HP UX LDAP-UX Integration Software manual Configuring Windows 2000 and HP-UX Using NIS Integration

Page 12

Configuring Windows 2000 and HP-UX Using NIS Integration

This section describes how to configure your Windows 2000 and HP-UX system for NIS integration.

Preparing Windows 2000 for HP-UX Integration

The following four steps are all you need to do with Windows 2000 to integrate HP-UX NIS account management and authentication with Windows 2000. However, the sequence of installing Active Directory and SFU is important. When SFU 2.0 is installed, Active Directory must already exist, so that SFU can extend posix attributes.

Step 1: Install Active Directory into your Windows 2000 server.

One primary component of integration is Active Directory. So, your Windows 2000 server must have Active Directory installed. You install Active Directory by prompting your Windows 2000 server to become a domain controller using the Active Directory Installation wizard. To initiate the installation wizard, you click on “Start”, “Programs”, “Administrative Tools”, “Configure Your Server”, then choose Active Directory in the left column, and click on “Start”. The installation wizard installs and configures components that provide the Active Directory directory service, including the Kerberos V5 protocol authentication software.

Step 2: Add an account for HP-UX client machine to AD.

Use the Active Directory Users and Computers tool to create a user account for your HP-UX host. This is a required step to set up a Kerberos client to communicate with Windows 2000 Kerberos Services.

Step 3: Use ktpass to create the keytab file for HP-UX client machine.

Use the ktpass tool to create the keytab file and set up an identity mapping for the host account. The following is an example showing you how to run ktpass to create the keytab file for the UNIX host myhost with the KDC realm LA.CAL.COM.

C:> ktpass -princ host/myhost@LA.CAL.COM -mapuser myhost -pass mypasswd -out unix.keytab

If your machine doesn’t have ktpass, you can install it from your Windows 2000 Server compact disc, in the directory support/tool.

Refer to Configuration Guide for Kererbos Products on HP-UXfor detailed information on how to configure Windows 2000 as a KDC server, including how to use ktpass.The configuration guide can be obtained from http://docs.hp.com/hpux/internet

Step 4: Install SFU 2.0, including Server for NIS.

Posix accounts have some attributes which are not used by Windows 2000. For example, user ID number, login shell, home directory, etc. To use AD as a data repository for HP-UX users, you need to extend the AD schema to include the posix schema defined in RFC 23073. It can be done easily by installing SFU 2.0. The SFU tool Server for NIS extends the AD schema roughly based on RFC 2307 for posix accounts. Installing Server for NIS enables Windows 2000 server to act as an NIS server, so that any NIS client can retrieve information stored in AD.

Server for NIS is not part of the default installation. You will have to explicitly choose “Customized Installation” at the “Installation Optoins” screen and select the “Server for NIS”. The server will be automatically started after it is installed successfully.

Preparing HP-UX for Windows 2000 Integration

3“An Approach for Using LDAP as a Network Information Service”, L. Howad, IETF RFC 2037, March 1998

12

Page 11 Page 13
Image 12
Page 11 Page 13
Contents White Paper Legal Notices Copyright NoticesIntroduction HP-UX and Windows 2000 Integration Products PAM and NSSPAM Kerberos Kerberos Services Services for Unix SFUWindows Active Directory ADNIS Server How HP-UX and Windows 2000 Products Integrate NIS IntegrationHP-UX Client Windows 2000 ServerNIS+PAMKerberos HP-UX client Ldap Integration HP-UX Client Windows 2000 ServerLdap + PAMKerberos HP-UX Client Windows 2000 Server NIS vs. Ldap Integration Common Authentication Benefits of IntegrationCommon Data Repository Single Point of Account ManagementConfiguring Windows 2000 and HP-UX Using NIS Integration Install Active Directory into your Windows 2000 serverInstall SFU 2.0, including Server for NIS Add an account for HP-UX client machine to ADNIS Client Configuration PAM Kerberos ConfigurationAdd the Kerberos services to /etc/services Create /etc/krb5.confAdd a host key to the /etc/krb5.keytab file Change /etc/pam.conf to use PAM Kerberos Synchronize the HP-UX clock to the Windows 2000 clockPassword sufficient /usr/lib/security/libpamunix.1 Configuring Windows 2000 and HP-UX Using Ldap Integration Software InstallationActive Directory Configuration LDAP-UX Client Services Configuration Run the setup toolVerify profile cache Configure a proxy user Change Name Service Switch NSS to use LdapSecurity Administration Add and delete groupsAdd and delete user accounts Manage account and password policies Password expirationUser forced to change password Login procedureMigration Appendix a Setting a Proxy User’s Access Rights Read memberUid Read msSFUPassword Read msSFUName
Related manuals
Manual 214 pages 54.35 Kb Manual 65 pages 7.83 Kb
Top Page Image Contents