|
|
Sponsored Content
Operating Systems
Solaris
Help with Solaris 10 and ldapclient authentication
Post 302686997 by Lilbighorn on Wednesday 15th of August 2012 08:40:53 PM
08-15-2012
Help with Solaris 10 and ldapclient authentication
Hello everyone!
Currently, i have a RHEL6 server, with openLDAP server running. Most of our servers run on Rhel platform, but some of them run in Solaris 10, and I need to make them authenticate with ldap too.
As the ldap server is running without encryption, the command I used for initialize the ldap client in a test zone of a Solaris 10 server is this:
And, if as ROOT i do id $ldap_username, I get the correct uid and gid of that ldap user.
Also as root, i can do su $ldap_username and I login as that user without any problem.
However, if i try to do an ssh $ldap_user@localhost or even, su $ldap_user from a NON root user, I cant login, and I receive the following error in /var/adm/messages:
I configured /etc/pam.conf like this:
Any help will be highly appreciated!
Ps: sorry for my bad english! im not native speaker.
Currently, i have a RHEL6 server, with openLDAP server running. Most of our servers run on Rhel platform, but some of them run in Solaris 10, and I need to make them authenticate with ldap too.
As the ldap server is running without encryption, the command I used for initialize the ldap client in a test zone of a Solaris 10 server is this:
HTML Code:
bash-3.00# ldapclient -v manual -a defaultServerList=ldapserver.com -a defaultSearchBase=dc=example,dc=com
Also as root, i can do su $ldap_username and I login as that user without any problem.
However, if i try to do an ssh $ldap_user@localhost or even, su $ldap_user from a NON root user, I cant login, and I receive the following error in /var/adm/messages:
HTML Code:
Aug 14 17:31:06 test_zone su[19712]: [ID 316739 auth.error] pam_ldap: no legal authentication method configured Aug 14 17:38:13 test_zone sshd[19983]: [ID 316739 auth.error] pam_ldap: no legal authentication method configured
I configured /etc/pam.conf like this:
HTML Code:
$service auth binding pam_unix_auth.so.1 server_policy $service auth required pam_ldap.so.1 $service account binding pam_unix_account.so.1 server_policy $service account required pam_ldap.so.1 other password required pam_authtok_store.so.1 (where $service is either login, rlogin, other, etc)
Any help will be highly appreciated!
Ps: sorry for my bad english! im not native speaker.
|
|
9 More Discussions You Might Find Interesting
1. Solaris
hi
i have a lab with routers, switches etc, and i was internet users to authenticate from my solaris server to another AAA server and then they able to access any router or switch.
guide me where to start.
thanks,
Mazhar (2 Replies)
Discussion started by: mazhar99
2 Replies
2. UNIX for Dummies Questions & Answers
Greetings!
I just managed to install Solaris 10 on a Sparc based machine. However, there might be a problem with the way ssh is configured.
I CAN ssh from the machine into another on the network (same subnet, as root), but then the newly installed machine CANNOT seem to accept incoming ssh... (2 Replies)
Discussion started by: agummad
2 Replies
3. Solaris
Hi there,
I am looking for a detailed step-by-step how to configure ldapclient on solaris 10.
I used ldapclient manual, and edited nsswitch.conf and pam.conf, but it is not working.
thank you (2 Replies)
Discussion started by: trtcom1
2 Replies
4. Solaris
Hi all,
My code for configuring ldapclient is as follows:
ldapclient manual \
-a credentialLevel=proxy \
-a authenticationMethod=simple \
-a proxyDN=cn=proxyagent,cn=user1,dc=sema,dc=com \
-a proxyPassword=user1 \
-a defaultSearchBase=dc=sema,dc=com \
-a domainName=sema.com \
-a... (10 Replies)
Discussion started by: sathya47
10 Replies
5. Solaris
This is a zone running Solaris 10u8 on a 6320 blade. The global zone is also running 10u8.
One my users is attempting to change his password and getting a following screen:
$ ssh remotesys
Password:
Warning: Your password has expired, please change it now.
New Password:
Re-enter new... (1 Reply)
Discussion started by: bluescreen
1 Replies
6. Emergency UNIX and Linux Support
Hey Guys,
How can I make the Solaris native ldapclient trust a CA? I am trying to use a selfsigned cert and it is not working. WHen I use ssltap to monitor the ssl traffic it shows this for the last client communication:
0: 15 03 01 00 02 02 30 | ......0
(7... (1 Reply)
Discussion started by: s ladd
1 Replies
7. Solaris
Hello,
We have one Solaris 10 machine which has three LDAP servers configured. We want to remove one of them. I tried below ldapclient command however no change is made.
----------------------------------------------------------------------
ldapclient mod -a "defaultServerList=10.149.9.20... (0 Replies)
Discussion started by: alfa_w
0 Replies
8. Shell Programming and Scripting
Hi,
I am looking for a shell/perl script which can used to get authenticate on relay server by a domain user account and password and send emails. Basically in our organisation system level authentication is blocked and we need to get authenticated via user level authentication on smtp... (1 Reply)
Discussion started by: sahil_shine
1 Replies
9. Solaris
Dears,
Is there any way to secure ftp communication using transport layer security authentication /auth tls/? My background is solaris 10, wuftp. Scanned Solaris hosts in our network and found some insecure communications. Read all documents from oracle.com. But cannot find anything about... (1 Reply)
Discussion started by: sembii
1 Replies
LEARN ABOUT CENTOS
password-auth-ac
SYSTEM-AUTH-AC(5) File Formats Manual SYSTEM-AUTH-AC(5) NAME
system-auth-ac, password-auth-ac, smartcard-auth-ac, fingerprint-auth-ac, postlogin-ac - Common configuration files for PAMified services written by authconfig(8) SYNOPSIS
/etc/pam.d/system-auth-ac DESCRIPTION
The purpose of this configuration file is to provide common configuration file for all applications and service daemons calling PAM library. The system-auth configuration file is included from all individual service configuration files with the help of the include directive. When authconfig(8) writes the system PAM configuration file it replaces the default system-auth file with a symlink pointing to system-auth-ac and writes the configuration to this file. The symlink is not changed on subsequent configuration changes even if it points elsewhere. This allows system administrators to override the configuration written by authconfig. The authconfig now writes the authentication modules also into additional PAM configuration files /etc/pam.d/password-auth-ac, /etc/pam.d/smartcard-auth-ac, and /etc/pam.d/fingerprint-auth-ac. These configuration files contain only modules which perform authentica- tion with the respective kinds of authentication tokens. For example /etc/pam.d/smartcard-auth[-ac] will not contain pam_unix and pam_ldap modules and /etc/pam.d/password-auth[-ac] will not contain pam_pkcs11 and pam_fprintd modules. The file /etc/pam.d/postlogin-ac contains common services to be invoked after login. An example can be a module that encrypts an user's filesystem or user's keyring and is decrypted by his password. The PAM configuration files of services which are accessed by remote connections such as sshd or ftpd now include the /etc/pam.d/password- auth configuration file instead of /etc/pam.d/system-auth. EXAMPLE
Configure system to use pam_tally2 for configuration of maximum number of failed logins. Also call pam_access to verify if access is allowed. Make system-auth symlink point to system-auth-local which contains: auth requisite pam_access.so auth requisite pam_tally2.so deny=3 lock_time=30 unlock_time=3600 auth include system-auth-ac account required pam_tally2.so account include system-auth-ac password include system-auth-ac session include system-auth-ac BUGS
None known. SEE ALSO
authconfig(8), authconfig-gtk(8), pam(8), system-auth(5) Red Hat, Inc. 2010 March 31 SYSTEM-AUTH-AC(5)