[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Solaris 8 CDE problem after configuring LDAP
Hello everyone,
I hope that someone out there can help me with this problem. I have set up
an OpenLDAP server and have had no problem with the RedHat 8 clients
authenticating against it. I even had no trouble getting a Mac OS X client
authenticating. However, when my first Solaris 8 client is exhibiting a
strange problem. SSH works fine (I had to recompile with PAM support) and I
am able to login to the CDE no problem. However, when I try to exit or lock
the CDE it gives me an
Action: ExitSession [Error]
The request to service this action has failed for the following reason:
TT_ERR_NO_MATCH There is no running program to handle this
message, nor is there a static ptype to start such a program. Check
whether the application needs to install ptypes using...(error window runs
off of screen)
It is impossible to exit the CDE without killing the process.
I am hardly a Solaris Administrator so I hope someone has an idea. I have
searched the internet and found some similar problems but none that seemed
to involve PAM or LDAP. This is a pretty basic installation of Solaris NOT
running ToolTalk though. CDE is not essential for this LDAP environment but
it would be preferable. I know the pam.conf file below is a bit messy, I
have been trying different configurations to get it to work. However, since
it could be something in the nsswitch.conf or the LDAP DIT itself I figured
I would post to those lists as well.
Thanks in advance for any help
Chris Whalen
Solaris 8
pam_ldap-1.5.7
nss_ldap-2.0.3
PAM.CONF
#
# Copyright (c) 1996-2000 by Sun Microsystems, Inc.
# All rights reserved.
#
# PAM configuration
#
# Authentication management
#
login auth sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
login auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
login auth required
/usr/lib/security/$ISA/pam_dial_auth.so.1
#
#rlogin auth sufficient
/usr/lib/security/$ISA/pam_rhosts_auth.so.1
#rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin auth sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
#
#rsh auth required
/usr/lib/security/$ISA/pam_rhosts_auth.so.1
other auth sufficient /usr/lib/security/$ISA/pam_ldap.so.1
other auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Account management
#
login account requisite
/usr/lib/security/$ISA/pam_roles.so.1
login account sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
login account required
/usr/lib/security/$ISA/pam_projects.so.1
login account sufficient /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin auth sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
dtlogin account requisite
/usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required
/usr/lib/security/$ISA/pam_projects.so.1
dtlogin account sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
#
other account sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
other account requisite
/usr/lib/security/$ISA/pam_roles.so.1
other account required
/usr/lib/security/$ISA/pam_projects.so.1
other account sufficient /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
other session sufficient /usr/lib/security/$ISA/pam_ldap.so.1
other session sufficient /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
other password sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
other password sufficient /usr/lib/security/$ISA/pam_unix.so.1
dtlogin auth sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
dtsession auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other session optional /usr/lib/security/$ISA/pam_krb5.so.1
#other password optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#
# Support for Solaris PPP (sppp)
#ppp auth required /usr/lib/security/$ISA/pam_unix.so.1
#ppp auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
#ppp account requisite /usr/lib/security/$ISA/pam_roles.so.1
#ppp account required /usr/lib/security/$ISA/pam_projects.so.1
#ppp account required /usr/lib/security/$ISA/pam_unix.so.1
#ppp session required /usr/lib/security/$ISA/pam_unix.so.1
sshd auth sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
sshd auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
sshd account sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
sshd account sufficient /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
sshd password sufficient
/usr/local/lib/security/$ISA/pam_ldap.so.1
sshd password sufficient /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
NSSWITCH.CONF
#
# /etc/nsswitch.dns:
#
# An example file that could be copied over to /etc/nsswitch.conf; it uses
# DNS for hosts lookups, otherwise it does not use any other naming service.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
passwd: files ldap
group: files ldap
# You must also set up the /etc/resolv.conf file for DNS name
# server lookup. See resolv.conf(4).
hosts: files dns
ipnodes: files
# Uncomment the following line and comment out the above to resolve
# both IPv4 and IPv6 addresses from the ipnodes databases. Note that
# IPv4 addresses are searched in all of the ipnodes databases before
# searching the hosts databases. Before turning this option on, consult
# the Network Administration Guide for more details on using IPv6.
#ipnodes: files dns
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
# At present there isn't a 'files' backend for netgroup; the system will
# figure it out pretty quickly, and won't use netgroups at all.
netgroup: files
automount: files
aliases: files
services: files
sendmailvars: files
printers: user files
auth_attr: files
prof_attr: files
project: files