HPE Community
Operating System - HP-UX
1752586 Members
4209 Online
108788 Solutions
New Discussion юеВ

Re: ldap or samba

 
SOLVED
Go to solution
Fernando Jose P de Souz
Regular Advisor

тАО11-25-2008 03:27 PM

тАО11-25-2008 03:27 PM

ldap or samba

Hi,

I would like to authenticate users in my server HP-UX. Don┬┤t need share FS or printer. Just authenticate.

I use Ldap or Samba???


wait
0 Kudos
Reply
4 REPLIES 4
Patrick Wallek
Honored Contributor

тАО11-25-2008 03:53 PM

тАО11-25-2008 03:53 PM

Solution

Re: ldap or samba

I would go for LDAP.

Here is a FREE product to help with integrating HP-UX with LDAP:

LDAP-UX Integration for HP-UX
http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J4269AA
Reply
eric roseme
Respected Contributor

тАО11-26-2008 02:05 PM

тАО11-26-2008 02:05 PM

Re: ldap or samba

Do not use Samba unless you want to share a file system or printer. Samba by itself cannot authenticate a user for a shell. pam_winbind could do that, however. HP CIFS Server (Samba) does not support pam_winbind, so you would have to compile a version for yourself just to get pam_winbind. Not worth it.

Eric
Reply
Wim Rombauts
Honored Contributor

тАО11-26-2008 11:34 PM

тАО11-26-2008 11:34 PM

Re: ldap or samba

Certainly go for LDAP-UX (free product) and PAM-LDAP. You need the combination of the two.

LDAP-UX documentation includes a procedure to link your HP-UX system as an LDAp-client to a windows AD server. It's an easy thing to do.

PAM-LDAP is needed to allow your HP--UX authentication to use LDAP as a user and authentication source. This PAM-LDAP is configured in /etc/pam.conf
Don't forget to also configure pam_user.conf if you want ome good security. With pam_user.conf, you can configure specific users to ignore LDAP. Users like root for instance, you don't want someone to create a dummy account named "root" in AD; give it a stupid password, and then log in to your system as root with the AD password.

I attached pamconf.tar, containing my pam.conf and pam_ser.conf. I found this pam configuration not tha evident, so maybe my configuration files can give you a quick start.

And oh yeah, also edit your /etc/nsswitch.conf and add "ldap" to the passwd and group entries.
Reply
Simeon Harwood
Regular Advisor

тАО11-27-2008 01:21 AM

тАО11-27-2008 01:21 AM

Re: ldap or samba

I've been looking at the very same thing. At the moment we use NIS for user authentication. I was going to set up an openldap server on linux and get the HPUX servers talking to that, but when I looked at the HPUX LDAP client software, it said that there was minimal support for openldap. It does say though, that there is full support for Windows Active directory for 2000, 2003, and 2003R2. Seeing as though Active directory uses Kerberos, and LDAP, this would be a good solution, plus it keeps all of our user ID's in one place now.
Sime.
You never had this problem with a pencil and paper!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.