Problem with solaris & FDS authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi, guys.  I finally got the solaris box to talk to the FDS (thank you all for your
help).

I'm now having a problem where I can't telnet/ssh from another machine.

On the client, I have this:

bash-2.03# ldaplist -l passwd testdba
dn: uid=testdba,ou=People, dc=composers,dc=foo,dc=com
        givenName: oracle
        sn: user
        loginShell: /bin/bash
        uidNumber: 10001
        gidNumber: 7000
        objectClass: top
        objectClass: person
        objectClass: organizationalPerson
        objectClass: inetorgperson
        objectClass: posixAccount
        objectClass: shadowaccount
        uid: testdba
        cn: oracle user
        homeDirectory: /home/testdba
bash-2.03# 

The ACIs (in addition to the default ones):


Bind Password:
dc=composers,dc=foo,dc=com

aci=(targetattr =
"cn||uid||uidNumber||gidNumber||homeDirectory||shadowLastChange||shadowMin||shadowMax||shadowWarning|
|shadowInactive||shadowExpire||shadowFlag||memberUid"
)(version 3.0; acl LDAP_Naming_Services_deny_write_access;deny (write) userdn = "ldap:
///self";) 
aci=(target="ldap:///dc=composers,dc=foo,dc=com";)(targetattr="userPassword")(version 3.0;
acl LDAP_Naming_Services_proxy_password_read; allow (compare,search) userdn = "
ldap:///cn=proxyagent,ou=profile,dc=composers,dc=foo,dc=com";;)



There's nothing in the /var/adm/messages.  My pam.conf [snipped] is this:

# login service (explicit because of pam_dial_auth)
#
login   auth requisite          pam_authtok_get.so.1
login   auth required           pam_dhkeys.so.1
login   auth sufficient         pam_unix_auth.so.1
login   auth required           pam_ldap.so.1 try_first_pass
login   auth required           pam_dial_auth.so.1

#ssh

sshd  auth sufficient /usr/lib/security/pam_ldap.so.1
sshd  auth required   /usr/lib/security/pam_unix.so.1 use_first_pass

---

The userPassword field is not displayed when I do ldaplist.  Is that normal?  Even when I
do this:

/usr/bin/ldapsearch -D "cn=proxyagent,ou=profile,dc=composers,dc=foo,dc=com" -h
cnyitlin02 -b dc=composers,dc=foo,dc=com objectclass=\*

uid=testdba,ou=People, dc=composers,dc=foo,dc=com
givenName=oracle
sn=user
loginShell=/bin/bash
uidNumber=10001
gidNumber=7000
objectClass=top
objectClass=person
objectClass=organizationalPerson
objectClass=inetorgperson
objectClass=posixAccount
objectClass=shadowaccount
uid=testdba
cn=oracle user
homeDirectory=/home/testdba

How can I go about troubleshooting this?


		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux