[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: anyone using Irix clients?



On Thu, 2003-07-31 at 14:22, Rigler, Steve wrote:
> Hi Greg,
> 
> I've been testing Irix clients for a few months now.

thats good to hear...

> To get mine working I had to setup a proxyaccount with read access to
> userPassword attributes and configured the clients to bind with that
> account in /var/ns/ldap.conf.

I already have this set up, using it for all authentication on linux and
solaris. I can confirm that Irix binds with this proxy account, and
receives passwords (seen them on the wire and in the nsd maps).

> I also had to add to ldap.conf:
> 
> regsub  USERPASSWORD{{crypt\}|{CRYPT\}}{}
> 
> Other relevant entries (the only thing that's changed is the USERPASSWORD attribute):
> 
> table           passwd.byname
> filter_lookup   (&(OBJECTCLASS=POSIXACCOUNT)(UID=%s))
> filter_list     (OBJECTCLASS=POSIXACCOUNT)
> format          "UID:**:UIDNUMBER:GIDNUMBER:GECOS:HOMEDIRECTORY:LOGINSHELL"
> 
> table           shadow.byname
> filter_lookup   (&(OBJECTCLASS=SHADOWACCOUNT)(UID=%s))
> filter_list     (OBJECTCLASS=SHADOWACCOUNT)
> require         USERPASSWORD
> format          "UID:USERPASSWORD:SHADOWLASTCHANGE:SHADOWMIN:SHADOWMAX:SHADOWWARNING:SHADOWINACTIVE:SHADOWEXPIRE:SHADOWFLAG"

I've changed ldap.conf to look like this. and even changed passwd.byuid
to put in ** instead of the {crypt}<password>

> Check how the maps looks with nsadmin (ie nsadmin cat passwd).

they look good, as far as I can tell, altho the  shadow map contains
{crypt} or {CRYPT} before every password - is that right or should the
regsub strip that out?
# nsadmin match shadow abc
abc:{CRYPT}<crypted password>:::::::
#

many thanks

GREG

> -Steve
> 

-- 
Greg Matthews
iTSS Wallingford	01491 692445