SolutionBase: Creating users and printers in Open Enterprise Server Administrative Tasks

After you've installed Open Enterprise Server on your network, there's still more to do to get it working--such as setting up users and shared printers. Scott Lowe shows you how it's done.

Novell's Open Enterprise Server is very different from other Linux distributions as it contains some powerful commercial administrative software designed to ease the task of maintaining an enterprise-level environment. In this article and the next article, I'll go over some common tasks that you can tackle using Open Enterprise Server tools.

Author's Note

Because this is a series about Open Enterprise Server, you won't see much of SuSE Linux Enterprise Server's innards discussed here. In these examples, the use of SuSE Linux Enterprise Server is simply to deliver to additional capability provided by Open Enterprise Server.

Finally, client examples will focus on Windows XP, not on a Linux desktop. Windows on the server side is not quite a pervasive as Windows on the desktop and many companies continue to run either NetWare or Open Enterprise Server to manage their Windows environments.

Using iManager

Just about all of your server's management tasks can be handled via Novell's iManager product. I installed it at the same time I installed Open Enterprise Server and will be using iManager for all of the examples in this article, where appropriate. You could also use Novell's ConsoleOne client-based application to manage your network, but I have opted for iManager for this article.

To use iManager, browse to https://{name or IP of your server}/ips. You will get a screen similar to the one shown in Figure A, on which you need to provide credentials that have rights to administer your server and directory.

Figure A

iManager requires that you log in as a user in eDirectory.

Note the pink bar in these examples. I'm using Internet Explorer 7 and my server does not have a valid certificate installed, so IE 7 is warning me to this fact.

If you have trouble logging into iManager using a tree name, try specifying the IP address of your Open Enterprise Server server in the Tree field instead. Once you're logged in, iManager gives you its main window, which is strikingly similar to the one in Figure B.

Figure B

You can manage just about every aspect of your environment using iManager.

I'm not going to go over more iManager detail in this section. During the course of this article, you'll see iManager in action in a bunch of ways.

Managing users

User management is a primary task for network admins everywhere, with Open Enterprise Server not providing an exception to this rule. For this article series, I'm running Open Enterprise Server with eDirectory installed and, thus, will manage all users inside this central, LDAP-compliant directory. The users that are created in eDirectory can be assigned access to resources across the network.

Creating users

To create a user in eDirectory, from iManager, choose Users | Create User. A form appears on the right-hand side of the screen requesting all kinds of details about the new user, including the user's name, password and other personal information such as title and department.

From this window, you can also assign the user a home directory which, for the sample user in Figure C, I assigned as oes1_SYS.example\juser1. You don't actually have to remember each volume name, which would get difficult as you add Open Enterprise Server servers and volumes. Instead, click the little magnifying glass next to the Volume field and browse to the volume onto which you want to place the new user's home directory. Figure D gives you a look at this browsing mechanism inside iFolder.

Figure C

At the very least, you have to provide a user name, last name and context for a new user account.

Figure D

Use the blue up and down arrows to navigate through your eDirectory tree. Select the volume onto which you want to locate the user home directory.

Note that I have checked the box marked Set Simple Password in Figure C and also provided another set of passwords in the appropriate fields. When you select the Set Simple Password checkbox, iManager automatically populates these password fields with the password you entered in the Password field in the top portion of the window.

What exactly is a simple password anyway? On Windows clients, if you are using Local authentication and you want users to be able to access CIFS chares on your Open Enterprise Server server, you need to set this simple password. If, however, you are using Domain authentication or if you install the Novell client to your workstations, you do not need to enable the simple password functionality.

Click the OK button to create your new user. iManager gives you the option to just continue using iManager, or you can create another user, or modify and existing user profile.

Modifying users

Eventually, a user will get married requiring a name change, change departments, or need her password reset. Use the Modify User option to complete these (and other) tasks.

Choose Users | Modify User to open the screen shown in Figure E.

Figure E

Type in a user name, or use the magnifying glass lookup tool.

Note that there are some other options on the screen:

  • Select a single object
  • Select multiple objects
  • Simple selection: Provides fields you can use to search for a user by any field in eDirectory. For example, you can search the Common Name field for user accounts that start with Sam.
  • Advanced selection: Allows you to filter your eDirectory by object class, container, and other specific object attributes.

I'm using the Single Object option in this example. If you'd rather use the lookup tool, click the magnifying glass. You'll get a window like the one I showed you in Figure D, but this time, you will see user objects. I have not shown this window here.

The result: a window on which you can change a whole lot of information about the user. The Modify User window is broken up onto a series of tabs with each tab having a number of sub-selections. In Figure F, for example, I've selected the Restrictions tab, which brings up Password Restrictions. However, there are five other screens worth of options, including Login Restrictions, Time Restrictions, Address Restrictions, Account Balance, and Intruder Lockout. You'll probably use the intruder lockout option the most as this is where you go in the event that a user has attempted to log in too many times with the wrong password. In Figure F, you see the password restrictions option.

Figure F

Modify any and all user details using the tabs and options in this window.

Use the General tab to make changes to a user's name, group membership and other personal information.

Disabling and deleting user accounts

Being a security conscious administrator, you probably either disable or delete user accounts once a user has left your company's employ.

These tasks are easy to finish. Choose | Users Disable Account, or Users | Delete Account, respectively. Regardless of which option you choose, iManager will ask you to provide the name of the account you want to disable or delete. In Figure G, I've disabled the User2 account. In Figure H, I've deleted this account. When you delete an account, iManager pops up a window asking you if you really want to complete the action.

Figure G

A disabled account can be enabled again if the person returns.

Figure H

A deleted account is gone for good.

Creating printers

Printers can be the bane of many a network administrator's existence. Under Open Enterprise Server with eDirectory, the process of printing may seem a little difficult at first, but there is a method to the madness. Open Enterprise Server uses Novell's iPrint, a standards-based service that provides users with easy-to-use, secure printing capability.

Creating the first new printer using iPrint consists of the following steps:

  1. Create a driver store (eDirectory object): You only need one driver store, but can install others as necessary (for example, install a second driver store at the other end of a slow WAN link). The driver store is the place to which iPrint looks for consistent drivers for all printers, broken down by operating system.
  2. Add printer drivers to the driver store: After you create a driver store, add to the driver store all of the printer drivers you intend to use across your network.
  3. Create a print manager (eDirectory object): A print manager is responsible for spooling print jobs to one or more printers.
  4. Create a printer (eDirectory object): A printer is a physical drive that… prints. The printer receives its jobs from a print manager.
  5. Add the printer to a client workstation.

Now, let's go through the steps one-by-one.

Creating a driver store

To create a new driver store, from iManager, choose iPrint | Create Driver Store. On the resulting Create Driver Store window, provide the name of the new driver store as well as the target and eDirectory servers. The target server is the server on which you want the driver store to reside while the eDirectory server is the directory server that will service the driver store.

Figure I

Provide a name and target and eDirectory server for the new driver store.

Adding printer drivers to the driver store

Before you add printer drivers to your driver store, you should download any and all necessary drivers from the various vendors' web sites, unless you plan to use drivers that are already installed under Windows. In my lab, I have an HP LaserJet 4050N printer and will be using Windows XP clients that already have a more than suitable driver for this printer.

Before you begin, you need the latest version of the iPrint client. iManager will not let you upload drivers in any way unless you first install this client, available for download from Novell's Web site. After you install the client, exit Internet Explorer and browse back to the iManager tool.

Now, let's add these drivers to the driver store. In iManager, go to iPrint | Manage Driver Store. Provide the name of your driver store where requested. Click OK to continue as seen in Figure J.

Figure J

Type the name of, or locate your printer driver store.

On the resulting Manage Driver Store window, Figure K, choose the Drivers tab. On this tab are three options:

  • Add from File: Add *.inf or *.ppd driver files to the driver store from your file system.
  • Add from System: Add drivers to the iPrint driver store from the system from which you are administering iPrint. I will be using this option.
  • Delete: Delete a previously installed printer driver.

Figure K

Add an existing driver from the local system (from your client) by using the Add from System option.

This option pops up a window that lists all of the drivers presently loaded on your system. From this list, in Figure L, choose the driver you want to add to the driver store.

Figure L

Choose the printer driver to add to the iPrint driver store.

iManager lets you know that the printer driver is being added to the store (Figure M) and also updates you when it is done (Figure N).

Figure M

Your driver is being uploaded...

Figure N

...and now it's done.

Now it's time to move on to the process of creating a print manager.

Creating a print manager

I mentioned before that you need at least one print manager to manage your printers. Each print manager can service multiple printers, though, so the number you install is up to you and your needs and the network traffic patterns you have in place. For my small lab, a single print manager is sufficient.

In iManager, create a print manager by going to iPrint | Create Print Manager. On the resulting Create Print Manager window, provide your new print manager with a name, indicate in which container the new print manager object should, provide the name of the eDirectory server that will service this print manager and tell the print manager which driver store the print manager should use.

Finally, decide how you want iPrint clients to communicate with the print manager. You can use a DNS name or an IP address. I've opted to go the IP address route for this example. The drawback: If I change my server's IP address, al clients will have to remove and reinstall their printers. Click OK when you're ready to create the print manager.

Figure O

Create a print manager to manage your printers.

And then it's on to the final step in this process: Create a printer object.

Creating a printer

The final step on the server-side of the process is to create the printer object that is associated with a physical printing device. Start by going to iPrint | Create Printer. On this screen, shown in Figure P, give your printer a name (I recommend something short here), and specify in which eDirectory container the printer object should reside. Also specify the name of the print manager that is responsible for this printer. The DNS name/IP address field is particularly important. In this field, specify the DNS name or IP address of your printer. Optionally, give you printer a location and description. The default printer type is LPR with a name of PASSTHROUGH, which works for HP printers with JetDirect cards. Click Next when you're ready.

Figure P

Provide the details for your printer.

On the next screen, Figure Q, select the printer driver that will be used for each operating system. In my example, I only uploaded a driver for Windows XP, so I won't assign any other drivers. You can also add more drivers later by going to iPrint | Manage Printer and choosing the Drivers tab. Click Next to create the new printer object.

Figure Q

Tell iManager which driver to use for each operating system.

Installing the new printer on a workstation

Believe it or not, you don't need the iPrint client installed on a workstation in order to print to this new printer. I'm not going to talk about locking down your printer in this article, but will show you how to get your new printer actually printing from an ordinary Windows XP workstation.

Start with the typical Start | Printers and Faxes. Choose Add Printer. On the first screen of the Add Printer Wizard, choose the Network Printer option. You'll see the screen in Figure R. Click Next when you're ready.

Figure R

Choose to add a new network printer.

On the second screen of the wizard, Figure S, type in the address to your printer, which should be http://{your server}/ipp/{printer name}.

Figure S

Type the full http address to the new printer.

Windows will also ask you if you want this to be the default printer. That's up to you. When you're done, print a test page. If all is well, you should get a typical Windows XP printer test page.

If you look back on the Open Enterprise Server server and choose iPrint | Manage Printer, select your printer and click the Printer Health Monitor option, you will see that your printer did, indeed, receive a job from the server. You'll see a screen similar to the one in Figure T.

Figure T

The printer status page gives you a lot of information about your printing device.

