Integrate Logins with HP CIFS Server, HP-UX, and Windows 2003R2/2008

 Windows Identity Management For UNIX

o Identity Management for UNIX is included on the W2003R2 and 2008

installation image

o IMU is not installed by default

o IMU is required for the management console that includes tabs for UNIX user and

group management (2008 version is 6.0)

o Services for UNIX 3.5 will also work for this purpose

 SFU does not use the RFC2307 compliant attributes. For instance, a

UNIX user UID is stored in msSFU30UidNumber (non-compliant), as

opposed to uidNumber (compliant).

o IMU should be used if possible

NOTE: Although Microsoft SFU 3.5 does not use true RFC2307 attributes for UNIX user and group

management, it can be used to achieve full Unified Login interoperability. SFU 3.5 is provided by

Microsoft free of charge for Windows 2000, 2003. The LDAP-UX Integration installation setup script

can accommodate SFU 3.5, and includes prompts for this purpose. However, the setup instructions in

this paper apply to Windows Identity Management for Unix only.

NOTE: Microsoft’s web page for SFU 3.5 says that it is not supported for 2003R2, and has no

statement for 2008.

 HP-UX 11iv3

o Update 0809 is recommended for the NGROUPS_MAX enhancement to provide

enumeration of more than 20 groups per-user

o Both 11iv2 and 11iv3 have been tested.

 HP-UX LDAP-UX Client

o HP-UX LDAP-UX Integration version B.04.20 (required for W2008)

o B.04.17 tested for W2003R2

 HP-UX Kerberos Client

o HP-UX Kerberos Client version E.1.6.2.04

o HP-UX Kerberos Client version E.1.6.2

Do not use 1.6.2.03

 HP-UX PAM Kerberos

o HP-UX PAM Kerberos version 1.24