HP UX LDAP-UX Integration Software Configuring Windows 2000 and HP-UX Using Ldap Integration

Page 17

Configuring Windows 2000 and HP-UX Using LDAP Integration

This section describes how to configure your Windows 2000 and HP-UX systems for LDAP integration.

Preparing Windows 2000 for HP-UX Integration

The following describes how to configure your Windows 2000 server to work with LDAP-UX Client Services.

Software Installation

Step 1: Install Active Directory into your Windows 2000 server.

Follow the directions in “Step 1: Install Active Directory into your windows 2000 server” on page 12.

Step 2: Install Active Directory administrative tools.

The Active Directory administrative tools are required for you to manage AD. These tools are included with Windows 2000 Server to simplify directory administration. Therefore, if your system is running Windows 2000 Server, it is automatically included. If your system is running Windows 2000 Professional, you will have to separately install the Windows 2000 Administrative tools, which include the tools to manage Active Directory. One of the important tools is “Active Directory Users and Computers”. You will need it to manage user accounts.

Another Active Directory administrative tool is the Active Directory Schema snap-in, which allows you to manage AD schema. You need to register the Active Directory Schema DLL before you can use it. To register, you log on to the domain controller as an administrator, click Start and select Run, in the Run dialog box, type in “regsvr32 schmmgmt.dll”.

You may also need the ADSI (Active Directory Services Interface) editor. It is part of Windows 2000 Support Tools. You use it to create and modify AD objects. To install Windows 2000 Support Tools, you need Windows 2000 Server CD, you click on support/tools/setup to start the setup wizard.

Both the Active Directory Schema snap-in and the ADSI editor are not available from the Windows 2000 Administrative Tools menu. You need to use Microsoft Management Console (MMC) to set up them as part of your management environment. Refer to Step-by-Step Guide to the Microsoft Management Console in the URL: http://www.microsoft.com/windows2000/library/planning/walkthroughs/default.asp for detailed information on MMC.

Step 3: Install SFU 2.0 to extend the posix schema into AD.

As for NIS integration, you need to install SFU 2.0, especially Server for NIS to extend the posix schema.

Active Directory Configuration

Step 1: Add a proxy user to AD.

The LDAP-UX product allows you to decide how the client will bind to the directory, either bind anonymously or using a proxy user. By default, binding to AD anonymously doesn’t give you enough access right to retrieve user and group information in the directory. However, the user and group information is mandatory to log into a HP-UX machine. You need to configure a proxy user in AD for the LDAP-UX to retrieve the information. Use the Windows 2000 management tool, Active Directory Users and Computers, to add a proxy user. The only purpose of a proxy user is to allow the LDAP- UX client to retrieve the user and group information, but not to update AD entries. So, you want to set the proxy user as a member of the “Domain Users” group, but not a member of the “Administrator” group. This is very important to protect

17

Page 16 Page 18
Image 17
Page 16 Page 18
Contents White Paper Copyright Notices Legal NoticesIntroduction PAM Kerberos HP-UX and Windows 2000 Integration ProductsPAM and NSS Services for Unix SFU Kerberos ServicesWindows Active Directory ADNIS Server NIS Integration How HP-UX and Windows 2000 Products IntegrateHP-UX Client Windows 2000 ServerNIS+PAMKerberos HP-UX client Ldap + PAMKerberos HP-UX Client Windows 2000 Server Ldap IntegrationHP-UX Client Windows 2000 Server NIS vs. Ldap Integration Benefits of Integration Common AuthenticationCommon Data Repository Single Point of Account ManagementInstall Active Directory into your Windows 2000 server Configuring Windows 2000 and HP-UX Using NIS IntegrationInstall SFU 2.0, including Server for NIS Add an account for HP-UX client machine to ADPAM Kerberos Configuration NIS Client ConfigurationAdd a host key to the /etc/krb5.keytab file Add the Kerberos services to /etc/servicesCreate /etc/krb5.conf Synchronize the HP-UX clock to the Windows 2000 clock Change /etc/pam.conf to use PAM KerberosPassword sufficient /usr/lib/security/libpamunix.1 Active Directory Configuration Configuring Windows 2000 and HP-UX Using Ldap IntegrationSoftware Installation Verify profile cache LDAP-UX Client Services ConfigurationRun the setup tool Change Name Service Switch NSS to use Ldap Configure a proxy userSecurity Add and delete user accounts AdministrationAdd and delete groups Password expiration Manage account and password policiesUser forced to change password Login procedureMigration Appendix a Setting a Proxy User’s Access Rights Read memberUid Read msSFUPassword Read msSFUName
Related manuals
Manual 214 pages 54.35 Kb Manual 65 pages 7.83 Kb
Top Page Image Contents