LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)
5. Log in to the client system from another system using rlogin or telnet. Log in as a user in the
directory and as a user in /etc/passwd to make sure both work.
6. Optionally, test your PAM_AUTHZ authorization configuration:
If the PAM_AUTHZ is configured without the pam_authz.policy file, verify the following:
a. Log into the client system from another system using rlogin or telnet. From there log
in to the directory as a member from +@netgroup to verify that PAM_AUTHZ authorizes
you and is working correctly.
b. Log in as a user to the directory as a member of a-@netgroup to be sure that the system
will not authorize you to log in.
If the PAM_AUTHZ module is configured with the pam_authz.policy file, verify the following:
a. Log in the client system with a user name that is covered by an allow access rule in the
policy file. Make sure the user will be allowed to log in.
b. Log in as a user that is covered by adeny access rule in the policy file. Make sure the
user can not login to the client system.
7. Open a new hpterm window and log in to the client system as a user whose account
information is in the directory. (For more information about the hpterm command, see the
hpterm(1X) manpage.) It is important you open a new hpterm window or log in from another
system, because if login doesn't work, you could be locked out of the system and would have
to reboot to single-user mode. Logging in to the client system in this way tests the PAM
configuration in /etc/pam.conf. If you cannot log in, check that /etc/pam.conf is
configured properly. In addition, check your directory to make sure the user's account
information is accessible by the proxy user or anonymously, as appropriate. Check your profile
to make sure it is correct.
For troubleshooting information, see Section 6.19 (page 134).
8. To examine files belonging to a user whose account information is in the directory, use the
ls or ll command. Make sure the owner and group of each file are accurate:
ll /tmp
ls -l
If any owner or group shows up as a number instead of a user or group name, the name
service switch is not functioning properly. Check the file /etc/nsswitch.conf, your
directory, and your profile.
9. If you have configured a multi-domain setup and you want to verify it, execute the following
two steps. Otherwise, continue below with Section 2.5.5 (page 61).
The following steps will verify that LDAP-UX is able to retrieve data from ADS multiple domains:
a. Create or import a POSIX user account into an ADS remote domain (for example, the
user account smith, this is identical to how you set it up for a single domain, except
now you put it into a remote domain).
b. If pwget -n smith returns valid data, LDAP-UX is working with ADS multiple domains.
If no data was returned, the setup was not successful.
2.5.3 Configuring AutoFS support
AutoFS is a client-side service that automatically mounts appropriate file systems when users request
access to them. If an automounted file system has been idle for a period of time, AutoFS unmounts
it. AutoFS uses name services such as files, NIS, or NIS+ to store and manage AutoFS maps.
LDAP-UX Client Services B.04.10 and later supports the automount service under the AutoFS
subsystem. This feature allows users to store AutoFS maps in an Windows 2003 R2 or 2008 Active
Directory Server (ADS).
2.5 Post-installation configuration tasks 55