Manualshelf

LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
31323334353637383940
then click Next
10. You are given the screen which confirms your configuration, click on finish if
everything is correct, otherwise, click Back to change.
11. Repeat above steps to delegate user posix attributes to the proxy user by choosing
"User objects" in 8), and choose the following posix user attributes in 9):
For RFC 2307:
Read gecos
Read loginShell
Read unixHomeDirectory
Read gidNumber
Read uidNumber
Read uid
If you will be using ADS multiple domains:
If you configure LDAP-UX with ADS multiple domains, you configure a proxy user as described
above in one of any domains, then configure the same proxy user in every domain which you
want to include in your remote domain support with LDAP-UX. For example, first configure a
proxy user proxyusr for the domain ldap.hp.com. Next, include the domain eng.hp.com
in the support, and add proxyusr@ldap.hp.com to the domain eng.hp.com using above
steps. Repeat these steps for every domain you want to include. If you have multiple LDAP-UX
clients, you can also configure one proxy user for each client as long as the proxy user has
the access right to all domains that the client wants to access.
The proxy user needs to have access right to read passwd and group information in multiple
domains.
2.4.4.3 Step 3: Add an HP-UX client machine account to Active Directory
Use the Active Directory Users and Computer tool to create a user account for your HP-UX host.
If you are using ADS multiple domains: add a host account for an HP-UX client machine to
every domain you want to access.
2.4.4.4 Step 4: Use ktpass to create the keytab file for the HP-UX client machine
Use the ktpass tool to create the keytab file and set up an identity mapping the host account.
The following is an example showing you how to run ktpass to create the keytab file for the
HP-UX host myhost with the KDC realm cup.hp.com:
C:> ktpass -princ host/myhost.cup.hp.com@CUP.HP.COM -mapuser myhost
-pass mypasswd -out unix.keytab
Note that unless a ptype is specified, the resulting keytab will have ptype 0 -
KRB5_NT_UNKNOWN, whereas it should probably be set to KRB5_NT_PRINCIPAL.
NOTE: If your machine doesn't have ktpass for Windows 2003 R2, you can install it from your
Windows 2003 Server compact disc, in the directory support/tools/suptools.msi. For
Windows 2008, this is installed by default.
If you are using ADS multiple domains, repeat step 4 and step 5 in this procedure for the
HP-UX client machine in every domain to be accessed. Then, merge the keytab files on your
36 Installing LDAP-UX Client Services