Sponsored Content
Full Discussion: Sol10 - OpenLDAP Auth
Operating Systems Solaris Sol10 - OpenLDAP Auth Post 302763605 by Panzerkampfwagn on Wednesday 30th of January 2013 07:48:01 AM
Old 01-30-2013
Wrench Sol10 - OpenLDAP Auth

Hi,

im new to Solaris (10) and need some help please.

Situation: Actually is there a Linux (SLES11) OpenLDAP-Server and authentification of Linux-Maschines works pretty sweet. Now i want to put the SOL10 (Sparc) boxes in....

Problem: User Authentification via OpenLDAP on Sol10 doesn´t work now (SSH-Login Screen comes, but if i enter the password, "Access denied")

Works (on Sol10-Ldap-Client):
  • getent passwd (lists all local and ldap-users)
  • ldaplist -vl (shows ou-entries)
  • su - ldapuser (user is only in ldap! works great...)
  • ldapsearch etc.. (all fine)
Configuration:
  • Native Client on Sol10:
    • ldapclient -v manual \
      -a defaultServerList=10.16.0.37 \
      -a domainname=example.de \
      -a defaultSearchBase=dc=example,dc=de \
      -a serviceSearchDescriptor=group:dc=example,dc=de?sub \
      -a serviceSearchDescriptor=passwd:dc=example,dc=de?sub \
      -a serviceSearchDescriptor=shadow:dc=example,dc=de \
      -a enableShadowUpdate=TRUE \
      -a adminDN=cn=manager,dc=example,dc=de \
      -a attributeMap=group:memberuid=memberUid \
      -a attributeMap=group:gidnumber=gidNumber \
      -a adminPassword=blaselfasel \
      -a attributeMap=passwd:gidnumber=gidNumber \
      -a attributeMap=passwd:uidnumber=uidNumber \
      -a attributeMap=passwd:loginshell=loginShell \
      -a attributeMap=shadow:shadowflag=shadowFlag \
      -a attributeMap=shadow:userpassword=userPassword
  • pam.conf on Sol10:
    • # login service (explicit because of pam_dial_auth)
      login auth requisite pam_authtok_get.so.1
      login auth required pam_dhkeys.so.1
      login auth required pam_unix_cred.so.1
      login auth required pam_unix_auth.so.1
      login auth required pam_dial_auth.so.1
  • # Default definitions for Authentication management
    # Used when service name is not explicitly mentioned for #authentication
    other auth requisite pam_authtok_get.so.1
    other auth required pam_dhkeys.so.1
    other auth required pam_unix_cred.so.1
    other auth required pam_unix_auth.so.1
  • # Used when service name is not explicitly mentioned for account management
  • other account requisite pam_roles.so.1
    other account required pam_unix_account.so.1
    other session required pam_unix_session.so.1
  • # Default definition for Password management
  • # Used when service name is not explicitly mentioned for password management
    #
    other password required pam_dhkeys.so.1
    other password requisite pam_authtok_get.so.1
    other password requisite pam_authtok_check.so.1 \ force_check
    other password required pam_authtok_store.so.1
Logfile (Linux Openldap-Server):

slapd[15449]: conn=1461 op=10 SRCH base="dc=example,dc=de" scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=ldapuser))"
[15449]: conn=1461 op=10 SRCH attr=cn uid uidNumber gidNumber gecos description homedirectory loginShell
slapd[15449]: conn=1461 op=10 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[15449]: conn=1473 fd=28 ACCEPT from IP=10.16.0.70:33030 (IP=0.0.0.0:389)
slapd[15449]: conn=1473 op=0 BIND dn="" method=128
slapd[15449]: conn=1473 op=0 RESULT tag=97 err=0 text=
slapd[15449]: conn=1473 op=1 SRCH base="dc=example,dc=de" scope=1 deref=3 filter="(&(objectClass=shadowAccount)(uid=ldapuser))"
slapd[15449]: conn=1473 op=1 SRCH attr=uid userPassword shadowlastchange shadowmin shadowmax shadowwarning shadowinactive shadowexpire shadowFlag
slapd[15449]: conn=1473 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[15449]: conn=1473 op=2 UNBIND
slapd[15449]: conn=1473 fd=28 closed
slapd[15449]: conn=1461 op=11 SRCH base="dc=example,dc=de" scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=ldapuser))"
slapd[15449]: conn=1461 op=11 SRCH attr=cn uid uidNumber gidNumber gecos description homedirectory loginShell
slapd[15449]: conn=1461 op=11 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[15449]: conn=1474 fd=28 ACCEPT from IP=10.16.0.70:33031 (IP=0.0.0.0:389)
slapd[15449]: conn=1474 op=0 BIND dn="" method=128
slapd[15449]: conn=1474 op=0 RESULT tag=97 err=0 text=
slapd[15449]: conn=1474 op=1 SRCH base="dc=example,dc=de" scope=1 deref=3 filter="(&(objectClass=shadowAccount)(uid=ldapuser))"
slapd[15449]: conn=1474 op=1 SRCH attr=uid userPassword shadowlastchange shadowmin shadowmax shadowwarning shadowinactive shadowexpire shadowFlag
slapd[15449]: conn=1474 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[15449]: conn=1474 op=2 UNBIND
slapd[15449]: conn=1474 fd=28 closed
slapd[15449]: conn=1461 op=12 SRCH base="dc=example,dc=de" scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=ldapuser))"
slapd[15449]: conn=1461 op=12 SRCH attr=cn uid uidNumber gidNumber gecos description homedirectory loginShell
slapd[15449]: conn=1461 op=12 SEARCH RESULT tag=101 err=0 nentries=1 text=

Entry on LDAP-Server (Linux):

uid: ldapuser
cn: ldapuser GB
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {CRYPT}GHGf1nI9tpFRE
uidNumber: 5000
gidNumber: 1
loginShell: /usr/bin/bash
homeDirectory: /export/home/ldapuser

Slapd.conf:

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/yast.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/ldapns.schema
include /etc/openldap/schema/autofs.schema
include /etc/openldap/schema/solaris.schema
include /etc/openldap/schema/duaconf.schema

--------------------------------------------
Any ideas? Smilie
 

10 More Discussions You Might Find Interesting

1. Solaris

stack space in sol10

we have a solaris 10 box (V440) we are looking for a way to set the stack size for all processes on the system. we know we can use ulimit -s $ ulimit -a time(seconds) unlimited file(blocks) unlimited data(kbytes) unlimited stack(kbytes) 8192 coredump(blocks) unlimited... (2 Replies)
Discussion started by: robsonde
2 Replies

2. Solaris

sol10 on x86 -> network issue

i've decided to try out an x86 system with sol10. however, i can't get my 3com 3C905TX-B to work. i checked the hcl and it says it runs natively. anyone having similar issues or seen a fix for this? i'll be happy to supply more info. Note: i do not see this in /etc/path_to_inst. so it looks like... (1 Reply)
Discussion started by: pupp
1 Replies

3. UNIX and Linux Applications

mysql on sol10 x86

i installed the x86 version (32-bit) of mysql community db. looks like the initial install of the pkg was good. however, i've got a few questions here. after the install, i run `/usr/local/mysql/scripts/mysql_install_db --user=mysql` to generate the db's and tables. it looks like a clean install... (0 Replies)
Discussion started by: pupp
0 Replies

4. Solaris

Sol10 on primepower 850

I've got a console that seems to be hung. all other services (ip, etc) work perfectly. in fact, its still in production... we just don't have console access. so i there are two consoles on this guy.. scfc0 and scfc1. using iompadm from fujitsu, this is what i got: # ./iompadm -c FJSVscf3 info... (1 Reply)
Discussion started by: pupp
1 Replies

5. Solaris

machine to learn Sol10

Hi What kind of Sun machine, you recommend to buy in order to learn Solaris 10 administration ? I need machine where I can train the following sol10 features : - zfs - solstice suite (RAID 0+1, RAID 5, RAID 1 + 0 ) - containers Please advice sth for reasonable price. thx for help. (8 Replies)
Discussion started by: presul
8 Replies

6. Solaris

Help with Sol10 boot error

I just ran the latest ( 9-27-11) solaris patch set on my sparc testbed ( ultra80 ). Brought down to single user mode and ran patches as I always have. When I rebooted it after completion it came up with the following error on boot. "Fast Access Data MMU Miss". I can boot to a cdrom in... (5 Replies)
Discussion started by: bow tie klr
5 Replies

7. Solaris

t2000 Sol10 installation failure

Hi folks, I've searched as much as possible with regards to the installation of Solaris 10 and this error that I keep getting no matter which arguments I use. sol-10-u9-ga-sparc-dvd.iso sc> showhost Sun-Fire-T2000 System Firmware 6.7.12 2011/07/06 20:03 Host flash versions: OBP... (3 Replies)
Discussion started by: dnetcrawler
3 Replies

8. Solaris

Cannot tell what is filling up root (/) partition on Sol10

I can see that my root partition is down to single-digit GB free out of 134GB root partition on a larger server with many SAN, NFS, LOFS mounts etc mounted at the root (/) partition. How can I specifically tell which directories is causing the most utilization in my root (/) partition? (3 Replies)
Discussion started by: ckmehta
3 Replies

9. Solaris

Sol10 + OpenLDAP = excessive logging & full file system??!!

Hello all, new to this forum (member of many others). Hopefully I can find help here. SERVER: Brand new server Oracle Enterprise SPARC T4-1 Loaded Solaris SPARC 10 u10, patched to 147440-27 Loaded OpenLDAP v2.4.30 Loaded Berkley DB 4.7.25.NC Loaded OpenSSL 1.0.1c Note: All packages are... (2 Replies)
Discussion started by: Wraith_G2IC
2 Replies

10. Solaris

FTPD ls problem on Sol10

Hey guys, i'm pretty sure this is simple enough so i'll go quick. I must be missing something but can't pinpoint it. NOTE: Yes, i should be using proftpd but the architect team is a pain in the butt and it is not possible right now. Sol10 FTP server (zoned) MS vista ftp client. Login... (1 Reply)
Discussion started by: maverick72
1 Replies
All times are GMT -4. The time now is 01:48 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy