Manualshelf

LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
31323334353637383940
http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J5849AA
https://h20392.www2.hp.com/portal/swdepot/
displayProductInfo.do?productNumber=KRB5CLIENT
For any last-minute changes, see the Configuration Guide for Kerberos Products in HP-UX Release
Notes, available at: .
http://www.hp.com/go/hpux-security-docs (Click HP-UX Kerberos Data Security Software)
You also need to install the required patch. For patch infomation, see the LDAP-UX Integration
Release Notes available at:
http://www.hp.com/go/hpux-security-docs (Click HP-UX LDAP-UX Integration Software)
2.4.5.2 Step 2: Run the setup program
This section describes in detail the steps you need to take to configure LDAP-UX Client Services
with Windows 2003 R2/2008 Active Directory. In summary, you will need to run the setup program
to extend the profile schema into Active Directory and to create specific profile entries. The setup
program also creates the necessary files on your client system and configures the proxy user.
NOTE: When configuring and setting up LDAP-UX, you will likely be prompted for credentials
of an administrator. If you are asked to enter the credentials (password) of a user, make sure that
the connection between your client and the HP-UX system (where you are running setup) are secured
and not subject to network eavesdropping. One option to protect such communication may be to
use the ssh protocol when connecting to the HP-UX host being configured.
If you want to use SSL or TLS, you must perform the following tasks before you run the setup program:
Ensure to have the certificate database files, cert8.db and key3.db, on your client system.
If you choose to use TLS, set the enable_startTLS parameter to 1 in the
/etc/opt/ldapux/lldapux_client.conf file to enable TLS. To use SSL, set enable_startTLS
to 0 to disable TLS. By default, TLS is disabled.
You need to install and configure PAM Kerberos Product before you run the setup program.
See Section 2.4.5.1 (page 37) for details.
Configure the Kerberos configuration file, /etc/krb5.conf, to specify the default realm,
the location of a Key Distribution Center (KDC) server and the logging file name. See
Section 2.4.5.3 (page 46) for details.
Create a new proxy user. See Section 6.11 (page 129) for details.
Configure the PAM Kerberos library, libpam_krb5.so.1 in the PAM configuration file,
pam.conf. For details, see “Sample PAM configuration (pam.conf) files for Windows ADS”
(page 149).
1. Log in as root and run the setup program:
cd /opt/ldapux/config
./setup
The setup program asks you a series of questions and usually provides default answers. Press
the Enter key to accept the default, or change the value and press the Enter key. At any point
during setup, press the Control-b keys to return to the previous screen or press the Control-c
keys to exit setup.
NOTE: To use a local-only profile, run the setup program using the -l option . Use the
local-only profile for small deployments, testing purposes, and for environments where
administrators lack server administrative privileges.
2. Choose Windows 2003 R2 or 2008 as your directory server (option 2).
3. Enter either the host name or IP address of the directory server where your profile exists, or
where you want to create a new profile.
38 Installing LDAP-UX Client Services