[Date Prev][Date Next] [Chronological] [Thread] [Top]

Solaris 8 CDE problem after configuring LDAP



Hello everyone,
I hope that someone out there can help me with this problem.  I have set up
an OpenLDAP server and have had no problem with the RedHat 8 clients
authenticating against it.  I even had no trouble getting a Mac OS X client
authenticating.  However, when my first Solaris 8 client is exhibiting a
strange problem.  SSH works fine (I had to recompile with PAM support) and I
am able to login to the CDE no problem.  However, when I try to exit or lock
the CDE it gives me an
Action: ExitSession [Error]
The request to service this action has failed for the following reason:
TT_ERR_NO_MATCH  There is no running program to handle this
message, nor is there a static ptype to start such a program.  Check
whether the application needs to install ptypes using...(error window runs
off of screen)
It is impossible to exit the CDE without killing the process.

I am hardly a Solaris Administrator so I hope someone has an idea.  I have
searched the internet and found some similar problems but none that seemed
to involve PAM or LDAP.  This is a pretty basic installation of Solaris NOT
running ToolTalk though.  CDE is not essential for this LDAP environment but
it would be preferable.  I know the pam.conf file below is a bit messy, I
have been trying different configurations to get it to work.  However, since
it could be something in the nsswitch.conf or the LDAP DIT itself I figured
I would post to those lists as well.
Thanks in advance for any help
Chris Whalen


Solaris 8
pam_ldap-1.5.7
nss_ldap-2.0.3

PAM.CONF
#
# Copyright (c) 1996-2000 by Sun Microsystems, Inc.
# All rights reserved.
#
# PAM configuration
#
# Authentication management
#
login           auth    sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
login           auth    sufficient  /usr/lib/security/$ISA/pam_unix.so.1
login           auth    required
/usr/lib/security/$ISA/pam_dial_auth.so.1
#
#rlogin         auth    sufficient
/usr/lib/security/$ISA/pam_rhosts_auth.so.1
#rlogin         auth    required        /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin        auth    sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
dtlogin         auth    required        /usr/lib/security/$ISA/pam_unix.so.1
#
#rsh            auth    required
/usr/lib/security/$ISA/pam_rhosts_auth.so.1
other           auth    sufficient /usr/lib/security/$ISA/pam_ldap.so.1
other           auth    required   /usr/lib/security/$ISA/pam_unix.so.1
#
# Account management
#
login           account requisite
/usr/lib/security/$ISA/pam_roles.so.1
login           account sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
login           account required
/usr/lib/security/$ISA/pam_projects.so.1
login           account sufficient      /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin        auth    sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
dtlogin         account requisite
/usr/lib/security/$ISA/pam_roles.so.1
dtlogin         account required
/usr/lib/security/$ISA/pam_projects.so.1
dtlogin        account sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
dtlogin         account required        /usr/lib/security/$ISA/pam_unix.so.1
#
other           account sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
other           account requisite
/usr/lib/security/$ISA/pam_roles.so.1
other           account required
/usr/lib/security/$ISA/pam_projects.so.1
other           account sufficient      /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
other           session sufficient      /usr/lib/security/$ISA/pam_ldap.so.1
other           session sufficient      /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
other           password sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
other           password sufficient     /usr/lib/security/$ISA/pam_unix.so.1
dtlogin        auth     sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
dtsession      auth     sufficient /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin         auth    optional        /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#login          auth    optional        /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#dtlogin        auth    optional        /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#other          auth    optional        /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#dtlogin        account optional        /usr/lib/security/$ISA/pam_krb5.so.1
#other          account optional        /usr/lib/security/$ISA/pam_krb5.so.1
#other          session optional        /usr/lib/security/$ISA/pam_krb5.so.1
#other          password optional       /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#
# Support for Solaris PPP (sppp)
#ppp     auth    required        /usr/lib/security/$ISA/pam_unix.so.1
#ppp     auth    required        /usr/lib/security/$ISA/pam_dial_auth.so.1
#ppp     account requisite       /usr/lib/security/$ISA/pam_roles.so.1
#ppp     account required        /usr/lib/security/$ISA/pam_projects.so.1
#ppp     account required        /usr/lib/security/$ISA/pam_unix.so.1
#ppp     session required        /usr/lib/security/$ISA/pam_unix.so.1

sshd    auth            sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
sshd    auth            sufficient      /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
sshd    account         sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
sshd    account         sufficient      /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
sshd    password        sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
sshd    password        sufficient      /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass

NSSWITCH.CONF

#
# /etc/nsswitch.dns:
#
# An example file that could be copied over to /etc/nsswitch.conf; it uses
# DNS for hosts lookups, otherwise it does not use any other naming service.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.

passwd:     files       ldap
group:      files       ldap

# You must also set up the /etc/resolv.conf file for DNS name
# server lookup.  See resolv.conf(4).
hosts:      files dns
ipnodes:    files
# Uncomment the following line and comment out the above to resolve
# both IPv4 and IPv6 addresses from the ipnodes databases. Note that
# IPv4 addresses are searched in all of the ipnodes databases before
# searching the hosts databases. Before turning this option on, consult
# the Network Administration Guide for more details on using IPv6.
#ipnodes:   files dns

networks:   files
protocols:  files
rpc:        files
ethers:     files
netmasks:   files  
bootparams: files
publickey:  files
# At present there isn't a 'files' backend for netgroup;  the system will
#   figure it out pretty quickly, and won't use netgroups at all.
netgroup:   files
automount:  files
aliases:    files
services:   files
sendmailvars:   files
printers:       user files

auth_attr:  files
prof_attr:  files
project:    files