Novell OPEN ENTERPRISE SERVER - PLANNING AND IMPLEMENTATION GUIDE 12-2010 Implementation Manual page 94

5 Click Linux User Management.
6 Type the eDirectory Admin password in the appropriate field, then click OK > Next.
7 In the list of allowed services, click sshd.
8 Click Next > Next > Finish.
Each LUM-enabled group in eDirectory, except the system-created Samba group, now shows
SSH as an allowed service. The Samba group shows the service as not allowed (or literally
speaking, sshd is not checked).
Enabling Users for LUM
There are numerous ways to enable users for LUM.
For example, in iManager > Linux User Management there are options for enabling users (and
choosing a Group in the process) or enabling groups (and enabling users in the process). Linux
enabling is part of the process required for Samba access. And finally, there are also command line
options.
For specific instructions, refer to
SP3: Novell Linux User Management Administration
After you configure the server's firewall to allow SSH, add SSH as an allowed service, and LUM-
enable the eDirectory users you want to have SSH access, if those same users are not also enabled
for Samba on the server, they now have SSH access to the server.
On the other hand, if you have installed Samba on the server, or if you install Samba in the future,
the users who are configured for Samba access will have SSH access disabled.
To restore access for users impacted by Samba, see
page 95.
Of course, many network administrators limit SSH access to only those who have administrative
responsibilities. They don't want every LUM-enabled user to have SSH access to the server.
If you need to limit SSH access to only certain LUM-enabled users, continue with
Access to Only Certain LUM-Enabled Users" on page
Restricting SSH Access to Only Certain LUM-Enabled Users
SSH Access is easily restricted for one or more users by making them members of a LUM-enabled
group and then disabling SSH access for that group. All other groups assignments that enable SSH
access are then overridden.
1 Open iManager in a browser using its access URL:
http://IP_Address/iManager.html
where IP_Address is the IP address of an OES 2 server with iManager 2.7 installed.
2 In the Roles and Tasks list, click Groups > Create Group.
3 Type a group name, for example NoSSHGroup, and select a context, such as the container
where your other Group and User objects are located. Then click OK.
4 In the Roles and Tasks list, click Directory Administration > Modify Object.
5 Browse to the group you just created and click OK.
94 OES 2 SP3: Planning and Implementation Guide
"Managing User and Group Objects in
Guide.
"Providing SSH Access for Samba Users" on
94.
eDirectory" in the OES 2
"Restricting SSH