Imtiaz Ahmed wrote: > hi > > *I can't login Solaris 10 by ldap user*. I have installed Red hat 7.1 > DS and it's working fine with HP-UX and Linux. Did you see this? http://directory.fedoraproject.org/wiki/Howto:SolarisClient > > I create a user named *ldaptst* under ou=profile,dc=test,dc=com,dc=bd > > > LDAP Client=Solaris 10 > > LDAP Server=HP-UX 11.23 (Red Hat DS 7.1) > > Solaris 10 > > bash-3.00# more ldap_client_cred > # > # Do not edit this file manually; your changes will be lost.Please use > ldapclient (1M) instead. > # > NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd > NS_LDAP_BINDPASSWD= {NS1}f8670fc15443505d > bash-3.00# more ldap_client_file > # > # Do not edit this file manually; your changes will be lost.Please use > ldapclient (1M) instead. > # > NS_LDAP_FILE_VERSION= 2.0 > NS_LDAP_SERVERS= 10.10.96.114 <http://10.10.96.114> > NS_LDAP_SEARCH_BASEDN= dc=test,dc=com,dc=bd > NS_LDAP_AUTH= simple > NS_LDAP_SEARCH_REF= FALSE > NS_LDAP_SEARCH_SCOPE= sub > NS_LDAP_SEARCH_TIME= 30 > NS_LDAP_SERVER_PREF= 10.10.96.114 <http://10.10.96.114> > NS_LDAP_CACHETTL= 43200 > NS_LDAP_PROFILE= default > NS_LDAP_CREDENTIAL_LEVEL= proxy > NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=profile,dc=test,dc=com,dc=bd?sub > NS_LDAP_SERVICE_SEARCH_DESC= group:ou=profile,dc=test,dc=com,dc=bd?sub > NS_LDAP_BIND_TIME= 10 > bash-3.00# > > ################ > bash-3.00# ldaplist -l passwd > dn: uid=ldaptst,ou=profile,dc=test,dc=com,dc=bd > objectClass: posixAccount > objectClass: top > objectClass: inetOrgPerson > objectClass: organizationalPerson > objectClass: person > gidNumber: 65534 > givenName: ldap > sn: Only > displayName: LDAP Test > uid: ldaptst > homeDirectory: /export/home > loginShell: /bin/ksh > cn: LDAP Test > uidNumber: 16954 > bash-3.00# > ################################ > > # > # /etc/nsswitch.ldap: > # > # An example file that could be copied over to /etc/nsswitch.conf; it > # uses LDAP in conjunction with files. > # > # "hosts:" and "services:" in this file are used only if the > # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports. > > # LDAP service requires that svc:/network/ldap/client:default be enabled > # and online. > > # the following two lines obviate the "+" entry in /etc/passwd and > /etc/group. > passwd: files ldap > group: files ldap > > # consult /etc "files" only if ldap is down. > hosts: files dns > > # Note that IPv4 addresses are searched for in all of the ipnodes > databases > # before searching the hosts databases. > ipnodes: files > > networks: files > protocols: files > rpc: files > ethers: files > netmasks: files > bootparams: files > publickey: files > > netgroup: files > > automount: files > aliases: files > > # for efficient getservbyname() avoid ldap > services: files > > printers: user files > > auth_attr: files > prof_attr: files > > project: files > > ####################/etc/pam.conf######### > > # login service (explicit because of pam_dial_auth) > # > login auth requisite pam_authtok_get.so.1 > login auth required pam_dhkeys.so.1 > login auth required pam_unix_cred.so.1 > #login auth required pam_unix_auth.so.1 > login auth required pam_dial_auth.so.1 > login auth binding pam_unix_auth.so.1 server_policy > login auth required pam_ldap.so.1 > # > # > # rlogin service (explicit because of pam_rhost_auth) > # > rlogin auth sufficient pam_rhosts_auth.so.1 > rlogin auth requisite pam_authtok_get.so.1 > rlogin auth required pam_dhkeys.so.1 > rlogin auth required pam_unix_cred.so.1 > #rlogin auth required pam_unix_auth.so.1 > rlogin auth binding pam_unix_auth.so.1 server_policy > rlogin auth required pam_ldap.so.1 > # > # Kerberized rlogin service > # > krlogin auth required pam_unix_cred.so.1 > krlogin auth binding pam_krb5.so.1 > krlogin auth required pam_unix_auth.so.1 > # > # rsh service (explicit because of pam_rhost_auth, > # and pam_unix_auth for meaningful pam_setcred) > # > rsh auth sufficient pam_rhosts_auth.so.1 > rsh auth required pam_unix_cred.so.1 > rsh auth binding pam_unix_auth.so.1 server_policy > rsh auth required pam_ldap.so.1 > # > # Kerberized rsh service > # > krsh auth required pam_unix_cred.so.1 > krsh auth binding pam_krb5.so.1 > krsh auth required pam_unix_auth.so.1 > # > # Kerberized telnet service > # > ktelnet auth required pam_unix_cred.so.1 > ktelnet auth binding pam_krb5.so.1 > ktelnet auth required pam_unix_auth.so.1 > # > # PPP service (explicit because of pam_dial_auth) > # > ppp auth requisite pam_authtok_get.so.1 > ppp auth required pam_dhkeys.so.1 > #ppp auth required pam_unix_cred.so.1 > ppp auth required pam_dial_auth.so.1 > #ppp auth required pam_unix_auth.so.1 > ppp auth binding pam_unix_auth.so.1 server_policy > ppp auth required pam_ldap.so.1 > # > # Default definitions for Authentication management > # Used when service name is not explicitly mentioned for authentication > # > other auth requisite pam_authtok_get.so.1 > other auth required pam_dhkeys.so.1 > other auth required pam_unix_cred.so.1 > #other auth required pam_unix_auth.so.1 > other auth binding pam_unix_auth.so.1 server_policy > other auth required pam_ldap.so.1 > # > # passwd command (explicit because of a different authentication module) > # > #passwd auth required pam_passwd_auth.so.1 > passwd auth binding pam_passwd_auth.so.1 server_policy > passwd auth required pam_ldap.so.1 > # > # cron service (explicit because of non-usage of pam_roles.so.1) > # > cron account required pam_unix_account.so.1 > # > # Default definition for Account management > # Used when service name is not explicitly mentioned for account > management > # > other account requisite pam_roles.so.1 > #other account required pam_unix_account.so.1 > other account binding pam_unix_account.so.1 server_policy > other account required pam_ldap.so.1 > # Default definition for Session management > # Used when service name is not explicitly mentioned for session > management > # > other session required pam_unix_session.so.1 > # > # Default definition for Password management > # Used when service name is not explicitly mentioned for password > management > # > other password required pam_dhkeys.so.1 > other password requisite pam_authtok_get.so.1 > other password requisite pam_authtok_check.so.1 > #other password required pam_authtok_store.so.1 > other password required pam_authtok_store.so.1 server_policy > # > # Support for Kerberos V5 authentication and example configurations can > # be found in the pam_krb5(5) man page under the "EXAMPLES" section. > # > > ######################################### Access LOG from > Server########### > > [21/Nov/2007:10:32:07 +0600] conn=1576076 op=1 SRCH > base="ou=profile,dc=test,dc=com,dc=bd" scope=2 > filter="(&(objectClass=shadowAccount)(uid=ldaptst))" attrs="uid > userPassword shadowFlag" > [21/Nov/2007:10:32:10 +0600] conn=1576077 op=1 SRCH > base="ou=profile,dc=test,dc=com,dc=bd" scope=2 > filter="(&(objectClass=posixAccount)(uid=ldaptst))" attrs="cn uid > uidNumber gidNumber gecos description homeDirectory loginShell" > [21/Nov/2007:10:32:10 +0600] conn=1576078 op=1 SRCH > base="ou=profile,dc=test,dc=com,dc=bd" scope=2 > filter="(&(objectClass=shadowAccount)(uid=ldaptst))" attrs="uid > userPassword shadowFlag" > [21/Nov/2007:10:32:10 +0600] conn=1576079 op=1 SRCH > base="ou=profile,dc=test,dc=com,dc=bd" scope=2 > filter="(&(objectClass=posixAccount)(uid=ldaptst))" attrs="cn uid > uidNumber gidNumber gecos description homeDirectory loginShell" > [21/Nov/2007:10:32:10 +0600] conn=1576080 op=1 SRCH > base="ou=profile,dc=test,dc=com,dc=bd" scope=2 > filter="(&(objectClass=shadowAccount)(uid=ldaptst))" attrs="uid > userPassword shadowFlag" > [21/Nov/2007:10:32:10 +0600] conn=1576081 op=1 SRCH > base="ou=profile,dc=test,dc=com,dc=bd" scope=2 > filter="(&(objectClass=posixAccount)(uid=ldaptst))" attrs=ALL > [21/Nov/2007:10:32:10 +0600] conn=1576082 op=0 BIND > dn="uid=ldaptst,ou=profile,dc=test,dc=com,dc=bd" method=128 version=3 > > ###################################### > > bash-3.00# ldapclient -v init -a profileName=default -a > proxyDN=cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd -a > proxyPassword=Dm123456 10.10.96.114:389 <http://10.10.96.114:389> > Parsing profileName=default > Parsing proxyDN=cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd > Parsing proxyPassword=Dm123456 > Arguments parsed: > proxyDN: cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd > profileName: default > proxyPassword: Dm123456 > defaultServerList: 10.10.96.114:389 <http://10.10.96.114:389> > Handling init option > About to configure machine by downloading a profile > findBaseDN: begins > findBaseDN: ldap not running > findBaseDN: calling __ns_ldap_default_config() > found 2 namingcontexts > findBaseDN: __ns_ldap_list(NULL, > "(&(objectclass=nisDomainObject)(nisdomain= test.com.bd > <http://test.com.bd>))" > rootDN[0] dc=test,dc=com,dc=bd > found baseDN dc=test,dc=com,dc=bd for domain test.com.bd > <http://test.com.bd> > Proxy DN: cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd > Proxy password: {NS1}f8670fc15443505d > Credential level: 1 > Authentication method: 1 > About to modify this machines configuration by writing the files > Stopping network services > Stopping sendmail > stop: sleep 100000 microseconds > stop: network/smtp:sendmail... success > Stopping nscd > stop: sleep 100000 microseconds > stop: system/name-service-cache:default... success > Stopping autofs > stop: sleep 100000 microseconds > stop: sleep 200000 microseconds > stop: sleep 400000 microseconds > stop: sleep 800000 microseconds > stop: sleep 1600000 microseconds > stop: sleep 3200000 microseconds > stop: system/filesystem/autofs:default... success > ldap not running > nisd not running > nis(yp) not running > file_backup: stat(/etc/nsswitch.conf)=0 > file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf) > file_backup: stat(/etc/defaultdomain)=0 > file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain) > file_backup: stat(/var/nis/NIS_COLD_START)=-1 > file_backup: No /var/nis/NIS_COLD_START file. > file_backup: nis domain is "test.com.bd <http://test.com.bd>" > file_backup: stat(/var/yp/binding/test.com.bd)=-1 > file_backup: No /var/yp/binding/test.com.bd directory. > file_backup: stat(/var/ldap/ldap_client_file)=-1 > file_backup: No /var/ldap/ldap_client_file file. > Starting network services > start: /usr/bin/domainname test.com.bd... success > start: sleep 100000 microseconds > start: network/ldap/client:default... success > start: sleep 100000 microseconds > start: system/filesystem/autofs:default... success > start: sleep 100000 microseconds > start: system/name-service-cache:default... success > start: sleep 100000 microseconds > start: network/smtp:sendmail... success > restart: sleep 100000 microseconds > restart: milestone/name-services:default... success > System successfully configured > bash-3.00# > ######################333 > > > > > > > > regards > > Imtiaz > > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20071121/f18af253/attachment.bin
