[Freeipa-users] solaris 10 ad authentication happening with only one user
Ben .T.George
bentech4you at gmail.com
Sun Mar 15 10:01:30 UTC 2015
Hi LIst,
i have successfully configured my solaris 10 with AD through IPA 4.1.2
the issue i am facing is,only one AD user can able to solaris
here is the getent passwd:
<skipped>
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
*ben at infra.com:x:531001104:531001104:ben:/home/infra.com/ben
<http://infra.com/ben>:*
auth:x:643400008:643400008:auth auth:/home/auth:/bin/sh
shyam:x:643400007:643400007:shyam A:/export/home/shyam:/bin/bash
jude:x:643400006:643400006:jude joseph:/export/home/jude:/bin/bash
admin:x:643400000:643400000:Administrator:/home/admin:/bin/bash
user ben is from AD and can able to su to that user.i have tried with other
users and it's not happening.
here is my configuration file:
pam.conf
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth sufficient pam_krb5.so.1
login auth required pam_unix_cred.so.1
login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth required pam_unix_auth.so.1
#
# Kerberized rlogin service
#
krlogin auth required pam_unix_cred.so.1
krlogin auth required pam_krb5.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_cred.so.1
#
# Kerberized rsh service
#
krsh auth required pam_unix_cred.so.1
krsh auth required pam_krb5.so.1
#
# Kerberized telnet service
#
ktelnet auth required pam_unix_cred.so.1
ktelnet auth required pam_krb5.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_unix_cred.so.1
ppp auth required pam_unix_auth.so.1
ppp auth required pam_dial_auth.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth sufficient pam_krb5.so.1
other auth required pam_unix_auth.so.1
other auth sufficient pam_ldap.so.1
# passwd command (explicit because of a different authentication module)
#
passwd auth required pam_passwd_auth.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account requisite pam_roles.so.1
other account required pam_unix_account.so.1
other account required pam_krb5.so.1
other account sufficient pam_ldap.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
# Password construction requirements apply to all users.
# Remove force_check to have the traditional authorized administrator
# bypass of construction requirements.
other password requisite pam_authtok_check.so.1 force_check
other password sufficient pam_krb5.so.1
other password required pam_authtok_store.so.1
ldap_client_file:
#
# Do not edit this file manually; your changes will be lost.Please use
ldapclient (1M) instead.
#
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 172.16.107.244
NS_LDAP_SEARCH_BASEDN= dc=solaris,dc=local
NS_LDAP_AUTH= simple
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=solaris,dc=local
NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=compat,dc=solaris,dc=local
NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount
nsswitch.conf:
# the following two lines obviate the "+" entry in /etc/passwd and
/etc/group.
passwd: files ldap [NOTFOUND=return]
group: files ldap [NOTFOUND=return]
# consult /etc "files" only if ldap is down.
hosts: dns files
AD authentication is working some level and it restricted to only one user.
*ben at infra.com:x:531001104:531001104:ben:/home/infra.com/ben
<http://infra.com/ben>:*
auth:x:643400008:643400008:auth auth:/home/auth:/bin/sh
shyam:x:643400007:643400007:shyam A:/export/home/shyam:/bin/bash
jude:x:643400006:643400006:jude joseph:/export/home/jude:/bin/bash
admin:x:643400000:643400000:Administrator:/home/admin:/bin/bash
other than user "ben" all other users are local IPA users.
how can i troubleshot this issue
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150315/d9fabc95/attachment.htm>
More information about the Freeipa-users
mailing list