[Fedora-directory-users] Ldap user login problem in solaris 10
Rich Megginson
rmeggins at redhat.com
Wed Nov 21 20:07:05 UTC 2007
Imtiaz Ahmed wrote:
> hi
>
> *I can't login Solaris 10 by ldap user*. I have installed Red hat 7.1
> DS and it's working fine with HP-UX and Linux.
Did you see this?
http://directory.fedoraproject.org/wiki/Howto:SolarisClient
>
> I create a user named *ldaptst* under ou=profile,dc=test,dc=com,dc=bd
>
>
> LDAP Client=Solaris 10
>
> LDAP Server=HP-UX 11.23 (Red Hat DS 7.1)
>
> Solaris 10
>
> bash-3.00# more ldap_client_cred
> #
> # Do not edit this file manually; your changes will be lost.Please use
> ldapclient (1M) instead.
> #
> NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd
> NS_LDAP_BINDPASSWD= {NS1}f8670fc15443505d
> bash-3.00# more ldap_client_file
> #
> # Do not edit this file manually; your changes will be lost.Please use
> ldapclient (1M) instead.
> #
> NS_LDAP_FILE_VERSION= 2.0
> NS_LDAP_SERVERS= 10.10.96.114 <http://10.10.96.114>
> NS_LDAP_SEARCH_BASEDN= dc=test,dc=com,dc=bd
> NS_LDAP_AUTH= simple
> NS_LDAP_SEARCH_REF= FALSE
> NS_LDAP_SEARCH_SCOPE= sub
> NS_LDAP_SEARCH_TIME= 30
> NS_LDAP_SERVER_PREF= 10.10.96.114 <http://10.10.96.114>
> NS_LDAP_CACHETTL= 43200
> NS_LDAP_PROFILE= default
> NS_LDAP_CREDENTIAL_LEVEL= proxy
> NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=profile,dc=test,dc=com,dc=bd?sub
> NS_LDAP_SERVICE_SEARCH_DESC= group:ou=profile,dc=test,dc=com,dc=bd?sub
> NS_LDAP_BIND_TIME= 10
> bash-3.00#
>
> ################
> bash-3.00# ldaplist -l passwd
> dn: uid=ldaptst,ou=profile,dc=test,dc=com,dc=bd
> objectClass: posixAccount
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> objectClass: person
> gidNumber: 65534
> givenName: ldap
> sn: Only
> displayName: LDAP Test
> uid: ldaptst
> homeDirectory: /export/home
> loginShell: /bin/ksh
> cn: LDAP Test
> uidNumber: 16954
> bash-3.00#
> ################################
>
> #
> # /etc/nsswitch.ldap:
> #
> # An example file that could be copied over to /etc/nsswitch.conf; it
> # uses LDAP in conjunction with files.
> #
> # "hosts:" and "services:" in this file are used only if the
> # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
>
> # LDAP service requires that svc:/network/ldap/client:default be enabled
> # and online.
>
> # the following two lines obviate the "+" entry in /etc/passwd and
> /etc/group.
> passwd: files ldap
> group: files ldap
>
> # consult /etc "files" only if ldap is down.
> hosts: files dns
>
> # Note that IPv4 addresses are searched for in all of the ipnodes
> databases
> # before searching the hosts databases.
> ipnodes: files
>
> networks: files
> protocols: files
> rpc: files
> ethers: files
> netmasks: files
> bootparams: files
> publickey: files
>
> netgroup: files
>
> automount: files
> aliases: files
>
> # for efficient getservbyname() avoid ldap
> services: files
>
> printers: user files
>
> auth_attr: files
> prof_attr: files
>
> project: files
>
> ####################/etc/pam.conf#########
>
> # login service (explicit because of pam_dial_auth)
> #
> login auth requisite pam_authtok_get.so.1
> login auth required pam_dhkeys.so.1
> login auth required pam_unix_cred.so.1
> #login auth required pam_unix_auth.so.1
> login auth required pam_dial_auth.so.1
> login auth binding pam_unix_auth.so.1 server_policy
> login auth required pam_ldap.so.1
> #
> #
> # rlogin service (explicit because of pam_rhost_auth)
> #
> rlogin auth sufficient pam_rhosts_auth.so.1
> rlogin auth requisite pam_authtok_get.so.1
> rlogin auth required pam_dhkeys.so.1
> rlogin auth required pam_unix_cred.so.1
> #rlogin auth required pam_unix_auth.so.1
> rlogin auth binding pam_unix_auth.so.1 server_policy
> rlogin auth required pam_ldap.so.1
> #
> # Kerberized rlogin service
> #
> krlogin auth required pam_unix_cred.so.1
> krlogin auth binding pam_krb5.so.1
> krlogin auth required pam_unix_auth.so.1
> #
> # rsh service (explicit because of pam_rhost_auth,
> # and pam_unix_auth for meaningful pam_setcred)
> #
> rsh auth sufficient pam_rhosts_auth.so.1
> rsh auth required pam_unix_cred.so.1
> rsh auth binding pam_unix_auth.so.1 server_policy
> rsh auth required pam_ldap.so.1
> #
> # Kerberized rsh service
> #
> krsh auth required pam_unix_cred.so.1
> krsh auth binding pam_krb5.so.1
> krsh auth required pam_unix_auth.so.1
> #
> # Kerberized telnet service
> #
> ktelnet auth required pam_unix_cred.so.1
> ktelnet auth binding pam_krb5.so.1
> ktelnet auth required pam_unix_auth.so.1
> #
> # PPP service (explicit because of pam_dial_auth)
> #
> ppp auth requisite pam_authtok_get.so.1
> ppp auth required pam_dhkeys.so.1
> #ppp auth required pam_unix_cred.so.1
> ppp auth required pam_dial_auth.so.1
> #ppp auth required pam_unix_auth.so.1
> ppp auth binding pam_unix_auth.so.1 server_policy
> ppp auth required pam_ldap.so.1
> #
> # Default definitions for Authentication management
> # Used when service name is not explicitly mentioned for authentication
> #
> other auth requisite pam_authtok_get.so.1
> other auth required pam_dhkeys.so.1
> other auth required pam_unix_cred.so.1
> #other auth required pam_unix_auth.so.1
> other auth binding pam_unix_auth.so.1 server_policy
> other auth required pam_ldap.so.1
> #
> # passwd command (explicit because of a different authentication module)
> #
> #passwd auth required pam_passwd_auth.so.1
> passwd auth binding pam_passwd_auth.so.1 server_policy
> passwd auth required pam_ldap.so.1
> #
> # cron service (explicit because of non-usage of pam_roles.so.1)
> #
> cron account required pam_unix_account.so.1
> #
> # Default definition for Account management
> # Used when service name is not explicitly mentioned for account
> management
> #
> other account requisite pam_roles.so.1
> #other account required pam_unix_account.so.1
> other account binding pam_unix_account.so.1 server_policy
> other account required pam_ldap.so.1
> # Default definition for Session management
> # Used when service name is not explicitly mentioned for session
> management
> #
> other session required pam_unix_session.so.1
> #
> # Default definition for Password management
> # Used when service name is not explicitly mentioned for password
> management
> #
> other password required pam_dhkeys.so.1
> other password requisite pam_authtok_get.so.1
> other password requisite pam_authtok_check.so.1
> #other password required pam_authtok_store.so.1
> other password required pam_authtok_store.so.1 server_policy
> #
> # Support for Kerberos V5 authentication and example configurations can
> # be found in the pam_krb5(5) man page under the "EXAMPLES" section.
> #
>
> ######################################### Access LOG from
> Server###########
>
> [21/Nov/2007:10:32:07 +0600] conn=1576076 op=1 SRCH
> base="ou=profile,dc=test,dc=com,dc=bd" scope=2
> filter="(&(objectClass=shadowAccount)(uid=ldaptst))" attrs="uid
> userPassword shadowFlag"
> [21/Nov/2007:10:32:10 +0600] conn=1576077 op=1 SRCH
> base="ou=profile,dc=test,dc=com,dc=bd" scope=2
> filter="(&(objectClass=posixAccount)(uid=ldaptst))" attrs="cn uid
> uidNumber gidNumber gecos description homeDirectory loginShell"
> [21/Nov/2007:10:32:10 +0600] conn=1576078 op=1 SRCH
> base="ou=profile,dc=test,dc=com,dc=bd" scope=2
> filter="(&(objectClass=shadowAccount)(uid=ldaptst))" attrs="uid
> userPassword shadowFlag"
> [21/Nov/2007:10:32:10 +0600] conn=1576079 op=1 SRCH
> base="ou=profile,dc=test,dc=com,dc=bd" scope=2
> filter="(&(objectClass=posixAccount)(uid=ldaptst))" attrs="cn uid
> uidNumber gidNumber gecos description homeDirectory loginShell"
> [21/Nov/2007:10:32:10 +0600] conn=1576080 op=1 SRCH
> base="ou=profile,dc=test,dc=com,dc=bd" scope=2
> filter="(&(objectClass=shadowAccount)(uid=ldaptst))" attrs="uid
> userPassword shadowFlag"
> [21/Nov/2007:10:32:10 +0600] conn=1576081 op=1 SRCH
> base="ou=profile,dc=test,dc=com,dc=bd" scope=2
> filter="(&(objectClass=posixAccount)(uid=ldaptst))" attrs=ALL
> [21/Nov/2007:10:32:10 +0600] conn=1576082 op=0 BIND
> dn="uid=ldaptst,ou=profile,dc=test,dc=com,dc=bd" method=128 version=3
>
> ######################################
>
> bash-3.00# ldapclient -v init -a profileName=default -a
> proxyDN=cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd -a
> proxyPassword=Dm123456 10.10.96.114:389 <http://10.10.96.114:389>
> Parsing profileName=default
> Parsing proxyDN=cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd
> Parsing proxyPassword=Dm123456
> Arguments parsed:
> proxyDN: cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd
> profileName: default
> proxyPassword: Dm123456
> defaultServerList: 10.10.96.114:389 <http://10.10.96.114:389>
> Handling init option
> About to configure machine by downloading a profile
> findBaseDN: begins
> findBaseDN: ldap not running
> findBaseDN: calling __ns_ldap_default_config()
> found 2 namingcontexts
> findBaseDN: __ns_ldap_list(NULL,
> "(&(objectclass=nisDomainObject)(nisdomain= test.com.bd
> <http://test.com.bd>))"
> rootDN[0] dc=test,dc=com,dc=bd
> found baseDN dc=test,dc=com,dc=bd for domain test.com.bd
> <http://test.com.bd>
> Proxy DN: cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd
> Proxy password: {NS1}f8670fc15443505d
> Credential level: 1
> Authentication method: 1
> About to modify this machines configuration by writing the files
> Stopping network services
> Stopping sendmail
> stop: sleep 100000 microseconds
> stop: network/smtp:sendmail... success
> Stopping nscd
> stop: sleep 100000 microseconds
> stop: system/name-service-cache:default... success
> Stopping autofs
> stop: sleep 100000 microseconds
> stop: sleep 200000 microseconds
> stop: sleep 400000 microseconds
> stop: sleep 800000 microseconds
> stop: sleep 1600000 microseconds
> stop: sleep 3200000 microseconds
> stop: system/filesystem/autofs:default... success
> ldap not running
> nisd not running
> nis(yp) not running
> file_backup: stat(/etc/nsswitch.conf)=0
> file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
> file_backup: stat(/etc/defaultdomain)=0
> file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
> file_backup: stat(/var/nis/NIS_COLD_START)=-1
> file_backup: No /var/nis/NIS_COLD_START file.
> file_backup: nis domain is "test.com.bd <http://test.com.bd>"
> file_backup: stat(/var/yp/binding/test.com.bd)=-1
> file_backup: No /var/yp/binding/test.com.bd directory.
> file_backup: stat(/var/ldap/ldap_client_file)=-1
> file_backup: No /var/ldap/ldap_client_file file.
> Starting network services
> start: /usr/bin/domainname test.com.bd... success
> start: sleep 100000 microseconds
> start: network/ldap/client:default... success
> start: sleep 100000 microseconds
> start: system/filesystem/autofs:default... success
> start: sleep 100000 microseconds
> start: system/name-service-cache:default... success
> start: sleep 100000 microseconds
> start: network/smtp:sendmail... success
> restart: sleep 100000 microseconds
> restart: milestone/name-services:default... success
> System successfully configured
> bash-3.00#
> ######################333
>
>
>
>
>
>
>
> regards
>
> Imtiaz
>
>
>
>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20071121/f18af253/attachment.bin>
More information about the 389-users
mailing list