[Freeipa-users] Solaris 10 as IPA Client?

Sigbjorn Lie sigbjorn at nixtra.com
Thu Dec 1 10:09:36 UTC 2011 

Hi,

I use Solaris 10 as clients, several different updates. They all work fine. I have replaced the
default DUAConfigProfile though, to include netgroups and automount support, and use SSL
authenticated connctions, but the default should work well for basic user and group. Even though
it uses unencrypted, unauthenticated connections to the LDAP server. :)

Please note that you really need to change /etc/nsswitch.ldap before running the ldapclient
script, as this is being copied into /etc/nsswitch.conf by the ldapclient script. The default
nsswitch.ldap sets hosts to look from ldap, and removes dns. This does not work with IPA as it
relies on DNS for name lookups, and the hosts tables does not exist in IPA's LDAP server. This
prevents the ldap client from starting.

I've configured my nsswitch.ldap to only look up passwd, group, automount, netgroup and ethers for
now.

Remember to configure the kerberos client afterwards. AES256 (which is the first KRB encryption
type in IPA) was not included in Solaris 10 until Update 8 from what I've read. On these machines
I have created keytabs using only AES128 and below for the keytab, and limiting enctypes in
krb5.conf using default_tkt_enctypes and default_tgs_enctypes to AES128 and downwards.



Regards,
Siggi






On Thu, December 1, 2011 06:31, Craig T wrote:
> Hi,
>
>
> Anyone had any success using Solaris 10 as a IPA client (using ipa-server-2.1.1-4.el6.x86_64)?
> Does anyone have any more detailed documentation on the topic? I find that Section "3.3.1.
> Configuring Solaris 10" from the Identitiy Management Guide very light.
>
>
>
> #Solaris 10 (Newest Edition)
> Oracle Solaris 10 8/11 s10x_u10wos_17b X86
> Copyright (c) 1983, 2011, Oracle and/or its affiliates. All rights reserved.
> Assembled 23 August 2011
>
>
>
> bash-3.2# ldapclient -v init chtvm-389.teratext.saic.com.au Arguments parsed:
> defaultServerList: chtvm-389.teratext.saic.com.au
> Handling init option
> About to configure machine by downloading a profile
> No profile specified. Using "default"
> Proxy DN: NULL
> Proxy password: NULL
> Authentication method: 0
> No proxyDN/proxyPassword required
> Shadow Update is not enabled, no adminDN/adminPassword is required.
> About to modify this machines configuration by writing the files
> Stopping network services
> Stopping sendmail
> stop: sleep 100000 microseconds
> stop: network/smtp:sendmail... success
> Stopping nscd
> stop: sleep 100000 microseconds
> stop: sleep 200000 microseconds
> stop: system/name-service-cache:default... success
> Stopping autofs
> stop: sleep 100000 microseconds
> stop: sleep 200000 microseconds
> stop: sleep 400000 microseconds
> stop: sleep 800000 microseconds
> stop: sleep 1600000 microseconds
> stop: sleep 3200000 microseconds
> stop: system/filesystem/autofs:default... success
> ldap not running nisd not running nis(yp) not running file_backup: stat(/etc/nsswitch.conf)=0
> file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
> file_backup: stat(/etc/defaultdomain)=0
> file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
> file_backup: stat(/var/nis/NIS_COLD_START)=-1
> file_backup: No /var/nis/NIS_COLD_START file.
> file_backup: nis domain is "teratext.saic.com.au"
> file_backup: stat(/var/yp/binding/teratext.saic.com.au)=-1
> file_backup: No /var/yp/binding/teratext.saic.com.au directory.
> file_backup: stat(/var/ldap/ldap_client_file)=-1
> file_backup: No /var/ldap/ldap_client_file file.
> Starting network services
> start: /usr/bin/domainname teratext.saic.com.au... success
> start: sleep 100000 microseconds
> start: sleep 200000 microseconds
> start: sleep 400000 microseconds
> start: sleep 800000 microseconds
> start: sleep 1600000 microseconds
> start: sleep 3200000 microseconds
> start: sleep 6400000 microseconds
> start: sleep 12800000 microseconds
> start: sleep 25600000 microseconds
> start: sleep 51200000 microseconds
>
>>>> start: sleep 17700000 microseconds                             <<<<
>>>> start: network/ldap/client:default... timed out                <<<<
>>>> start: network/ldap/client:default... offline to disable       <<<<
>>>> stop: sleep 100000 microseconds                                <<<<
>>>>
> stop: sleep 200000 microseconds
> stop: sleep 400000 microseconds
> stop: sleep 800000 microseconds
> stop: sleep 1600000 microseconds
> stop: sleep 3200000 microseconds
> stop: sleep 6400000 microseconds
> stop: sleep 12800000 microseconds
> stop: sleep 25600000 microseconds
> stop: sleep 8900000 microseconds
> stop: network/ldap/client:default... timed out
> start: sleep 100000 microseconds
> start: system/filesystem/autofs:default... success
> start: sleep 100000 microseconds
> start: system/name-service-cache:default... success
> start: sleep 100000 microseconds
> start: sleep 200000 microseconds
> start: network/smtp:sendmail... success
>
>>>> restart: sleep 100000 microseconds                             <<<<
>>>> restart: milestone/name-services:default... success            <<<<
>>>> Error resetting system.                                        <<<<
>>>> Recovering old system settings.                                <<<<
>>>> Stopping network services                                      <<<<
>>>>
> Stopping sendmail
> stop: sleep 100000 microseconds
> stop: network/smtp:sendmail... success
> Stopping nscd
> stop: sleep 100000 microseconds
> stop: sleep 200000 microseconds
> stop: system/name-service-cache:default... success
> Stopping autofs
> stop: sleep 100000 microseconds
> stop: sleep 200000 microseconds
> stop: sleep 400000 microseconds
> stop: sleep 800000 microseconds
> stop: sleep 1600000 microseconds
> stop: sleep 3200000 microseconds
> stop: system/filesystem/autofs:default... success
> Stopping ldap
> stop: sleep 100000 microseconds
> stop: sleep 200000 microseconds
> stop: sleep 400000 microseconds
> stop: sleep 800000 microseconds
> stop: sleep 1600000 microseconds
> stop: sleep 3200000 microseconds
> stop: sleep 6400000 microseconds
> stop: sleep 12800000 microseconds
> stop: sleep 25600000 microseconds
> stop: sleep 8900000 microseconds
> stop: network/ldap/client:default... timed out
> Stopping ldap failed with (7)
> Error (1) while stopping services during reset
> recover: stat(/var/ldap/restore/defaultdomain)=0
> recover: open(/var/ldap/restore/defaultdomain)
> recover: read(/var/ldap/restore/defaultdomain)
> recover: old domainname "teratext.saic.com.au"
> recover: stat(/var/ldap/restore/ldap_client_file)=-1
> recover: stat(/var/ldap/restore/ldap_client_cred)=-1
> recover: stat(/var/ldap/restore/NIS_COLD_START)=-1
> recover: stat(/var/ldap/restore/teratext.saic.com.au)=-1
> recover: stat(/var/ldap/restore/nsswitch.conf)=0
> recover: file_move(/var/ldap/restore/nsswitch.conf, /etc/nsswitch.conf)=0
> recover: stat(/var/ldap/restore/defaultdomain)=0
> recover: file_move(/var/ldap/restore/defaultdomain, /etc/defaultdomain)=0
> Starting network services
> start: /usr/bin/domainname teratext.saic.com.au... success
> start: sleep 100000 microseconds
> start: system/filesystem/autofs:default... success
> start: sleep 100000 microseconds
> start: sleep 200000 microseconds
> start: sleep 400000 microseconds
> start: system/name-service-cache:default... success
> start: sleep 100000 microseconds
> start: network/smtp:sendmail... success
> restart: sleep 100000 microseconds
> restart: sleep 200000 microseconds
> restart: milestone/name-services:default... success
>
>
>
>
> Regards,
>
>
> Craig
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>

More information about the Freeipa-users mailing list