LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

3 Installing and configuring LDAP-UX Client Services for a Windows ADS

environment..............................................................................................114

3.1 Before you begin: general installation and configuration considerations for a Windows ADS

environment.........................................................................................................................114

3.2 Selecting the method of installation: guided or customized...................................................114

3.3 Guided installation (autosetup) for a Windows ADS environment...........................................115

3.3.1 What autosetup does...............................................................................................117

3.3.2 Using the guided installation autosetup command—syntax and options for Windows ADS

environments...................................................................................................................118

3.3.2.1 autosetup options.............................................................................................119

3.3.2.2 autosetup environment variables........................................................................120

3.3.2.3 autosetup command examples...........................................................................121

3.3.3 Guided installation steps: First Installation into a Windows Domain mode.......................122

3.3.3.1 Interactively running First Installation into a Windows Domain mode.......................122

3.3.3.2 Automating First Installation into a Windows Domain mode...................................124

3.3.3.3 Postinstallation steps for First Installation into a Windows Domain mode .................124

3.3.4 Guided installation steps: Existing Windows LDAP-UX Configuration mode......................124

3.3.4.1 Interactively running Existing Windows LDAP-UX Configuration mode......................125

3.3.4.2 Automating Existing Windows LDAP-UX Configuration mode.................................127

3.3.4.3 Postinstallation steps for Existing Windows LDAP-UX Configuration mode ................127

3.4 Customized installation (setup) for a Windows ADS environment...........................................127

3.4.1 Summary of installing and configuring LDAP-UX Client Servicesconfigurationsummary for

customized (setup)Windows ADS environmentinstallationsummary for customized (setup)Windows

ADS environmentLDAP-UX configuration and installationsummary for Windows ADS

environment....................................................................................................................127

3.4.2 Tasks that must be performed to implement Kerberos support........................................128

3.4.3 Planning your customized installation.........................................................................129

3.4.4 Installing LDAP-UX Client Services on a client..............................................................134

3.4.5 Configuring Windows Active Directory for HP-UX integration........................................135

3.4.5.1 Step 1: Install Active DirectoryinstallationActive DirectoryActive Directoryinstalling.....135

3.4.5.2 Step 2: Create a proxy user..............................................................................136

3.4.5.3 Step 3: Add an HP-UX client machine account to Active Directory..........................137

3.4.5.4 Step 4: Use ktpass to create the keytab file for the HP-UX client machine.................137

3.4.5.4.1 Validating the host user principal................................................................138

3.4.5.5 Step 5: Add POSIX attributes into the global catalog if multiple domains are

deployed...................................................................................................................138

3.4.6 Configuring LDAP-UX Client Services for a Windows ADS environment...........................138

3.4.6.1 Step 1: Install the PAM Kerberos product ............................................................139

3.4.6.2 Step 2: Run the setup program..........................................................................139

3.4.6.2.1 Remapping attributes for services................................................................146

3.4.6.3 Step 3: Configure your HP-UX machine to authenticate using PAM Kerberos............149

3.4.6.4 Step 4: Configure NSS.....................................................................................150

3.4.6.5 Step 5: Configure the PAM Authorization Service Module (PAM_AUTHZ)................150

3.4.6.6 Step 6: Configure the disable login flag.............................................................151

3.4.7 Configuring LDAP-UX Client Services with SSL or TLS support........................................151

3.5 Postinstallation configuration tasks.....................................................................................151

3.5.1 Importing name service data into your directory...........................................................151

3.5.1.1 Prevent user and group number collisions with those already on the HP-UX host.........152

3.5.1.2 Steps for importing name service data.................................................................152

3.5.2 Verifying LDAP-UX Client Services for Single Domain....................................................152

3.5.3 Enabling AutoFS support..........................................................................................152

3.5.3.1 Automount schema...........................................................................................152

3.5.3.2 Configuring NSS to enable LDAP support for AutoFS............................................153

3.5.3.3 Configuring automount caches..........................................................................154

Contents 5