Configuring Windows 2000 and HP-UX Using LDAP Integration

This section describes how to configure your Windows 2000 and HP-UX systems for LDAP integration.

Preparing Windows 2000 for HP-UX Integration

The following describes how to configure your Windows 2000 server to work with LDAP-UX Client Services.

Software Installation

Step 1: Install Active Directory into your Windows 2000 server.

Follow the directions in “Step 1: Install Active Directory into your windows 2000 server” on page 12.

Step 2: Install Active Directory administrative tools.

The Active Directory administrative tools are required for you to manage AD. These tools are included with Windows 2000 Server to simplify directory administration. Therefore, if your system is running Windows 2000 Server, it is automatically included. If your system is running Windows 2000 Professional, you will have to separately install the Windows 2000 Administrative tools, which include the tools to manage Active Directory. One of the important tools is “Active Directory Users and Computers”. You will need it to manage user accounts.

Another Active Directory administrative tool is the Active Directory Schema snap-in, which allows you to manage AD schema. You need to register the Active Directory Schema DLL before you can use it. To register, you log on to the domain controller as an administrator, click Start and select Run, in the Run dialog box, type in “regsvr32 schmmgmt.dll”.

You may also need the ADSI (Active Directory Services Interface) editor. It is part of Windows 2000 Support Tools. You use it to create and modify AD objects. To install Windows 2000 Support Tools, you need Windows 2000 Server CD, you click on support/tools/setup to start the setup wizard.

Both the Active Directory Schema snap-in and the ADSI editor are not available from the Windows 2000 Administrative Tools menu. You need to use Microsoft Management Console (MMC) to set up them as part of your management environment. Refer to Step-by-Step Guide to the Microsoft Management Console in the URL: http://www.microsoft.com/windows2000/library/planning/walkthroughs/default.asp for detailed information on MMC.

Step 3: Install SFU 2.0 to extend the posix schema into AD.

As for NIS integration, you need to install SFU 2.0, especially Server for NIS to extend the posix schema.

Active Directory Configuration

Step 1: Add a proxy user to AD.

The LDAP-UX product allows you to decide how the client will bind to the directory, either bind anonymously or using a proxy user. By default, binding to AD anonymously doesn’t give you enough access right to retrieve user and group information in the directory. However, the user and group information is mandatory to log into a HP-UX machine. You need to configure a proxy user in AD for the LDAP-UX to retrieve the information. Use the Windows 2000 management tool, Active Directory Users and Computers, to add a proxy user. The only purpose of a proxy user is to allow the LDAP- UX client to retrieve the user and group information, but not to update AD entries. So, you want to set the proxy user as a member of the “Domain Users” group, but not a member of the “Administrator” group. This is very important to protect

17

Page 17
Image 17
HP UX LDAP-UX Integration Software manual Configuring Windows 2000 and HP-UX Using Ldap Integration, Software Installation