HP UX LDAP-UX Integration Software manual Administration, Add and delete groups

Page 21

Administration

The administrative tasks for users and groups will become a lot easier for system administrators. On the other hand, the integration will not cause any changes for end users.

System administrator

Although most user accounts and groups can be stored in AD, the HP-UX local /etc/passwd still has its value. It is recommended the super user account (root) to be configured in /etc/passwd, so that even if the network is down, root still can login to perform necessary tasks for recovery. Some other special accounts should also reside in /etc/passwd, for example, bin, adm, daemon, and others. They are specific to UNIX-platforms.

Except for those few accounts to be kept in the local /etc/passwd file, with the integration, Active Directory can become a user and group data repository for both Windows 2000 and HP-UX. The system administrator will mostly utilize the Windows 2000 management tool, Active Directory Users and Computers, to administer user accounts and group information, including performing the following tasks:

Add and delete groups

If a group to be added is for HP-UX, or both HP-UX and Windows 2000, you, as an administrator, need to get a group ID after the group is created successfully. The following shows you how to do it:

click on the group you want to modify and choose “Properties” from the “Action” pane. A property screen with several properties is displayed, choose “UNIX Attributes”.

choose a domain from the list for the “NIS Domain” field. If you did not create an NIS domain explicitly, SFU 2.0 creates a default one for you based on your domain root.

fill in the field “GID (Group ID)”.

You can apply the same procedure to an existing Windows 2000 group, if you want to use the group for HP-UX users.

If you want to add posix users into the group, you will have to use ADSI Editor and add the posix users’ msSFUName to the

group’s memberUid.

To delete a group, click on the group you want to delete from the list, then click on “Delete” from the “Action” pane.

Add and delete user accounts

If a user to be added is for HP-UX, or both HP-UX and Windows 2000, you need to add some posix account specific information after the account is created successfully:

click on the user you want to modify and choose “Properties” from the “Action” pane.

a property screen with several properties is displayed, choose “UNIX Attributes”,

choose an NIS domain for the “NIS Domain” field.

fill in the fields: “UID”, “Login Shell”, “Home Directory”, and “Primary group name/GID”. They correspond to the fields in /etc/passwd.

The above procedure can also be applied to a Windows 2000 account which wants the capability to log into HP-UX.

To delete the account, click on the user you want to delete from the user list, then click on “Delete” from the “Action” pane.

21

Page 20 Page 22
Image 21
Page 20 Page 22
Contents White Paper Copyright Notices Legal NoticesIntroduction HP-UX and Windows 2000 Integration Products PAM and NSSPAM Kerberos Services for Unix SFU Kerberos ServicesWindows Active Directory ADNIS Server NIS Integration How HP-UX and Windows 2000 Products IntegrateHP-UX Client Windows 2000 ServerNIS+PAMKerberos HP-UX client Ldap Integration HP-UX Client Windows 2000 ServerLdap + PAMKerberos HP-UX Client Windows 2000 Server NIS vs. Ldap Integration Benefits of Integration Common AuthenticationCommon Data Repository Single Point of Account ManagementInstall Active Directory into your Windows 2000 server Configuring Windows 2000 and HP-UX Using NIS IntegrationInstall SFU 2.0, including Server for NIS Add an account for HP-UX client machine to ADPAM Kerberos Configuration NIS Client ConfigurationAdd the Kerberos services to /etc/services Create /etc/krb5.confAdd a host key to the /etc/krb5.keytab file Synchronize the HP-UX clock to the Windows 2000 clock Change /etc/pam.conf to use PAM KerberosPassword sufficient /usr/lib/security/libpamunix.1 Configuring Windows 2000 and HP-UX Using Ldap Integration Software InstallationActive Directory Configuration LDAP-UX Client Services Configuration Run the setup toolVerify profile cache Change Name Service Switch NSS to use Ldap Configure a proxy userSecurity Administration Add and delete groupsAdd and delete user accounts Password expiration Manage account and password policiesUser forced to change password Login procedureMigration Appendix a Setting a Proxy User’s Access Rights Read memberUid Read msSFUPassword Read msSFUName
Related manuals
Manual 214 pages 54.35 Kb Manual 65 pages 7.83 Kb
Top Page Image Contents