Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Configure native ldap client on Solaris 10
Special Forums IP Networking Proxy Server Configure native ldap client on Solaris 10 Post 302903363 by sultano on Tuesday 27th of May 2014 06:05:55 AM
Old 05-27-2014
Configure native ldap client on Solaris 10
Hi guys. First, sorry for my english, I´m tried to write the best form but sure I´m not do it.
I´m tried to configure the native ldap client on Solaris 10 but yet dosen't work. May be the problem is in the pam.conf or something like that.

This is the line I was applied to configure the ldapclient:
Code:
ldapclient -vv manual -a credentialLevel=proxy -a  domainName=domine.com.ar -a  proxyDN="cn=sultano,ou=userspecial,ou=user,o=sultano" -a  proxyPassword='passwd' -a authenticationMethod=simple -a  defaultSearchBase=ou=userspecial,ou=user,o=sultano 10.10.10.10:389

When I check the configure I see this:
Code:
 -bash-3.2# ldapclient list
Unable to set locale.
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=sultano,ou=userspecial,ou=user,o=sultano
NS_LDAP_BINDPASSWD= {NS1}f170edf81e61e0678pb320e1
NS_LDAP_SERVERS= 10.10.10.10:389
NS_LDAP_SEARCH_BASEDN= ou=userspecial,ou=user,o=sultano
NS_LDAP_AUTH= simple
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= proxy
-bash-3.2#
-bash-3.2# svcs -a | grep ldap
online         17:45:11 svc:/network/ldap/client:default
-bash-3.2#

May be the connection to the ldap server works fine:
Code:
-bash-3.2# ldaplist
dn: cn=sultano,ou=userspecial,ou=user,o=sultano
-bash-3.2#

This is my pam.conf and my nsswitch.conf:

/etc/pam.conf
Code:
#
# MODIFICADO LDAP
#
# Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
#
# PAM configuration
#
#
login   auth requisite          pam_authtok_get.so.1
login   auth required           pam_dhkeys.so.1
login   auth required           pam_unix_cred.so.1
login   auth sufficient           pam_unix_auth.so.1
login   auth required           pam_dial_auth.so.1
login   auth required           pam_ldap.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin  auth sufficient         pam_rhosts_auth.so.1
rlogin  auth requisite          pam_authtok_get.so.1
rlogin  auth required           pam_dhkeys.so.1
rlogin  auth required           pam_unix_cred.so.1
rlogin  auth sufficient         pam_unix_auth.so.1
rlogin  auth required           pam_ldap.so.1
#
# Kerberized rlogin service
#
krlogin auth required           pam_unix_cred.so.1
krlogin auth required           pam_krb5.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh     auth sufficient         pam_rhosts_auth.so.1
rsh     auth required           pam_unix_cred.so.1
#
# Kerberized rsh service
#
krsh    auth required           pam_unix_cred.so.1
krsh    auth required           pam_krb5.so.1
#
# Kerberized telnet service
#
ktelnet auth required           pam_unix_cred.so.1
ktelnet auth required           pam_krb5.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp     auth requisite          pam_authtok_get.so.1
ppp     auth required           pam_dhkeys.so.1
ppp     auth required           pam_unix_cred.so.1
ppp     auth sufficient           pam_unix_auth.so.1
ppp     auth required           pam_dial_auth.so.1
ppp     auth required           pam_ldap.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other   auth requisite          pam_authtok_get.so.1
other   auth required           pam_dhkeys.so.1
other   auth required           pam_unix_cred.so.1
other   auth sufficient         pam_unix_auth.so.1
other   auth required           pam_dial_auth.so.1
other   auth required           pam_ldap.so.1
#
# passwd command (explicit because of a different authentication module)
#
passwd  auth sufficient         pam_passwd_auth.so.1
passwd  auth required           pam_ldap.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron    account required        pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other   account sufficient      pam_ldap.so.1
other   account requisite       pam_roles.so.1
other   account required        pam_unix_account.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other   session required        pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other   password required       pam_dhkeys.so.1
other   password requisite      pam_authtok_get.so.1
# Password construction requirements apply to all users.
# Remove force_check to have the traditional authorized administrator
# bypass of construction requirements.
other   password requisite      pam_authtok_check.so.1 force_check
other   password required       pam_authtok_store.so.1
#
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#

/etc/nsswitch.conf
Code:
#
# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# ident "@(#)nsswitch.ldap      1.10    06/05/03 SMI"

#
# /etc/nsswitch.ldap:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses LDAP in conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.

# LDAP service requires that svc:/network/ldap/client:default be enabled
# and online.

# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd:     files ldap
group:      files ldap

# consult /etc "files" only if ldap is down.
#hosts:      ldap [NOTFOUND=return] files # Commented out by DHCP
hosts: ldap dns [NOTFOUND=return] files # Added by DHCP

# Note that IPv4 addresses are searched for in all of the ipnodes databases
# before searching the hosts databases.
#ipnodes:    ldap [NOTFOUND=return] files # Commented out by DHCP
ipnodes: ldap dns [NOTFOUND=return] files # Added by DHCP

networks:   ldap [NOTFOUND=return] files
protocols:  ldap [NOTFOUND=return] files
rpc:        ldap [NOTFOUND=return] files
ethers:     ldap [NOTFOUND=return] files
netmasks:   ldap [NOTFOUND=return] files
bootparams: ldap [NOTFOUND=return] files
publickey:  ldap [NOTFOUND=return] files

netgroup:   ldap

automount:  files ldap
aliases:    files ldap

# for efficient getservbyname() avoid ldap
services:   files ldap

printers:   user files ldap

auth_attr:  files ldap
prof_attr:  files ldap

project:    files ldap

tnrhtp:     files ldap
tnrhdb:     files ldap

I have no experience administering Solaris now and although I have read many guides and documentation to configure the ldap client does not work yet. Surely I'm doing something wrong to set it up.

Would greatly appreciate your help or any comments to solve.

Thanks
Last edited by sultano; 05-27-2014 at 12:21 PM.. Reason: typing error
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

AIX v5.3 LDAP CLIENT and AD

Has anyone successfully authenticated unix users via Active Directory using LDAP client on AIX v5.2 or v5.3?? ldapsearch from our unix box retrieves info from AD but having trouble authenticating unix id when I logon - get a msg ': 3004-318 Error obtaining the user's password information'. Not... (0 Replies)
Discussion started by: DANNYC
0 Replies

2. Solaris

ldap client fails to start under solaris 10

I have an issue here with ldap client. It stoped and won't start. What I have got: sadm $ tail /var/adm/messages Apr 16 09:17:24 hostname inetd: libsldap: Status: 2 Mesg: Unable to load configuration '/var/ldap/ldap_client_file' (''). Apr 16 09:17:24 hostname inetd: libsldap: Status: 2 ... (3 Replies)
Discussion started by: aixlover
3 Replies

3. Solaris

How to configure netbackup client in Solaris 9 & 10

Hi Experts Though I am aware that I am asking some thing which I should not ask here, however I am sure that there are many who must be have configure netback client in solaris 9 and 10. Please help /direct me towards some link as how and what all is required to configure Veritas... (4 Replies)
Discussion started by: kumarmani
4 Replies

4. Solaris

How to Configure DNS bind 9 with Ldap back-end

My environmnet : solaris 10 u 7 sparc To configure DNS bind use Ldap as zone record database, I use bind 9.7.0 and sun directory 5.2 I do follow http://imil.net/docs/Configuring_DNS_zones_with_LDAP.txt and stuck at make install Error from bind log "database: error: unsupported database... (0 Replies)
Discussion started by: tien86
0 Replies

5. Red Hat

Configure Samba with Remote LDAP for Authentications.

I am working on configuring Samba with Remote LDAP for Authentications but facing issue on the same. I googled for the this but most of the setup is to connect local Samba and LDAP with samba-ldap tools but in my case this is on a separate machines. Please help me to configure this. ... (0 Replies)
Discussion started by: sunnysthakur
0 Replies

6. Solaris

Configure Solaris 10 as a RADIUS Client

Hello, I have a solaris 10 U 8 and want it to authenticate any user against a remote RADIUS server and return it's appropriate privileges on the system First is it possible? and if yes, How I can do it? please a consider I'm a little "newbie" on Solaris world Thanks in advance! (0 Replies)
Discussion started by: basim
0 Replies

7. AIX

AIX 5.2 ldap client AD

I have been able to configure on an AIX 5.2 ldap.cfg so service starts correctly. but when I try to log on with a windows user after entering the password login hangs and get no response. I have set it up on Aix 5.3 with no problem but in Aix 5.2 I have not been able to log in. ldap.cfg... (1 Reply)
Discussion started by: laxtnog
1 Replies

8. Solaris

LDAP server and client configuration in Solaris 10

How do i install ldap server and client in solaris server how to configure ldap server and client please help me (1 Reply)
Discussion started by: ainstin
1 Replies

9. UNIX for Advanced & Expert Users

Configure samba with PAM point 2 different LDAP

Hi, I would like to configure samba with PEM (with LDAP). I've already found, on the server, configured the PAM Authentication(with LDAP) for ssh. I wanted to know if it was possible to configure PAM for to authenticate to another LDAP only for SAMBA. Is possibile duplicate the... (2 Replies)
Discussion started by: mark888
2 Replies

10. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies
All times are GMT -4. The time now is 02:58 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy