WINDOWS SECURITY AND DIRECTORY SERVICES FOR UNIX USING CENTRIFY DIRECTCONTROL
20
© CENTRIFY CORPORATION 2004-2005. ALL RIGHTS RESERVED.
PAGE 20
·
Configure Active Directory with the first DirectControl Zone
Use the Centrify DirectControl Setup Wizard to update Active Directory and to
configure the default Zone.
·
Enable Active Directory groups and users for UNIX
Use the Centrify DirectControl Setup Wizard to update Active Directory and to
configure the default Zone.
·
Install the Centrify DirectControl Agent on UNIX or Linux
Run the installation script and select the tasks to perform for the specific UNIX or
Linux computer on which you want to install DirectControl.
·
Join the Active Directory Domain
Run the adjoin command to add a selected UNIX or Linux computer to the Active
Directory domain.
·
Restart running services
Restart specific services on UNIX computers, or reboot to restart all services.
Preparing Your Environment
The following sections describe how to prepare your environment for this security and
directory services solution for the End State. This development environment serves as a
proof-of-concept for this solution.
Preparing your environment requires the following tasks:
·
Install and Configure Active Directory Domain Controllers
·
Configure the DNS Server
·
Create Test Users and Groups
·
Verify time synchronization
Installing and Configuring Active Directory Domain Controllers
An Active Directory domain controller provides authentication and authorization data,
serving as both the Kerberos Key Distribution Center (KDC) and as the authorization data
store. These instructions call for installation and configuration of two domain controllers to
allow for testing of UNIX authentication and authorization under failover conditions.
Optionally, you can skip installation of the second domain controller for the initial
configuration and install it at a later time.
To install and configure Active Directory and DNS
1. Install the Windows Server 2003 Standard Edition operating system on a computer.
2. Use the Active Directory Installation Wizard (dcpromo) to install and configure the
server as an Active Directory domain controller. Use the default values supplied by
the installation wizard.
3. Configure a Domain Name System (DNS) server role on the domain controller:
·
Create both forward and reverse lookup zones.
·
Select the option Allow both nonsecure and secure dynamic updates. Make
sure that both the forward and reverse lookup zones use Active Directory
integrated DNS.
·
Configure DNS for the server's local network connection.
4. Install the Support Tools from the Windows 2003 Server CD.
5. Install a second Window 2003 server, and use the Active Directory Installation
Wizard (dcpromo) to configure it as a second domain controller.
6. Install DNS on the second Windows 2003 server.
·
Create both forward and reverse lookup zones.