LDAP-UX Client Services B.04.00.02 Release Notes
LDAP-UX Client Services Release Notes
Installing, Configuring and Removing LDAP-UX
Chapter 114
your system is in the standard mode, see /etc/pam.ldap for an example.
If your system is in the Trusted Mode, see /etc/pam.ldap.trusted for an
example.
NOTE If you use PAM Kerberos, you must configure PAM Kerberos. On the
HP-UX 11i v1 system, you need to add
/usr/lib/security/libpam_kerberos.1 to /etc/pam.conf where it is
appropriate. On the HP-UX 11i v2 system, you need to add
libpam_kerberos.so.1 to /etc/pam.conf where it is appropriate. If your
system is in the Trusted Mode, see LDAP-UX Client Services B.04.00
with Microsoft Windows 2000/2003 Active Directory Server
Administrator’s Guide for the detailed configuration. You are able to find
the Configuration Guide for Kerberos product available at
http://docs.hp.com.
Step 3. Save a copy of /etc/nsswitch.conf file and modify the original to add ldap
to support name services. See /etc/nsswitch.ldap for an example.
Step 4. Test your setup with a pwget (1) command and grget (1) command to
ensure that the client is reading the name services information from the
LDAP directory.
Step 5. If you use netgroups to control access to your hosts, you may wish to
install and configure pam_authz. See the pam_authz (5) man page for
more details.
For more information on testing, troubleshooting, and shortcuts to
configure additional clients, refer to LDAP-UX Client Services B.03.30
Administrator’s Guide.
Configuring for Use with Services for UNIX
The LDAP-UX Client Services provides default attributes and search
descriptor settings to work with Microsoft Windows Services for UNIX
3.0 or 3.5 (SFU 3.0/SFU3.5) when working with the Windows 2000/2003
Active Directory. If you use SFU 2.0, you must run setup to select SFU
2.0 before running migration.
Alternately, you can manually re-link the attribute configuration file to
SFU 2.0 before running migration. Use this command to switch to SFU
2.0: