Solaris9 client problems / questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

--- Jo De Troy <jo.de.troy at gmail.com> wrote:
> Secondly I don't see how I can get TLS working, in the Solaris client howto
> document it's written to start up netscape and connect to
> http://ldapserver:636 to somehow get the certifcates for the Solaris client.
> I must be doing something wrong, since this just doesn't work. Is there
> another way of getting the required certificates on the Solaris client?  I
> guess I only need the CA certificates on the Solaris client or not?
> 

Yep.  Somebody posted this procedure (I'm sorry, I forgot the gentleman's name) but the following
worked for me.


Solaris 10 client config

    * Download the nspr, and nss packages for Solaris 9 here
(http://sourceforge.net/project/showfiles.php?group_id=19386) and install them. 

    * Get Sun one Resource Kit here: http://www.sun.com/download/products.xml?id=3f74a0db and
install it. 

    * Next run this command to setup your certificate database: 

# LD_LIBRARY_PATH=/usr/lib:/usr/local/lib ; export LD_LIBRARY_PATH
# /opt/sunone/lib/nss/bin/certutil -N -d /var/ldap

    * Add hosts entry to /etc/hosts for Ldap server, matching the certificate name 

    * Get CA cert from directory using these commands: 

[root at corporate-ds alias]# pwd
/opt/fedora-ds/alias
[root at corporate-ds alias]# ../shared/bin/certutil -L -d . -n "CA certificate" -r > /root/cert.der

    * Copy it to the solaris server, and import it with this: 

/opt/sunone/lib/nss/bin/certutil -A -n "CA certificate" -i /export/home/mmont/cert.der -t
"CTu,u,u" -d /var/ldap/

    * Run this command to set ldap client settings on the machine: 

ldapclient -v manual -a authenticationMethod=tls:simple -a credentialLevel=proxy -a
defaultSearchBase="dc=cors,dc=cy,dc=com" \
-a domainName=cors.cy.com -a followReferrals=false \ 
-a serviceSearchDescriptor="netgroup: ou=netgroup,dc=cors,dc=cy,dc=com" \
-a preferredServerList=119.15.70.17 -a serviceAuthenticationMethod=pam_ldap:tls:simple \
-a proxyPassword=password -a proxyDn=cn=proxyagent,ou=profile,dc=cors,dc=cy,dc=com

    * Restart ldap.client: 

# /etc/init.d/ldap.client stop ; sleep 2 ; /etc/init.d/ldap.client start

That should do it. Test settings with id, getent, or ldaplist: (You must be root, or sudo to use
ldaplist) 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux