Hi,

I'm trying to transfer the system administration of several HP-UX
server's over to Windows 2000 Active Directory by installing LDAP-UX
client Services on the unix boxes.
Right, I've gotten two boxes to successfully bind to Active Directory to
authenticate users when they are logging in.
However, I don't know how I can control the user access of the two unix
boxes. In other words, when I create a new user in Active Directory, what
do I have to do so that I can control which box the user can log into?
Should I add the user to a certain group, ie "unixBox1", and then would I
have to change the login script of each unix box to check whether the user
that's trying to login has a certain memberOf attribute therefore belongs
to a certain group?
Thanks in advance,
Jean