LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
8. Creates the startup file (/etc/opt/ldapux/ldapux_client.conf) on the LDAP-UX client
system, enabled for TLS support (enable_startTLS is set to 1).
9. Creates a new computer account or host entry in the directory server that represents the current
HP-UX host. If a host entry already exists with the same name, an autosetup prompt asks
if the existing entry should be deleted and replaced. In addition, the autosetup script maps
the Kerberos principal name to the computer account, sets the host principal password, and
creates a keytab file. If necessary, the script merges the keytab file with an existing keytab
file (/etc/krb5.keytab).
10. Configures the local host as a Kerberos client of the Active Directory Server by modifying an
existing Kerberos configuration file /etc/krb5.conf, or if one does not already exist, by
creating a new one.
11. Configures the host principal as a proxy user. It stores the encrypted proxy user information
in the /etc/opt/ldapux/pcred file. The proxy file contains the proxy user DN on the first
line, and the password on the second line.
12. Configures the NSS and PAM Kerberos by modifying the /etc/pam.conf and /etc/
nsswitch.conf files.
13. Modifies /etc/opt/ldapux/ldapuxclientd.conf to:
• Enable the LDAP-UX client daemon ldapclientd to launch automatically whenever the
system is rebooted ([StartOnBoot] is defined with enable=yes).
• Set iproxy_is_restricted=yes in the [general] section, which indicates that the
entry created in step 9 is not privileged. This setting enables additional capabilities
provided by the ldapuglist and ldaphostlist tools.
14. Starts the LDAP-UX client daemon (ldapclientd) and the central configuration service
daemon (ldapconfd).
3.3.2 Using the guided installation autosetup command—syntax and options for
Windows ADS environments
You can run the autosetup script interactively, responding to prompts to provide the setup
information. You can pass parameters in the command line to reduce the need for providing input
during the installation. You can run the script in silent mode, which requires no user interaction
during the installation.
To run the script interactively, simply enter the autosetup command as is. The script prompts you
for the minimal information required. To reduce user interaction during the installation, you can
pass parameters by specifying options in the command line. In addition to these options, you can
define environment variables to include parameter settings; ultimately, this enables you to run the
installation without any manual intervention required. The command-line options and environment
variables are described in the subsections to follow.
When running the autosetup script in noninteractive mode (silent mode), the CA certificate for
the specified Windows Active Directory Server or Windows domain should already be installed.
The autosetup script will not continue if a secured and trusted connection to the directory server
cannot be established. Additionally,the domain administrator's DN and password must be provided
by command-line or environment variables. Moreover, if more than one Active Directory Server is
registered in the DNS domain, the directory server host name and port number must be specified
with command-line options or with environment variable LDAP_HOSTPORT. If values are not given
for any required parameters that do not have defaults, silent mode will abort.
Whether running autosetup interactively or in silent mode, the script requires specification of a
user who has sufficient privilege to add the local HP-UX host to a Windows domain. In addition,
if this is the first time adding an HP-UX host to the Active Directory Server, autosetup might also
need to extend the server's schema. It will add the schema described by RFC 4876 (for more
information, see “LDAP-UX Client Services object classes” (page 406)).
The syntax for the autosetup command line is:
118 Installing and configuring LDAP-UX Client Services for a Windows ADS environment