LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)
pw_age............()
pw_comment........()
pw_gecos..........(gecos data in files)
pw_dir............(/home/iuser1)
pw_shell..........(/usr/bin/sh)
pw_audid..........(0)
pw_audflg.........(0)
Refer to "beq Search Tool" in Chapter 4 for command syntax and examples.
4. Log in to the client system from another system using rlogin or telnet. Log in as a user in
the directory and as a user in /etc/passwd to make sure both work.
5. Optionally, test your pam_authz authorization configuration:
If the pam_authz is configured without the pam_authz.policy file, verify the followings:
• logging into the client system from another system using rlogin or telnet with a user
name that is a member of a +@netgroup in the directory to make sure the user will be
allowed to log in.
• logging in as a user that is a member of a -@netgroup to be sure that the user will not
be allowed to login.
If the pam_authz is configured with the pam_authz.policy file, verify the followings:
• logging into the client system with a user name that is covered by an allow access rule
in the policy file. Make sure the user will be allowed to log in.
• logging in as a user that is covered by adeny access rule in the policy file. Make sure
the user can not login to the client system.
6. Open a new hpterm(1X) window and log in to the client system as a user whose account
information is in the directory. It is important you open a new hpterm window or log in
from another system because if login doesn't work, you could be locked out of the system
and would have to reboot to single-user mode. This tests the Pluggable Authentication
Module (PAM) configuration in /etc/pam.conf. If you cannot log in, check /etc/pam.conf for
proper configuration. Also check your directory to make sure the user's account information
is accessible by the proxy user or anonymously, as appropriate. Check your profile to make
sure it looks correct. See also Troubleshooting in this chapter for more information.
7. Use the ls(1) or ll(1) command to examine files belonging to a user whose account information
is in the directory. Make sure the owner and group of each file are accurate:
ll /tmp
ls -l
If any owner or group shows up as a number instead of a user or group name, the name
service switch is not functioning properly. Check the file /etc/nsswitch.conf, your directory,
and your profile.
If you want to verify that you set up X.500 group membership correctly, follow these steps:
1. Create a valid posix user and group. Add this user as a member of this group using the
attribute "member" instead of "memberuid". Here is an example ldif file specifying xuser2
as a member of the group xgrpup1:
#cat example_ids.ldif
dn: cn=xgroup1,ou=Groups,o=hp.com]
objectClass: posixGroup
objectClass: groupofnames
objectClass: top
cn: xgroup1
userPassword: {crypt}*
gidNumber: 999
member: uid=xuser2,ou=People,o=hp.com
dn: uid=xuser2,ou=People,o=hp.com
66 Installing And Configuring LDAP-UX Client Services