https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736132#M43286 Hi Alzhy,<BR /><BR />When I last looked into this (about 2 years ago now), I had a tailored ldapclientd.conf to connect to the AD, unfortunately, not using SSL (that was a next step).<BR /><BR />My AD already had the MS SFU 3.5 extensions installed to support the HP LDAP-UX product set, as well as accounts and groups configured to support this. I was able to perform queries against the AD for users and find general auth details. (e.g. ls -al showed proper info out of the AD for non-local users).<BR /><BR />There was no (HP) pam_authz style module available at the time for Linux, which was a bit of a showstopper for me, so I was looking at other similar methods at the time. I would suspect this has changed since then.<BR /><BR />For Kerberos integration, it's no different that the process used for HP-UX. Create up your keys, export them per host, import them on the Linux host, yay.. The krb5.conf file was almost identical between Linux and HP-UX other than minor service differences, since they both come from MiT.<BR /><BR />The automounter (autofs) under Linux is far more versatile that HP-UX, so it worked the same or better as well.<BR /><BR />My primary difficulties were with respect to getting SSL connectivity working, a pam_authz replacement, and that I didn't like the AD authentication method that openldap was using at the time (clear-text password in the config file).<BR /><BR />Don<BR /><BR /> Tue, 11 Jan 2011 16:02:30 GMT Don Mallory 2011-01-11T16:02:30Z https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736124#M43278 Hi All,<BR /><BR />In our company they have implemented the user and password management tool for windows AD.<BR /><BR />How can I implement the same in Linux and Unix servers...<BR /><BR />Could you please suggest any one like that...<BR /><BR />We are having lot of unix and linux servers having lot of local user accounts... Mon, 10 Jan 2011 14:29:10 GMT https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736124#M43278 senthil_kumar_1 2011-01-10T14:29:10Z https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736125#M43279 Is your question about integrating your Linux and UNIX accounts in yuor AD Domain or how to manage the local user accounts effetively?<BR /><BR /> Mon, 10 Jan 2011 14:43:35 GMT https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736125#M43279 Alzhy 2011-01-10T14:43:35Z https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736126#M43280 if your question is about a tool to manage user accoutns from web interface, then you can try *webmin*<BR /> Mon, 10 Jan 2011 14:44:23 GMT https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736126#M43280 Alzhy 2011-01-10T14:44:23Z https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736127#M43281 if your question is about an efficient central management of each UNIX/Linux server's user accounts -- then you may want to implement any of the following:<BR /><BR />- Active Directory Integration<BR />- NIS Plus<BR />- a commercial tool (from CA, HP, etc..)<BR /><BR /> Mon, 10 Jan 2011 14:45:57 GMT https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736127#M43281 Alzhy 2011-01-10T14:45:57Z https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736128#M43282 Yeah, if you are looking for web based user administration then webmin is a very good choice. Mon, 10 Jan 2011 22:21:58 GMT https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736128#M43282 Jeeshan 2011-01-10T22:21:58Z https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736129#M43283 For AD integration of HP-UX nodes, check out the LDAP-UX bundle. There is a lot of documentation on this, and it works quite well (integrated with Kerberos and AD).<BR /><BR />For the Linux nodes, LDAP-UX does not exist. You can however build the same using openldap as a client of your AD and add Kerberos integration, almnost exactly the same as your HP-UX environment. Some of the config files and scripts will even port almost directly.<BR /><BR /> Tue, 11 Jan 2011 15:17:29 GMT https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736129#M43283 Don Mallory 2011-01-11T15:17:29Z https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736130#M43284 Oh, and by the way, both of these toolsets are free. Tue, 11 Jan 2011 15:18:44 GMT https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736130#M43284 Don Mallory 2011-01-11T15:18:44Z https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736131#M43285 "For the Linux nodes, LDAP-UX does not exist. You can however build the same using openldap as a client of your AD and add Kerberos integration, almnost exactly the same as your HP-UX environment. Some of the config files and scripts will even port almost directly."<BR /><BR />Can you post your complete recipe pls?<BR /> Tue, 11 Jan 2011 15:24:01 GMT https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736131#M43285 Alzhy 2011-01-11T15:24:01Z https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736132#M43286 Hi Alzhy,<BR /><BR />When I last looked into this (about 2 years ago now), I had a tailored ldapclientd.conf to connect to the AD, unfortunately, not using SSL (that was a next step).<BR /><BR />My AD already had the MS SFU 3.5 extensions installed to support the HP LDAP-UX product set, as well as accounts and groups configured to support this. I was able to perform queries against the AD for users and find general auth details. (e.g. ls -al showed proper info out of the AD for non-local users).<BR /><BR />There was no (HP) pam_authz style module available at the time for Linux, which was a bit of a showstopper for me, so I was looking at other similar methods at the time. I would suspect this has changed since then.<BR /><BR />For Kerberos integration, it's no different that the process used for HP-UX. Create up your keys, export them per host, import them on the Linux host, yay.. The krb5.conf file was almost identical between Linux and HP-UX other than minor service differences, since they both come from MiT.<BR /><BR />The automounter (autofs) under Linux is far more versatile that HP-UX, so it worked the same or better as well.<BR /><BR />My primary difficulties were with respect to getting SSL connectivity working, a pam_authz replacement, and that I didn't like the AD authentication method that openldap was using at the time (clear-text password in the config file).<BR /><BR />Don<BR /><BR /> Tue, 11 Jan 2011 16:02:30 GMT https://community.hpe.com/t5/operating-system-linux/how-to-do-the-user-and-password-management-on-linux-unix-server/m-p/4736132#M43286 Don Mallory 2011-01-11T16:02:30Z