uxconsole -register Register UNIX Computers in Active Directory

Valid on UNIX
capamsc141
Valid on UNIX
Use the
uxconsole
command to register a UNIX host in Active Directory. A privileged account (not necessarily administrator account) user can register a UNIX host in Active Directory. To let the Active Directory users log in to the UNIX host, activate the UNIX Authentication Broker.
You can run the command multiple times on the same computer.
Example:Run the command to repair the UNIX Authentication Broker host registration with Active Directory when the keytab file is deleted.
The
uxconsole
command has the following format:
uxconsole -register -a name [-w pass] [-d domain] [-t site] [-v level] [-n] [-o container] [-s server] [-p #] [-sso] [-i #] [-h] [-k] uxconsole -register -owt -d domain -a name [-w pass] [-v level] uxconsole -register -owt -pupm -d domain -a name -epname name [-eptype type] [-container name] [-v level] uxconsole -deregister -owt -d domain [-a name] [-v level] uxconsole -deregister -a name [-w pass] [-d domain] [-v level] [-o container] [-s server] [-p #]
  • -register
    Specifies that Active Directory registers UNIX Authentication Broker.
  • -deregister
    Specifies that Active Directory deregisters UNIX Authentication Broker.
  • -a
    name
    Specifies a user with privileges to register computers in Active Directory.
    Default:
    administrator
  • -epname
    Specifies an endpoint where the privileged account originates.
  • -eptype
    Specifies the endpoint type. If not otherwise specified, the endpoint type is Windows Agentless.
  • -w
    pass
    Specifies the password of a user with privileges to register computers in Active Directory.
  • -d
    Defines the domain name that the Active Directory is part of.
  • -h
    Displays the program help.
  • -n
    Specifies that the uxauthd agent runs after the registration process completes.
  • -o
    container
    Specifies the Active Directory container name where you register the UNIX computer. The Active Directory container must exist before you register the UNIX computer.
  • -container
    Specifies the name of the container where you register the privileged account.
  • -owt
    Specifies a position-dependent argument that requests the proxy user key management. Register the UNIX Authentication Broker endpoint before using this option.
  • -p
    #
    Specifies the Active Directory listening port number.
  • -pupm
    Specifies to use Shared Account Management integration.
  • -s server
    Specifies the Active Directory Server name.
  • -sso
    Specifies that the uxconsole manages Kerberos files for Single Sign On (SSO)
  • -t site
    Defines the Active Directory site that contains Domain Controllers (DCs). The UNIX Authentication Broker uses DCs to communicate with the Active Directory. The UNIX authentication broker writes the site name to the ad_site configuration setting in the ad section of the
    uxauth.ini
    file. We recommend that you do not specify this option. If you do not specify this option, the utility automatically selects the best Active Directory site to use.
    The values in the
    ignore_dc_list
    and
    lookup_dc_list
    configuration settings affect how UNIX Authentication Broker implements Active Directory site support.
  • -v level
    Defines the verbose level to use during the installation process.
  • -i #
    Specifies the Key Distribution Server (KDC) configuration mode.
    Limits
    :
    0 - Use host name for the registered domain KDC in Kerberos configuration
    1 - Use IP address instead of hostnames for KDC in Kerberos configuration
    2 - Use DNS-only KDC lookup
    Default:
    0
  • -k
    Specifies to skip the key version when the Active Directory fails to increase the key version on the Kerberos token.
Example: Register a UNIX Host in Active Directory
The example shows how to register a UNIX computer in Active Directory by providing the following information:
  • User name (-a administrator)
  • Password (-w admin)
  • Set the verbosity level (-v 3)
  • Specify that the UNIX Authentication Broker agent does not run at the end of the installation (-n)
  • Define the name of the container in Active Directory (-o OU=COMPUTERS), where the computer object representing the endpoint locates.
    The container must exist before you register the UNIX computer in Active Directory:
./uxconsole -register -a administrator -w admin -v 3 -n -o OU=COMPUTERS
For assistance while registering the UNIX host on Active Directory, refer to the following topics: