Unix/Linux Go Back    


Solaris The Solaris Operating System, usually known simply as Solaris, is a Unix-based operating system introduced by Sun Microsystems. The Solaris OS is now owned by Oracle.

Sol10 - OpenLDAP Auth

Solaris


Closed Linux or Unix Question    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 01-30-2013
Panzerkampfwagn Panzerkampfwagn is offline
Registered User
 
Join Date: Jan 2013
Last Activity: 7 November 2013, 4:07 AM EST
Location: Hanover,Lower Saxony,Germany
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Wrench Sol10 - OpenLDAP Auth

Hi,

im new to Solaris (10) and need some help please.

Situation: Actually is there a Linux (SLES11) OpenLDAP-Server and authentification of Linux-Maschines works pretty sweet. Now i want to put the SOL10 (Sparc) boxes in....

Problem: User Authentification via OpenLDAP on Sol10 doesnīt work now (SSH-Login Screen comes, but if i enter the password, "Access denied")

Works (on Sol10-Ldap-Client):
  • getent passwd (lists all local and ldap-users)
  • ldaplist -vl (shows ou-entries)
  • su - ldapuser (user is only in ldap! works great...)
  • ldapsearch etc.. (all fine)
Configuration:
  • Native Client on Sol10:
    • ldapclient -v manual \
      -a defaultServerList=10.16.0.37 \
      -a domainname=example.de \
      -a defaultSearchBase=dc=example,dc=de \
      -a serviceSearchDescriptor=group:dc=example,dc=de?sub \
      -a serviceSearchDescriptor=passwd:dc=example,dc=de?sub \
      -a serviceSearchDescriptor=shadow:dc=example,dc=de \
      -a enableShadowUpdate=TRUE \
      -a adminDN=cn=manager,dc=example,dc=de \
      -a attributeMap=group:memberuid=memberUid \
      -a attributeMap=group:gidnumber=gidNumber \
      -a adminPassword=blaselfasel \
      -a attributeMap=passwd:gidnumber=gidNumber \
      -a attributeMap=passwd:uidnumber=uidNumber \
      -a attributeMap=passwd:loginshell=loginShell \
      -a attributeMap=shadow:shadowflag=shadowFlag \
      -a attributeMap=shadow:userpassword=userPassword
  • pam.conf on Sol10:
    • # login service (explicit because of pam_dial_auth)
      login auth requisite pam_authtok_get.so.1
      login auth required pam_dhkeys.so.1
      login auth required pam_unix_cred.so.1
      login auth required pam_unix_auth.so.1
      login auth required pam_dial_auth.so.1
  • # Default definitions for Authentication management
    # Used when service name is not explicitly mentioned for #authentication
    other auth requisite pam_authtok_get.so.1
    other auth required pam_dhkeys.so.1
    other auth required pam_unix_cred.so.1
    other auth required pam_unix_auth.so.1
  • # Used when service name is not explicitly mentioned for account management
  • other account requisite pam_roles.so.1
    other account required pam_unix_account.so.1
    other session required pam_unix_session.so.1
  • # Default definition for Password management
  • # Used when service name is not explicitly mentioned for password management
    #
    other password required pam_dhkeys.so.1
    other password requisite pam_authtok_get.so.1
    other password requisite pam_authtok_check.so.1 \ force_check
    other password required pam_authtok_store.so.1
Logfile (Linux Openldap-Server):

slapd[15449]: conn=1461 op=10 SRCH base="dc=example,dc=de" scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=ldapuser))"
[15449]: conn=1461 op=10 SRCH attr=cn uid uidNumber gidNumber gecos description homedirectory loginShell
slapd[15449]: conn=1461 op=10 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[15449]: conn=1473 fd=28 ACCEPT from IP=10.16.0.70:33030 (IP=0.0.0.0:389)
slapd[15449]: conn=1473 op=0 BIND dn="" method=128
slapd[15449]: conn=1473 op=0 RESULT tag=97 err=0 text=
slapd[15449]: conn=1473 op=1 SRCH base="dc=example,dc=de" scope=1 deref=3 filter="(&(objectClass=shadowAccount)(uid=ldapuser))"
slapd[15449]: conn=1473 op=1 SRCH attr=uid userPassword shadowlastchange shadowmin shadowmax shadowwarning shadowinactive shadowexpire shadowFlag
slapd[15449]: conn=1473 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[15449]: conn=1473 op=2 UNBIND
slapd[15449]: conn=1473 fd=28 closed
slapd[15449]: conn=1461 op=11 SRCH base="dc=example,dc=de" scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=ldapuser))"
slapd[15449]: conn=1461 op=11 SRCH attr=cn uid uidNumber gidNumber gecos description homedirectory loginShell
slapd[15449]: conn=1461 op=11 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[15449]: conn=1474 fd=28 ACCEPT from IP=10.16.0.70:33031 (IP=0.0.0.0:389)
slapd[15449]: conn=1474 op=0 BIND dn="" method=128
slapd[15449]: conn=1474 op=0 RESULT tag=97 err=0 text=
slapd[15449]: conn=1474 op=1 SRCH base="dc=example,dc=de" scope=1 deref=3 filter="(&(objectClass=shadowAccount)(uid=ldapuser))"
slapd[15449]: conn=1474 op=1 SRCH attr=uid userPassword shadowlastchange shadowmin shadowmax shadowwarning shadowinactive shadowexpire shadowFlag
slapd[15449]: conn=1474 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[15449]: conn=1474 op=2 UNBIND
slapd[15449]: conn=1474 fd=28 closed
slapd[15449]: conn=1461 op=12 SRCH base="dc=example,dc=de" scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=ldapuser))"
slapd[15449]: conn=1461 op=12 SRCH attr=cn uid uidNumber gidNumber gecos description homedirectory loginShell
slapd[15449]: conn=1461 op=12 SEARCH RESULT tag=101 err=0 nentries=1 text=

Entry on LDAP-Server (Linux):

uid: ldapuser
cn: ldapuser GB
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {CRYPT}GHGf1nI9tpFRE
uidNumber: 5000
gidNumber: 1
loginShell: /usr/bin/bash
homeDirectory: /export/home/ldapuser

Slapd.conf:

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/yast.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/ldapns.schema
include /etc/openldap/schema/autofs.schema
include /etc/openldap/schema/solaris.schema
include /etc/openldap/schema/duaconf.schema

--------------------------------------------
Any ideas? Linux
Sponsored Links
    #2  
Old Unix and Linux 01-30-2013
jlliagre jlliagre is offline Forum Advisor  
ɹǝsn sıɹɐlos
 
Join Date: Dec 2007
Last Activity: 6 May 2015, 2:53 PM EDT
Location: Paris
Posts: 4,564
Thanks: 17
Thanked 502 Times in 451 Posts
Not sure it will fix the issue but your ldapuser entry is missing a gecos field.
Sponsored Links
    #3  
Old Unix and Linux 01-31-2013
Panzerkampfwagn Panzerkampfwagn is offline
Registered User
 
Join Date: Jan 2013
Last Activity: 7 November 2013, 4:07 AM EST
Location: Hanover,Lower Saxony,Germany
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Hey, thx for the answer. Geco field (Value=ldapuser GB) is still there and and entry for shadowLastChange,shadowMax,shadowWarning, sn, too Linux I didnīt post it. Srry my fault.

---------- Post updated at 01:24 AM ---------- Previous update was at 01:12 AM ----------

Okay, is maybe value for the shadow pw missing ({CRYPT} blablabla)? if i do ldaplist -l passwd ldapuser on Sol10 Client:

#ldaplist -l passwd ldapuser

Sol10Serv:> dn: uid=ldapuser,ou=People,dc=example,dc=de
uid: ldapuser
cn: ldapuser GB
givenName: ldap user
sn: GB
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 15622
shadowMax: 168
shadowWarning: 7
loginshell: /usr/bin/bash
gidnumber: 1
gecos: ldapuser GB
homeDirectory: /export/home/ldapuser
uidnumber: 5000

---------- Post updated at 09:55 AM ---------- Previous update was at 01:24 AM ----------

DAM!!

i got some new grey hairs now... not funny Linux It works now!!11! If im really sure, what i did, i will post a howto here for other guys...

thx for reading Linux
    #4  
Old Unix and Linux 03-19-2013
JoeAnhPhan JoeAnhPhan is offline
Registered User
 
Join Date: Mar 2013
Last Activity: 19 March 2013, 10:53 AM EDT
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
When it works, please post howto when you have a chance. Thx,
Sponsored Links
Closed Linux or Unix Question

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Help with Sol10 boot error bow tie klr Solaris 5 10-19-2011 10:24 AM
machine to learn Sol10 presul Solaris 8 07-29-2010 09:25 AM
Sol10 on primepower 850 pupp Solaris 1 10-25-2008 09:19 AM
mysql on sol10 x86 pupp UNIX and Linux Applications 0 08-27-2008 05:22 PM
stack space in sol10 robsonde Solaris 2 12-12-2007 02:35 AM



All times are GMT -4. The time now is 04:33 PM.