- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- HP-UX Authentication thru Windows AD
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-26-2009 01:00 AM
тАО10-26-2009 01:00 AM
I have a HPUX Itanium system wanted to authenticate it thru Windows Active Directory server. Can someone advice me on this.
Thanks in advance.
Regards
Walter
Solved! Go to Solution.
- Tags:
- LDAP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-26-2009 01:21 AM
тАО10-26-2009 01:21 AM
Re: HP-UX Authentication thru Windows AD
http://docs.hp.com/en/internet.html#LDAP-UX%20Integration
HTH
Duncan
I am an HPE Employee

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-26-2009 02:40 AM
тАО10-26-2009 02:40 AM
Re: HP-UX Authentication thru Windows AD
you need to install and configure LDAP-UX services on HP-UX system. From the manual already mentioned (which is the best point to start) check also for Windows requirements, for example it asks for SFU utilities on Windows system.
HTH.
Best regards,
Fabio
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-26-2009 07:02 AM
тАО10-26-2009 07:02 AM
Solutionhttp://www.docs.hp.com/en/16322/CIFSUnifiedLoginV2.pdf
Eric
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-27-2009 04:07 AM
тАО10-27-2009 04:07 AM
Re: HP-UX Authentication thru Windows AD
You don't need MS SFU if your AD is 2003 R2 or above, the schema changes are already present. You will need it if you don't, however, you would be better off delaying until you upgrade to AD 2003R2, than you would to deploy LDAP-UX, then upgrade.
Technically Kerberos is the authentication method.
PAM_authz provides authorization (are you in the right group, and allowed to log into this host? Otherwise >ALL< AD users can log in...)
The LDAP-UX piece provides users and groups from the AD.
That step-by-step guide that Eric posted is pretty good (it's also very new). I wish it was around when I originally implemented.
The Instalilng and Configuring guide is also quite good and covers a lot of the possible issues, specific to many different environments. For Kerberos, I really like this test resource:
This doc: DOC ID: PAMKKBAN00000983 - A Basic Step-by-Step Summary of Kerberos v5.1 Setup on HPUX platform.
A copy of which is at the link below:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1043163
I actually worked with the author on backline support issues once. Very bright fellow.
Interestingly enough, I was forced to temporarily disable the LDAP client daemon temporarily for a short time. As long as the users and group data is sychronised to the host in some way, the users can fully log in using Kerberos only. The trick is, if there's no naming service (LDAP-UX to provide user and group data, /etc/files, etc.) you can't log in.
Remember, LDAP is only a directory, it only provides identity, not authentications (Kerboeros), or authorization (pam_authz, sudo, etc.).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-27-2009 04:51 AM
тАО10-27-2009 04:51 AM
Re: HP-UX Authentication thru Windows AD
Understand that in the Windows 2003 integration, only R2 will work for LDAP integration. Substantial patching is required on the windows side for this to work.
So work with the windows team and see that it is properly patched.
Part of the setup requires admin rights on the windows domain controller, so you'll need to work with the windows admins closely to get this done.
it is not easy. Budget some time to get this done.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-12-2009 05:09 AM
тАО11-12-2009 05:09 AM
Re: HP-UX Authentication thru Windows AD
The one additional note is that basic domain admin privileges are not enough, you also need to have Schema Admin enabled on the domain admin account during the first install.
Your Windows administrators will be very skittish about enabling any changes to the schema.
This one is pretty benign, however updating it, which includes enabling SSL or SASL style encryption, or changing the LDAP server search order will require you to use ADSIEdit (windows, from the ResKit) or ldapmodify (comes with LDAP-UX) to implement the changes. At this point, you are directly editing the schema.
Don
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-07-2019 09:11 AM
тАО04-07-2019 09:11 AM
Re: HP-UX Authentication thru Windows AD
The document is now 404
I have a problem with integrating hp-ux 11.31 with latest samba4.9
on fedora 29
I run from hpux this command
cd /opt/ldapux/config ./setup
I follow the "guide" and all works fine but..at the moment of run extended schema
exit with this error
PFMERR 43: Can't extend LDAP-UX Configuration profile schema on the Directory Server samba4.blu.priv = 192.168.0.48 with user CN=Administrator,CN=Users,DC=blu,DC=priv Please check the /tmp/ldapux_schema.log file for errors.
schema.log said
ldap_add: Already exists ldap_add: additional info: Entry CN=serviceauthenticationMethod,CN=Schema,CN=Configuration,DC=blu,DC=priv already exists adding new entry CN=serviceauthenticationMethod,CN=Schema,CN=Configuration,DC=blu,DC=priv ldapmodify: no attributes to change or add (entry DC=blu,DC=priv) modifying entry ldap_add: Invalid syntax ldap_add: additional info: 0000200B: objectclass_attrs: attribute 'mayContain' on entry 'CN=DUAConfigProfile,CN=Schema,CN=Configuration,DC=blu,DC=priv' contains at least one invalid value! adding new entry CN=DUAConfigProfile,CN=Schema,CN=Configuration,DC=blu,DC=priv modifying entry
server samba said
[2019/04/07 20:10:54.368845, 0] ../source4/dsdb/schema/schema_syntax.c:1431(_dsdb_syntax_OID_validate_numericoid) ber_write_OID_String() failed for 2.5.5.8 [2019/04/07 20:10:56.348827, 0] ../source4/dsdb/schema/schema_syntax.c:1277(_dsdb_syntax_OID_attr_ldb_to_drsuapi) Unable to find attribute followreferrals in the schema [2019/04/07 20:10:59.379196, 0] ../source4/dsdb/schema/schema_syntax.c:1277(_dsdb_syntax_OID_attr_ldb_to_drsuapi) Unable to find attribute automountMapName in the schema [2019/04/07 20:10:59.432561, 0] ../source4/dsdb/schema/schema_syntax.c:1277(_dsdb_syntax_OID_attr_ldb_to_drsuapi) Unable to find attribute automountKey in the schema
Any suggestion?Thanks