HP UX LDAP-UX Integration Software manual Migration

Page 23

Migration

If you choose the LDAP approach to integrate HP-UX account management and authentication with Windows 2000, the LDAP-UX Client Services product provides a set of migration tools to help you migrate your user and group information from the local /etc/passwd and group files or NIS server to Active Directory. The tools create an ldif file based on the information you enter interactively or the environment variables you set in advance. All posix data except password will be migrated. There is a technical difficulity to convert unix-encrypted password to the format of password Windows 2000 KDC expects. As a result, all user and group entries are migrated without a password. For security reasons, all user accounts are disabled when they are imported into Active Directory. Before a user can log into a Windows 2000 PC or a HP-UX machine, the Windows 2000 administrator will have to enable the account and set password first.

The migration tools can be found in /opt/ldapux/migrate/ads. Refer to Installing and Administering LDAP-UX with Microsoft Windows 2000 Active Directory for detailed information.

23

Image 23

Contents White Paper Copyright Notices Legal NoticesIntroduction PAM Kerberos HP-UX and Windows 2000 Integration ProductsPAM and NSS Active Directory AD Kerberos ServicesServices for Unix SFU WindowsNIS Server Windows 2000 Server How HP-UX and Windows 2000 Products IntegrateNIS Integration HP-UX ClientNIS+PAMKerberos HP-UX client Ldap + PAMKerberos HP-UX Client Windows 2000 Server Ldap IntegrationHP-UX Client Windows 2000 Server NIS vs. Ldap Integration Single Point of Account Management Common AuthenticationBenefits of Integration Common Data RepositoryAdd an account for HP-UX client machine to AD Configuring Windows 2000 and HP-UX Using NIS IntegrationInstall Active Directory into your Windows 2000 server Install SFU 2.0, including Server for NISPAM Kerberos Configuration NIS Client ConfigurationAdd a host key to the /etc/krb5.keytab file Add the Kerberos services to /etc/servicesCreate /etc/krb5.conf Synchronize the HP-UX clock to the Windows 2000 clock Change /etc/pam.conf to use PAM KerberosPassword sufficient /usr/lib/security/libpamunix.1 Active Directory Configuration Configuring Windows 2000 and HP-UX Using Ldap IntegrationSoftware Installation Verify profile cache LDAP-UX Client Services ConfigurationRun the setup tool Change Name Service Switch NSS to use Ldap Configure a proxy userSecurity Add and delete user accounts AdministrationAdd and delete groups Login procedure Manage account and password policiesPassword expiration User forced to change passwordMigration Appendix a Setting a Proxy User’s Access Rights Read memberUid Read msSFUPassword Read msSFUName

Related manuals

Manual 214 pages 54.35 Kb

Manual 65 pages 7.83 Kb