Configuring Windows 2000 and HP-UX Using NIS Integration

This section describes how to configure your Windows 2000 and HP-UX system for NIS integration.

Preparing Windows 2000 for HP-UX Integration

The following four steps are all you need to do with Windows 2000 to integrate HP-UX NIS account management and authentication with Windows 2000. However, the sequence of installing Active Directory and SFU is important. When SFU 2.0 is installed, Active Directory must already exist, so that SFU can extend posix attributes.

Step 1: Install Active Directory into your Windows 2000 server.

One primary component of integration is Active Directory. So, your Windows 2000 server must have Active Directory installed. You install Active Directory by prompting your Windows 2000 server to become a domain controller using the Active Directory Installation wizard. To initiate the installation wizard, you click on “Start”, “Programs”, “Administrative Tools”, “Configure Your Server”, then choose Active Directory in the left column, and click on “Start”. The installation wizard installs and configures components that provide the Active Directory directory service, including the Kerberos V5 protocol authentication software.

Step 2: Add an account for HP-UX client machine to AD.

Use the Active Directory Users and Computers tool to create a user account for your HP-UX host. This is a required step to set up a Kerberos client to communicate with Windows 2000 Kerberos Services.

Step 3: Use ktpass to create the keytab file for HP-UX client machine.

Use the ktpass tool to create the keytab file and set up an identity mapping for the host account. The following is an example showing you how to run ktpass to create the keytab file for the UNIX host myhost with the KDC realm LA.CAL.COM.

C:> ktpass -princ host/myhost@LA.CAL.COM -mapuser myhost -pass mypasswd -out unix.keytab

If your machine doesn’t have ktpass, you can install it from your Windows 2000 Server compact disc, in the directory support/tool.

Refer to Configuration Guide for Kererbos Products on HP-UXfor detailed information on how to configure Windows 2000 as a KDC server, including how to use ktpass.The configuration guide can be obtained from http://docs.hp.com/hpux/internet

Step 4: Install SFU 2.0, including Server for NIS.

Posix accounts have some attributes which are not used by Windows 2000. For example, user ID number, login shell, home directory, etc. To use AD as a data repository for HP-UX users, you need to extend the AD schema to include the posix schema defined in RFC 23073. It can be done easily by installing SFU 2.0. The SFU tool Server for NIS extends the AD schema roughly based on RFC 2307 for posix accounts. Installing Server for NIS enables Windows 2000 server to act as an NIS server, so that any NIS client can retrieve information stored in AD.

Server for NIS is not part of the default installation. You will have to explicitly choose “Customized Installation” at the “Installation Optoins” screen and select the “Server for NIS”. The server will be automatically started after it is installed successfully.

Preparing HP-UX for Windows 2000 Integration

3“An Approach for Using LDAP as a Network Information Service”, L. Howad, IETF RFC 2037, March 1998

12