<html><body><div style="color:#000; background-color:#fff; font-family:verdana, helvetica, sans-serif;font-size:10pt"><div style="" class=""><br style=""><span style="" class=""></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: verdana,helvetica,sans-serif; background-color: transparent; font-style: normal;">hi</div><div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: verdana,helvetica,sans-serif; background-color: transparent; font-style: normal;">Please go ahead with below structure, It works!<br style="" class=""><span style="" class=""></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: verdana,helvetica,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""><span style="" class=""></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: verdana,helvetica,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""><span style="" class=""></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: verdana,helvetica,sans-serif; background-color: transparent; font-style: normal;"><span style="" class=""><a style="" class="" href="https://www.redhat.com/archives/freeipa-users/2013-January/msg00021.html">Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?</a><br style="" class=""></span></div><div style="width:450px; font-family: 'Georgia', 'Times', 'Times New Roman', 'serif';margin-top:5px; margin-bottom: 5px;" id="enhancrCard_0" class="link-enhancr-attachment link-enhancr-element" contenteditable="false"><table class="link-enhancr-element" style="width:450px; height:auto; position: relative; display: block;" border="0" cellpadding="0" cellspacing="0"><tbody><tr class="link-enhancr-element"><td class="link-enhancr-element" colspan="7" style="height: 1px; background-color: #e5e5e5; font-size: 1px; border-collapse: collapse;"><div class="link-enhancr-element" style="height: 1px; background-color: #e5e5e5; font-size: 1px; line-height:0px;"> </div></td></tr><tr class="link-enhancr-element"><td rowspan="5" class="link-enhancr-element" style="width: 1px; background-color: #e5e5e5; font-size: 1pt; border-collapse: collapse;"><div class="link-enhancr-element" style="width: 1px; background-color: #e5e5e5; font-size: 1pt;"> </div></td><td rowspan="5" class="link-enhancr-element" style="width: 14px; background-color: #ffffff; font-size: 0pt; border-collapse: collapse;"><div class="link-enhancr-element" style="width: 14px; background-color: #ffffff; font-size: 14pt;"> </div></td><td colspan="2" class="link-enhancr-element" style="height: 6px; background-color: #ffffff; font-size: 0pt; border-collapse: collapse;"><div class="link-enhancr-element" style="height: 6px; background-color: #ffffff; font-size: 6pt;"> </div></td><td rowspan="5" class="link-enhancr-element" style="width: 20px; background-color: #ffffff; font-size: 0pt; border-collapse: collapse;"><div class="link-enhancr-element" style="width: 20px; background-color: #ffffff; font-size: 20pt;"> </div></td><td class="link-enhancr-element" rowspan="5" style="width: 1px; background-color: #e5e5e5; font-size: 1pt; border-collapse: collapse;" width="1"><div class="link-enhancr-element" style="width: 1px; background-color: #e5e5e5; font-size: 1pt;"> </div></td></tr><tr><td class="link-enhancr-element" colspan="2" style="width: 100%; vertical-align: middle; font-family: 'Georgia', 'Times', 'Times New Roman', 'serif';"><div class="link-enhancr-text-part link-enhancr-element" style="line-height:16.5px; background-color: #ffffff; width: 414px;"><div class="link-enhancr-element" style="word-wrap: break-word; word-break: break-all;"><span class="link-enhancr-element icon icon-shrink link-enhancr-toggle"></span><span class="link-enhancr-element icon icon-close link-enhancr-delete"></span><a href="https://www.redhat.com/archives/freeipa-users/2013-January/msg00021.html" class="link-enhancr-card-urlWrapper link-enhancr-element" style="text-decoration: none !important; color: #000000 !important; line-height: 100%; font-size: 18px; display: block;"><span class="link-enhancr-element link-enhancr-card-title" style="margin: 0; font-weight: normal;margin-bottom: 3px; font-size: 18px; line-height: 21px; max-height: 43px; color: #000000; overflow: hidden !important; display: inline-block;">Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?</span></a><div style="font-size: 13px; line-height: 20px; color: #999999; max-height: 81px; font-family: 'Georgia', 'Times', 'Times New Roman', 'serif';overflow: hidden;" class="link-enhancr-card-description link-enhancr-element">[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] Re: [Freeipa-users] Does Solaris 11 work as client to IPA server? </div></div></div></td></tr><tr><td colspan="2" class="link-enhancr-element" style="height: 6px; background-color: #ffffff; font-size: 0pt; border-collapse: collapse;"><div class="link-enhancr-element" style="height: 6px; background-color: #ffffff; font-size: 6pt;"></div></td></tr><tr><td class="link-enhancr-element" style="vertical-align: middle; font-family: 'Arial', 'Helvetica Neue', 'Helvetica', 'sans-serif';"><div class="link-enhancr-element" style="font-size: 0pt;"><a href="https://www.redhat.com/archives/freeipa-users/2013-January/msg00021.html" class="link-enhancr-card-url link-enhancr-element" style="color: black; text-decoration: none !important;cursor:pointer !important;" target="_blank"><span class="link-enhancr-element link-enhancr-view-on" style="display: inline-block; line-height: 11px; max-width: 314px; min-width: 254px; overflow: hidden; max-height: 13px; word-break: break-all;"><span class="link-enhancr-element link-enhancr-mobile-no-resize" style="vertical-align:middle; font-size: 9px; line-height: 11px; color: #999999; -moz-text-size-adjust: none; -ms-text-size-adjust: none; -webkit-text-size-adjust:none; text-size-adjust:none;">View on <span style="font-weight: bold" class="link-enhancr-view-on-domain">www.redhat.com</span></span></span></a></div></td><td class="link-enhancr-element" style="vertical-align: middle; width: 100px; font-family: 'Arial', 'Helvetica Neue', 'Helvetica', 'sans-serif';"><div class="link-enhancr-element link-enhancr-preview-wrapper" style="max-width: 100px; min-width: 80px; overflow: hidden; text-align: right; line-height: 11px; max-height: 13px; font-size: 0pt;"><span class="link-enhancr-element link-enhancr-preview-by link-enhancr-mobile-no-resize" style="vertical-align:middle; font-size: 9px; line-height: 11px; color: #999999; -moz-text-size-adjust: none; -ms-text-size-adjust: none; -webkit-text-size-adjust:none; text-size-adjust:none;">Preview by Yahoo</span></div></td></tr><tr><td colspan="2" class="link-enhancr-element" style="height: 9px; background-color: #ffffff; font-size: 0pt; border-collapse: collapse;"><div class="link-enhancr-element" style="height: 9px; background-color: #ffffff; font-size: 9pt;"></div></td></tr><tr class="link-enhancr-element"><td class="link-enhancr-element" colspan="7" style="height: 1px; background-color: #e5e5e5; font-size: 1px; border-collapse: collapse;"><div class="link-enhancr-element" style="height: 1px; background-color: #e5e5e5; font-size: 1px; line-height:0px"> </div></td></tr></tbody></table></div><div style="" class=""><br style="" class=""></div> <div class="" style="font-family: verdana, helvetica, sans-serif; font-size: 10pt;"> <div class="" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"> <div style="" class="" dir="ltr"> <hr style="" class="" size="1"> <font style="" class="" face="Arial" size="2"> <b style="" class=""><span class="" style="font-weight:bold;">From:</span></b> Gerardo Padierna <asl.gerardo@gmail.com><br style="" class=""> <b style="" class=""><span class="" style="font-weight: bold;">To:</span></b> freeipa-users@redhat.com <br style="" class=""> <b style="" class=""><span class="" style="font-weight: bold;">Sent:</span></b> Monday, September 8, 2014 2:14 PM<br style="" class=""> <b style="" class=""><span class="" style="font-weight: bold;">Subject:</span></b> [Freeipa-users] Solaris 10 client auth (ssh + kerberos) not working<br style="" class=""> </font> </div> <div style="" class=""><br style="" class=""><div style="" class="" id="yiv2696150591"> <div style="" class=""> Hello folks,<br style="" class=""> <br style="" class=""> I'm setting up an IPA-server instance aimed to be used primarily for Linux/Unix clients ssh authentication (with kerberos). <br style="" class=""> I've managed to successfully set up debian clients (via sssd and also on older debians, through libnss and pam_krb5). But for some reason I can't authenticate ssh on Solaris10 clients. <br style="" class=""> On the Solaris box, I've followed the steps outiined here: <br style="" class=""> <a style="" rel="nofollow" class="" target="_blank" href="http://www.freeipa.org/page/ConfiguringUnixClients">http://www.freeipa.org/page/ConfiguringUnixClients</a><br style="" class=""> and the nss part works fine (things like getent [group | passwd] and id <user> work), but unfortunaltely, the ssh user authentication fails with an error:<br style="" class=""> sshd auth.error PAM-KRB5 (auth): krb5_verify_init_creds failed: No such file or directory<br style="" class=""> <br style="" class=""> On the solaris clients, does there need to be a keytab in /etc/krb5/ directory copied over from the IPA server? (I didn't have to set up a keytab file fo the legacy debian clients, and in the solaris-clients doc previously mentioned, there's no mention of it). Well, since I read somewhere the keytab file need to be there, I copied it over from the IPA server to the solaris clients, Then I get a different error: <br style="" class=""> PAM-KRB5 (auth): krb5_verify_init_creds failed: Key table entry not found<br style="" class=""> <br style="" class=""> This error seems to indicate that there isn't an matching entry found in the keytab file, so I added an entry for the solaris client, but I'm still getting the same 'Key table entry not found' error (it could be the entry I added is wrong, of course). But, for now, just want to be sure: On the solaris clients, do I need an /etc/krb5/krb5.keytab file? (if yes, why not in the non-sssd Debian hosts then?)<br style="" class=""> <br style="" class=""> Thanks in advance,<br style="" class=""> <div style="" class="">-- <br style="" class=""> <title style="" class=""></title> <style style="" class="" type="text/css">  </style> <div style="" class=""><font style="" class="" color="#0000cc"><font style="" class="" face="Arial, sans-serif"><font class="" style="font-size:11pt;" size="2"><b style="" class="">Gerardo Padierna Nanclares</b></font></font></font> <font style="" class="" face="Arial, sans-serif"><br style="" class=""> </font><font style="" class="" face="Verdana, sans-serif"><font class="" style=" font-size:9pt;" size="2">Técnico de Sistemas (grupo ASL) - </font></font><font style="" class="" color="#77216f"><font style="" class="" face="Verdana, sans-serif"><font class="" style="font-size:9pt;" size="2">[Fujitsu / Logware]</font></font></font> <br style="" class=""> <font style="" class="" face="Arial, sans-serif"><font class="" style="font-size:9pt;" size="2">Servicio de Sistemas de la Información (DGTI) - Generalitat Valenciana <br style="" class=""> C/.Castan Tobeñas 77 – 46018 Valencia – Edificio A <br style="" class=""> Tel: 961 208973 <br style="" class=""> Email: <a style="" class="" rel="nofollow" ymailto="mailto:asl.gerardo@gmail.com" target="_blank" href="mailto:asl.gerardo@gmail.com">asl.gerardo@gmail.com</a></font></font> </div> </div> </div> </div><br style="" class="">-- <br style="" class="">Manage your subscription for the Freeipa-users mailing list:<br style="" class=""><a style="" class="" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br style="" class="">Go To <a style="" class="" href="http://freeipa.org/" target="_blank">http://freeipa.org </a>for more info on the project<br style="" class=""><br style="" class=""></div> </div> </div> </div></body></html>