Manualshelf

LDAP-UX Client Services B.04.15 with Microsoft Windows Active Directory Server Administrator's Guide (edition 8)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
31323334353637383940
Table Of Contents
12. Next, it will prompt you for selecting the authentication method for users to bind/authenticate
to the server. You need to choose the authentication method from one of the following
prompts based on your selection in step 11:
For TLS, you have a choice between SIMPLE (the default), or SASL GSSAPI if you
choose to not enable TLS. However, you have a choice between SIMPLE with TLS (the
default), or SASL GSSAPI with TLS if you choose to enable TLS. Skip to step 13.
For SSL, you have a choice between SIMPLE (the default), or SASL GSSAPI if you choose
to not enable SSL. However, you have a choice between SIMPLE with SSL (the default),
or SASL GSSAPI with SSL if you choose to enable SSL. Skip to step 13.
13. Next, enter the host name and port number of the directory where your account and group
data is, from Appendix A.You can enter up to three hosts, to be searched in order.
14. Enter the base DN where clients should search for name service data, from Appendix A.
15. Enter Yes when prompted to ask if you want to accept the remaining default configuration
parameters.
16. Next, if you do not use SASL GSSAPI authentication, skip this step and go to step 18.
Otherwise, it will prompt you for setting up principals used for SASL GSSAPI authentication
as below:
There are two ways to set up principals used for SASL GSSAPI
authentication for LDAP-UX name service proxy authentication:
* Host or service principal defined in a keytab file (such as
/etc/krb5.keytab)
* Proxy principal defined in LDAP-UX proxy credential file
(/etc/opt/ldapux/pcred)
The principal defined in a keytab file can be shared among
several services, such as Kerberized Interface Service or
LDAP-UX using the host principal for authentication. The
LDAP-UX proxy principal is used solely for LDAP-UX.
It will prompt you for selecting the type of principal. Enter H if you wish to use a host/service
principal. Enter P if you wish to use a proxy principal. By default, the host or service principal
is used.
17. Next, it will prompt you for entering the path to the Kerberos keytab file. Enter the keytab
file if you want to specify the keytab file to be used. If no file is specified, LDAP-UX will use
the default keytab file configured in /etc/krb5.conf using "default_keytab_name".
If there is no default keytab file configured in /etc/krb5.conf, then the keytab file
/etc/krb5.keytab will be used.
18. Next, it will prompt you for specifying an alternate principal name. If you do not want to
use the default principal name, enter an alternate principal name. For example,
host/hpntc20.cup.hp.com@CUP.HP.COM.
LDAP-UX uses ldapux/<FQHN>@<REALM> as the default service principal. If it does not
exist, the host/<FQHN>@<REALM> in the keytable file is the principal to be used.FQHN
stands for Fully Qualified Host Name.
19. For Active Directory, you must set access to the directory by proxy user because anonymous
binding does not grant enough access right to an Active Directory. Enter the DN and
password of your proxy user from Appendix A.
20. Enter the maximum time in seconds the client should wait for binding to the directory before
aborting ("bind time"). Enter 0 for no time limit.
CAUTION: The default client binding time is 5 seconds. Depending on the load on your
directory, this default value may not be high enough to service all database requests.
21. Enter the maximum time in seconds the client should wait for directory searches before
aborting. Enter 0 for no time limit.
38 Installing LDAP-UX Client Services