Login or Register to Ask a Question and Join Our Community


HP-UX

HP-UX authenticating to Active Directory

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems HP-UX HP-UX authenticating to Active Directory
# 1  
Old 08-05-2008
HP-UX authenticating to Active Directory
Hey,

I've asked questions about this project here before and gotten lots of help so I figured I'd give it another try.

I've recently set up my HP-UX environment to authenticate to a Windows Active Directory server (Windows Server 2003 R2).

I setup an account on Active Directory which works perfectly. I can log in, do everything, change passwords, etc. It all works. This is an account that exists on the AD SERVER ONLY.
I'm also trying to setup an account that exists locally on the HP-UX server AND on the AD server. In this case it's the root account but I'm also doing it for others.

Here's my problem:

I can authenticate to the HP server using the local root password no problem, but I can't log in with the Active Directory password.
If I try to change my password when I log in (or any attempt to make a kerberos service ticket), the account is automatically locked on the Active Directory server and I get this error message:

"kinit(v5): Clients credentials have been revoked while getting initial credentials"

Does anyone know why I can't get this to work with a local account as well as Active Directory? Does it have to do with implementing a Trusted System (Mine's a trusted system by the way)?

Just for info's sake here's my /etc/pam.conf file, but this shouldn't be the problem as authenticating to an AD only account works flawlessly:

#
# Authentication management
#
login auth sufficient /usr/lib/security/libpam_krb5.1
login auth required /usr/lib/security/libpam_unix.1 use_first_pass
su auth sufficient /usr/lib/security/libpam_krb5.1
su auth required /usr/lib/security/libpam_unix.1 use_first_pass
dtlogin auth sufficient /usr/lib/security/libpam_krb5.1
dtlogin auth required /usr/lib/security/libpam_unix.1 use_first_pass
dtaction auth sufficient /usr/lib/security/libpam_krb5.1
dtaction auth required /usr/lib/security/libpam_unix.1 use_first_pass
ftp auth sufficient /usr/lib/security/libpam_krb5.1
ftp auth required /usr/lib/security/libpam_unix.1 use_first_pass
OTHER auth sufficient /usr/lib/security/libpam_krb5.1
OTHER auth required /usr/lib/security/libpam_unix.1 use_first_pass
#
# Account management
#
login account sufficient /usr/lib/security/libpam_krb5.1
login account required /usr/lib/security/libpam_unix.1
su account sufficient /usr/lib/security/libpam_krb5.1
su account required /usr/lib/security/libpam_unix.1
dtlogin account sufficient /usr/lib/security/libpam_krb5.1
dtlogin account required /usr/lib/security/libpam_unix.1
dtaction account sufficient /usr/lib/security/libpam_krb5.1
dtaction account required /usr/lib/security/libpam_unix.1
ftp account sufficient /usr/lib/security/libpam_krb5.1
ftp account required /usr/lib/security/libpam_unix.1
sshd account required /usr/lib/security/libpam_authz.1
sshd account required /usr/lib/security/libpam_unix.1
sshd account sufficient /usr/lib/security/libpam_krb5.1
OTHER account sufficient /usr/lib/security/libpam_krb5.1
OTHER account required /usr/lib/security/libpam_unix.1
#
# Session management
#
login session required /usr/lib/security/libpam_krb5.1
login session required /usr/lib/security/libpam_unix.1
dtlogin session required /usr/lib/security/libpam_krb5.1
dtlogin session required /usr/lib/security/libpam_unix.1
dtaction session required /usr/lib/security/libpam_krb5.1
dtaction session required /usr/lib/security/libpam_unix.1
OTHER session required /usr/lib/security/libpam_krb5.1
OTHER session required /usr/lib/security/libpam_unix.1
#
# Password management
#
login password sufficient /usr/lib/security/libpam_krb5.1
login password required /usr/lib/security/libpam_unix.1 use_first_pass
passwd password sufficient /usr/lib/security/libpam_krb5.1
passwd password required /usr/lib/security/libpam_unix.1 use_first_pass
dtlogin password sufficient /usr/lib/security/libpam_krb5.1
dtlogin password required /usr/lib/security/libpam_unix.1 use_first_pass
dtaction password sufficient /usr/lib/security/libpam_krb5.1
dtaction password required /usr/lib/security/libpam_unix.1 use_first_pass
OTHER password sufficient /usr/lib/security/libpam_krb5.1
OTHER password required /usr/lib/security/libpam_unix.1 use_first_pass
OTHER password required /usr/lib/security/pam_sso.hp.1


Thank you very much for any help you can give,

Ryan
# 2  
Old 08-05-2008
We are implementing Quest Vintela for all our HP-UX servers for AD signon.

Integrate Unix, Linux, and web platforms into Windows-based identity, access, policy, and management services with Vintela

it works pretty well, there were some issues, and MOST are resolved.
# 3  
Old 08-05-2008
Ya I looked at that product a while back. We decided to use Windows Identity Management for Unix. Everything is working pretty well (at least on linux which is MUCH easier to configure for this) but just this one little problem I have above.

I've setup a similar environment to what I'm implementing now in a test environment and I had it working flawlessly so I know it's "possible". The only difference between the two environments is the HP-UX system is a trusted one in production.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Active Directory OR LDAP

Hi, How can we check users added through LDAP or AD. Users added through a group of AD or LDAP group. (2 Replies)
Discussion started by: Nishit
2 Replies

2. Solaris

Authenticating UNIX (Solaris 11) to Windows 2012R2 / Active Directory

Gentleman, i am trying to setup Authentication for my Solaris 11 Server through Active Directory (Server 2012 R2). At least some things are already working, for example a getent passwd mydomainuser and ldapsearch command comes back with a correct result. So not everything i did was wrong. ... (1 Reply)
Discussion started by: bahnhasser83
1 Replies

3. Windows & DOS: Issues & Discussions

Integrate RHEL with Active Directory

Hi All, I have been given the task of integrating Linux (RedHat, Ubuntu, CentOS and Mac OSX) with a Windows Server 2012 A.D. if anyone has done this before help would be very much appreciated, I have been looking at using either Samba with Win-bind or SSSD, if anyone has tested this please... (9 Replies)
Discussion started by: stuffer1984
9 Replies

4. UNIX for Advanced & Expert Users

Active Directory with 6.1

Is there anyone who is utilizing Active Directory (2008R2) for AIX user account management? If yes or if AD is possible with AIX systems, can you please share what to be done to get there? Please advise. (1 Reply)
Discussion started by: Daniel Gate
1 Replies

5. Solaris

active directory equivalent for unix

At the moment we are integrating LDAP in our environment. Compared to Windows this process is much complicated and time consuming. With Windows you had Active Directory and if you create a new server, you just add it to the domain and your finished. Yes, I know Unix is not Windows. Are there... (1 Reply)
Discussion started by: misterx12345
1 Replies

6. Red Hat

ldap and active directory

Hi Friends, I need your help to get some solution of one of my problem. Ours is a mixed domain. Most of the servers are windows and very little linux servers. We are using the MS AD for authentication. My problem is, I want to authenticate linux servers against AD. I donot want to use any... (1 Reply)
Discussion started by: arumon
1 Replies

7. UNIX for Dummies Questions & Answers

setup active directory

i would like to ask about unix with active directory..actually my situation is at ny place there already have dns server in unix based,i want to implement an active directory to the network..from what i read about active directory we have to used bind dns...some say that bind could not handle in... (1 Reply)
Discussion started by: nour
1 Replies

8. UNIX for Dummies Questions & Answers

Active Directory and UNIX

Hello - I have a very vague question, which will probably result in vague answers because I don't have a lot of detailed information and I don't know a whole lot about active directory. Our Windows/NT admin has been rolling out Active Directory over the past several weeks and as time goes on,... (1 Reply)
Discussion started by: rm -r *
1 Replies

9. Windows & DOS: Issues & Discussions

unix and active directory

Hi Does anybody know the steps and requirements of the installation process of Windows Active Directory using Unix/Linux Bind DNS. I will appreciate if somebody gives the answer. (1 Reply)
Discussion started by: Darwin Rodrigue
1 Replies
Login or Register to Ask a Question