|
|
LDAP Problem during Kerberos setting for Win server 03 Active Directory
03-31-2011
LDAP Problem during Kerberos setting for Win server 03 Active Directory
http://www.sun.com/bigadmin/features/articles/kerberos_s10.pdf
# ldapsearch -h w2k3adsoltest.adsol.test.com -b "cn=users,dc=adsol,dc=test,dc=com" -o mech=gssapi -o authzid='' "cn=just a test" version: 1 dn: CN=just a test,CN=Users,DC=ADSOL,DC=TEST,DC=COM objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: just a test sn: test givenName: just a distinguishedName: CN=just a test,CN=Users,DC=ADSOL,DC=TEST,DC=COM instanceType: 4 whenCreated: 20110331013253.0Z whenChanged: 20110331013254.0Z displayName: just a test uSNCreated: 28689 uSNChanged: 28695 name: just a test objectGUID:: M0SbXPO8Z0yqgXWUjLE2wA== userAccountControl: 66048 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 pwdLastSet: 129460087738281250 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAANtggK1yqWWT5N+pNWwQAAA== accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: test sAMAccountType: 805306368 userPrincipalName: test@ADSOL.TEST.COM objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ADSOL,DC=TEST,DC=COM uidNumber: 10002 gidNumber: 10000 unixHomeDirectory: /export/home/test loginShell: /bin/bash
# dig w2k3adsoltest.adsol.test.com +short 192.168.1.1
# dig -x 192.168.1.1 +short ;; connection timed out; no servers could be reached
# ldapclient -v manual \ -a credentialLevel=self \ -a authenticationMethod=sasl/gssapi \ -a defaultSearchBase=dc=adsol,dc=test,dc=com \ -a domainName=adsol.test.com \ -a defaultServerList=192.168.1.1 \ -a attributeMap=group:userpassword=msSFU30Password \ -a attributeMap=group:memberuid=msSFU30MemberUid \ -a attributeMap=group:gidnumber=msSFU30GidNumber \ -a attributeMap=passwd:gecos=msSFU30Gecos \ -a attributeMap=passwd:gidnumber=msSFU30GidNumber \ -a attributeMap=passwd:uidnumber=msSFU30UidNumber \ -a attributeMap=passwd:uid=sAMAccountName \ -a attributeMap=passwd:homedirectory=msSFU30HomeDirectory \ -a attributeMap=passwd:loginshell=msSFU30LoginShell \ -a attributeMap=shadow:shadowflag=msSFU30ShadowFlag \ -a attributeMap=shadow:userpassword=msSFU30Password \ -a attributeMap=shadow:uid=sAMAccountName \ -a objectClassMap=group:posixGroup=group \ -a objectClassMap=passwd:posixAccount=user \ -a objectClassMap=shadow:shadowAccount=user \ -a serviceSearchDescriptor=passwd:cn=users,DC=adsol,DC=test,DC=com?one \ -a serviceSearchDescriptor=group:cn=users,DC=adsol,DC=test,DC=com?one
Parsing credentialLevel=self Parsing authenticationMethod=sasl/gssapi Parsing defaultSearchBase=dc=adsol,dc=test,dc=com Parsing domainName=adsol.test.com Parsing defaultServerList=192.168.1.1 Parsing attributeMap=group:userpassword=msSFU30Password Parsing attributeMap=group:memberuid=msSFU30MemberUid Parsing attributeMap=group:gidnumber=msSFU30GidNumber Parsing attributeMap=passwd:gecos=msSFU30Gecos Parsing attributeMap=passwd:gidnumber=msSFU30GidNumber Parsing attributeMap=passwd:uidnumber=msSFU30UidNumber Parsing attributeMap=passwd:uid=sAMAccountName Parsing attributeMap=passwd:homedirectory=msSFU30HomeDirectory Parsing attributeMap=passwd:loginshell=msSFU30LoginShell Parsing attributeMap=shadow:shadowflag=msSFU30ShadowFlag Parsing attributeMap=shadow:userpassword=msSFU30Password Parsing attributeMap=shadow:uid=sAMAccountName Parsing objectClassMap=group:posixGroup=group Parsing objectClassMap=passwd:posixAccount=user Parsing objectClassMap=shadow:shadowAccount=user Parsing serviceSearchDescriptor=passwd:cn=users,DC=adsol,DC=test,DC=com?one Parsing serviceSearchDescriptor=group:cn=users,DC=adsol,DC=test,DC=com?one Arguments parsed: authenticationMethod: sasl/gssapi defaultSearchBase: dc=adsol,dc=test,dc=com credentialLevel: self domainName: adsol.test.com objectclassMap: arg[0]: group:posixGroup=group arg[1]: passwd:posixAccount=user arg[2]: shadow:shadowAccount=user attributeMap: arg[0]: group:userpassword=msSFU30Password arg[1]: group:memberuid=msSFU30MemberUid arg[2]: group:gidnumber=msSFU30GidNumber arg[3]: passwd:gecos=msSFU30Gecos arg[4]: passwd:gidnumber=msSFU30GidNumber arg[5]: passwd:uidnumber=msSFU30UidNumber arg[6]: passwd:uid=sAMAccountName arg[7]: passwd:homedirectory=msSFU30HomeDirectory arg[8]: passwd:loginshell=msSFU30LoginShell arg[9]: shadow:shadowflag=msSFU30ShadowFlag arg[10]: shadow:userpassword=msSFU30Password arg[11]: shadow:uid=sAMAccountName serviceSearchDescriptor: arg[0]: passwd:cn=users,DC=adsol,DC=test,DC=com?one arg[1]: group:cn=users,DC=adsol,DC=test,DC=com?one defaultServerList: 192.168.1.1 Handling manual option Proxy DN: NULL Proxy password: NULL Credential level: 2 Authentication method: 2 No proxyDN/proxyPassword required About to modify this machines configuration by writing the files Stopping network services sendmail not running nscd not running autofs not running ldap not running nisd not running nis(yp) not running file_backup: stat(/etc/nsswitch.conf)=0 file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf) file_backup: stat(/etc/defaultdomain)=0 file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain) file_backup: stat(/var/nis/NIS_COLD_START)=-1 file_backup: No /var/nis/NIS_COLD_START file. file_backup: nis domain is "adsol.test.com" file_backup: stat(/var/yp/binding/adsol.test.com)=-1 file_backup: No /var/yp/binding/adsol.test.com directory. file_backup: stat(/var/ldap/ldap_client_file)=-1 file_backup: No /var/ldap/ldap_client_file file. Starting network services start: /usr/bin/domainname adsol.test.com... success start: DNS client is enabled start: sleep 100000 microseconds start: sleep 200000 microseconds start: network/ldap/client:default... success start: Error: sasl/GSSAPI bind is not working. Abort. restart: sleep 100000 microseconds restart: sleep 200000 microseconds restart: sleep 400000 microseconds restart: sleep 800000 microseconds restart: milestone/name-services:default... success Error resetting system. Recovering old system settings. Stopping network services sendmail not running nscd not running autofs not running Stopping ldap stop: sleep 100000 microseconds stop: sleep 200000 microseconds stop: sleep 400000 microseconds stop: network/ldap/client:default... success nisd not running nis(yp) not running recover: stat(/var/ldap/restore/defaultdomain)=0 recover: open(/var/ldap/restore/defaultdomain) recover: read(/var/ldap/restore/defaultdomain) recover: old domainname "adsol.test.com" recover: stat(/var/ldap/restore/ldap_client_file)=-1 recover: stat(/var/ldap/restore/ldap_client_cred)=-1 recover: stat(/var/ldap/restore/NIS_COLD_START)=-1 recover: stat(/var/ldap/restore/adsol.test.com)=-1 recover: stat(/var/ldap/restore/nsswitch.conf)=0 recover: file_move(/var/ldap/restore/nsswitch.conf, /etc/nsswitch.conf)=0 recover: stat(/var/ldap/restore/defaultdomain)=0 recover: file_move(/var/ldap/restore/defaultdomain, /etc/defaultdomain)=0 Starting network services start: /usr/bin/domainname adsol.test.com... success restart: sleep 100000 microseconds restart: sleep 200000 microseconds restart: milestone/name-services:default... success
# svcadm restart svc:/network/ldap/client:default
# ldapclient list Cannot get print configuration Unable to open filename '/var/ldap/ldap_client_file' for reading (errno=2).
|
|