LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide

Installing LDAP-UX Client Services

Conﬁguring LDAP-UX Client Services

Chapter 248

4. Log in to the client system from another system using rlogin or

telnet. Log in as a user in the directory and as a user in /etc/passwd

to make sure both work.

5. Optionally, test your pam_authz authorization conﬁguration:

If the pam_authz is conﬁgured without the pam_authz.policy ﬁle,

verify the followings:

a. Log into the client system from another system using rlogin or

telnet. From there log in to the directory as a member from

+@netgroup to verify that pam_authz authorizes you and is

working correctly.

b. Log in as a user to the directory as a member of a-@netgroup to

be sure that the system will not authorize you to login.

If the pam_authz is conﬁgured with the pam_authz.policy ﬁle,

verify the followings:

a. Log in the client system with a user name that is covered by an

allow access rule in the policy ﬁle. Make sure the user will be

allowed to log in.

b. Log in as a user that is covered by a deny access rule in the

policy ﬁle. Make sure the user can not login to the client system.

6. Open a new hpterm (1X) window and log in to the client system as a

user whose account information is in the directory. It is important

you open a new hpterm window or log in from another system

because if login does not work, you could be locked out of the system

and would have to reboot to single-user mode.

This tests the PAM conﬁguration in /etc/pam.conf. If you cannot

your directory to make sure the user account information is

accessible by the proxy user or anonymously, as appropriate. Check

your proﬁle to make sure it looks correct. Also refer to

“Troubleshooting” on page 124 for more information.

7. Use the ls (1) or ll (1) command to examine ﬁles belonging to a user

whose account information is in the directory. Make sure the owner

and group of each ﬁle are accurate:

ll /tmp

ls -l