Manualshelf

LDAP-UX Client Services B.04.10 with Microsoft Windows Active Directory Server Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
41424344454647484950
Refer to "beq Search Tool" in “Command, Tool, Schema Extension Utility, and Migration
Script Reference” (page 145) for command syntax and examples.
5. Log in to the client system from another system using rlogin or telnet. Log in as a user in
the directory and as a user in /etc/passwd to make sure both work.
6. Optionally, test your pam_authz authorization configuration:
If the pam_authz is configured without the pam_authz.policy file, verify the followings:
a. Log into the client system from another system using rlogin or telnet. From there
log in to the directory as a member from +@netgroup to verify that pam_authz
authorizes you and is working correctly.
b. Log in as a user to the directory as a member of a-@netgroup to be sure that the system
will not authorize you to login.
If the pam_authz is configured with the pam_authz.policy file, verify the followings:
a. Log in the client system with a user name that is covered by an allow access rule in
the policy file. Make sure the user will be allowed to log in.
b. Log in as a user that is covered by adeny access rule in the policy file. Make sure the
user can not login to the client system.
7. Open a new hpterm (1X) window and log in to the client system as a user whose account
information is in the directory. It is important you open a new hpterm window or log in
from another system because if login does not work, you could be locked out of the system
and would have to reboot to single-user mode.
This tests the PAM configuration in /etc/pam.conf. If you cannot log in, check
/etc/pam.conf for proper configuration. Also check your directory to make sure the user
account information is accessible by the proxy user or anonymously, as appropriate. Check
your profile to make sure it looks correct. Also refer to “Troubleshooting” (page 128) for
more information.
8. Use the ls (1) or ll (1) command to examine files belonging to a user whose account
information is in the directory. Make sure the owner and group of each file are accurate:
ll /tmp
ls -l
If any owner or group shows up as a number instead of a user or group name, the name
service switch is not functioning properly. Check the file /etc/nsswitch.conf, your
directory, and your profile.
9. If you have configured a multi-domain setup and you want to verify it, execute the following
two steps. Otherwise, continue below with “Step 8: Configure Subsequent Client Systems”
(page 48).
The following steps will verify that LDAP-UX is able to retrieve data from ADS multiple
domains:
a. Create or import a POSIX user account into an ADS remote domain (for example, the
user account smith, this is identical to how you set it up for a single domain, except
now you put it into a remote domain).
b. If pwget -n smith returns valid data, LDAP-UX is working with ADS multiple
domains. If no data was returned, the setup was not successful.
Step 8: Configure Subsequent Client Systems
Once you have configured your directory and one client system, you can configure subsequent
client systems using the following steps. Modify any of these files as needed.
48 Installing LDAP-UX Client Services