HP UX LDAP-UX Integration Software LDAP-UX Client Services Configuration, Run the setup tool

Page 18

AD from malicious modification. See Appendix A for information about how to set the appropriate access control for a proxy user.

Step 2: Add an account for HP-UX client machine to AD.

Follow direction in “Step 2: Add an account for HP-UX client machine to AD” on page 12.

Step 3: Use ktpass to create the keytab file for HP-UX client machine.

Follow the directions in “Step 3: Use ktpass to create the keytab file for HP-UX client machine” on page 12.

Preparing HP-UX for Windows 2000 Integration

As described previously, you need two HP-UX products (PAM_Kerberos and LDAP-UX) to set up your HP-UX machine as an AD client and utilize Windows 2000 Kerberos Services to authenticate HP-UX users. You also need an HP-UX 11.00 PAM patch to support these two products if the OS version of your HP-UX machine is 11.00. For the information of PAM Kerberos and PAM patch, refer to the previous section. The following is where you can obtain LDAP-UX product:

LDAP-UX Client Services (J4269AA): this product can be obtained from the HP-UX Application CD released in March, 2001.

Installing and Administering LDAP-UX Client Services with Microsoft Windows 2000 Active Directory (J4269-90009): can be downloaded from HP documentation web site http://docs.hp.com/hpux/internet.

LDAP-UX Client Services Configuration

The following briefly describes the steps to set up your HP-UX for Windows 2000 integration. More detailed information can be found in the document listed above.

Step 1: Install the LDAP-UX Client Services product into your HP-UX machine.

Obtain the product from the Application CD released in March, 2001 or after, and use /usr/sbin/swinstall to install it into your HP-UX machine. swinstall will reboot your system after installing the product. The product software will be placed into /opt/ldapux and /etc/opt/ldapux.

Step 2: Configure your HP-UX machine to use AD as the directory server.

Run the setup tool:

After you install LDAP-UX Client Services product successfully, the setup tool can be found in /opt/ldapux/config. To run the setup tool, you need to log in as root and change the directory to /opt/ldapux/config (i.e. cd), then type in ./setup. The setup asks you a series of questions and usually provides default answers. Press the Enter key to accept the default, or change the value and press Enter. One of the questions asks you to enter the profile name. The following standard profile name is recommended:

cn=domainProfile,cn=configuration, dc=domain,dc=myorg,dc=org

For example, if your domain is la.cal.com, the profile name recommended is: cn=laProfile,cn=configuration,dc=la,dc=cal,dc=com

Refer to “Installing and Administering LDAP-UX Client Services with Windows 2000 Active Directory” for detailed information.

Verify profile cache:

18

Page 17 Page 19
Image 18
Page 17 Page 19
Contents White Paper Legal Notices Copyright NoticesIntroduction HP-UX and Windows 2000 Integration Products PAM and NSSPAM Kerberos Windows Kerberos ServicesServices for Unix SFU Active Directory ADNIS Server HP-UX Client How HP-UX and Windows 2000 Products IntegrateNIS Integration Windows 2000 ServerNIS+PAMKerberos HP-UX client Ldap Integration HP-UX Client Windows 2000 ServerLdap + PAMKerberos HP-UX Client Windows 2000 Server NIS vs. Ldap Integration Common Data Repository Common AuthenticationBenefits of Integration Single Point of Account ManagementInstall SFU 2.0, including Server for NIS Configuring Windows 2000 and HP-UX Using NIS IntegrationInstall Active Directory into your Windows 2000 server Add an account for HP-UX client machine to ADNIS Client Configuration PAM Kerberos ConfigurationAdd the Kerberos services to /etc/services Create /etc/krb5.confAdd a host key to the /etc/krb5.keytab file Change /etc/pam.conf to use PAM Kerberos Synchronize the HP-UX clock to the Windows 2000 clockPassword sufficient /usr/lib/security/libpamunix.1 Configuring Windows 2000 and HP-UX Using Ldap Integration Software InstallationActive Directory Configuration LDAP-UX Client Services Configuration Run the setup toolVerify profile cache Configure a proxy user Change Name Service Switch NSS to use LdapSecurity Administration Add and delete groupsAdd and delete user accounts User forced to change password Manage account and password policiesPassword expiration Login procedureMigration Appendix a Setting a Proxy User’s Access Rights Read memberUid Read msSFUPassword Read msSFUName
Related manuals
Manual 214 pages 54.35 Kb Manual 65 pages 7.83 Kb
Top Page Image Contents