[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Configuring Solaris 8 clients

To: Matthew Mauzy <matthew_mauzy@unc.edu>
Subject: RE: Configuring Solaris 8 clients
From: Igor Brezac <igor@ipass.net>
Date: Thu, 27 Mar 2003 09:37:31 -0500 (EST)
Cc: Quanah Gibson-Mount <quanah@stanford.edu>, LDAP Mailing List <openldap-software@OpenLDAP.org>
In-reply-to: <2503484600.1048727789@[192.168.1.102]>
References: <489540111.1048638599@cadabra.stanford.edu> <2503484600.1048727789@[192.168.1.102]>

On Thu, 27 Mar 2003, Matthew Mauzy wrote:

> Thanks for the examples but I'm still not able to configure solaris 8 as a
> client of the openldap 2.1.12 server.
>
> Here's my /var/ldap/ldap_client_file
>
> NS_LDAP_FILE_VERSION= 1.0
> NS_LDAP_SERVERS= 152.2.104.6:389
> NS_LDAP_SEARCH_BASEDN= dc=amath,dc=unc,dc=edu
> NS_LDAP_AUTH= NS_LDAP_AUTH_NONE
> NS_LDAP_TRANSPORT_SEC= NS_LDAP_SEC_NONE
> NS_LDAP_SEARCH_REF= NS_LDAP_NOREF
> NS_LDAP_DOMAIN= amath.unc.edu
> NS_LDAP_EXP= 1045640377
> NS_LDAP_SEARCH_DN= passwd:(ou=People,dc=amath,dc=unc,dc=edu),
> group:(ou=People,d
> c=amath,dc=unc,dc=edu)
> NS_LDAP_SEARCH_SCOPE= NS_LDAP_SCOPE_SUBTREE
> NS_LDAP_SEARCH_TIME= 30
>
> Here's my /var/ldap/ldap_client_cred
>
> NS_LDAP_BINDDN= cn=solaris,ou=ldapusers,dc=amath,dc=unc,dc=edu
>
>
> I've edited /etc/nsswitch.conf to place ldap into the passwd, group, hosts,
> etc., but when I run listusers all I get are the local users.
>
> My questions:
>
>  - For the BINDDN, don't I need the password?  When adding that 'user' into
> the LDAP dir, why is it that the NS_LDAP_BINDDN_PASSWD has the {NS1} stuff?
>

It depends.  You told the ldap client to bind anonymously to the ldap
server (NS_LDAP_AUTH= NS_LDAP_AUTH_NONE).  You can NS_LDAP_AUTH=
NS_LDAP_AUTH_SIMPLE if you want to simple bind to the ldap server with
NS_LDAP_BINDDN and NS_LDAP_BIND_PASSWD.

>  - Would upgrading to openLDAP 2.1.16 solve any of these problems?
>
>
> For Solaris 9 I've run the ldapclient command that you supplied (with
> proper alterations for my LDAP system) and am able to get all of the LDAP
> users with listusers (yah!), but when I try and login to one of the LDAP
> accounts I get incorrect password errors.  I can su - <ldap account> so I'm
> getting proper info from the LDAP server.  Is this a PAM problem???
>

My guess is that anonymous cannot read userPassword attribute, or the
userPassword attribute is not of the {crypt}xxxxxxxxxxxxx form.

Hope this helps.

-Igor

> Thanks again to everyone who sent suggestions and responses to my earlier
> email.
>
> --Matthew
>
> --On Wednesday, March 26, 2003 12:29 AM -0800 Quanah Gibson-Mount
> <quanah@stanford.edu> wrote:
>
> >
> >
> > --On Wednesday, March 26, 2003 9:14 AM +0100 Ramon Corominas
> > <rcorominas@citec.es> wrote:
> >
> >> Hi,
> >>
> >> Where can I get documentation about configuring solaris clients ?
> >>
> >> Thanks in advance,
> >>
> >
> > Ramon,
> >
> > I got it working in Solaris 9 in the following fashion:
> >
> > To set up a Solaris 9 machine for LDAP instead of NIS, one simply needs
> > to do the following:
> >
> > edit /etc/nsswitch.ldap
> >
> > Change the hosts: line from
> > hosts: ldap [blah.....] files
> > to
> > hosts: files dns
> >
> > and then run this command:
> >
> > ldapclient manual -a authenticationMethod=none -a
> > defaultSearchBase=dc=stanford,dc=edu -a
> > defaultServerList="ldap-test1.Stanford.EDU" -a domainName="stanford.edu"
> > -a followReferrals=false -a
> > serviceSearchDescriptor=passwd:cn=accounts,dc=stanford,dc=edu\?sub -a
> > serviceSearchDescriptor=group:cn=accounts,dc=stanford,dc=edu\?sub
> >
> > Of course, this only works for Stanford, but it gives you an idea how to
> > configure it.
> >
> >
> >
> > For Solaris 8:
> >
> > 1. Create /var/ldap/ldap_client_file
> >#
> ># Do not edit this file manually; your changes will be lost.Please use
> ># ldapclien
> > t (1M) instead.
> >#
> > NS_LDAP_FILE_VERSION= 1.0
> > NS_LDAP_SERVERS= 172.24.14.237:389
> > NS_LDAP_SEARCH_BASEDN= dc=stanford,dc=edu
> > NS_LDAP_AUTH= NS_LDAP_AUTH_NONE
> > NS_LDAP_TRANSPORT_SEC= NS_LDAP_SEC_NONE
> > NS_LDAP_SEARCH_REF= NS_LDAP_NOREF
> > NS_LDAP_DOMAIN= stanford.edu
> > NS_LDAP_EXP= 1045640377
> > NS_LDAP_SEARCH_DN= passwd:(cn=accounts,dc=stanford,dc=edu),
> > group:(cn=accounts,d c=stanford,dc=edu)
> > NS_LDAP_SEARCH_SCOPE= NS_LDAP_SCOPE_SUBTREE
> > NS_LDAP_SEARCH_TIME= 30
> >
> >
> > 2.Create /var/ldap/ldap_client_cred:
> >#
> ># Do not edit this file manually; your changes will be lost.Please use
> ># ldapclient (1M) instead.
> >#
> > NS_LDAP_BINDDN= cn=accounts,dc=stanford,dc=edu
> >
> > 3. Edit /etc/nsswitch.conf so the passwd: line to read:
> >
> > passwd: file ldap
> >
> >
> > 4. tests:
> >
> > /usr/bin/listuser
> >
> >
> > --Quanah
> >
> > --
> > Quanah Gibson-Mount
> > Senior Systems Administrator
> > ITSS/TSS/Computing Systems
> > Stanford University
> > GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
> >
>
>
> __________________________________________________________________
>                         Matthew W. Mauzy
>                       Systems Administrator
>                       Applied Math @ UNC-CH
> email : mauzy@amath.unc.edu           pager : mpager@amath.unc.edu
>  (W) 919.962.9819   www.amath.unc.edu/~mauzy/   (P) 919.347.0390
> __________________________________________________________________
>

-- 
Igor

Follow-Ups:
- RE: Configuring Solaris 8 clients
  - From: Matthew Mauzy <matthew_mauzy@unc.edu>

References:
- RE: Configuring Solaris 8 clients
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- RE: Configuring Solaris 8 clients
  - From: Matthew Mauzy <matthew_mauzy@unc.edu>

Prev by Date: Re: Alias Support
Next by Date: Re: Alias Support
Index(es):
- Chronological
- Thread