Sol10 - OpenLDAP Auth | Unix Linux Forums | Solaris

  Go Back    


Solaris The Solaris Operating System, usually known simply as Solaris, is a Unix-based operating system introduced by Sun Microsystems. The Solaris OS is now owned by Oracle.

Sol10 - OpenLDAP Auth

Solaris


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 01-30-2013
Panzerkampfwagn Panzerkampfwagn is offline
Registered User
 
Join Date: Jan 2013
Last Activity: 7 November 2013, 4:07 AM EST
Location: Hanover,Lower Saxony,Germany
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Wrench Sol10 - OpenLDAP Auth

Hi,

im new to Solaris (10) and need some help please.

Situation: Actually is there a Linux (SLES11) OpenLDAP-Server and authentification of Linux-Maschines works pretty sweet. Now i want to put the SOL10 (Sparc) boxes in....

Problem: User Authentification via OpenLDAP on Sol10 doesnīt work now (SSH-Login Screen comes, but if i enter the password, "Access denied")

Works (on Sol10-Ldap-Client):
  • getent passwd (lists all local and ldap-users)
  • ldaplist -vl (shows ou-entries)
  • su - ldapuser (user is only in ldap! works great...)
  • ldapsearch etc.. (all fine)
Configuration:
  • Native Client on Sol10:
    • ldapclient -v manual \
      -a defaultServerList=10.16.0.37 \
      -a domainname=example.de \
      -a defaultSearchBase=dc=example,dc=de \
      -a serviceSearchDescriptor=group:dc=example,dc=de?sub \
      -a serviceSearchDescriptor=passwd:dc=example,dc=de?sub \
      -a serviceSearchDescriptor=shadow:dc=example,dc=de \
      -a enableShadowUpdate=TRUE \
      -a adminDN=cn=manager,dc=example,dc=de \
      -a attributeMap=group:memberuid=memberUid \
      -a attributeMap=group:gidnumber=gidNumber \
      -a adminPassword=blaselfasel \
      -a attributeMap=passwd:gidnumber=gidNumber \
      -a attributeMap=passwd:uidnumber=uidNumber \
      -a attributeMap=passwd:loginshell=loginShell \
      -a attributeMap=shadow:shadowflag=shadowFlag \
      -a attributeMap=shadow:userpassword=userPassword
  • pam.conf on Sol10:
    • # login service (explicit because of pam_dial_auth)
      login auth requisite pam_authtok_get.so.1
      login auth required pam_dhkeys.so.1
      login auth required pam_unix_cred.so.1
      login auth required pam_unix_auth.so.1
      login auth required pam_dial_auth.so.1
  • # Default definitions for Authentication management
    # Used when service name is not explicitly mentioned for #authentication
    other auth requisite pam_authtok_get.so.1
    other auth required pam_dhkeys.so.1
    other auth required pam_unix_cred.so.1
    other auth required pam_unix_auth.so.1
  • # Used when service name is not explicitly mentioned for account management
  • other account requisite pam_roles.so.1
    other account required pam_unix_account.so.1
    other session required pam_unix_session.so.1
  • # Default definition for Password management
  • # Used when service name is not explicitly mentioned for password management
    #
    other password required pam_dhkeys.so.1
    other password requisite pam_authtok_get.so.1
    other password requisite pam_authtok_check.so.1 \ force_check
    other password required pam_authtok_store.so.1
Logfile (Linux Openldap-Server):

slapd[15449]: conn=1461 op=10 SRCH base="dc=example,dc=de" scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=ldapuser))"
[15449]: conn=1461 op=10 SRCH attr=cn uid uidNumber gidNumber gecos description homedirectory loginShell
slapd[15449]: conn=1461 op=10 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[15449]: conn=1473 fd=28 ACCEPT from IP=10.16.0.70:33030 (IP=0.0.0.0:389)
slapd[15449]: conn=1473 op=0 BIND dn="" method=128
slapd[15449]: conn=1473 op=0 RESULT tag=97 err=0 text=
slapd[15449]: conn=1473 op=1 SRCH base="dc=example,dc=de" scope=1 deref=3 filter="(&(objectClass=shadowAccount)(uid=ldapuser))"
slapd[15449]: conn=1473 op=1 SRCH attr=uid userPassword shadowlastchange shadowmin shadowmax shadowwarning shadowinactive shadowexpire shadowFlag
slapd[15449]: conn=1473 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[15449]: conn=1473 op=2 UNBIND
slapd[15449]: conn=1473 fd=28 closed
slapd[15449]: conn=1461 op=11 SRCH base="dc=example,dc=de" scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=ldapuser))"
slapd[15449]: conn=1461 op=11 SRCH attr=cn uid uidNumber gidNumber gecos description homedirectory loginShell
slapd[15449]: conn=1461 op=11 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[15449]: conn=1474 fd=28 ACCEPT from IP=10.16.0.70:33031 (IP=0.0.0.0:389)
slapd[15449]: conn=1474 op=0 BIND dn="" method=128
slapd[15449]: conn=1474 op=0 RESULT tag=97 err=0 text=
slapd[15449]: conn=1474 op=1 SRCH base="dc=example,dc=de" scope=1 deref=3 filter="(&(objectClass=shadowAccount)(uid=ldapuser))"
slapd[15449]: conn=1474 op=1 SRCH attr=uid userPassword shadowlastchange shadowmin shadowmax shadowwarning shadowinactive shadowexpire shadowFlag
slapd[15449]: conn=1474 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[15449]: conn=1474 op=2 UNBIND
slapd[15449]: conn=1474 fd=28 closed
slapd[15449]: conn=1461 op=12 SRCH base="dc=example,dc=de" scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=ldapuser))"
slapd[15449]: conn=1461 op=12 SRCH attr=cn uid uidNumber gidNumber gecos description homedirectory loginShell
slapd[15449]: conn=1461 op=12 SEARCH RESULT tag=101 err=0 nentries=1 text=

Entry on LDAP-Server (Linux):

uid: ldapuser
cn: ldapuser GB
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {CRYPT}GHGf1nI9tpFRE
uidNumber: 5000
gidNumber: 1
loginShell: /usr/bin/bash
homeDirectory: /export/home/ldapuser

Slapd.conf:

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/yast.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/ldapns.schema
include /etc/openldap/schema/autofs.schema
include /etc/openldap/schema/solaris.schema
include /etc/openldap/schema/duaconf.schema

--------------------------------------------
Any ideas?
Sponsored Links
    #2  
Old 01-30-2013
jlliagre jlliagre is offline Forum Advisor  
ɹǝsn sıɹɐlos
 
Join Date: Dec 2007
Last Activity: 24 April 2014, 10:11 AM EDT
Location: Paris
Posts: 4,364
Thanks: 15
Thanked 443 Times in 406 Posts
Not sure it will fix the issue but your ldapuser entry is missing a gecos field.
Sponsored Links
    #3  
Old 01-31-2013
Panzerkampfwagn Panzerkampfwagn is offline
Registered User
 
Join Date: Jan 2013
Last Activity: 7 November 2013, 4:07 AM EST
Location: Hanover,Lower Saxony,Germany
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Hey, thx for the answer. Geco field (Value=ldapuser GB) is still there and and entry for shadowLastChange,shadowMax,shadowWarning, sn, too I didnīt post it. Srry my fault.

---------- Post updated at 01:24 AM ---------- Previous update was at 01:12 AM ----------

Okay, is maybe value for the shadow pw missing ({CRYPT} blablabla)? if i do ldaplist -l passwd ldapuser on Sol10 Client:

#ldaplist -l passwd ldapuser

Sol10Serv:> dn: uid=ldapuser,ou=People,dc=example,dc=de
uid: ldapuser
cn: ldapuser GB
givenName: ldap user
sn: GB
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 15622
shadowMax: 168
shadowWarning: 7
loginshell: /usr/bin/bash
gidnumber: 1
gecos: ldapuser GB
homeDirectory: /export/home/ldapuser
uidnumber: 5000

---------- Post updated at 09:55 AM ---------- Previous update was at 01:24 AM ----------

DAM!!

i got some new grey hairs now... not funny It works now!!11! If im really sure, what i did, i will post a howto here for other guys...

thx for reading
    #4  
Old 03-19-2013
JoeAnhPhan JoeAnhPhan is offline
Registered User
 
Join Date: Mar 2013
Last Activity: 19 March 2013, 10:53 AM EDT
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
When it works, please post howto when you have a chance. Thx,
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Help with Sol10 boot error bow tie klr Solaris 5 10-19-2011 10:24 AM
machine to learn Sol10 presul Solaris 8 07-29-2010 09:25 AM
Sol10 on primepower 850 pupp Solaris 1 10-25-2008 09:19 AM
mysql on sol10 x86 pupp UNIX and Linux Applications 0 08-27-2008 05:22 PM
stack space in sol10 robsonde Solaris 2 12-12-2007 02:35 AM



All times are GMT -4. The time now is 12:29 PM.