Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Help with Solaris 10 and ldapclient authentication
Operating Systems Solaris Help with Solaris 10 and ldapclient authentication Post 302687507 by bitlord on Thursday 16th of August 2012 04:35:06 PM
Old 08-16-2012
Did you modify your db on the LDAP server? Below I have pasted some output from my Test server at work. Notice the NIS objects.

Now the ldapclient manual is not all that needs to be done. Don't forget to use the other sub commands, like mod, genprofile, init and uninit. After you get the 1st Solaris server working you should only need to use the init sub command for the rest of the Solaris servers.

I also have some automout/autofs stuff in there as well. I'm not sure if I I got that part working in the lab or not. I haven't touched LDAP in over 6 mouths. A note on the user accounts. I think that the accounts called user# worked but the test accounts didn't. So test and keep that in mind.

Code:
ldapsearch -x
# extended LDIF 
# 
# LDAPv3 
# base <> with scope subtree 
# filter: (objectclass=*) 
# requesting: ALL 
#
  
# test.net dn: dc=test,dc=net 
o: Organisation Name 
objectClass: top objectClass: domain 
objectClass: domainRelatedObject 
objectClass: dcObject 
objectClass: nisDomainObject
dc: test 
associatedDomain: test.net 
nisDomain: test.net
  
# Hosts, test.net 
dn: ou=Hosts,dc=test,dc=net 
ou: Hosts 
objectClass: top 
objectClass: organizationalUnit
  
# Rpc, test.net dn: ou=Rpc,dc=test,dc=net 
ou: Rpc 
objectClass: top 
objectClass: organizationalUnit
  
# Services, test.net 
dn: ou=Services,dc=test,dc=net 
ou: Services 
objectClass: top 
objectClass: organizationalUnit
  
# netgroup.byuser, test.net 
dn: nisMapName=netgroup.byuser,dc=test,dc=net 
nisMapName: netgroup.byuser 
objectClass: top 
objectClass: nisMap
  
# Mounts, test.net 
dn: ou=Mounts,dc=test,dc=net 
ou: Mounts 
objectClass: top 
objectClass: organizationalUnit
  
# Networks, test.net 
dn: ou=Networks,dc=test,dc=net 
ou: Networks 
objectClass: top 
objectClass: organizationalUnit
  
# People, test.net
dn: ou=People,dc=test,dc=net 
ou: People 
objectClass: top 
objectClass: organizationalUnit
  
# Group, test.net 
dn: ou=Group,dc=test,dc=net 
ou: Group objectClass: top 
objectClass: organizationalUnit
  
# Netgroup, test.net 
dn: ou=Netgroup,dc=test,dc=net 
ou: Netgroup 
objectClass: top 
objectClass: organizationalUnit
  
# Protocols, test.net 
dn: ou=Protocols,dc=test,dc=net 
ou: Protocols 
objectClass: top 
objectClass: organizationalUnit
  
# Aliases, test.net 
dn: ou=Aliases,dc=test,dc=net 
ou: Aliases 
objectClass: top 
objectClass: organizationalUnit
  
# netgroup.byhost, test.net 
dn: nisMapName=netgroup.byhost,dc=test,dc=net 
nisMapName: netgroup.byhost 
objectClass: top 
objectClass: nisMap
  
# ldapuser, Group, test.net 
dn: cn=ldapuser,ou=Group,dc=test,dc=net 
objectClass: posixGroup 
objectClass: top 
cn: ldapuser 
gidNumber: 500
  
# user00, People, test.net 
dn: uid=user00,ou=People,dc=test,dc=net 
uid: user00 
cn: user00 
objectClass: account 
objectClass: posixAccount 
objectClass: top 
objectClass: shadowAccount 
shadowMax: 99999 
shadowWarning: 7 
loginShell: /bin/bash 
uidNumber: 600 
gidNumber: 500 
homeDirectory: /home/user00 
gecos: user00
  
# user01, People, test.net 
dn: uid=user01,ou=People,dc=test,dc=net 
uid: user01 
cn: user01 
objectClass: account 
objectClass: posixAccount 
objectClass: top 
objectClass: shadowAccount 
shadowMax: 99999
shadowWarning: 7 
loginShell: /bin/bash 
uidNumber: 601 
gidNumber: 500 
homeDirectory: /home/user01 
gecos: user01
  
# user02, People, test.net 
dn: uid=user02,ou=People,dc=test,dc=net 
uid: user02 
cn: user02 
objectClass: account 
objectClass: posixAccount 
objectClass: top 
objectClass: shadowAccount 
shadowMax: 99999 
shadowWarning: 7 
loginShell: /bin/bash 
uidNumber: 602 
gidNumber: 500 
homeDirectory: /home/user02 
gecos: user02
  
# user03, People, test.net 
dn: uid=user03,ou=People,dc=test,dc=net 
uid: user03 
cn: user03 
objectClass: account 
objectClass: posixAccount 
objectClass: top 
objectClass: shadowAccount 
shadowMax: 99999
 shadowWarning: 7 
loginShell: /bin/bash 
uidNumber: 603 
gidNumber: 500 
homeDirectory: /home/user03 
gecos: user03
  
# test00, People, test.net 
dn: uid=test00,ou=People,dc=test,dc=net 
uid: test00 
cn: test00 
objectClass: account 
objectClass: posixAccount 
objectClass: top 
objectClass: shadowAccount 
shadowMin: 0 
shadowMax: 99999 
shadowWarning: 7 
loginShell: /bin/bash 
uidNumber: 700 
gidNumber: 500 
homeDirectory: /home/test00
  
# test01, People, test.net 
dn: uid=test01,ou=People,dc=test,dc=net
uid: test01 
cn: test01 
objectClass: account 
objectClass: posixAccount 
objectClass: top 
objectClass: shadowAccount 
shadowMin: 0 
shadowMax: 99999 
shadowWarning: 7 
loginShell: /bin/bash 
uidNumber: 701 
gidNumber: 500 
homeDirectory: /home/test01
  
# profile, test.net 
dn: ou=profile,dc=test,dc=net 
objectClass: top 
objectClass: organizationalUnit 
ou: profile
  
# proxyagent, profile, test.net 
dn: cn=proxyagent,ou=profile,dc=test,dc=net 
objectClass: top 
objectClass: person 
sn: proxyagent 
cn: proxyagent
  
# auto.master, test.net 
dn: ou=auto.master,dc=test,dc=net 
objectClass: top 
objectClass: automountMap 
ou: auto.master  

# search result 
search: 2 
result: 0 Success  

# numResponses: 24 
# numEntries: 23

Last edited by bitlord; 08-16-2012 at 05:52 PM..
This User Gave Thanks to bitlord For This Post:
Lilbighorn
 

9 More Discussions You Might Find Interesting

1. Solaris

Authentication of solaris with AAA?

hi i have a lab with routers, switches etc, and i was internet users to authenticate from my solaris server to another AAA server and then they able to access any router or switch. guide me where to start. thanks, Mazhar (2 Replies)
Discussion started by: mazhar99
2 Replies

2. UNIX for Dummies Questions & Answers

Solaris 10: Cannot ssh into machine- authentication issues

Greetings! I just managed to install Solaris 10 on a Sparc based machine. However, there might be a problem with the way ssh is configured. I CAN ssh from the machine into another on the network (same subnet, as root), but then the newly installed machine CANNOT seem to accept incoming ssh... (2 Replies)
Discussion started by: agummad
2 Replies

3. Solaris

configure ldapclient on solaris 10

Hi there, I am looking for a detailed step-by-step how to configure ldapclient on solaris 10. I used ldapclient manual, and edited nsswitch.conf and pam.conf, but it is not working. thank you (2 Replies)
Discussion started by: trtcom1
2 Replies

4. Solaris

Error in LdapClient configuration

Hi all, My code for configuring ldapclient is as follows: ldapclient manual \ -a credentialLevel=proxy \ -a authenticationMethod=simple \ -a proxyDN=cn=proxyagent,cn=user1,dc=sema,dc=com \ -a proxyPassword=user1 \ -a defaultSearchBase=dc=sema,dc=com \ -a domainName=sema.com \ -a... (10 Replies)
Discussion started by: sathya47
10 Replies

5. Solaris

SSH and PAM authentication issues on Solaris 10

This is a zone running Solaris 10u8 on a 6320 blade. The global zone is also running 10u8. One my users is attempting to change his password and getting a following screen: $ ssh remotesys Password: Warning: Your password has expired, please change it now. New Password: Re-enter new... (1 Reply)
Discussion started by: bluescreen
1 Replies

6. Emergency UNIX and Linux Support

Solaris LDAPCLIENT accept CA

Hey Guys, How can I make the Solaris native ldapclient trust a CA? I am trying to use a selfsigned cert and it is not working. WHen I use ssltap to monitor the ssl traffic it shows this for the last client communication: 0: 15 03 01 00 02 02 30 | ......0 (7... (1 Reply)
Discussion started by: s ladd
1 Replies

7. Solaris

ldapclient can not modify attribute

Hello, We have one Solaris 10 machine which has three LDAP servers configured. We want to remove one of them. I tried below ldapclient command however no change is made. ---------------------------------------------------------------------- ldapclient mod -a "defaultServerList=10.149.9.20... (0 Replies)
Discussion started by: alfa_w
0 Replies

8. Shell Programming and Scripting

Send emails on Solaris 10 via relay authentication

Hi, I am looking for a shell/perl script which can used to get authenticate on relay server by a domain user account and password and send emails. Basically in our organisation system level authentication is blocked and we need to get authenticated via user level authentication on smtp... (1 Reply)
Discussion started by: sahil_shine
1 Replies

9. Solaris

Solaris FTP authentication

Dears, Is there any way to secure ftp communication using transport layer security authentication /auth tls/? My background is solaris 10, wuftp. Scanned Solaris hosts in our network and found some insecure communications. Read all documents from oracle.com. But cannot find anything about... (1 Reply)
Discussion started by: sembii
1 Replies
All times are GMT -4. The time now is 01:47 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy