Go Back   The UNIX and Linux Forums > Operating Systems > Solaris
Sol10 - OpenLDAP Auth Sol10 - OpenLDAP Auth
Forums Search Forums Register Forum RulesMan PagesAlbums FAQ Members Calendar Search Today's Posts Mark Forums Read


Solaris The Solaris Operating System, usually known simply as Solaris, is a Unix-based operating system introduced by Sun Microsystems. The Solaris OS is now owned by Oracle.

Reply    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 01-30-2013
Registered User
  
Join Date: Jan 2013
Location: Hanover,Lower Saxony,Germany
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Wrench Sol10 - OpenLDAP Auth
Hi,

im new to Solaris (10) and need some help please.

Situation: Actually is there a Linux (SLES11) OpenLDAP-Server and authentification of Linux-Maschines works pretty sweet. Now i want to put the SOL10 (Sparc) boxes in....

Problem: User Authentification via OpenLDAP on Sol10 doesnīt work now (SSH-Login Screen comes, but if i enter the password, "Access denied")

Works (on Sol10-Ldap-Client):
  • getent passwd (lists all local and ldap-users)
  • ldaplist -vl (shows ou-entries)
  • su - ldapuser (user is only in ldap! works great...)
  • ldapsearch etc.. (all fine)
Configuration:
  • Native Client on Sol10:
    • ldapclient -v manual \
      -a defaultServerList=10.16.0.37 \
      -a domainname=example.de \
      -a defaultSearchBase=dc=example,dc=de \
      -a serviceSearchDescriptor=group:dc=example,dc=de?sub \
      -a serviceSearchDescriptor=passwd:dc=example,dc=de?sub \
      -a serviceSearchDescriptor=shadow:dc=example,dc=de \
      -a enableShadowUpdate=TRUE \
      -a adminDN=cn=manager,dc=example,dc=de \
      -a attributeMap=group:memberuid=memberUid \
      -a attributeMap=group:gidnumber=gidNumber \
      -a adminPassword=blaselfasel \
      -a attributeMap=passwd:gidnumber=gidNumber \
      -a attributeMap=passwd:uidnumber=uidNumber \
      -a attributeMap=passwd:loginshell=loginShell \
      -a attributeMap=shadow:shadowflag=shadowFlag \
      -a attributeMap=shadow:userpassword=userPassword
  • pam.conf on Sol10:
    • # login service (explicit because of pam_dial_auth)
      login auth requisite pam_authtok_get.so.1
      login auth required pam_dhkeys.so.1
      login auth required pam_unix_cred.so.1
      login auth required pam_unix_auth.so.1
      login auth required pam_dial_auth.so.1
  • # Default definitions for Authentication management
    # Used when service name is not explicitly mentioned for #authentication
    other auth requisite pam_authtok_get.so.1
    other auth required pam_dhkeys.so.1
    other auth required pam_unix_cred.so.1
    other auth required pam_unix_auth.so.1
  • # Used when service name is not explicitly mentioned for account management
  • other account requisite pam_roles.so.1
    other account required pam_unix_account.so.1
    other session required pam_unix_session.so.1
  • # Default definition for Password management
  • # Used when service name is not explicitly mentioned for password management
    #
    other password required pam_dhkeys.so.1
    other password requisite pam_authtok_get.so.1
    other password requisite pam_authtok_check.so.1 \ force_check
    other password required pam_authtok_store.so.1
Logfile (Linux Openldap-Server):

slapd[15449]: conn=1461 op=10 SRCH base="dc=example,dc=de" scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=ldapuser))"
[15449]: conn=1461 op=10 SRCH attr=cn uid uidNumber gidNumber gecos description homedirectory loginShell
slapd[15449]: conn=1461 op=10 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[15449]: conn=1473 fd=28 ACCEPT from IP=10.16.0.70:33030 (IP=0.0.0.0:389)
slapd[15449]: conn=1473 op=0 BIND dn="" method=128
slapd[15449]: conn=1473 op=0 RESULT tag=97 err=0 text=
slapd[15449]: conn=1473 op=1 SRCH base="dc=example,dc=de" scope=1 deref=3 filter="(&(objectClass=shadowAccount)(uid=ldapuser))"
slapd[15449]: conn=1473 op=1 SRCH attr=uid userPassword shadowlastchange shadowmin shadowmax shadowwarning shadowinactive shadowexpire shadowFlag
slapd[15449]: conn=1473 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[15449]: conn=1473 op=2 UNBIND
slapd[15449]: conn=1473 fd=28 closed
slapd[15449]: conn=1461 op=11 SRCH base="dc=example,dc=de" scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=ldapuser))"
slapd[15449]: conn=1461 op=11 SRCH attr=cn uid uidNumber gidNumber gecos description homedirectory loginShell
slapd[15449]: conn=1461 op=11 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[15449]: conn=1474 fd=28 ACCEPT from IP=10.16.0.70:33031 (IP=0.0.0.0:389)
slapd[15449]: conn=1474 op=0 BIND dn="" method=128
slapd[15449]: conn=1474 op=0 RESULT tag=97 err=0 text=
slapd[15449]: conn=1474 op=1 SRCH base="dc=example,dc=de" scope=1 deref=3 filter="(&(objectClass=shadowAccount)(uid=ldapuser))"
slapd[15449]: conn=1474 op=1 SRCH attr=uid userPassword shadowlastchange shadowmin shadowmax shadowwarning shadowinactive shadowexpire shadowFlag
slapd[15449]: conn=1474 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[15449]: conn=1474 op=2 UNBIND
slapd[15449]: conn=1474 fd=28 closed
slapd[15449]: conn=1461 op=12 SRCH base="dc=example,dc=de" scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=ldapuser))"
slapd[15449]: conn=1461 op=12 SRCH attr=cn uid uidNumber gidNumber gecos description homedirectory loginShell
slapd[15449]: conn=1461 op=12 SEARCH RESULT tag=101 err=0 nentries=1 text=

Entry on LDAP-Server (Linux):

uid: ldapuser
cn: ldapuser GB
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {CRYPT}GHGf1nI9tpFRE
uidNumber: 5000
gidNumber: 1
loginShell: /usr/bin/bash
homeDirectory: /export/home/ldapuser

Slapd.conf:

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/yast.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/ldapns.schema
include /etc/openldap/schema/autofs.schema
include /etc/openldap/schema/solaris.schema
include /etc/openldap/schema/duaconf.schema

--------------------------------------------
Any ideas?
Sponsored Links
    #2  
Old 01-30-2013
ɹǝsn sıɹɐlos
  
Join Date: Dec 2007
Location: Paris
Posts: 4,140
Thanks: 14
Thanked 400 Times in 368 Posts
Not sure it will fix the issue but your ldapuser entry is missing a gecos field.
Sponsored Links
    #3  
Old 01-31-2013
Registered User
  
Join Date: Jan 2013
Location: Hanover,Lower Saxony,Germany
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Hey, thx for the answer. Geco field (Value=ldapuser GB) is still there and and entry for shadowLastChange,shadowMax,shadowWarning, sn, too I didnīt post it. Srry my fault.

---------- Post updated at 01:24 AM ---------- Previous update was at 01:12 AM ----------

Okay, is maybe value for the shadow pw missing ({CRYPT} blablabla)? if i do ldaplist -l passwd ldapuser on Sol10 Client:

#ldaplist -l passwd ldapuser

Sol10Serv:> dn: uid=ldapuser,ou=People,dc=example,dc=de
uid: ldapuser
cn: ldapuser GB
givenName: ldap user
sn: GB
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 15622
shadowMax: 168
shadowWarning: 7
loginshell: /usr/bin/bash
gidnumber: 1
gecos: ldapuser GB
homeDirectory: /export/home/ldapuser
uidnumber: 5000

---------- Post updated at 09:55 AM ---------- Previous update was at 01:24 AM ----------

DAM!!

i got some new grey hairs now... not funny It works now!!11! If im really sure, what i did, i will post a howto here for other guys...

thx for reading
    #4  
Old 03-19-2013
Registered User
  
Join Date: Mar 2013
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
When it works, please post howto when you have a chance. Thx,
Sponsored Links
Reply

« Not able to create a link in /etc/rc3.d in Solaris 10 | Storage Array not readable »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Help with Sol10 boot error bow tie klr Solaris 5 10-19-2011 10:24 AM
machine to learn Sol10 presul Solaris 8 07-29-2010 09:25 AM
Sol10 on primepower 850 pupp Solaris 1 10-25-2008 09:19 AM
mysql on sol10 x86 pupp UNIX and Linux Applications 0 08-27-2008 05:22 PM
stack space in sol10 robsonde Solaris 2 12-12-2007 02:35 AM



All times are GMT -4. The time now is 06:50 AM.

The UNIX and Linux Forums - Where There is a Shell There is a Way RSS Feeds - Contact Us - The UNIX and Linux Forums - Where There is a Shell There is a Way - Archive - Botnik - Top
SEO by vBSEO
The UNIX and Linux Forums Content Copyright ©1993-2013. All Rights Reserved.
Forum Operations by The UNIX and Linux Forums
Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited.