LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
For more information about ktpass parameters, standard encoding types, and the defaults, see
the appropriate Microsoft documentation, including Microsoft Knowledge Base (KB) articles such
as the following:
Table 13
Location
Windows
versionKB and topic
http://support.microsoft.com/kb/833708Windows
2003
KB833708: Encoding types (crypto);
KDC does not allow clients to specify
an etype
http://support.microsoft.com/kb/919557Windows
2003
KB919557: Bad versions of ktpass;
pre-authentication errors
http://support.microsoft.com/kb/843071Windows
2003
KB843071: ktpass errors when using
/target and /mapuser switch
http://support.microsoft.com/kb/960830Windows
2008
KB960830: ktpass password
problems
For information about other steps that you might need to perform to set up Kerberos support, see
Section 3.4.2 (page 128).
NOTE: The guided installation (autosetup) takes care of Kerberos integration between HP-UX
and Windows.
3.4.5.4.1 Validating the host user principal
3.4.5.5 Step 5: Add POSIX attributes into the global catalog if multiple domains are deployed
The GCS is the domain controller that hosts the global catalog for a forest. The global catalog
contains partial information of each domain in the forest. If you want LDAP-UX Client Services to
query GCS to decide which domain a queried data belongs to, then add the following POSIX
attributes into the global catalog:
For Windows 2003 R2 and Windows 2008 RFC 2307
• uid
• uidnumber
• gidnumber
For detailed information on how to perform this task, refer to Section 4.6.6 (page 163).
For information about how LDAP-UX Client Services retrieves data from remote domains, see
“Windows Active Directory multiple domains” (page 159).
3.4.6 Configuring LDAP-UX Client Services for a Windows ADS environment
To configure the LDAP-UX Client Services, complete the steps in this section.
If you attempt to enable SSL or TLS support with LDAP-UX, you must configure the directory server
to support SSL or TLS and install the security database (cert8.db and key3.db) on your client
before you run the setup program. For SSL or TLS setup details, refer to Section 3.4.7 (page 151).
138 Installing and configuring LDAP-UX Client Services for a Windows ADS environment