- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: LDAP and AD
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-01-2007 03:53 AM
тАО03-01-2007 03:53 AM
The idea is to use LDAP and AD so that we can use the same accounts that we use on the Windows servers. Given that there is no NIS or LDAP on the HP-UX installations and that we still want to have the root and system logins controlled locally, can anyone tell me what I need to install and where?
For example, do I need to install NIS client onto the servers?
Any help/advice will be gratefully received.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-01-2007 04:05 AM
тАО03-01-2007 04:05 AM
Re: LDAP and AD
vintela
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-01-2007 04:17 AM
тАО03-01-2007 04:17 AM
Re: LDAP and AD
How do I sort it with just existing Windows/HP-UX software? If it is too much of a challenge, we would concider just installing LDAP on the UNIX servers and not integrating it into AD.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-01-2007 04:24 AM
тАО03-01-2007 04:24 AM
Re: LDAP and AD
LDAP logins can coexist with local accounts, as long as you don't have any conflicts. You'll probably need to extend your AD schema to include the POSIX account attributes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-02-2007 12:20 AM
тАО03-02-2007 12:20 AM
Re: LDAP and AD
It would seem a lot faster. Since you would not be installing anything on the box.
I never log in as root. I don't seem to miss it. I su after I'm in.
I can't find the man page on it, but you can make is so people cannot telnet in as user root on the box.
Make a file called /etc/securetty
Put the word "console" in it.
Now root can only log in from the console.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-02-2007 12:22 AM
тАО03-02-2007 12:22 AM
Re: LDAP and AD
If you are using an AD and want to authenticate against it, you must use LDAP-UX, but Kerberos is not optional as it is the auth method that Windows AD uses.
There's a few components to this. I've done the same for similar reasons, but with more UX boxes.
Here's a couple of links to other answers I've given, all relating to this.
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1026837
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1043163
It's worthwhile and works well, it's a little tricky to get it all together the first time.
Good luck.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-02-2007 04:39 AM
тАО03-02-2007 04:39 AM
Re: LDAP and AD
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-05-2007 03:30 AM
тАО03-05-2007 03:30 AM
Re: LDAP and AD
Thanks for the help. We already have the word "console" in /etc/securetty but everyone uses the system account to log in before su -. I think you are right though - 12 accounts on 5 servers is a bit of a molehill for the mountain that LDAP and AD seems to be.
Heironimus/Don,
Thanks too for the advice. As I say above, I think AD/Kerberos might be too much bother for such a small number of accounts. Is LDAP for HP-UX still the best thing to be looking at? I heard that NIS was on its way out (and doesn't allow pasword shadowing).
Cheers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-05-2007 03:45 AM
тАО03-05-2007 03:45 AM
SolutionYour least evil, secure approach is LDAP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-05-2007 04:06 AM
тАО03-05-2007 04:06 AM
Re: LDAP and AD
The other options I see that don't involve spending money are LDAP-UX, a home-grown sync script, or manual management. The number of machines involved make manual account setup reasonable, but you'll want to be careful about keeping UIDs and GIDs consistent to reduce your headaches.
If you go with manual account management you'll need to make sure you track growth in your environment. UNIX environments often grow slowly, so one day you might look around and realize you're manually handling accounts on 20-30 machines that got added one at a time over a few years.