[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Account question

To: Buchan Milne <bgmilne@staff.telkomsa.net>
Subject: Re: Account question
From: NetNinja <2bitninja@gmail.com>
Date: Thu, 15 Dec 2011 08:50:24 -0500
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=n9RCFu8PhXYLuavhXuiMq5FE5w9MyrNNoH0wT/PNmqM=; b=UjKrBHkL0Cc9S6J01MOTNirhk5DdETVAc9lz0l7crJppbDtP8ZpxjVOPh9YHJR8f+/ vtHa08Vkka+Lm3VueAsbrAybahV8yid/O8Pp7moow35PHucJTJwb4kX/qFIlGqoEQCBn VTwcHqYFk7Tnb003uscT2WLHs9g2nwvG7McHU=
In-reply-to: <201112150921.21608.bgmilne@staff.telkomsa.net>
References: <CAK0N32HtjBndQqakHmqkCtG-yQTS2jJGBNr51iQjRDww2qPz+A@mail.gmail.com> <201112150921.21608.bgmilne@staff.telkomsa.net>

On Thu, Dec 15, 2011 at 2:21 AM, Buchan Milne
<bgmilne@staff.telkomsa.net> wrote:
> On Wednesday, 14 December 2011 20:08:37 NetNinja wrote:
>
>> Hello,
>
>> I have a two different user accounts and one works the other not so
>
>> much. The account user03 works on both Solaris 10 and RHEL clients.
>
>> While test01 can do everything but login to the Solaris 10 client, I
>
>> can use this account to login to the RHEL client though. Can someone
>
>> look at my accounts below and tell me why user03 works and test01
>
>> doesn't?
>
>>
>
>> # user03, People, test.net
>
>> dn: uid=user03,ou=People,dc=test,dc=net
>
> [...]
>
>> shadowMax: 99999
>
>
>
>> # test01, People, test.net
>
>> dn: uid:test01,ou=People,dc=test,dc=net
>
> [...]
>
>> shadowMin: 0
>
>> shadowMax: 99999
>
>
> It could be your shadowMax: 0
I made a typo there it should say shadowMin: 0. This could be it the
other account doesn't have this line.
>
>
>> # ldapclient list
>
>> NS_LDAP_FILE_VERSION= 2.0
>
>> NS_LDAP_BINDDN= uid=proxyagent,ou=People,dc=test,dc=net
>
>> NS_LDAP_BINDPASSWD= password
>
>> NS_LDAP_SERVERS= X.X.X.X:389
>
>> NS_LDAP_SEARCH_BASEDN= dc=test,dc=net
>
>> NS_LDAP_SERVER_PREF= X.X.X.X
>
>> NS_LDAP_CACHETTL= 0
>
>> NS_LDAP_CREDENTIAL_LEVEL= proxy
>
>> NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=test,dc=net
>
>> NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=test,dc=net
>
>> NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=test,dc=net
>
>> NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:simple
>
>>
>
>> I'm still testing so I ran ldapclient manual. When I feel that I have
>
>> the the right setting, I will load the profile into LDAP.
>
>
> You didn't provide your full configuration for your RHEL client, but maybe
> it doesn't have access to the shadowMax attribute, or isn't using 'ldap' for
> shadow. Or maybe the presence of two values for shadowMax confuses the
> Solaris ldapclient.
>
>
> Regards,
>
> Buchan
>
>

Thanks for your help. The RHEL clients work fine for both accounts.
Only the Solaris client has issues with the test01 account.

I'm just trying to get the setup right for Solaris. Next step
automount or autofs.

References:
- Account question
  - From: NetNinja <2bitninja@gmail.com>
- Re: Account question
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: Re: Account question
Next by Date: Re: slapd-ldap as proxy to active directory
Index(es):
- Chronological
- Thread