Previous Topic: Start CA ControlMinderNext Topic: Activate UNAB

Implementation GuideInstalling and Customizing a UNAB HostHow to Register a UNIX Host in a One-Way Trust Domain EnvironmentRegister a UNIX Host in Active Directory

Register a UNIX Host in Active Directory

To let users defined in Active Directory log in to UNIX computers, register on the Active Directory server each UNIX computer on which you installed UNAB.

Note: You can configure the UNAB installation parameters file to specify that the installation process registers the UNIX endpoint on Active Directory during UNAB installation.

Follow these steps:

  1. Verify that the time on the UNIX host and Active Directory server is synchronized.
  2. Log in to the UNIX computer as a superuser.

    Note: You must activate UNAB before Active Directory users can log on to the UNIX computer.

  3. If you use Microsoft Services for UNIX (SFU), specify the attribute names in the map section of the uxauth.ini file.

    If you do not specify the attribute names in the uxauth.ini file, users that are defined only in SFU cannot log in to UNAB hosts.

    Note: For more information about the uxauth.ini file, see the Reference Guide.

  4. Navigate to the UNAB bin directory. By default the directory is: 
    /opt/CA/uxauth/bin
  5. Run the uxconsole -register utility.

    UNAB registers the UNIX computer in Active Directory and starts the uxauthd daemon.

    Note: For more information about uxconsole -register, see the Reference Guide.

Example: Register a UNIX Host in Active Directory

This example shows you how to register a UNIX computer in Active Directory. You type in the user name (-a administrator) and password (-w admin), define the Active Directory host name (-d Active_Directory_Host), set the verbosity level (-v 3), specify that the UNAB agent does not run at the end of the installation (-n), and define the name of the container in Active Directory (-o OU=COMPUTERS). The container must exist before you register the UNIX computer in Active Directory:

./uxconsole -register -a administrator -w admin -d Active_Directory_Host -v 3 -n -o OU=COMPUTERS

Example: Delegating an Active Directory User the Privileges to Register a UNIX Host

If you do not want to specify an administrator user name and password when you run the uxconsole -register command, you can specify the user name and password of a user with delegated privileges for registering the UNIX host in Active Directory. The following example shows you how to delegate the privileges for registering a UNIX host in Active Directory to an Active Directory user.

  1. On the Active Directory computer, click Start, Programs, Administrative Tools, Active Directory Users and Computers.

    The Active Directory Users and Computers management console opens.

  2. Right-click the Computers folder and select Delegate Control.

    The Delegation Control Wizard opens.

  3. Click Next.

    The wizard starts.

  4. Complete the installation wizard using the following table, and click Finish:

Information

Action

Users and Groups

Specifies the user to which you want to delegate control to.

Select Add and search for the user you want to delegate control to.

Tasks to Delegate

Defines the tasks to delegate to the selected users or groups.

Select "Create a custom task to delegate"

Active Directory Object Type

Defines the scope of the task to delegate.

Do the following:

  • Select "This folder, existing objects in this folder, and creation of new objects in this folder".
  • Select "Create Computer objects permission from the list".

Permissions

Defines the permissions to delegate to the user.

Select "Creation/delegation of specific child objects ".

The wizard closes.You have delegated permission to create computer objects in Active Directory to the user. The user now has sufficient privileges to register a UNIX host in Active Directory.