LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)
NOTE:
Unless you pre-install a CA or server certificate for the directory server, autosetup has no
means of validating the identity of Kerberos and the directory server. The tool can download
and permanently install the CA certificate for the specified Windows domain; however, to
prevent from connecting with an impostor host, you should validate and pre-install the CA
certificate for this domain. To determine how to discover and pre-install the domain’s CA
certificate, see Section 2.4.6.2 (page 48).
If the CA certificate is not installed on your local host at this point of the guided installation,
autosetup warns you that it cannot validate the identity of the remote server and suggests
installing the CA certificate. You can abort so that you can install the CA certificate before
proceeding with the rest of the guided installation, or you can continue, trusting the CA
certificate that will be installed automatically by autosetup.
This example assumes the CA certificate has already been installed; therefore, you will not
see the warning and the prompt asking whether to abort or continue.
3. The script then asks for the DN of the user who can add the local host to the Windows domain.
This being the first time adding an HP-UX host to this directory server, LDAP-UX will extend the
server's schema. So the user must have the appropriate schema-update privileges. In this
example, the default DN for the user with such privileges is
CN=Administrator,CN=Users,DC=nwest,DC=acme,DC=com, and the installer opts
for the default. The server's DNS domain in this example is nwest.acme.com.
Please enter the DN of a user that has sufficient privilege to add this host
to the "nwest.acme.com" domain. Note also that if this is the first
time adding an HP-UX host to this directory server, LDAP-UX may also need to
extend the server's schema. Please enter the DN of an Administrator with
these privileges or press Return for the default value
[CN=Administrator,CN=Users,DC=nwest,DC=acme,DC=com]: Return
4. Enter the password for the user identified in the preceding step (the entered password is not
visible):
Please enter the administrator's password:[password not displayed] Return
The installation now begins, followed by other related tasks; autosetup displays information
about the progress and results, as in the following example. As indicated, because an existing
LDAP-UX configuration profile does not exist, autosetup adds the default profile entry and
downloads the profile entry from the Windows Active Directory Server. The profile and the
associated domain will be based on the existing directory tree. In addition, autosetup provisions
information about the local host into the existing directory server. The script creates the computer
account for the LDAP-UX client system and configures it as the proxy user. (The host where
autosetup is running is hpipsah.) In a matter of seconds, the script finishes, successfully adding
the host to the nwest.acme.com Windows domain.
There are no profile entries in CN=system,DC=nwest,DC=acme,DC=com.
Successfully added default profile entry CN=ldapuxprofile,CN=system,
DC=nwest,DC=acme,DC=com to AD server.
Successfully downloaded profile entry from AD server.
Created "hpipsah.nwest.acme.com" computer account.
The Kerberos configuration file /etc/krb5.conf has been modified.
Configured "hpipsah.west.acme.com" as LDAP-UX proxy.
2.3 Guided installation (autosetup) 23