HP UX LDAP-UX Integration Software manual Configure a proxy user

Page 19

After you run the setup tool successfully, use the tool /opt/ldapux/config/display_profile_cache to display the profile from a binary profile. By default, it displays the currently active profile in /etc/opt/ldapux/ldapux_profile.bin. You can check the display to see if the configuration is correct.

Again, for detailed information on how to use create_profile_cache and display_profile_cache, refer to “Installing and Administering LDAP-UX Client Servicess with Windows 2000 Active Director”.

Step 3: Configure a proxy user.

Part of the setup tool allows you to configure a proxy user. If you don’t use the setup tool to configure it, the tool /opt/ldapux/config/ldap_proxy_config can also configure a proxy user for the client accessing the directory. The proxy user information is stored encrypted in the file /etc/opt/ldapux/pcred and in kernel memory. You must run this tool logged in as root. The following example configures the proxy user with the contents of the file proxy_file and creates or updates the file /etc/opt/ldapux/pcred with the information in proxy_file:

/opt/ldapux/config/ldap_proxy_config -f proxy_file

The proxy user configuration can be verified, assuming the directory is accessible, by executing the command: /opt/ldapux/config/ldap_proxy_config -v

Again, refer to Installing and Administering LDAP-UX Client Services with Microsoft Windows 2000 Active Directory for more options.

Step 4: Change Name Service Switch (NSS) to use LDAP.

When the LDAP-UX product is installed, a NSS configuration file for LDAP, /etc/nsswitch.ldap, is created. You can either edit the original /etc/nsswitch.conf to specify the ldap name service and other name services you want to use, or copy /etc/nsswitch.ldap to /etc/nsswitch.conf. As of March 2001, only password and group are supported with AD. You should not specify “ldap” for other services if your directory server is Windows 2000 AD.

PAM Kerberos Configuration

Follow direction in “PAM Kerberos Configuration” on page 13.

19

Page 18 Page 20
Image 19
Page 18 Page 20
Contents White Paper Copyright Notices Legal NoticesIntroduction PAM and NSS HP-UX and Windows 2000 Integration ProductsPAM Kerberos Active Directory AD Kerberos ServicesServices for Unix SFU WindowsNIS Server Windows 2000 Server How HP-UX and Windows 2000 Products IntegrateNIS Integration HP-UX ClientNIS+PAMKerberos HP-UX client HP-UX Client Windows 2000 Server Ldap IntegrationLdap + PAMKerberos HP-UX Client Windows 2000 Server NIS vs. Ldap Integration Single Point of Account Management Common AuthenticationBenefits of Integration Common Data RepositoryAdd an account for HP-UX client machine to AD Configuring Windows 2000 and HP-UX Using NIS IntegrationInstall Active Directory into your Windows 2000 server Install SFU 2.0, including Server for NISPAM Kerberos Configuration NIS Client ConfigurationCreate /etc/krb5.conf Add the Kerberos services to /etc/servicesAdd a host key to the /etc/krb5.keytab file Synchronize the HP-UX clock to the Windows 2000 clock Change /etc/pam.conf to use PAM KerberosPassword sufficient /usr/lib/security/libpamunix.1 Software Installation Configuring Windows 2000 and HP-UX Using Ldap IntegrationActive Directory Configuration Run the setup tool LDAP-UX Client Services ConfigurationVerify profile cache Change Name Service Switch NSS to use Ldap Configure a proxy userSecurity Add and delete groups AdministrationAdd and delete user accounts Login procedure Manage account and password policiesPassword expiration User forced to change passwordMigration Appendix a Setting a Proxy User’s Access Rights Read memberUid Read msSFUPassword Read msSFUName
Related manuals
Manual 214 pages 54.35 Kb Manual 65 pages 7.83 Kb
Top Page Image Contents