Active Directory Integration HP-UX 11

Active Directory Integration HP-UX 11 (Full Version)

All Forums >> [Windows - UNIX Interop] >> Active Directory Integration

Message

tom.cadle -> Active Directory Integration HP-UX 11 (Jun. 9, '04, 10:25:41 PM)
I am working on a project to integrate a Windows Server 2003-based Active Directory with HP-UX 11. I understand that there is a schema modification necessary (or preferred) in order to make password synchronization seemless. My problem is two-fold, for starters I am completely unfamiliar with SFU 3.5 AND to round it off, I am NOT a UNIX guy. AHHHHHHH! Thank you for your time and whatever assistance you can provide to this humble novice. Regards.

markfunk -> RE: Active Directory Integration (Jun. 10, '04, 12:43:50 AM)
you probably want to look at Vintella - http://www.vintella.com/

tom.cadle -> RE: Active Directory Integration (Jun. 10, '04, 7:53:59 AM)
Even Vintela uses the schema modification which is installed as part of SFU 3.5 (or so I'm told)

Rodney -> RE: Active Directory Integration (Jun. 10, '04, 11:31:19 AM)
The two are different. The Vintela product is more comprehensive than what comes with SFU 3.5. Vintela has a free 60-day demo so you can give it a try. On the Vintela FAQ page they have the entry: How does VAS compare with SFU? SFU includes a number of features, one of which, its ability to act as an NIS server, is another approach to achieve limited integration between Unix and Active Directory. See the document VAS and Microsoft Windows Services for UNIX compared. (that's a link to http://www.vintela.com/products/vas/docs/VAS_SFU.pdf) I think (and Mark may correct this later [:)]) that Mark was pointing to Vintela because you're wanting to integrate with AD. SFU's sol'n is to manage the Unix/Linux boxes with NIS for passwords. But that limits it's involvment with AD. The Vintela product, called "VAS", uses LDAP and Kerberos to do the management. AD uses Kerberos. Reading the above mention PDF may help you. You should learn some more about NIS at even a broad/conceptual level so you can understand the comparisons. If you're working with Unix machines to integrate them under AD you're going to have know what they do, how and why. Here's a link: http://www.free-definition.com/Network-Information-Service.html for you to read about NIS. It'll get you the basic definitions. You should get some NIS reading material too. I can recommend "Managing NFS and NIS", 2nd Edition, O'Reilly Books, by Hal Stern.

NMDANGE -> RE: Active Directory Integration (Jun. 10, '04, 1:04:00 PM)
Samba 3 supports joining an Active Directory domain using Kerberos, though I don't know if it'd work on HP-UX.

tom.cadle -> RE: Active Directory Integration (Jun. 10, '04, 7:54:08 PM)
Thanks guys... I've got my reading list in tow, I appreciate the assist. Regards.

hebele -> RE: Active Directory Integration (Jun. 29, '04, 3:25:26 PM)
test

HohenfelsJoe -> RE: Active Directory Integration (Jul. 20, '04, 10:52:56 AM)
Hello, I am trying the same, working on a project to integrate a Windows Server 2003-based Active Directory with Red Hat AS 3.0, Have you had any luck? I have not tried Vintela, I am trying to use ldap, SFU 3.5 and Kerberos. Any insight you might have would be appreciated. Thanks

tom.cadle -> RE: Active Directory Integration (Jul. 20, '04, 11:22:12 AM)
UNIX integration will be in the next phase of our migration. I have not yet begun any testing, I made my post in hope of getting all the necessary information/tools together. As soon as our testing is complete I will post my findings here. Regards.

jasonzions -> RE: Active Directory Integration (Jul. 20, '04, 9:12:56 PM)
Microsoft released a pretty big guide on how to do this (make UNIX systems do authentication and authorization through AD). You can pick up the current version here. Microsoft announced at TechEd US that the team which built that guide is revising it to explicitly support HP-UX 11 (i.e. they're going to test with HP-UX systems, include the exact commands to be issued there, etc.). The current guide, called "version 0.9", supports Solaris and RedHat; see the guide itself for the specific versions tested.

HohenfelsJoe -> RE: Active Directory Integration (Jul. 24, '04, 11:51:30 PM)
Thanks! I will check it out and let you know what happens.

benmartins -> RE: Active Directory Integration (Jun. 21, '05, 10:42:25 AM)
I have been tasked with integrating Unix/Linux with Active Directory.I am considering using ldap,kerberos, and services for unix.There are no funds for commerical tools.The nix servers does not use NIS but /etc/passwd for authentication,so I am wondering if only installing SFU on the AD which will change the schema on the AD will be the only thing that I need to do before AD sees the nix servers as its client.

Rodney -> RE: Active Directory Integration (Jun. 21, '05, 10:59:43 AM)
In the post by jasonzions above he has a link to a Guide from MS that you should read (or a least heavily skim) to get you a scope of what can be done. The information is pretty detailed, so it's worth your time. You need to have something running on the Unix servers that will communicate to AD for password information. That can be done with the SSOD (aka password synchronization) which is officially supported on a select number of Unix systems. But the source for SSOD is with the SFU release so you can built it for others. Note that SSOD will only do passwords, not other user information such as what you get back from a getpwuid(2) call, that's more the realm of NIS (which SFU will do as well). But you aren't using NIS, so this is likely not a concern. Anyway, read the Guide from the link above. You may get some other ideas too.

brian.read -> RE: Active Directory Integration HP-UX 11 (Aug. 3, '05, 4:27:59 AM)
quote: ORIGINAL: tom.cadle I am working on a project to integrate a Windows Server 2003-based Active Directory with HP-UX 11. I understand that there is a schema modification necessary (or preferred) in order to make password synchronization seemless. My problem is two-fold, for starters I am completely unfamiliar with SFU 3.5 AND to round it off, I am NOT a UNIX guy. AHHHHHHH! Thank you for your time and whatever assistance you can provide to this humble novice. Regards. I just read an article that referred to schema attribute changes to support Linux authentication. Its an old article but definately targets to your original post. May get you a little closer. http://linuxmafia.com/faq/Security/active-directory.html

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.5 ANSI

0.047