WINDOWS SECURITY AND DIRECTORY SERVICES FOR UNIX USING CENTRIFY DIRECTCONTROL
© CENTRIFY CORPORATION 2004-2005. ALL RIGHTS RESERVED.
Before you import existing UNIX account information into Active Directory, determine how
you want imported information to fit into your existing Active Directory structure, how you
want to organize the imported information into Centrify DirectControl Zones and groups,
and how you plan to handle any account conflicts.
You must also ascertain where existing UNIX account information is stored in your UNIX
environment. The three most common repositories for storing UNIX account information
are the following:
A Network Information Services (NIS) server, and the databases or maps that store
users, groups, and other network-related information for NIS domains
A central LDAP server that stores user and group account information for a network
of UNIX computers.
Local UNIX configuration files, such as /etc/passwd, that store local user and group
Depending on your environment, you might need to import information from any of these
sources. Therefore, the first step to take in planning to import existing information is to
determine whether the information is stored in NIS, NIS+ (an enhanced version of NIS),
LDAP or local UNIX files.
To prepare existing UNIX directory information for import into Active Directory
For UNIX directory-based systems such as NIS or LDAP, you can use the UNIX
utility getent to export UNIX user and group information to a file.
For example, to create a file with user account information, run the following
command on the UNIX computer before you join the computer to the Active Directory
getent passwd > /tmp/passwd
To create a file with group account information run the following command:
getent group > /tmp/group
These two files, /tmp/passwd and /tmp/group, are used to import the existing UNIX
directory information into Active Directory.
For /etc/passwd based UNIX systems, you can use the /etc/passwd and /etc/group
files directly for importing the information into Active Directory.
You must also verify that you can access the UNIX information from the Windows
computer where the Centrify DirectControl Administrator Console is installed. In order to
import information from the group and passwd files, these files must be accessible on the
To make UNIX information accessible from a Windows computer
Use any of the following methods to make the information from the group and
passwd UNIX files accessible from the Windows computer:
Use FTP or SFTP to transfer the files from the UNIX computer to the Windows
Copy the files to a network share that is configured to allow a Windows user to
access the files on a UNIX computer.
Copy the files to a network share that is configured to allow a UNIX user to
transfer UNIX files to a Windows computer network share.
Transfer in the files using physical media such as a floppy disk, a USB drive, or a
Now that the UNIX directory information is accessible on the Windows computer, you
must import the directory information into Active Directory.
To import UNIX directory information into Active Directory
Import from UNIX tool in the Centrify DirectControl Administrator Console to
import the user and group accounts stored in the passwd and group files into Active