WINDOWS SECURITY AND DIRECTORY SERVICES FOR UNIX USING CENTRIFY DIRECTCONTROL
55
© CENTRIFY CORPORATION 2004-2005. ALL RIGHTS RESERVED.
PAGE 55
2. On each UNIX computer, set each user's files with the correct UID information. For
example, if Jeff Hay is assigned a UNIX UID of 10057 and his UNIX username is
jhay, execute the following steps on the UNIX computer that Jeff Hay uses:
a. Log on to the UNIX computer as root.
b. Change the directory to Jeff Hay's current home directory.
c. Run
the
chown command to reset Jeff's files with a new UID. For example:
find user jhay | xargs chown 10057
To inform end-users, provide the following information
1. When the switch to Active Directory is scheduled to occur.
2. Which UNIX or Linux computers are included in the new deployment.
3. Which password each user needs to use after the deployment takes place.
Explain to users that, after the DirectControl deployment is complete, they must use a
single Active Directory password to access their UNIX workstations. They cannot use
their current UNIX password after the deployment because it will no longer be active
on the computer.
Deploying the Solution
This section provides checklists to use to confirm that your network infrastructure is ready
for the deployment. It also describes how to join your UNIX computers to Active Directory
to implement the transition to the use of Active Directory authentication and authorization
for the UNIX computers.
Deploying the Infrastructure
With deployment preparations complete, you are ready to deploy the DirectControl
infrastructure in your production environment. If your organization is large, perform a
phased deployment, as described earlier in "Preparing for a Phased Deployment."
To deploy the Windows environment
1. Install the DirectControl Windows components on a Windows computer joined to the
Active Directory domain.
For specific steps, see "Installing Centrify DirectControl on Windows" under
"Developing the Components of the Solution" earlier in this guide.
2. Configure at least one DirectControl Zone.
For specific steps, see "Configuring Active Directory with the First DirectControl
Zone" under "Developing the Components of the Solution" earlier in this guide.
Use the Import from UNIX tool in the Centrify DirectControl Administrator Console to
import user information from the existing UNIX directory systems or local /etc/passwd
file into Active Directory.
3. Link the imported identities to the appropriate Active Directory users.
4. Import UNIX groups, if necessary, configuring them as Active Directory groups, and
then mapping the groups to the appropriate users.
5. Add users to the appropriate Zones.
For specific steps related to importing users and groups and linking them to Active
Directory users and groups, see "Importing Information from NIS maps or UNIX files"
in the Centrify DirectControl Administrator's Guide.
To deploy the UNIX computers
1. Install the DirectControl UNIX or Linux components on each computer to be joined to
the Active Directory domain.
For specific steps, see: