Re: Ldap user login problem in solaris 10

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Imtiaz Ahmed wrote:

hi
*I can't login Solaris 10 by ldap user*. I have installed Red hat 7.1 DS and it's working fine with HP-UX and Linux. 
Did you see this?
http://directory.fedoraproject.org/wiki/Howto:SolarisClient
I create a user named *ldaptst* under ou=profile,dc=test,dc=com,dc=bd LDAP Client=Solaris 10 
LDAP Server=HP-UX 11.23 (Red Hat DS 7.1)

Solaris 10

bash-3.00# more ldap_client_cred
#
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead. 
#
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd
NS_LDAP_BINDPASSWD= {NS1}f8670fc15443505d
bash-3.00# more ldap_client_file
#
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead. 
#
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 10.10.96.114 <http://10.10.96.114>
NS_LDAP_SEARCH_BASEDN= dc=test,dc=com,dc=bd
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= sub
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_SERVER_PREF= 10.10.96.114 <http://10.10.96.114>
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= default
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=profile,dc=test,dc=com,dc=bd?sub
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=profile,dc=test,dc=com,dc=bd?sub
NS_LDAP_BIND_TIME= 10
bash-3.00#

################
bash-3.00# ldaplist -l passwd
dn: uid=ldaptst,ou=profile,dc=test,dc=com,dc=bd
        objectClass: posixAccount
        objectClass: top
        objectClass: inetOrgPerson
        objectClass: organizationalPerson
        objectClass: person
        gidNumber: 65534
        givenName: ldap
        sn: Only
        displayName: LDAP Test
        uid: ldaptst
        homeDirectory: /export/home
        loginShell: /bin/ksh
        cn: LDAP Test
        uidNumber: 16954
bash-3.00#
################################

#
# /etc/nsswitch.ldap:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses LDAP in conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.

# LDAP service requires that svc:/network/ldap/client:default be enabled
# and online.
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group. 
passwd:     files ldap
group:      files ldap

# consult /etc "files" only if ldap is down.
hosts:       files dns
# Note that IPv4 addresses are searched for in all of the ipnodes databases 
# before searching the hosts databases.
ipnodes:     files

networks:   files
protocols:  files
rpc:        files
ethers:     files
netmasks:   files
bootparams: files
publickey:  files

netgroup:   files

automount:  files
aliases:    files

# for efficient getservbyname() avoid ldap
services:   files

printers:   user files

auth_attr: files
prof_attr: files

project:    files

####################/etc/pam.conf#########

# login service (explicit because of pam_dial_auth)
#
login   auth requisite          pam_authtok_get.so.1
login   auth required           pam_dhkeys.so.1
login   auth required           pam_unix_cred.so.1
#login  auth required           pam_unix_auth.so.1
login   auth required           pam_dial_auth.so.1
login   auth binding            pam_unix_auth.so.1 server_policy
login   auth required           pam_ldap.so.1
#
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin  auth sufficient         pam_rhosts_auth.so.1
rlogin  auth requisite          pam_authtok_get.so.1
rlogin  auth required           pam_dhkeys.so.1
rlogin  auth required           pam_unix_cred.so.1
#rlogin auth required           pam_unix_auth.so.1
rlogin  auth binding            pam_unix_auth.so.1 server_policy
rlogin  auth required           pam_ldap.so.1
#
# Kerberized rlogin service
#
krlogin auth required           pam_unix_cred.so.1
krlogin auth binding            pam_krb5.so.1
krlogin auth required           pam_unix_auth.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh     auth sufficient         pam_rhosts_auth.so.1
rsh     auth required           pam_unix_cred.so.1
rsh     auth binding            pam_unix_auth.so.1 server_policy
rsh     auth required           pam_ldap.so.1
#
# Kerberized rsh service
#
krsh    auth required           pam_unix_cred.so.1
krsh    auth binding            pam_krb5.so.1
krsh    auth required           pam_unix_auth.so.1
#
# Kerberized telnet service
#
ktelnet auth required           pam_unix_cred.so.1
ktelnet auth binding            pam_krb5.so.1
ktelnet auth required           pam_unix_auth.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp     auth requisite          pam_authtok_get.so.1
ppp     auth required           pam_dhkeys.so.1
#ppp    auth required           pam_unix_cred.so.1
ppp     auth required           pam_dial_auth.so.1
#ppp     auth required          pam_unix_auth.so.1
ppp     auth binding            pam_unix_auth.so.1 server_policy
ppp     auth required           pam_ldap.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other   auth requisite          pam_authtok_get.so.1
other   auth required           pam_dhkeys.so.1
other   auth required           pam_unix_cred.so.1
#other  auth required           pam_unix_auth.so.1
other   auth binding            pam_unix_auth.so.1 server_policy
other   auth required           pam_ldap.so.1
#
# passwd command (explicit because of a different authentication module)
#
#passwd auth required           pam_passwd_auth.so.1
passwd  auth binding            pam_passwd_auth.so.1 server_policy
passwd  auth required           pam_ldap.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron    account required        pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management 
#
other   account requisite       pam_roles.so.1
#other  account required        pam_unix_account.so.1
other   account binding         pam_unix_account.so.1 server_policy
other   account required        pam_ldap.so.1
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management 
#
other   session required        pam_unix_session.so.1
#
# Default definition for  Password management
# Used when service name is not explicitly mentioned for password management 
#
other   password required       pam_dhkeys.so.1
other   password requisite      pam_authtok_get.so.1
other   password requisite      pam_authtok_check.so.1
#other  password required       pam_authtok_store.so.1
other   password required       pam_authtok_store.so.1 server_policy
#
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#
######################################### Access LOG from Server###########
[21/Nov/2007:10:32:07 +0600] conn=1576076 op=1 SRCH base="ou=profile,dc=test,dc=com,dc=bd" scope=2 filter="(&(objectClass=shadowAccount)(uid=ldaptst))" attrs="uid userPassword shadowFlag" [21/Nov/2007:10:32:10 +0600] conn=1576077 op=1 SRCH base="ou=profile,dc=test,dc=com,dc=bd" scope=2 filter="(&(objectClass=posixAccount)(uid=ldaptst))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell" [21/Nov/2007:10:32:10 +0600] conn=1576078 op=1 SRCH base="ou=profile,dc=test,dc=com,dc=bd" scope=2 filter="(&(objectClass=shadowAccount)(uid=ldaptst))" attrs="uid userPassword shadowFlag" [21/Nov/2007:10:32:10 +0600] conn=1576079 op=1 SRCH base="ou=profile,dc=test,dc=com,dc=bd" scope=2 filter="(&(objectClass=posixAccount)(uid=ldaptst))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell" [21/Nov/2007:10:32:10 +0600] conn=1576080 op=1 SRCH base="ou=profile,dc=test,dc=com,dc=bd" scope=2 filter="(&(objectClass=shadowAccount)(uid=ldaptst))" attrs="uid userPassword shadowFlag" [21/Nov/2007:10:32:10 +0600] conn=1576081 op=1 SRCH base="ou=profile,dc=test,dc=com,dc=bd" scope=2 filter="(&(objectClass=posixAccount)(uid=ldaptst))" attrs=ALL [21/Nov/2007:10:32:10 +0600] conn=1576082 op=0 BIND dn="uid=ldaptst,ou=profile,dc=test,dc=com,dc=bd" method=128 version=3 

######################################
bash-3.00# ldapclient -v init -a profileName=default -a proxyDN=cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd -a proxyPassword=Dm123456 10.10.96.114:389 <http://10.10.96.114:389> 
Parsing profileName=default
Parsing proxyDN=cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd
Parsing proxyPassword=Dm123456
Arguments parsed:
        proxyDN: cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd
        profileName: default
        proxyPassword: Dm123456
        defaultServerList: 10.10.96.114:389 <http://10.10.96.114:389>
Handling init option
About to configure machine by downloading a profile
findBaseDN: begins
findBaseDN: ldap not running
findBaseDN: calling __ns_ldap_default_config()
found 2 namingcontexts
findBaseDN: __ns_ldap_list(NULL, "(&(objectclass=nisDomainObject)(nisdomain= test.com.bd <http://test.com.bd>))" 
rootDN[0] dc=test,dc=com,dc=bd
found baseDN dc=test,dc=com,dc=bd for domain test.com.bd <http://test.com.bd> 
Proxy DN: cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd
Proxy password: {NS1}f8670fc15443505d
Credential level: 1
Authentication method: 1
About to modify this machines configuration by writing the files
Stopping network services
Stopping sendmail
stop: sleep 100000 microseconds
stop: network/smtp:sendmail... success
Stopping nscd
stop: sleep 100000 microseconds
stop: system/name-service-cache:default... success
Stopping autofs
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: sleep 400000 microseconds
stop: sleep 800000 microseconds
stop: sleep 1600000 microseconds
stop: sleep 3200000 microseconds
stop: system/filesystem/autofs:default... success
ldap not running
nisd not running
nis(yp) not running
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: stat(/var/nis/NIS_COLD_START)=-1
file_backup: No /var/nis/NIS_COLD_START file.
file_backup: nis domain is "test.com.bd <http://test.com.bd>"
file_backup: stat(/var/yp/binding/test.com.bd)=-1
file_backup: No /var/yp/binding/test.com.bd directory.
file_backup: stat(/var/ldap/ldap_client_file)=-1
file_backup: No /var/ldap/ldap_client_file file.
Starting network services
start: /usr/bin/domainname test.com.bd... success
start: sleep 100000 microseconds
start: network/ldap/client:default... success
start: sleep 100000 microseconds
start: system/filesystem/autofs:default... success
start: sleep 100000 microseconds
start: system/name-service-cache:default... success
start: sleep 100000 microseconds
start: network/smtp:sendmail... success
restart: sleep 100000 microseconds
restart: milestone/name-services:default... success
System successfully configured
bash-3.00#
######################333


regards

Imtiaz


------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

<<attachment: smime.p7s>>

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux