01-08-2018
Yes, still running Solaris 8 (end of extended support 2012) and 9 servers (end of extended support 2014) means security is not a top priority in your shop.
Moving to LDAP is definitely the recommended way to provide secure distributed authentication but that's not something you do overnight.
Is your environment only using Solaris or also other Unix/Linux OSes?
Do you already have an ldap service somewhere? Does it already contains entries for your unix users?
Do you require a commercially supported solution?
Last edited by jlliagre; 01-08-2018 at 08:29 AM..
This User Gave Thanks to jlliagre For This Post:
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hello all,
I'm not sure if this is the right forum, but I would like to know if Redhat running NIS ( not NIS +) would have conflict with Solaris running NIS+. Currently I am running NIS+ on Solaris but will be adding RedHat to the network. I seem to be unable to find and information regarding... (2 Replies)
Discussion started by: larry
2 Replies
2. UNIX for Dummies Questions & Answers
Hello all,
I am wondering if anyone had success with installing a redhat linux (PC box) on a Solaris NIS+ network. I have gotten information on how to do this but have been unsuccessful. The information that I have gotten is a little out dated and is not 100%. ... (0 Replies)
Discussion started by: larry
0 Replies
3. UNIX for Advanced & Expert Users
I am running a DNS/NIS server on and older 2.6 system. I would like to move it to a newer system running Sol9. I have not found a good HOWTO and was looking for some advice.
Thanks in advance.
Dave (4 Replies)
Discussion started by: dlalonde
4 Replies
4. Solaris
Hi all,
Recently i have implemented NIS functionality in solaris 10 and i have created server and client with user in server side by giving
useradd -d /export/home/user1 -m -s /bin/sh user1
after that I went to /var/yp dir and give /usr/ccs/bin/make so that it will refelect to client... (2 Replies)
Discussion started by: esungoe
2 Replies
5. Solaris
We set-up master/slave servers for NIS on Solaris10 Sparc. We are trying to synchronize them in such a way that if one server is down then other server would pick-up and also do load balancing. We are stuck on this part. Do you have any documentation or point to the documentation where we get some... (1 Reply)
Discussion started by: anandp14
1 Replies
6. Solaris
Hello
How can I check to see when nis server is starting? I look at /etc/rc2.d/ but I don't see it in there.
Every time we have power outage problem. I have to start autof service manual. So I think it might have to do with nis server services. (1 Reply)
Discussion started by: congngo
1 Replies
7. Solaris
Hi,
I have a Solaris 10 machine and trying to connect it to a Linux NIS Server. Up till now I have set up NIS so that it does find the NIS server and gets the user list.
Automounter also mounts some directories from an NFS server.
However, I can't get it to map the shadow passwords (they... (4 Replies)
Discussion started by: dop
4 Replies
8. UNIX for Advanced & Expert Users
Hi,
I hope somebody can help me. I wand to Move my NIS server on Solaris 10
(there are 2 Slaves on Linux) to CentOS7.
Do you have any procedures or experience to do this?
Thanking in anticipation! (2 Replies)
Discussion started by: Penguin99
2 Replies
9. Solaris
Sys admin has provided me username and password and advised that solaris uses nis (and then I've been given hostnames).
I've downloaded putty but it gives me authentication failure. Nothing special I have to do if its NIS authentication? (1 Reply)
Discussion started by: psychocandy
1 Replies
10. Solaris
ypcat passwd | grep "user"
- shows the user
userdel "user"
says "user does not exist"
What am I doing wrong? (1 Reply)
Discussion started by: psychocandy
1 Replies
LEARN ABOUT OPENDARWIN
ldapwhoami
LDAPWHOAMI(1) General Commands Manual LDAPWHOAMI(1)
NAME
ldapwhoami - LDAP who am i? tool
SYNOPSIS
ldapwhoami [-n] [-v] [-z] [-d debuglevel] [-D binddn] [-W] [-w passwd] [-y passwdfile] [-H ldapuri] [-h ldaphost] [-p ldapport] [-O secu-
rity-properties] [-I] [-Q] [-U authcid] [-R realm] [-x] [-X authzid] [-Y mech] [-Z[Z]]
DESCRIPTION
ldapwhoami implements the LDAP "Who Am I?" extended operation.
ldapwhoami opens a connection to an LDAP server, binds, and performs a whoami operation.
OPTIONS
-n Show what would be done, but don't actually perform the whoami operation. Useful for debugging in conjunction with -v.
-v Run in verbose mode, with many diagnostics written to standard output.
-d debuglevel
Set the LDAP debugging level to debuglevel. ldapcompare must be compiled with LDAP_DEBUG defined for this option to have any
effect.
-x Use simple authentication instead of SASL.
-D binddn
Use the Distinguished Name binddn to bind to the LDAP directory.
-W Prompt for simple authentication. This is used instead of specifying the password on the command line.
-w passwd
Use passwd as the password for simple authentication.
-y passwdfile
Use complete contents of passwdfile as the password for simple authentication.
-H ldapuri
Specify URI(s) referring to the ldap server(s).
-h ldaphost
Specify an alternate host on which the ldap server is running. Deprecated in favor of -H.
-p ldapport
Specify an alternate TCP port where the ldap server is listening. Deprecated in favor of -H.
-P 2|3 Specify the LDAP protocol version to use.
-O security-properties
Specify SASL security properties.
-I Enable SASL Interactive mode. Always prompt. Default is to prompt only as needed.
-Q Enable SASL Quiet mode. Never prompt.
-U authcid
Specify the authentication ID for SASL bind. The form of the ID depends on the actual SASL mechanism used.
-R realm
Specify the realm of authentication ID for SASL bind. The form of the realm depends on the actual SASL mechanism used.
-X authzid
Specify the requested authorization ID for SASL bind. authzid must be one of the following formats: dn:<distinguished name> or
u:<username>
-Y mech
Specify the SASL mechanism to be used for authentication. If it's not specified, the program will choose the best mechanism the
server knows.
-Z[Z] Issue StartTLS (Transport Layer Security) extended operation. If you use -ZZ, the command will require the operation to be success-
ful.
EXAMPLE
ldapwhoami -x -D "cn=Manager,dc=example,dc=com" -W
SEE ALSO
ldap.conf(5), ldap(3), ldap_extended_s(3)
AUTHOR
The OpenLDAP Project <http://www.openldap.org/>
ACKNOWLEDGEMENTS
OpenLDAP is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). OpenLDAP is derived from University of Michigan
LDAP 3.3 Release.
OpenLDAP 2.1.X RELEASEDATE LDAPWHOAMI(1)