LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
NOTE: Unless you install a CA or server certificate for the directory server before running
autosetup, autosetup has no means of validating the identity of Kerberos and the directory
server. The tool can download and permanently install the CA certificate for the specified
Windows domain; however, to prevent from connecting with an impostor host, you should
validate and install the CA certificate for this domain. To determine how to discover and install
the domain’s CA certificate, see Section 2.4.6.2 (page 80).
If the CA certificate is not installed on your local host at this point of the guided installation,
autosetup warns you that it cannot validate the identity of the remote server and suggests
installing the CA certificate. You can abort so that you can install the CA certificate before
proceeding with the rest of the guided installation, or you can continue, trusting the CA
certificate that will be installed automatically by autosetup.
Because the CA certificate has already been installed for this example, autosetup does not
display the warning and does not ask whether to abort or continue.
Scanning DNS domain "west.hp.com" for any registered LDAP directory servers...
- No directory servers found.
Please enter the host name and port number of a directory server
[hostname:port], or a Windows domain name: 16.93.97.233:389 Enter
3. The script then asks for the DN of the directory server user who can add the local host to the
directory server's Windows domain. In this example, the default DN for the user with such
privileges is CN=Administrator,CN=Users,DC=nwest,DC=acme,DC=com, and the
installer opts for the default. The server's DNS domain in this example is nwest.acme.com.
Please enter the DN of a user that has sufficient privilege to add this host
to the "nwest.acme.com" domain. Note also that if this is the first
time adding an HP-UX host to this directory server, LDAP-UX may also need to
extend the server's schema. Please enter the DN of an Administrator with
these privileges or press Return for the default value
[CN=Administrator,CN=Users,DC=nwest,DC=acme,DC=com]: Enter
4. Enter the password for the user identified in the preceding step (the entered password is not
visible):
Please enter the administrator's password: [password not displayed] Enter
The installation now begins, followed by other related tasks; autosetup displays the progress
and results, as in the following example. The script finds an existing LDAP-UX configuration profile
and downloads the existing profile from the directory server. The profile and the associated LDAP-UX
domain will be based on the existing directory tree. In addition, autosetup provisions information
about the local host into the existing directory server. (The host where autosetup is running is
hpdhcalif.) Again, in a matter of seconds, the script finishes its work.
Found default profile entry CN=ldapuxprofile,CN=system,DC=nwest,DC=hp,DC=com.
Successfully downloaded profile entry from AD server.
Created "hpdhcalif.nwest.acme.com" computer account.
The Kerberos configuration file /etc/krb5.conf has been modified.
Configured "hpdhcalif.nwest.acme.com" as LDAP-UX proxy.
* Editing the name-service switch configuration ... done.
* Editing "/etc/pam.conf" ... done.
Your LDAP-UX client has been successfully configured and
is now a member of the "nwest.acme.com" domain.
126 Installing and configuring LDAP-UX Client Services for a Windows ADS environment