[Fedora-directory-users] FDS and Solaris Client Question
Jeremiah Coleman
jay.coleman at cctechnol.com
Tue Sep 18 20:00:14 UTC 2007
I'm trying to set up a Solaris 10 client with FDS (all my linux clients
are working beautifully), but authentication is acting very strange.
Monitoring the net traffic, I can see the Solaris system bind, search
for info about the username, get a normal response, but then it just
unbinds. It never asks to authenticate a password. My configuration is
below.
Any help would be much appreciated.
ldap_client_file:
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= fds1.wherever.com
NS_LDAP_SEARCH_BASEDN= dc=wherever,dc=com
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= TRUE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= default
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=People,dc=wherever,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= group: ou=group,dc=wherever,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=People,dc=wherever,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= netgroup: ou=netgroup,dc=wherever,dc=com?one
NS_LDAP_BIND_TIME= 2
/etc/nsswitch.conf (note, I pulled ldap from networks, etc, since not
all of that is configured on ldap as yet):
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: files ldap
group: files ldap
shadow: files ldap
# consult /etc "files" only if ldap is down.
hosts: dns files ldap
# Note that IPv4 addresses are searched for in all of the ipnodes databases
# before searching the hosts databases.
ipnodes: files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
netgroup: ldap
automount: files ldap
aliases: files ldap
# for efficient getservbyname() avoid ldap
services: files ldap
printers: user files ldap
auth_attr: files ldap
prof_attr: files ldap
project: files ldap
tnrhtp: files ldap
tnrhdb: files ldap
/etc/pam.conf:
# login service (explicit because of pam_dial_auth)
#
login auth required pam_ldap.so.1
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_ldap.so.1
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth required pam_unix_auth.so.1
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other auth sufficient pam_ldap.so.1
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth required pam_unix_auth.so.1
#
# passwd command (explicit because of a different authentication module)
#
passwd auth sufficient pam_ldap.so.1
passwd auth required pam_passwd_auth.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account sufficient pam_ldap.so.1
other account requisite pam_roles.so.1
other account required pam_unix_account.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other session sufficient pam_ldap.so.1
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
--
Jeremiah Coleman
Systems Administrator
C & C Technologies
337-261-0660 x3421
jay.coleman at cctechnol.com
More information about the Fedora-directory-users
mailing list