Manualshelf

LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
919293949596979899100
./beq -k n -s pwd -l /usr/lib/libnss_ldap.1 iuser1
nss_status........ NSS_SUCCESS
pw_name...........(iuser1)
pw_passwd.........(*)
pw_uid............(101)
pw_gid............(21)
pw_age............()
pw_comment........()
pw_gecos..........(gecos data in files)
pw_dir............(/home/iuser1)
pw_shell..........(/usr/bin/sh)
pw_audid..........(0)
pw_audflg.........(0)
Use the following beq command if you are running 64-bit applications on an HP-UX 11i v2
or v3 HP Integrity server:
./beq -k n -s pwd -l /usr/lib/hpux64/libnss_ldap.so.1 iuser1
Use the following beq command if you are running 32-bit applications on an HP-UX 11i v2
or v3 HP Integrity server:
./beq -k n -s pwd -l /usr/lib/hpux32/libnss_ldap.so.1 iuser1
For command syntax and examples, see Section 7.7.1 (page 330) .
5. Log in to the client system from another system using rlogin or telnet. Log in as a user in
the directory and as a user in /etc/passwd to make sure both work.
6. Optionally, test your PAM_AUTHZ authorization configuration:
If the PAM_AUTHZ is configured without the pam_authz.policy file, verify the following:
Log into the client system from another system using rlogin or telnet. From there
log in to the directory as a member from +@netgroup to verify that PAM_AUTHZ
authorizes you and is working correctly.
Log in as a user to the directory as a member of a-@netgroup to be sure that the system
will not authorize you to log in.
If the PAM_AUTHZ module is configured with the pam_authz.policy file, verify the
following:
Log in the client system with a user name that is covered by an allow access rule in
the policy file. Make sure the user will be allowed to log in.
Log in as a user that is covered by adeny access rule in the policy file. Make sure the
user can not log in to the client system.
7. Open a new hpterm window and log in to the client system as a user whose account
information is in the directory. (For more information about the hpterm command, see the
hpterm(1X) manpage.) It is important you open a new hpterm window or log in from another
system, because if login doesn't work, you could be locked out of the system and would
have to reboot to single-user mode. Logging in to the client system in this way tests the PAM
configuration in /etc/pam.conf. If you cannot log in, check that /etc/pam.conf is
configured properly. In addition, check your directory to make sure the user's account
information is accessible by the proxy user or anonymously, as appropriate. Check your
profile to make sure it is correct. For troubleshooting information, see Section 5.18 (page 189).
8. To examine files belonging to a user whose account information is in the directory, use the
ls or ll command. Make sure the owner and group of each file are accurate:
ll /tmp
ls -l
If any owner or group shows up as a number instead of a user or group name, the name
service switch is not functioning properly. Check the file /etc/nsswitch.conf, your directory,
and your profile.
If you want to verify that you set up X.500 group membership correctly, follow these steps:
2.5 Post-installation configuration tasks 93