GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Unix Authentication With2K Active Directory
Operating System - HP-UX
1843342
Members
3467
Online
110214
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-19-2002 11:32 AM
06-19-2002 11:32 AM
Hello All,
We are exploring the possibility of Unix accounts being authenticated by a Win2K active directory via LDAP.
I have never used LDAP and would appreciate if some of you GURUs out there can shed some light on some of my questions.
1. Are userids centralised in the Win2K Active Directory or is there duplication in the Unix server /etc/passwd & /etc/group as well?
2. Where will new accounts be added, in the Unix server or the Win2K Active Directory?
3. If passwords need to be changed where will they be changed, in the Active Directory or the Unix server?
Thanks in advance for all replies.
Regards,
Suren Selva
Unix Administrator
We are exploring the possibility of Unix accounts being authenticated by a Win2K active directory via LDAP.
I have never used LDAP and would appreciate if some of you GURUs out there can shed some light on some of my questions.
1. Are userids centralised in the Win2K Active Directory or is there duplication in the Unix server /etc/passwd & /etc/group as well?
2. Where will new accounts be added, in the Unix server or the Win2K Active Directory?
3. If passwords need to be changed where will they be changed, in the Active Directory or the Unix server?
Thanks in advance for all replies.
Regards,
Suren Selva
Unix Administrator
Experience is worth nothing if not gained from!
Solved! Go to Solution.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-19-2002 12:44 PM
06-19-2002 12:44 PM
Re: Unix Authentication With2K Active Directory
I'm not an expert in this area, but I think I can at least point you in the right direction: look up PAM (Pluggable Authentication Modules) security in HP-UX. It's purpose in life is to do things like this.
As I understand PAM and LDAP (I haven't implemented it myself), it is supposed to do all you ask... I know you can have a UNIX user provide userid/passwd info that's authenticated against LDAP, and they need not have a UNIX id.
Good luck - I hope this helps.
As I understand PAM and LDAP (I haven't implemented it myself), it is supposed to do all you ask... I know you can have a UNIX user provide userid/passwd info that's authenticated against LDAP, and they need not have a UNIX id.
Good luck - I hope this helps.
No matter where you go, there you are.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-21-2002 08:20 AM
06-21-2002 08:20 AM
Solution
Hello, Suren!
1. UID & GID are registered in the W2K AD, but you need first to change the AD schema appropriately by installing SFU (Services for Unix)on the W2K. The product is available on a MS Application CD. The users will be authenticated via PAM_LDAP (a part of LDAP-UX Client), rather than PAM_UNIX (native) module.
2. All accounts are maintained in the W2K AD.
3. ADMIN of AD can change the passwords.
Please see e.g.
http://docs.hp.com/hpux/onlinedocs/J4269-90014/J4269-90014.html
http://docs.hp.com/hpux/onlinedocs/internet/ADSLDUX.pdf
and other documents on docs.hp.com site.
Hope, these hints will help you.
BR,
Dmitry
1. UID & GID are registered in the W2K AD, but you need first to change the AD schema appropriately by installing SFU (Services for Unix)on the W2K. The product is available on a MS Application CD. The users will be authenticated via PAM_LDAP (a part of LDAP-UX Client), rather than PAM_UNIX (native) module.
2. All accounts are maintained in the W2K AD.
3. ADMIN of AD can change the passwords.
Please see e.g.
http://docs.hp.com/hpux/onlinedocs/J4269-90014/J4269-90014.html
http://docs.hp.com/hpux/onlinedocs/internet/ADSLDUX.pdf
and other documents on docs.hp.com site.
Hope, these hints will help you.
BR,
Dmitry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-21-2002 01:01 PM
06-21-2002 01:01 PM
Re: Unix Authentication With2K Active Directory
Thanks Dmitri for the information and documents.
Our goal is to move towards one central username and password.
Our Windows team does not like to extend the AD schema. Therefore I don't think that we can add Services For Unix to out AD. I've been told that the AD has certain fields that are not being used. Can we populate those fileds with the uid, gid, login shell and home directory and get LDAP-Kerboros to authenticate from those fields without extending the schema? Please let me know. Thanks in advance.
Regards,
Suren
Our goal is to move towards one central username and password.
Our Windows team does not like to extend the AD schema. Therefore I don't think that we can add Services For Unix to out AD. I've been told that the AD has certain fields that are not being used. Can we populate those fileds with the uid, gid, login shell and home directory and get LDAP-Kerboros to authenticate from those fields without extending the schema? Please let me know. Thanks in advance.
Regards,
Suren
Experience is worth nothing if not gained from!
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP