Sudo not working on LDAP client machine


 
Thread Tools Search this Thread
Operating Systems Solaris Sudo not working on LDAP client machine
# 1  
Old 10-21-2016
Sudo not working on LDAP client machine

Hi,

I have configured ldap manually on solaris 10/11 machine with below entries:
Code:
# ldapclient list |grep sudo
NS_LDAP_SERVICE_SEARCH_DESC= sudoers:ou=SUDOers,dc=exm,dc=ple,dc=com
# cat /etc/nsswitch.conf |grep -i sudo
sudoers:        files ldap
#

But groups available in LDAP server sudoers are not able to login to the client machine(Sudo is not taking from LDAP server). Could anyone help on this?

Thanks in advance!

Regards,
Sridaran G
# 2  
Old 10-22-2016
Where, precisely, is your sudoers file?

Why this capitalization?
Code:
ou=SUDOers

# 3  
Old 10-22-2016
Can you clarify what Solaris release you are using (cat /etc/release), tell where did you get the sudo command and also post the output of "sudo -V" ?
This User Gave Thanks to jlliagre For This Post:
# 4  
Old 10-24-2016
Hello Jim,

sudoers file path : /etc/sudoers on the client machine.
The capitalization is because: on LDAP we defined the sudoers OU as : SUDOers which is why we mentioned the same in the client machine as well.
# 5  
Old 10-24-2016
Hello Jlliagre,

I have attached the release and sud -V details.

Also please find the sudo -l output from solaris 10 machine:

Code:
# sudo -l
LDAP Config Summary
===================
host             server.example.com
port             -1
ldap_version     3
sudoers_base     ou=SUDOers,dc=exm,dc=ple,dc=com
binddn           cn=xxxx,ou=xxxx,ou=xxxx,dc=exm,dc=ple,dc=com
bindpw           xxxxxx
timelimit        120000
ssl              start_tls
tls_checkpeer    (yes)
tls_certfile     /var/ldap/cert8.db
===================
sudo: ldapssl_clientauth_init(/var/ldap/cert8.db, NULL)
sudo: ldapssl_clientauth_init(/var/ldap, NULL)
sudo: ldapssl_init(server.example.com, 389, 0)
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: timelimit -> 120000
sudo: start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()
sudo: ldap_sasl_bind_s(): Confidentiality required
User root may run the following commands on this host:
    (ALL) ALL
#


Moderator's Comments:
Mod Comment Please use CODE tags as required by forum rules!

Last edited by RudiC; 10-24-2016 at 09:56 AM.. Reason: Added CODE tags.
# 6  
Old 10-24-2016
Ok, so you have both Solaris 10 and Solaris 11 machines. Is the issue present on both or only the Solaris 10 ones?
# 7  
Old 10-25-2016
Yes, issue persist on both solaris 10 and 11.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

2. AIX

AIX 5.2 ldap client AD

I have been able to configure on an AIX 5.2 ldap.cfg so service starts correctly. but when I try to log on with a windows user after entering the password login hangs and get no response. I have set it up on Aix 5.3 with no problem but in Aix 5.2 I have not been able to log in. ldap.cfg... (1 Reply)
Discussion started by: laxtnog
1 Replies

3. Linux

Unable to connect to Server machine from a client machine using ftp service

Hi, Could you please help me with the below issue.. I'm running RHEL6 OS on both server (192.168.0.10) and client machines (192.168.0.1). I'm trying to connect to server from the client machine using ftp service. I have installed vsftpd daemon on both the machines. I'm getting... (4 Replies)
Discussion started by: raosr020
4 Replies

4. Solaris

machine server and machine client

Hello, i need to create a communication between two machines solaris 2 installed in VM workstation; to begin with NFS and do these : Machine A : share -F nfs /opt and in Machine B : mount -F nfs machineA:/opt /mnt also share -F nfs -o rw=machineB /opt and in B mount -F nfs... (0 Replies)
Discussion started by: herbich1985
0 Replies

5. UNIX for Advanced & Expert Users

LDAP client issue

Hello, I'm new to Centos and to openldap. I am by trade a Solaris Admin. I'm experimenting with openldap and thought Linux would be easier to install and setup openldap on, so far this is true. The problem I'm having is that I can't get the client server to authenticate to the openldap server. I... (1 Reply)
Discussion started by: bitlord
1 Replies

6. Solaris

LDAP client config GSSAPI

Configure ldap client: I have configured my ldapclient with the AuthenticationMethod=simple and with the credentialLevel=proxy. However, as soon as i want to set the AuthenticationMethod=sasl/GSSAPI, and credentiallevel=self, then it fails to configure. Kerberos is already setup successfully. The... (0 Replies)
Discussion started by: Henk Trumpie
0 Replies

7. AIX

Where to download ldap.client lpp

Hello, I am trying to configure an AIX machina to authenticate against a Windows 2003 AD, and I am desesperately trying to find the ldap.client lpp in the internet. I am using AIX 5.3 and I don't have access to the DVD media, please help! Thankyou, Tiago (2 Replies)
Discussion started by: tiagoskid
2 Replies

8. Solaris

LDAP client config.

Hi Gurus I am a novice in LDAP and need to configure an LDAP client(Solaris 10). The client has to bind to an AD for LDAP queries. I have created a user called testbind in AD for binding purpose. I am planning to configure LDAP client manually(as the requirement is as such). This is the... (16 Replies)
Discussion started by: Renjesh
16 Replies

9. UNIX for Dummies Questions & Answers

Link type between working machine and server machine

There are two servers where my machine is connected. Is there any type of link formed between my machine and server machine? (1 Reply)
Discussion started by: palash2k
1 Replies

10. UNIX for Dummies Questions & Answers

AIX v5.3 LDAP CLIENT and AD

Has anyone successfully authenticated unix users via Active Directory using LDAP client on AIX v5.2 or v5.3?? ldapsearch from our unix box retrieves info from AD but having trouble authenticating unix id when I logon - get a msg ': 3004-318 Error obtaining the user's password information'. Not... (0 Replies)
Discussion started by: DANNYC
0 Replies
Login or Register to Ask a Question

Featured Tech Videos