Only for testing/learning I have setup a windows 2000 server with active directory
I connect to it a Solaris 10 machine "client".
I want Solaris10 take users from AD
I have follow this guide..
a)Setup active directory environment+services for UNIX
OK
b)I have created two users,one for ldap search(called proxyldap) and another for solaris server called host-solaris10
on AD windows 2000 server
c)I have create a kerberos keytab on Windows 2000 AD and copy to /etc/krb5.keytab of solaris
ldapclient manual \
-a credentialLevel=proxy \
-a authenticationMethod=simple \
-a proxyDN=cn=proxyldap,cn=Users,dc=site,dc=fake \
-a proxyPassword=***** \
-a defaultSearchBase=dc=site,dc=fake \
-a defaultSearchScope=sub \
-a domainName=site.bac \
-a "preferredServerList=10.6.0.1" \
-a "defaultServerList=10.6.0.1" \
-a followReferrals=false \
-a attributeMap=group:userpassword=userPassword \
-a attributeMap=group:gmemberuid=memberUid \
-a attributeMap=group:gidnumber=gidNumber \
-a attributeMap=passwd:uid=cn \
-a attributeMap=passwd:gidnumber=gidNumber \
-a attributeMap=passwd:uidnumber=uidNumber \
-a attributeMap=passwd:homedirectory=unixHomeDirectory \
-a attributeMap=passwd:loginshell=loginShell \
-a attributeMap=shadow:uid=cn \
-a attributeMap=shadow:shadowflag=shadowFlag \
-a attributeMap=shadow:userpassword=userPassword \
-a objectClassMap=group:posixGroup=group \
-a objectClassMap=passwd:posixAccount=user \
-a objectClassMap=shadow:shadowAccount=user \
-a serviceSearchDescriptor=passwd:dc=site,dc=fake?sub \
-a serviceSearchDescriptor=group:dc=site,dc=fake?sub
f)Now configure /etc/nsswitch.conf
Code:
#
# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#
# /etc/nsswitch.dns:
#
# An example file that could be copied over to /etc/nsswitch.conf; it uses
# DNS for hosts lookups, otherwise it does not use any other naming service.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# DNS service expects that an instance of svc:/network/dns/client be
# enabled and online.
passwd: files ldap
group: files ldap
# You must also set up the /etc/resolv.conf file for DNS name
# server lookup. See resolv.conf(4).
hosts: files dns
# Note that IPv4 addresses are searched for in all of the ipnodes databases
# before searching the hosts databases.
ipnodes: files dns
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
# At present there isn't a 'files' backend for netgroup; the system will
# figure it out pretty quickly, and won't use netgroups at all.
netgroup: files
automount: files
aliases: files
services: files
printers: user files
auth_attr: files
prof_attr: files
project: files
tnrhtp: files
tnrhdb: files
and pam.conf
Code:
#
#ident "@(#)pam.conf 1.32 11/04/08 SMI"
#
# Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
#
# PAM configuration
#
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
#
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
login auth required pam_ldap.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth required pam_unix_auth.so.1
#
# Kerberized rlogin service
#
krlogin auth required pam_unix_cred.so.1
krlogin auth required pam_krb5.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_cred.so.1
#
# Kerberized rsh service
#
krsh auth required pam_unix_cred.so.1
krsh auth required pam_krb5.so.1
#
# Kerberized telnet service
#
ktelnet auth required pam_unix_cred.so.1
ktelnet auth required pam_krb5.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_unix_cred.so.1
ppp auth required pam_unix_auth.so.1
ppp auth required pam_dial_auth.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth sufficient pam_krb5.so.1
other auth required pam_unix_cred.so.1
other auth required pam_unix_auth.so.1
other auth required pam_ldap.so.1
#
# passwd command (explicit because of a different authentication module)
#
passwd auth required pam_passwd_auth.so.1
passwd auth required pam_ldap.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account requisite pam_roles.so.1
other account sufficient pam_unix_account.so.1
other account required pam_ldap.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
# Password construction requirements apply to all users.
# Remove force_check to have the traditional authorized administrator
# bypass of construction requirements.
other password requisite pam_authtok_check.so.1 force_check
other password required pam_authtok_store.so.1
#
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#
I am a real newbie to linux/unix and need alot of help. I have been trying to find through books and internet , how to change the network properties(ip address,subnet mask, protocols,ect..)But I cant seem to find out how.Also do I need to install samba to network to other windows machines on a peer... (2 Replies)
Hello,
We use an WIN2000 NT Server and some Unix (Scitex Brisque) in our prepress network.
We want to create a folder onto the unix machine which is visible for the NTServer. The nfs apllication is Disk Acces.
The people at scitex told me to that I'd to make an export folder so the unix... (3 Replies)
I have successfully installed Slackware 8.0 on a disk and Windows 2000 on the other. The win-disk being the master and linux-disk the slave. I do multi booting via LILO and everything works great.
But recently I've decided to remove the harddrive with linux on and put it in another computer.... (6 Replies)
I want to know if there is any problem that install windows2000 and unix or linux on same computer.I partition my harddisk to 4,
3 of 4 are NTFS, 1 is FAT32, I want to install unix or linux on this partition.how should I do??? (6 Replies)
I just download solaris 10, from sun.com, I have them ziped in my HD,
How can I install them, so I can run solaris10, my present os is RH9;
THANKS (5 Replies)
Hi All,
I was trying to ftp multiple files from my windows to my linux box, everything gets transfered but unfortunately some of them are corrupted.
I found out that some of the files are in Ascii and some are binary, but since most of the files I'm trying to send are Ascii...the big ones... (2 Replies)
Hello all.
I am a new user Solaris10, on a sunblade100. And I need help.
How to send an e-mail on command line under solaris 10 ?
I try mailx-s "subject" snacks@yahoo.fr without success.
I would like to know why?
What files do I configure?
Thank you in advance.
best regards. (3 Replies)
hi to all,
I am newuser can anyone tell me from where i get the sun solaris 10 dumps.
plz mail me at (no email addresses - read the RULES of these forums) (2 Replies)
Hi All
How can we verify if any of the parameters we have change in Solaris10 after reboot. Like is there any command? Please advice
Thanks (3 Replies)
I want to run solaris10 with my pxelinux server
i put on pxelinux.cfg/default this
LABEL solaris 10
kernel mboot.c32
append -solaris solaris/boot/platform/i86pc/kernel/unix -v -m verbose install dhcp nowin nfs://192.168.0.2/jumpstart/config.tar -B install_media=192.168.0.2:/solaris... (0 Replies)