Hi,

I'm trying to transfer the system administration of several HP-UX
server's over to Windows 2000 Active Directory by installing LDAP-UX
client Services on the unix boxes.
Right, I've gotten two boxes to successfully bind to Active Directory to
authenticate users when they are logging in.
However, I don't know how I can control the user access of the two unix
boxes. In other words, when I create a new user in Active Directory, what
do I have to do so that I can control which box the user can log into?
Should I add the user to a certain group, ie "unixBox1", and then would I
have to change the login script of each unix box to check whether the user
that's trying to login has a certain memberOf attribute therefore belongs
to a certain group?
Thanks in advance,
Jean

jean qiong he wrote:
> Hi,
>
> I'm trying to transfer the system administration of several HP-UX
> server's over to Windows 2000 Active Directory by installing LDAP-UX
> client Services on the unix boxes.
> Right, I've gotten two boxes to successfully bind to Active Directory to
> authenticate users when they are logging in.
> However, I don't know how I can control the user access of the two unix
> boxes. In other words, when I create a new user in Active Directory, what
> do I have to do so that I can control which box the user can log into?
> Should I add the user to a certain group, ie "unixBox1", and then would I
> have to change the login script of each unix box to check whether the user
> that's trying to login has a certain memberOf attribute therefore belongs
> to a certain group?
> Thanks in advance,
> Jean
>
Although I have not had to deal with it (yet...) I believe there is a
PAM module for that, dont know for sure though.