I have successfully gotten solaris 9 (patched with recommended patches)
to work without using ssl/tls, but can't seem to get ssl/tls working.
I've read the following:
http://directory.fedora.redhat.com/wiki/Howto:SolarisClient
and this
http://forum.sun.com/thread.jspa?threadID=12811&tstart=30
And multiple other links to getting this working, but can't seem to get
it to initialize the database. Everything in my ldap directory appears
to be setup, being that redhat and freebsd with ssl work without issues,
and solaris 9 works without tls/ssl, so the issue, I assume, is with the
*.db files in /var/ldap.
bash-3.00# pwd
/var/ldap
bash-3.00# ls -l *.db
-r--r--r-- 1 root other 65536 Dec 20 11:07 cert8.db
-r--r--r-- 1 root other 16384 Dec 20 11:07 key3.db
-r--r--r-- 1 root other 32768 Dec 20 10:26 secmod.db
bash-3.00# id mmontgomery
Dec 20 11:15:47 solarisldap nscd[1774]: libsldap: Status: 91 Mesg: openConnection: failed
to initialize TLS security (security library: bad database.)
Dec 20 11:15:47 solarisldap last message repeated 1 time
Dec 20 11:15:47 solarisldap nscd[1774]: libsldap: Status: 7 Mesg: Session error no
available conn.
id: invalid user name: "mmontgomery"
bash-3.00# ldapclient -v manual -a authenticationMethod=tls:simple -a credentia
lLevel=proxy -a defaultSearchBase="dc=*****,dc=*********,dc=***" -a domainNa
me=********** -a followReferrals=false -a preferredServerList=10.5.1.18 -a
serviceAuthenticationMethod=pam_ldap:tls:simple -a proxyPassword=******* -a
proxyDn=cn=proxyagent,ou=profile,dc=******,dc=*****,dc=****
Everything works fine up until this point:
start: /usr/lib/ldap/ldap_cachemgr... success
Dec 20 11:13:21 solarisldap automount[1770]: libsldap: Status: 91 Mesg: openConnection:
failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:21 solarisldap last message repeated 1 time
Dec 20 11:13:21 solarisldap automount[1770]: libsldap: Status: 7 Mesg: Session error no
available conn.
start: /etc/init.d/autofs start... success
start: /etc/init.d/nscd start... success
Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 91 Mesg: openConnection:
failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:21 solarisldap last message repeated 1 time
Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 7 Mesg: Session error no
available conn.
Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 91 Mesg: openConnection:
failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:21 solarisldap last message repeated 1 time
Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 7 Mesg: Session error no
available conn.
Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 91 Mesg: openConnection:
failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:21 solarisldap last message repeated 1 time
Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 7 Mesg: Session error no
available conn.
Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 91 Mesg: openConnection:
failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:21 solarisldap last message repeated 1 time
Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 7 Mesg: Session error no
available conn.
Dec 20 11:13:21 solarisldap sendmail[1778]: libsldap: Status: 91 Mesg: openConnection:
failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:21 solarisldap last message repeated 1 time
Dec 20 11:13:21 solarisldap sendmail[1778]: libsldap: Status: 7 Mesg: Session error no
available conn.
Dec 20 11:13:21 solarisldap sendmail[1778]: libsldap: Status: 91 Mesg: openConnection:
failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:21 solarisldap last message repeated 1 time
Dec 20 11:13:21 solarisldap sendmail[1778]: libsldap: Status: 7 Mesg: Session error no
available conn.
Dec 20 11:13:22 solarisldap sendmail[1777]: libsldap: Status: 91 Mesg: openConnection:
failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:22 solarisldap last message repeated 1 time
Dec 20 11:13:22 solarisldap sendmail[1777]: libsldap: Status: 7 Mesg: Session error no
available conn.
Dec 20 11:13:22 solarisldap sendmail[1778]: libsldap: Status: 91 Mesg: openConnection:
failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:22 solarisldap last message repeated 1 time
Dec 20 11:13:22 solarisldap sendmail[1778]: libsldap: Status: 7 Mesg: Session error no
available conn.
Dec 20 11:13:22 solarisldap sendmail[1778]: libsldap: Status: 91 Mesg: openConnection:
failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:22 solarisldap last message repeated 1 time
Dec 20 11:13:22 solarisldap sendmail[1778]: libsldap: Status: 7 Mesg: Session error no
available conn.
start: /etc/init.d/sendmail start... success
System successfully configured
I've used a netscape browser to get my Cert from the FDS, and scp'd the
key3.db, and cert8.db files to the solaris client. From what I can
tell, it can read these files:
bash-3.00# /usr/local/bin/certutil -L -d .
server-cert P,,
bash-3.00# /usr/local/bin/certutil -L -d . -n "server-cert"
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1001 (0x3e9)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Issuer: CN=CAcert
Validity:
Not Before: Mon Dec 19 20:33:04 2005
Not After: Sat Mar 19 20:33:04 2016
Subject: CN=server-cert
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
b7:07:1a:32:33:38:c9:22:53:30:13:07:15:a6:2e:74:
b3:c8:26:bd:84:1f:97:57:b6:3d:56:13:5c:90:a2:56:
ff:52:ce:4c:d3:54:c5:7a:ab:94:2e:fc:17:7c:18:69:
d1:df:e4:88:68:c6:aa:c2:14:21:a7:27:c7:4b:45:19:
89:c3:9f:8f:2b:22:69:b6:9e:3b:0b:84:b4:78:66:d7:
84:f5:17:f0:12:bc:56:d4:20:34:86:49:02:2a:9f:22:
9c:c2:3b:c2:48:5c:c1:df:7d:22:19:8f:3d:9b:c2:83:
1b:0f:f1:92:be:70:d2:95:15:cf:f0:0c:3e:74:78:4b
Exponent: 65537 (0x10001)
Fingerprint (MD5):
D4:1D:8C:D9:8F:00:B2:04:E9:80:09:98:EC:F8:42:7E
Fingerprint (SHA1):
DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Signature:
2c:5c:60:05:f0:97:30:9c:57:a3:87:69:75:26:71:b2:
e7:7d:c8:eb:36:35:bd:e6:9f:db:4d:0f:23:75:e0:bc:
76:4d:aa:ae:7f:9c:ac:e4:c0:35:7d:5f:22:4e:52:40:
fb:3f:bf:a8:8d:50:b3:00:9b:73:bf:2b:54:84:14:8a:
c1:00:52:95:e6:47:98:78:5d:cb:ff:76:50:cc:94:09:
53:13:b9:11:4e:eb:c8:1a:88:dd:42:76:dd:6c:32:7d:
1a:17:c1:a2:fd:03:e2:47:12:84:c3:72:da:b1:05:61:
3b:d6:26:99:1d:e6:b9:48:7a:ca:96:98:22:ce:bc:70
Certificate Trust Flags:
SSL Flags:
Valid Peer
Trusted
Email Flags:
Object Signing Flags:
Anybody have any ideas what I may be missing here?
Thanks again.