getting solaris 8 to talk to FDS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Gary, thank you for the replies.  (I do have the patch you mentioned:)

bash-2.03# showrev -p | grep "^Patch: 108993-48"
Patch: 108993-48 Obsoletes: 108827-40, 108991-18, 109322-09, 109461-03, 111641-0
[...]

--- "Tay, Gary" <Gary_Tay at platts.com> wrote:

> 0) As mentioned in previous email, use "ldapclient -i", not "ldapclient
> -P".
> 

I did.  It kept failing until I got rid of "-a default"

Handling manual option
Unable to set value: invalid authenticationMethod (default)

Getting rid of -a default:

bash-2.03# /usr/sbin/ldapclient -v -i -b dc=foo,dc=com -c proxy -D uid=proxyA
gent,ou=profile,dc=foo,dc=com -w password -S "passwd: ou=People,dc=foo,dc=
com?one" -S "shadow: ou=People,dc=foo,dc=com?one" -S "group: ou=group,dc=caxt
on,dc=com?one" -S "netgroup: ou=netgroup,dc=foo,dc=com?one" 149.85.70.17
Arguments parsed:
        defaultSearchBase: dc=foo,dc=com
        credentialLevel: proxy
        proxyDN: uid=proxyAgent,ou=profile,dc=foo,dc=com
        serviceSearchDescriptor: 
                arg[0]: passwd: ou=People,dc=foo,dc=com?one
                arg[1]: shadow: ou=People,dc=foo,dc=com?one
                arg[2]: group: ou=group,dc=foo,dc=com?one
                arg[3]: netgroup: ou=netgroup,dc=foo,dc=com?one
        proxyPassword: password
        defaultServerList: 149.85.70.17
Handling manual option
Proxy DN: uid=proxyAgent,ou=profile,dc=foo,dc=com
Proxy password: {NS1}ecfa88f3a945c411
Credential level: 1
Authentication method: 0
Authentication method: 0
No proxyDN/proxyPassword required
About to modify this machines configuration by writing the files
Stopping network services
Stopping sendmail
Stopping nscd
Stopping autofs
Stopping ldap
nisd not running
nis_cache not running
nispasswd not running
nis(yp) not running
Removing existing restore directory
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: stat(/var/nis/NIS_COLD_START)=-1
file_backup: No /var/nis/NIS_COLD_START file.
file_backup: nis domain is "composers.foo.com"
file_backup: stat(/var/yp/binding/composers.foo.com)=-1
file_backup: No /var/yp/binding/composers.foo.com directory.
file_backup: stat(/var/ldap/ldap_client_file)=0
file_backup: (/var/ldap/ldap_client_file -> /var/ldap/restore/ldap_client_file)
file_backup: (/var/ldap/ldap_client_cred -> /var/ldap/restore/ldap_client_cred)
Starting network services
start: /usr/bin/domainname composers.foo.com... success
start: /usr/lib/ldap/ldap_cachemgr... success
start: /etc/init.d/autofs start... success
start: /etc/init.d/nscd start... success
System successfully configured
bash-2.03# id testdba
id: invalid user name: "testdba"
bash-2.03# 

So, looks like it worked but I can't authenticate any users.  id testdba produces traffic
on the FDS server, so it's definitely trying to query it but can't resolve anything.

Also, I have two profiles:

# default, profile, foo.com
dn: cn=default,ou=profile,dc=foo,dc=com
defaultSearchBase: dc=foo,dc=com
authenticationMethod: simple
followReferrals: TRUE
bindTimeLimit: 2
profileTTL: 43200
searchTimeLimit: 30
objectClass: top
objectClass: DUAConfigProfile
defaultServerList: 149.85.70.17
credentialLevel: proxy
cn: default
defaultSearchScope: one

# tls_profile, profile, foo.com
dn: cn=tls_profile,ou=profile,dc=foo,dc=com
defaultSearchBase: dc=foo,dc=com
authenticationMethod: tls:simple
followReferrals: FALSE
bindTimeLimit: 10
profileTTL: 43200
searchTimeLimit: 30
objectClass: top
objectClass: DUAConfigProfile
defaultServerList: cnyitlin02.composers.foo.com
credentialLevel: proxy
cn: tls_profile
serviceSearchDescriptor: passwd: ou=People,dc=foo,dc=com
serviceSearchDescriptor: group: ou=group,dc=foo,dc=com
serviceSearchDescriptor: shadow: ou=People,dc=foo,dc=com
defaultSearchScope: one

My default profile doesn't have those 3 searchDescriptors.  Or we are not using profiles
anymore?  Just curious...

Do you still think I need to change my defaultSearchDN?  Also, must those ACLs be added
still?  Because it looks like you're doing a manual config, right?

Thank you for your help, Gary.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux