getting solaris 8 to talk to FDS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

--- Justin Albstmeijer <justin at VLAMea.nl> wrote:

> 
> My 2 cents
> 
> - test with: ldapsearch -h ldapserver.domain.nl -s
> base -b ""
> "objectclass=*" , to see if you can queuery the
> server.

I went ahead and got the ldapsearch.  It worked. 
ldaplist is just busted, I guess.

> - make sure the posix account has the
> "shadowAccount" attribute

Added it.  I went to user, properties, posixAccount,
advanced, add value -> shadowAccount.  Not sure if
that's the right way of doing it or not...

> - SSHA is default used by FDS for password
> encyption.. this should be CRYPT.
 
Done -- thank you!

> - make sure to use "simple" instead of "tls:simple"
> for your initial tests
> - use : ldapclient -v -P default -D
> "cn=proxyagent,ou=profile,dc=domain,dc=nl" -d
> domain.nl -w proxy_password
> {ipnumber_ldap_server} , to create the ldap_file &
> ldap_cred files

Yea -- that's where I hit another problem:

Handling init option
About to configure machine by downloading a profile
findBaseDN: begins
findBaseDN: Stopping ldap
findBaseDN: calling __ns_ldap_default_config()
found 2 namingcontexts
findBaseDN: __ns_ldap_list(NULL,
"(&(objectclass=nisDomainObject)(nisdomain=composers.foo.com))"
rootDN[0] dc=foo,dc=com
found baseDN nisdomain=composers.foo.com,dc=foo,dc=com
for domain composers.foo.com
The download of the profile failed.
Could not read the profile 'default'.
Perhaps it does not exist or you don't have sufficient
rights to read it.

However, from the FDS server itself, ldapsearch -x
shows this: (snipped)

# default, profile, foo.com
dn: cn=default,ou=profile,dc=foo,dc=com
defaultSearchBase: dc=foo,dc=com
authenticationMethod: simple
followReferrals: TRUE
bindTimeLimit: 2
profileTTL: 43200
searchTimeLimit: 30
objectClass: top
objectClass: DUAConfigProfile
defaultServerList: cnyitlin02.composers.foo.com
credentialLevel: proxy
cn: default
defaultSearchScope: one

So, the profile is there but what's this about the
rights???


> - make sure you run te latest recommended patch
> cluster.

Did that already.
 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux