Bash scripts.
As a Linux system administrator, you are often faced with recurring tasks that consist
of commands that have to be called in a certain order. By combining these commands
into a script, you can make your job a lot easier.
This section covers the basic elements of shell scripts to help you understand existing
shell scripts in your Linux system and to help you write shell scripts of your own that
fit your needs.
When writing shell scripts, you usually have many different options to solve a
problem. Please note that our project will not necessarily use the most efficient way
of coding. The purpose here is, first of all, to introduce the elements of Bash scripting
and to use examples that are easily understood.
Objectives
1.
2.
3.
4.
5.
6.
7.
8.
9.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
375
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 1
All the elements covered in this objective for interactive use of Bash can be employed
within shell scripts as well.
When an error message appears, this message is written to the file descriptor 2,
Standard Error (stderr), that in interactive use is also connected to the terminal
where you entered the command:
geeko@da10:~> cp -av Fotos /tmp
cp: cannot stat `Fotos': No such file or directory
geeko@da10:~>
While within a terminal, stdout and stderr look the same, but they are indeed
different, as you can see when you redirect them to a file. To redirect stdout to a file,
you use the > operator (or >> to append to a file):
376
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
It is also possible to redirect stderr to a file. This is especially useful if there are a lot
of error messages or some error messages in a lot of normal output. Redirecting stderr
allows you to view the messages using a pager like less. To redirect stderr, you use
the 2> operator:
geeko@da10:~> cp -av Fotos /tmp 2> error.txt
geeko@da10:~> cat error.txt
cp: cannot stat Fotos: No such file or directory
geeko@da10:~>
As you can see in both examples, when stdout and stderr are redirected, no output is
written to the terminal.
You can also redirect stdout and stderr to separate files in one command line:
geeko@da10:~> cp -av Fotos Photos /tmp > output.txt 2> error.txt
geeko@da10:~>
It is also possible to redirect stdout and stderr to one file, using the 2>&1 operator
that has to appear after the redirection of stdout on the command line:
geeko@da10:~> cp -av Fotos Photos /tmp > out-err.txt 2>&1
geeko@da10:~>
In addition to stdout and stderr, by default there is a third file descriptor, Standard In
(stdin, file descriptor 0). In interactive use, this is usually connected to the keyboard.
But it can be redirected to a file as well, and the operator to redirect stdin is <:
geeko@da10:~> mail -s "Output and Errors" geeko < out-err.txt
geeko@da10:~>
In Linux, a typical program will open these three file descriptors when it begins:
If you want to process the output of one command by another command, you could
write the output of the first program to a file and use that file as input for the second
command, as shown in the preceding example for the mail command. However, you
can use the output of one command directly as the input for another command using
the pipe operator |:
geeko@da10:~> cp -av Fotos Photos /tmp
Errors" geeko
geeko@da10:~>
Instead of reading from a file, the shell can be instructed to read from the current
source with a so-called here document, using the << redirector, as illustrated in the
following example:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
377
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The text after the cat << EOF line is printed once the same string (EOF in the
example above) appears in a line with no trailing whitespace. This syntax is often
used in scripts to write several lines to the screen.
NOTE: For a full explanation of redirection, see man bash and search for redirection.
Bash Variables
A variable is a label assigned to a location in computer memory that holds an item of
data. Bash variables are not typed. They are essentially character strings, but some
arithmetic operations are possible when the variable contains only digits.
Variables can serve different purposes. The following types of variables exist,
although the differentiation is to some extent arbitrary; because positional
parameters, for instance, they could also be included under shell variables:
Shell Variables
Shell variables are used to control the behavior of the shell itself. Some of them are
assigned default values by Bash, and some can be assigned values by the startup
scripts Bash reads when it starts (such as /etc/profile or ~/.bashrc). These
include the following:
IFS: Internal Field Separator. A list of characters that separate fields and are used
to determine the beginning and end of a word (token).
PS1: Primary Prompt String. The string that determines how your normal prompt
in a terminal window looks like.
BASH: The full path name used to execute the current instance of Bash.
NOTE: For a full explanation of shell variables, see man bash and search for Shell Variables.
Positional Parameters
378
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
want to refer to all positional parameters, you would use $* (all positional parameters
seen as one single word) or $@ (all positional parameters seen as separate words).
The following should give you an idea how they can be used:
geeko@da10:~> cat script.sh
echo The command itself: "$0"
echo The first parameter: "$1"
echo The second parameter: "$2"
echo All parameters '($*)': "$*"
echo All parameters '($@)': "$@"
geeko@da10:~> ./script.sh first second
The command itself: ./script.sh
The first parameter: first
The second parameter: second
All parameters ($*): first second
All parameters ($@): first second
geeko@da10:~>
Environment Variables
Every process has an environment that consists of variables it may reference and use
by the process to influence its execution. This is true for the shell as well.
Environment variables can be used to regulate the behavior of Bash. They are usually
set by the scripts Bash reads when it starts, including /etc/profile, ~/
.bashrc and others. Environment variables include the following:
By default, various environment variables are set. You can view them and their
content with the export and set commands.
Return Values
Every command returns a value to the calling shell that indicates whether the
program terminated normally (return value 0) or errors (return value not 0) were
present.
The return value of the last process run by Bash is stored in the $? variable. Using
the echo command, you can view the content of this variable:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
379
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Using the return value, you can make the execution of a second command dependant
on the outcome of the first. The operators to use are && (the second command is
executed if the first one returns 0) or || (second command is executed if the first
command returns a value different from 0).
This command displays the content of the message.txt file if it exists:
test -f message.txt && cat message.txt
This command installs the package sysstat if it is not installed:
rpm -q sysstat || yast2 -i sysstat
Within a script, decisions on how to proceed are frequently based on the return value
of a command.
380
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 2
If you want to be able to run the script by using its name alone, the directory where
the script is located must be listed in the $PATH variable. If there is a bin directory
in the home directory of a user, this directory is included in $PATH by default in
SUSE Linux Enterprise 11.
Shell scripts in a directory that is not listed in $PATH must be started with the full
path name or a relative path name such as ./script.sh.
When naming script files, you should add an .sh extension to the filename. Linux
doesnt require it, but it ensures that the file can easily be recognized by the system
administrator as a shell script.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
381
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
If you do not add the suffix, you need to make sure the filename is not identical to
existing commands. For example, a common mistake is to name a script test
which interferes with the test command line tool.
Within a script, empty lines and lines starting with a # character are ignored. The #
character is used to add comments to your script. As a general practice, you should
add a comment in the beginning giving a brief overview what the script is supposed
to do and also add comments throughout your script to explain what a line or section
does. This makes understanding the script easier when you later get back to modify it.
The first line of a script defines the shell used to execute the script. This line is
sometimes referred to as the she-bang line. Only this first line is interpreted despite
the fact it starts with a # character. It has the following syntax:
#!/bin/bash
All subsequent lines of the script are either comments (starting with a # character) or
actual commands.
The -a (archive) option ensures the permissions are kept and directories are copied
recursively. The --no-whole-file option makes sure only the changed parts of
the files are updated, not the whole files copied. This does not only make a difference
on the initial copy, but also speeds up updates.
When you execute this script, you might get an error similar to the following:
382
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
geeko@da10:~/bin> simple-backup1.sh
rsync: writefd_unbuffered failed to write 4 bytes [sender]: Broken
pipe (32)
rsync: mkdir "/backup" failed: Permission denied (13)
rsync error: error in file IO (code 11) at main.c(576)
[receiver=3.0.4]
rsync: connection unexpectedly closed (9 bytes received so far)
[sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(632)
[sender=3.0.4]
The reason is that the directory /backup doesnt exist, and, as a normal user, you
are not allowed to create files or directories in /. We will integrate some error
handling later; for now, just create (as root) the directory /backup with the
command
mkdir -m 1777 /backup
and run the script again as a normal user.
When you execute the script, no output that is consistent with the usual behavior of
Linux command line programs of no message = success. However, if you want to
see some information, you can add a message to the script:
#!/bin/bash
#
# simple-backup2.sh
# Backup geekos home directory to /backup using rsync
echo "Backing up /home/geeko to /backup/"
rsync -a --no-whole-file /home/geeko /backup
The echo command can be used to output text to the terminal that is enclosed in
double quotes. The option -e lets echo interpret backslash sequences. These can be
used to format the output to some extent.
The following is a list of other backslash sequences that can be used with echo and
what they output:
Version 1
\\ Backslash
\b Backspace
\f Form feed
\n New line
\r Carriage return
\t Horizontal tab
\v Vertical tab
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
383
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Debug Options
It is probably more the exception than the rule that a script does exactly what you
want it to do at once. If it does not do what you want you have to find the error.
There are several ways you can instruct the shell to output more information that
helps you to find the error:
384
bash -x script.sh: Start the script in a separate shell with the -x option. The
advantage of this approach is that you dont have to change the script itself.
set -x: Using set -x in the current shell turns on the additional output for all
scripts started from this shell. You can turn this off again with set +x. No
changes to the script itself are necessary.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 11-1
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
385
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 3
The string Geeko is assigned to the variable NAME. Then the variable NAME,
with a $ character in front, is used in the echo command.
There are a few things to be aware of:
When you assign a variable, you use just the name of the variable. When you
access the data of a variable, you put a $ before the variable name.
When you assign data to a variable, no spaces are used between the variable
name, the = character, and the data.
If the string you assign to the variable contains spaces you need to enclose the
string in quotation marks (). To ensure proper processing of the spaces you
should enclose the variable ($NAME in the example above) in quotation marks
as well. If you forget that, you can get unexpected results, as your string might
get processed as several words although you didnt intend that.
We use $NAME in the echo line, and the variable is replaced with its content.
The advantage of the use of variables is that you define them at one point and then
use them throughout the rest of the script. If you have to change the variable, you
change it at one point not throughout the script. With this, you can improve the
backup script by using a variable to hold the users name, as shown in the following:
#!/bin/bash
#
# variables2.sh
# Back up someone's home directory to /backup using rsync
USERNAME="geeko"
echo -e "Backing up /home/$USERNAME to /backup/"
rsync -a --no-whole-file /home/$USERNAME /backup
386
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Variables can contain not only strings but also numbers. By default, a variable in a
shell script can hold any kind of data. However, it is possible to limit a variable to a
specific type (for example, a string) with the declare command.
So far, we have assigned only static values to variables, but its also possible to assign
the output of a command to a variable or to use a command directly where the output
is needed. This is called command substitution.
This basically means that the output of a command is used in a shell command line or
a shell script.
In the following example, the output of the date command is used to generate the
output of the current date:
#!/bin/bash
#
#command_subs1.sh
echo "Today's date is $(date +%m/%d/%Y)"
An alternate syntax for the last line includes the use of backticks (` ... `), as shown
below; however, the version using $(...) is the recommended one.
echo "Today's date is `date +%m/%d/%Y`"
Instead of printing the output of a command to the screen with echo, it can also be
assigned to a variable, as in the following:
#!/bin/bash
#
#command_subs2.sh
TODAY="$(date +%m/%d/%Y)"
echo "Today's date is $TODAY"
In this case, the output of date is assigned to the variable TODAY; then the content
of the TODAY variable is printed to the screen with echo. Again, make sure that no
spaces are entered before or after the equal sign.
The output is the same in both cases:
geeko@da10:~/bin> command_subs1.sh
Today's date is 03/12/2009
geeko@da10:~/bin> command_subs2.sh
Today's date is 03/12/2009
NOTE: Try command_subs2.sh without the quotes when assigning the value to the TODAY
variable, and spaces instead of the slashes, as in the following: TODAY=$(date +%m %d %Y). You
will see that the quotes do make a difference.
Now improve your backup script with what you have learned. Change the script so
that a log file that contains the filenames of the backed-up files is written every time
the script is run. The log file contains date and time as part of its filename.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
387
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
388
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 11-2
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
389
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 4
Create Branches
A branch in a script means that a part of your script is executed only under a certain
condition. The two control structures used for this purpose are the following:
If commandA returns true (0), then one or more commands are executed. In many
cases, commandA is a test for some condition, but it can be any command. Note the
closing fi word which ends the if control structure.
The if statement can be extended with an optional else statement, as shown in the
following example:
if commandA
then
command1
else
command2
fi
In this case command2 is executed when the if condition is not true (i.e. the return
value of commandA is not 0).
Now add an if structure to our backup script. Test for the return value of the rsync
command, and if it is non-zero, have the script send a mail to geeko. This is
especially useful for scripts that are executed regularly by the cron daemon, because
390
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
errors (such as no space left on the backup device) can remain unnoticed if the user is
not informed of the failure.
The script could look like the following:
#!/bin/bash
#
# control_struc1.sh
#
# This script does the following:
# - Back up someone's home directory to /backup using rsync
# - Write a log file in the format backup-log_YYYYMMDD-hhmm
#
and that contains the names of the files backed
# - Send log files per mail
#
# Variables:
#
USERNAME="geeko"
NOW="$(date +%Y%m%d-%H%M)"
#
# The backup:
#
echo -e "Backing up /home/$USERNAME to /backup/"
rsync -av --no-whole-file /home/$USERNAME /backup > /backup/backuplog_$NOW 2>/backup/backup-errorlog_$NOW
#
# Send log files per mail to user
#
if test "$?" -eq 0
then
mail -s "Backup successful" $USERNAME < /backup/backup-log_$NOW
else
mail -s "Some error occurred during backup" $USERNAME < /backup/
backup-errorlog_$NOW
fi
The test command is used to check if the return value of the previous command is
equal to 0. If this is true, test returns the value 0; otherwise, the value is 1.
Almost all command line tools have a return value. The 0 always means something
like true or everything is OK. Otherwise a value different from 0 is returned. An
if condition is true when the program used for testing returns 0.
test can also be used for many things other than checking if one number is equal to
another. The following is an overview of the most important the test options:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
391
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
NOTE: For a complete list of all test options, see the test man page.
When you look at scripts written by someone else, you will also see a different syntax
for test. Instead of test "$?" -eq 0, you can also leave out the test command
and put the expression in square brackets like [ "$?" -eq 0 ]. Please note the
space after the [ bracket and the space before the ] bracket. Without these spaces,
you get an error message when executing the script.
One other thing you might have noticed is that the lines after then and else are
indented. This is not required but is a very common method to identify logical blocks
and to make the code more readable.
With if you can create even more complex structures in your script using an optional
elif statement, as shown in the following example:
if commandA
then
command1
elif commandB
then
command2
else
command3
fi
With elif, you add more conditions in case the one in the initial if statement is not
true.
In this case, command2 is executed in case the return value of commandA is false
(not 0) and the return value of commandB is true. The command3 is executed only if
commandA and commandB have a non-zero return value.
You can have several elif sections within an if control structure.
The case Control Structure
Another way to create multiple branches is to use case. In a case statement, the
expression contained in a variable is compared with a number of expressions.
Commands are executed for the first expression that matches.
A case statement has the following syntax:
case $variable in
expression1) command1;;
expression2) command2;;
esac
392
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
case statements are often easier to understand than if/elif/else statements, but they can
have the same functionality, as shown in the following two examples:
if [ "$number" -eq 10 ]
then echo "The value is 10"
elif [ "$number" -eq 20 ]
then echo "The value is 10"
else
echo "I don't know"
fi
case "$number" in
10) echo "The value is 10";;
20) echo "The value is 20";;
*) echo "I don't know";;
esac
The variable $number is compared with 10, 20 and *. * matches for every value and
is, therefore, the default action of the case statement.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
393
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 11-3
Create Loops
Another common control structure is the loop. A loop is often used when a certain
task has to be repeated more than once. Instead of repeating the same code in the
script, a loop structure can be implemented.
Several options for implementing a loop in shell scripts exist.
The for Loop
The line starting with for defines how many times the code between do and
done has to be executed. For each pass of the loop, the variable variable has one
of the values defined in the list after in.
Here is an example:
#!/bin/bash
#
# for_loop1.sh
for i in 1 2 3
do
echo "$i"
done
The list after in contains three elements: the numbers 1, 2, and 3 separated by
spaces. This means that the code between do and done is executed three times,
and each time the variable i has a different value from 1 to 3. When you run this
script, it simply outputs 1 2 3.
geeko@da10:~/bin> for_loop1.sh
1
2
3
The list defined after in is not necessarily static. The for loop is very often used to
go through a list of files. An easy way to do this is to use * after in.
394
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
#!/bin/bash
#
# for_loop2.sh
for i in *
do
lower="$(echo $i | tr [:upper:] [:lower:])"
echo mv $i $lower
done
This script loops through all files in the current working directory and (after
removing the echo in front of mv which is included to test the script without actually
affecting any files) renames the files from upper to lower case. * is expanded to a list
of all these files by the shell.
For every pass of the loop, the variable $i contains one filename. The filename is
converted to lower case and stored in the variable lower. Then the original file is
renamed with mv to lower case.
NOTE: This is just a demo script. For a production script, you would have to add some code that
makes sure that an existing lowercase file is not accidentally overwritten.
This script uses find to create a list of all .mp3 files in the current directory and all
subdirectories. These files are deleted in the for loop (after removing the echo
included for testing purposes).
A special syntax can be used with for in case you want to iterate through the loop a
specific number of times:
#!/bin/bash
#
# for_loop4.sh
for ((i=1;i<=10;i++))
do
echo $i
done
With syntax, the variable i is set to 1 (i=1) for the first run through the loop; then
increased by one (i++) on each subsequent run. This is done as long as the condition
in the middle (i<=10) is true.
The while and until Loops
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
395
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
while condition
do
commands
done
Both loop types depend on a condition. In a while loop the commands are executed
as long as the condition is true; in an until loop, the commands are executed until
the condition becomes true.
We will use a while loop to allow the user to add additional directories or files he
wants to back up in addition to his home directory.
One way to iterate through the positional parameters $1, $2, etc., from the command
line is to use the shift command. After calling shift, $2 becomes $1, $3 becomes $2,
and so on.
One possible way to solve the task is shown in the following script:
#!/bin/bash
#
# while_loop1.sh
# This script does the following:
# - Back up directories or files listed on the command line
# - Back up someone's home directory to /backup using rsync
# - Write a log file in the format backup-log_YYYYMMDD-hhmm
#
and that contains the names of the files backed
# - Send log files per mail
#
# Variables:
#
USERNAME="geeko"
NOW="$(date +%Y%m%d-%H%M)"
#
# The backup of the directories listed on the command line
#
while test -n "$1"
do
echo -e "\nBacking up $1 to /backup/"
rsync -av --no-whole-file $1 /backup
shift
done
#
# The backup of the home directory:
#
396
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The test command checks if the value of the $1 parameter has a non-zero string
length. If so, then the commands between do and done are executed. The shift
command moves $2 to $1, and the new $1 value is tested. If there is no $2 value, the
new $1 is empty and the processing of the loop is stopped.
If you omit the shift command, an endless loop is created; in this case, you have to
interrupt the processing of the script with Ctrl+C.
It is possible to nest an if control structure between do and done and leave the
while loop in case a certain condition is met. The command to interrupt the
processing of the while loop is break, as shown in the following:
while conditionA
do
commands
if conditionB
then
break
fi
done
It is also possible to skip further processing of the loop and to enter the next iteration,
using the continue command, as shown in the following:
while conditionA
do
commands
if conditionB
then
continue
fi
more commands
done
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
397
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 11-4
398
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 5
So when using Bash, you might need to use external commands, such as bc, for
floating-point calculations.
The following paragraphs list all possible methods and formats for arithmetic
operations. All of them are based on this sample operation:
B=5 A=B+10
Since an external command is used, this method will also work with the
traditional Bourne shell. Scripts using external commands will always perform
slower than those relying on built-in commands.
In Bash, you can use the let command to perform an arithmetic expression.
or
A=$[B + 10]
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
399
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
We can use an arithmetic operator to modify the backup script to change the
condition of the while loop. Instead of testing for the content of $1, we can count
down the number of positional parameters until all are processed. The while loop in
the script could look like the following:
count=1
PARAMNUM="$#"
#
# The backup of the directories listed on the command line
#
while test "$count" -le "$PARAMNUM"
do
echo -e "\nBacking up $1 to /backup/"
rsync -av --no-whole-file "$1" /backup
count=$(($count + 1))
shift
done
We create the count variable and assign the value 1 to it. The variable PARAMNUM
is set to the number of parameters included on the command line ($#). In the while
loop, the value of count is increased by one each time the loop is run through. When
the value of count is greater than PARAMNUM, the processing of the loop ends.
Instead of
count=$(($count + 1))
400
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 11-5
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
401
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 6
The script pauses at this point, waiting for user input, until the Enter key is pressed.
To tell the user to enter something, you need to print (echo) a line with some
information, such as the following:
echo "Please enter a value for the variable:"
read VARIABLE
If you do not add a variable name after read, the user input is assigned to the
variable REPLY. You can also specify more than one variable, like in the following
example:
read FIRST SECOND REST
In this example, the first word entered is assigned to the variable FIRST, the second
to the variable SECOND, and all subsequent words to the variable REST. If only one
word is entered, the variables SECOND and REST are assigned empty values.
If you want to change the backup script to inform the user that he can back up
additional directories and ask for them instead of expecting them on the command
line, a possible solution could look like this:
#!/bin/bash
#
# read_input1.sh
#
# This script does the following:
# - Back up directories or files entered by user
# - Back up someone's home directory to /backup using rsync
# - Write a log file in the format backup-log_YYYYMMDD-hhmm
#
and that contains the names of the files backed
# - Send log files per mail
#
# Variables:
#
USERNAME="geeko"
NOW="$(date +%Y%m%d-%H%M)"
DIRECTORIES=""
#
# Get input from user
#
cat <<EOF
This script backs up the /home/$USERNAME directory to /backup,
402
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The for loop is entered for each element contained in the DIRECTORIES variable
(which may not be enclosed in quotation marks in the line starting with for, to keep
the directories entered by the user as separate directories). If the variable is empty, the
for loop is not run through.
NOTE: This approach does not work for files or directories with spaces in their names.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
403
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 11-6
404
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 7
Use Arrays
Arrays are basically variables that can hold more than one value. To identify a value
in an array, a numerical index is used. The index is written in square brackets after the
array name.
lines[0]="Hello World"
This line assigns the string Hello World to the index 0 of the array with the name
lines.
To access a value in an array, you have to specify an index and put braces around the
array name:
echo ${lines[0]}
Arrays are very useful to store list data like a list of files, names, or similar data.
We can use an array to store the files or directories the user wants to back up. He
enters one after the other that makes it easier to deal, for instance, with space
characters.
The first part would be to fill an array with the filenames; the second part would be to
back up those files.
Look at the following modifications of the back-up script. (From now on we will list
only those parts of the code that have been modified).
DIRECTORY=""
counter=0
#
# Get input from user
#
cat <<EOF
This script backs up the /home/$USERNAME directory to /backup,
as well as any files and directories you specify here.
Type the name of a directory or file name you want to
back up, then press enter.
Repeat for each directory or file name you want to back up.
When done (or if you do not want to back up additional
files or directories) just press Enter.
EOF
read DIRECTORY
# Check if $DIRECTORY is empty, if so do nothing,
# as user pressed enter as first action
if [ -z "$DIRECTORY" ]
then
:
else
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
405
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
In the while loop, the requests are stored into the array TOBACKUP. The variable
counter that is initialized at the start of the script and is used as an index is
incremented in every cycle of the while loop.
In the for loop, the content of the array is integrated into an rsync command.
In the second example (lines starting with a comment character) a different syntax for
the for loop is used that is similar to the for loop in the C programming language.
for ((i=1;i<${#TOBACKUP[@]};i++)) means that the loop runs as long as
the variable i is less than (<) the number of elements in the array TOBACKUP.
${#TOBACKUP[@]} is a way to access the number of elements in an array.
The index variable i is initially set to 0 and incremented with every cycle of the for
loop.
406
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 11-7
Use Arrays
In this exercise, you use arrays.
You will find this exercise in the workbook.
(End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
407
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 8
408
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
#
# Remove past backup directories
#
cd /backup || exit 2
# Let's keep a maximum of 100 past backups/versions
if [ "$(ls -d 20*-* | wc -l)" -gt 100 ] ; then
rm -r $(ls -d 20*-* | sort | head -1)
fi
A cron job that runs the backup as often as you need it, such as every two hours
during work hours, daily, or weekly. Using the crontab -e command, you could
define the following cron job:
10 */2 * * * /home/geeko/bin/versioned-backup1.sh
With the topics covered in this section, you could add several additional features to
the script:
Version 1
A list of files that should not be backed up, such as those in the browser cache
directory, for instance, using a here document to write a temporary file from the
script, using the --exclude-from= option of rsync, and deleting the file at
the end of the script.
Use of the trap command to delete the temporary file despite the fact the user
ended the script with Ctrl+C.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
409
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 11-8
410
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 9
Two ways are available to declare a function in a script. The following is the basic
syntax of a function:
functionname () {
commands
commands
}
The name of the function can be composed of any regular character string.
The following is a simple function that creates a directory and then changes to that
directory:
# mcd: mkdir + cd; creates a new directory and
# changes into that new directory right away
mcd (){
mkdir $1
cd $1
}
After having been created, this function can be called in a shell script, as in the
following:
...
mcd /tmp/new_directory
...
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
411
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
You can also create functions that stop their processing from within, similar to exiting
a loop (iteration) with the break and continue commands.
To exit a function, use the return command. If return is called without an
argument, the return value of the function is identical to the exit status of the last
command executed in that function.
Otherwise, the return value is identical to the one supplied as an argument to return.
NOTE: The command typeset -f shows the functions defined in the current shell.
412
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The getopts command is most frequently used in a while loop together with case to
define which command to execute for a given option, as in the following:
while getopts abc:d:e variable
do
case $variable in
a ) echo "The option -a was
b ) echo "The option -b was
c ) option_c="$OPTARG"
echo "Option c has been
d ) option_d="$OPTARG"
echo "Option d has been
e ) echo "the option -e was
esac
done
echo
used." ;;
used." ;;
set to $option_c." ;;
set to $option_d." ;;
used." ;;
If the option -a , -b, or -e is used, the script prints out a message that the
corresponding option was used. If the option -c value is used, the value is
assigned to the variable option_c and printed on the screen, same with option -d
and the variable option_d.
The parameter of an option can be accessed with the variable OPTARG.
NOTE: When no parameter is supplied to an option that expects one, the result can be unexpected.
For instance, if the user enters -d -e in the above example, the OPTARG variable for -d contains
-e, and -e is not recognized as an option of its own.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
413
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 11-9
414
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 10
The preceding command specifies that the field separator should be a colon. In every
line of /etc/passwd, the field that comes before the first colon is taken and
printed to stdout:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
415
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
The above command takes the output of the ls command and cuts out everything
from the twenty-seventh character. This is piped to sort, so the final output is sorted
according to file size.
The date command lets you change the output format in almost every detail. With the
-I option, as in the following, date prints the date and time in ISO format. (That is
the same as if the options had been +%Y-%m-%d):
geeko@da10:~> date -I
2009-03-14
geeko@da10:~> date "+%m-%d %H:%M"
03-14 16:01
geeko@da10:~> date date "+%D, %r"
03/14/09, 04:02:34 PM
geeko@da10:~> date +%d.%m.%y
14.03.09
geeko@da10:~> date +%d.%m.%Y
14.03.2009
geeko@da10:~> date "+%e.%-m.%y, %l.%M %p"
14.3.09, 4.05 PM
geeko@da10:~> date "+%A, %e. %B %Y"
Saturday, 14. March 2009
geeko@da10:~> date
To view a list with all the possible format options for date, see man date. You
should be able to customize the output to exactly match the requirements of your
script.
416
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Search patterns can be supplied in the form of regular expressions, although the grep
command is limited in this regard.
To search for more complex patterns, use the egrep command that accepts extended
regular expressions. As a simple way to deal with the difference between the two
variants, make sure you use egrep in all of your shell scripts.
The regular expressions used with egrep need to be in accordance with the standard
regex syntax.
To avoid having special characters in search patterns interpreted by the shell, enclose
the pattern in quotation marks, as in the following:
geeko@da10:~> egrep (b|B)lurb file*
bash: syntax error near unexpected token
geeko@da10:~> egrep "(b|B)lurb" file*
file1:blurb
file2:Blurb
d: Delete
s: Substitute (replace)
p: Output line
a: Append after
As with other commands, the output of sed normally goes to standard output, but it
can also be redirected to a file.
Apart from the single-character commands for text transformations, you can also
specify options to influence the overall behavior of the sed program.
The following are some important command line options for sed:
Version 1
-n, --quiet, --silent. By default, sed will print all lines on standard output after
they have been processed. This option suppresses the output so sed prints only
those lines for which the p editing command has been given to explicitly reenable printing.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
417
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
-f filename. With this option, you can specify a script file from which sed should
read its editing commands.
Each sed command must be preceded by an exact address or address range specifying
the lines to which the editing command applies. One of the more frequently used
address labels is $ that stands for the last line.
The following are two examples of the sed command:
sed -n
1,9p somefile
You can use a regular expression to define the address or address range for an editing
command. Regular expressions must be enclosed in forward slashes. If an address is
defined with such an expression, sed processes every line that includes the given
pattern.
The following is an example of using regular expressions:
sed -n /Murphy.*/p somefile
This example prints all lines that have the pattern Murphy.* in them.
If you want sed to perform several editing commands for the same address, you need
to enclose the commands in braces, as in the following:
sed 1,10{command1 ; command2}
The following lists the most important editing commands available for sed:
Table 11-1
418
sed Commands
Command
Example
Editing Action
Delete line.
sed s/x/y/option
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Command
Example
Editing Action
sed y/abc/xyz/
You can use the following options with the s command (search and replace):
g: Replace globally wherever the search pattern is found in the line instead of
replacing only the first instance.
w: Write the resulting text to the specified file rather than printing it on stdout.
sed -n s/\([aeiou]\)/\1\1/Igp
This replaces all single vowels with double vowels. The example shows how
matched patterns can be referenced with \1 if the search pattern is given in
parentheses that have to be escaped. The I option ensures that sed ignores the
case.
The g option causes characters to be replaced globally. The p option tells sed to
print all lines processed in this way.
Version 1
Test whether a file exists. Following are some of the available options:
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
419
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Table 11-2
Description
-d
-e
File exists
-f
-x
Table 11-3
Option
Description
-ef
-nt
Newer than
-ot
Older than
Table 11-4
420
Option
Option
Description
-eq
Equal to
-ge
-gt
Greater than
-le
-lt
Less than
-ne
Not equal to
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Table 11-5
Option
Description
test -z string
test string
Table 11-6
Description
test ! condition
NOTE: For more detailed information about test, in a terminal window enter help test or man
test. The built-in test command and the external one have identical features.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
421
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
422
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Summary
Objective
Summary
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
423
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective
Summary
Use Arrays
Use Advanced Scripting Techniques In this objective, you learned how to create and use
shell functions and how to evaluate command line
options.
424
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Version 1
Objective
Summary
cat
cut
date
grep
sed
test
tr
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
425
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
426
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
SECTION 12
This section explains how to deploy SUSE Linux Enterprise Desktop 11.
(SLED 11) Which deployment method you choose will depend to a large degree on
the number of workstations you want to deploy. The installation of hundreds of
machines requires a different approach than the installation of just a few.
Section Objectives
Version 1
1.
2.
3.
4.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
427
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 1
Installation Options
Before you decide which method you will use to install SLED 11, you need to
consider the following:
Boot Media
To install a machine, you have to choose a boot medium to boot the machine.
Installation DVD
The installation DVD is bootable and can be used to start the installation or to
boot a rescue system.
Different kernel parameters can be set if you have trouble with the default
parameters. For example, you can disable ACPI or local APIC, or use safe
settings.
USB stick
Modern hardware allows to boot from a USB device.
428
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Installation Source
Installation DVD
The installation DVD contains all files needed to install SLED 11.
Installation Server
The files needed for installation can be stored on a server in the network.
Protocols available are HTTP, FTP, NFS, or SMB/CIFS. SLP can be used to
advertise the installation server in the network.
Configuration
You can use one of the following approaches to configure the newly installed
computer.
Local
This is usually used when booting and installing from DVD. The administrator is
present in front of the machine and types all information required (such as hard
disk partitioning, IP address, and hostname) when prompted by YaST during
installation.
AutoYaST
The configuration information is contained in a control file in XML format. The
file can be created in a way that renders manual intervention during the
installation process completely unnecessary.
The file can be made available to the system being installed via USB device, or
the network.
You learn how to create an AutoYaST control file later in this section.
Deployment Strategies
Your strategy will depend to a large degree on the number of machines you need to
deploy. Lets consider three different orders of magnitude.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
429
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Deploy Up to 10 Workstations
If you have to deploy only a few workstations, it might not be worth the effort to set
up an installation server, much less to create an AutoYaST control file.
The approach that takes the least preparation is a manual installation using the
installation DVD. Because an installation server is very convenient and does not take
long to set up, you might still consider using one. Additional installations are
facilitated and, when you need to add software to existing installations later, you do
not require the installation DVD to be at hand.
Setting up an installation server is covered in SUSE Linux Enterprise
Server 11 Administration (Course 3103).
Deploy Up to 100 Workstations
If you have to deploy more than 10 workstations, you will find that an installation
server and the remote installation capabilities of SLED 11 greatly facilitate the task.
While physical access to the machines is still required to boot them, you do not need
to sit in front of each machine during the whole installation. Using remote access via
VNC or SSH, you can control the installation of multiple machines at the same time
from your workstation.
Setting up DHCP and TFTP servers in addition to the installation server makes it
unnecessary to physically access the machines to boot them, provided the hardware
allows booting from the network as well as Wake on Lan. Without AutoYaST, you
would still have to configure the workstations manually via the network.
The more machines you have to install, the more worthwhile it becomes to avoid the
manual configuration. The effort to create and test workable AutoYaST control files
is outweighed by the reduced time spent on configuring individual machines.
Deploy More than 100 Workstations
If you are installing more than 100 machines, walking from machine to machine to
install them is no longer an option. Even remote configuration becomes cumbersome.
The rollout of a large number of machines is facilitated by AutoYaST. AutoYaST
controls the installation with an XML file that contains the machine specific
information, such as IP address, hostname, and partitioning. Manual intervention
during the installation process is unnecessary.
AutoYaST allows you to create profiles containing all configuration information.
Because YaST hardware detection is used during installation, the same file can be
used to install machines with non-identical hardware.
430
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
If the differences in hardware are significant (for example, SCSI disks versus IDE
disks), you can create rules that determine which of several AutoYaST files should be
used for the hardware found.
In addition to the hardware, other parameters, such as IP addresses, can also serve as
criteria. You could create different profiles for development workstations and for
workstations used in HR and base the decision of which profile to use for installation
on the IP address the workstation gets via DHCP.
AutoYaST Basics
AutoYaST is used for automated installations on SLED 11. All information needed
during installation, such as partitioning or software selection, is provided by a control
file in XML format. No manual intervention is necessary during the installation
process.
If you have to install several systems with the same setup, you can save time by
automating the installation. Depending on your requirements, you can ensure all
systems are set up with the same configuration, or you can configure systems
individually with specific control files.
You should not confuse auto installation with cloning or imaging. An automated
installation is a regular installation where answers to questions asked during the
installation are contained in the control file. The hardware detection is still done so
that the same control file can be used on diverse hardware. Imaging or cloning
generally requires the source and target of the image to have identical hardware.
AutoYaST is optimally used in conjunction with an installation server that is also
providing a TFTP and a DHCP server. This setup has the following advantages:
To start the installation, you only have to insert a suitable boot disk. If you are
using PXE boot-enabled network interface cards, not even a boot disk is
required.
The computer receives all information necessary for the installation via the
network.
The installation server can be accessed via the NFS, HTTP, and FTP protocols.
This results in a highly simplified installation of a large number of individually
configured computers.
AutoYaST can also be used to copy additional files to the installed system and can
include scripts that are executed at the end of the installation.
You can create a control file at installation time. In the last menu of the installation
process, you can check the box Clone This System. This will create an
autoinst.xml file in the home directory of the root user (/root). The creation
of an AutoYaST control file using the YaST AutoYaST module is covered later in this
section.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
431
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 2
Figure 12-1
The left part of the window contains the YaST groups you know from the left frame
of the YaST dialog. The center frame contains the YaST modules available in the
group. The right frame lists the settings made in this module for the autoinstallation.
NOTE: At the beginning, default values based on the current system configuration are listed in the
right frame.
NOTE: You do not need to configure every single aspect of the machines to be installed because
the automated installation makes use of the hardware detection capabilities of YaST. For example,
432
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
you do not need to provide the type of network card because the hardware detection will take care of
this.
Clicking Edit opens the same YaST configuration dialogs as those you see when
installing or administering SLED 11. However, the configuration information is
written to the AutoYaST control file. Nothing is changed on the installation you work
on.
You would usually define disk layout, software selection, language settings, network
parameters, and root password. Depending on your needs, you can specify other
items, such as users and their passwords, NFS client configuration, or printer
configuration.
If you want to perform completely unattended installations, select Edit in the General
Options module in the System group of AutoYaST. Click Next in the mouse
configuration dialog and uncheck Confirm Installation in the dialog labeled Other
Options. The default is to confirm installation to avoid recursive installs when the
system schedules a reboot after initial system setup. You should also be aware that
this might cause inadvertent installations under certain circumstances.
After you have completed the configuration, select File > Save as. A dialog box is
shown with the default directory for AutoYaST configuration files, /var/lib/
autoinstall/repository/. Enter a name for the file (hostname.xml, for
example).
You can change the default directory for AutoYaST configuration files via the File >
Settings menu.
If you do not want to begin from scratch, you can use the current machine as a
template. Select Tools > Create Reference Profile. The following dialog appears:
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
433
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 12-2
The reference profile is created by reading information from the system you work on.
By default, an exact copy of the configuration for all basic resources is created.
To add other necessary information for your machine, use the check boxes in the
main window.
NOTE: Be sure to examine any resulting control file carefully before using it to autoinstall a new
system.
434
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Figure 12-3
After you have completed your configuration, save it by selecting File > Save as as
described above.
You can also create the control file using an editor of your choice. The advantage of
the YaST module is that it saves a lot of typing, and the XML syntax of the resulting
file is correct. Another approach is to create a control file with YaST; then use an
editor for minor changes and additions.
NOTE: More information on AutoYaST can be found in /usr/share/doc/packages/
autoyast2/html/index.html.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
435
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 12-1
436
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 3
Figure 12-4
In the dialog that appears, enter the hostname of the server and the directory on the
server. Depending on the server type, you might need to enter additional parameters.
Instead of choosing NFS in the menu and entering the IP address and path in the
dialog, you can type install=nfs://IP_address/path/ in the Boot
Options line.
After you press Enter, the installation system connects to the installation server and
loads all files needed for installation over the network.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
437
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Objective 4
If you name the file on the USB stick autoinst.xml and insert the USB stick, it
will be automatically used. If you use a different name, you have to add the following
to the kernel command line at the boot prompt of the installation:
autoyast=usb:///myconfig.xml
Another way to make the control file available is via the network. That is especially
useful in combination with an installation server. In this case, the kernel command
line would look similar to the following:
autoyast=nfs://10.0.0.254/srv/install-repo/sled11/ay/myconfig.xml
Use a control file on a USB stick or on an exported file system in combination with
the installation DVD to boot and install the computer.
However, for larger deployment, this is not really efficient. While it saves the typing
of configuration information, you still have to walk from computer to computer,
insert the media and start the installation manually. Later you have to come back to
remove the installation media again.
438
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Even when using the DVD or USB stick to boot, an installation server has the
advantage that you can remove the boot media as soon as the actual installation has
started.
Provided you have a DHCP server running which provides all network information
during installation, the steps are as follows:
1.
Insert the installation DVD into your machine and start the boot process.
2.
Select Installation, on the first boot screen. Be sure to do this within 10 seconds;
otherwise, the system starts from harddisk.
3.
The last parameter switches to the detailed display during the boot process, so
you can easily look at the boot messages.
After a short time, YaST starts. At this point, you can remove the boot medium.
The installation proceeds as usual, but because of the control file, no user
interaction is necessary. After some checks, the packages are copied from the
NFS server.
The system is rebooted at the end of the installation process. After the reboot,
you may log in as root without a password if no password was set in the
AutoYaST configuration file. In this case, you should immediately set a
password for root.
Boot via PXE, Install from an Installation Server
The advantage of using PXE for installation is that you do not have to bring a
separate boot medium to the computer. With a suitable configuration, you can offer a
menu to select what to install.
In fact, if the network card supports Wake on Lan, you do not even have to walk to
the machine at all.
The setup to support booting via the network is not covered in this course.
Information can be found in the documentation in /usr/share/doc/
packages/autoyast2/html/.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
439
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Exercise 12-2
440
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
Summary
The following is a summary of what you learned in the course objectives.
Objective
yast2 autoyast
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
441
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED
442
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
Version 1
Novell, Inc. Copyright 2009-CNI USE ONLY. 1 HARDCOPY ALLOWED-NO OTHER PRINTING OR DISTRIBUTION ALLOWED