[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Configuring Solaris 8 clients

Thanks for the examples but I'm still not able to configure solaris 8 as a client of the openldap 2.1.12 server.

Here's my /var/ldap/ldap_client_file

NS_LDAP_FILE_VERSION= 1.0
NS_LDAP_SERVERS= 152.2.104.6:389
NS_LDAP_SEARCH_BASEDN= dc=amath,dc=unc,dc=edu
NS_LDAP_AUTH= NS_LDAP_AUTH_NONE
NS_LDAP_TRANSPORT_SEC= NS_LDAP_SEC_NONE
NS_LDAP_SEARCH_REF= NS_LDAP_NOREF
NS_LDAP_DOMAIN= amath.unc.edu
NS_LDAP_EXP= 1045640377
NS_LDAP_SEARCH_DN= passwd:(ou=People,dc=amath,dc=unc,dc=edu), group:(ou=People,d
c=amath,dc=unc,dc=edu)
NS_LDAP_SEARCH_SCOPE= NS_LDAP_SCOPE_SUBTREE
NS_LDAP_SEARCH_TIME= 30

Here's my /var/ldap/ldap_client_cred

NS_LDAP_BINDDN= cn=solaris,ou=ldapusers,dc=amath,dc=unc,dc=edu


I've edited /etc/nsswitch.conf to place ldap into the passwd, group, hosts, etc., but when I run listusers all I get are the local users.

My questions:

- For the BINDDN, don't I need the password? When adding that 'user' into the LDAP dir, why is it that the NS_LDAP_BINDDN_PASSWD has the {NS1} stuff?

- Would upgrading to openLDAP 2.1.16 solve any of these problems?


For Solaris 9 I've run the ldapclient command that you supplied (with proper alterations for my LDAP system) and am able to get all of the LDAP users with listusers (yah!), but when I try and login to one of the LDAP accounts I get incorrect password errors. I can su - <ldap account> so I'm getting proper info from the LDAP server. Is this a PAM problem???

Thanks again to everyone who sent suggestions and responses to my earlier email.

--Matthew

--On Wednesday, March 26, 2003 12:29 AM -0800 Quanah Gibson-Mount <quanah@stanford.edu> wrote:



--On Wednesday, March 26, 2003 9:14 AM +0100 Ramon Corominas
<rcorominas@citec.es> wrote:

Hi,

Where can I get documentation about configuring solaris clients ?

Thanks in advance,


Ramon,

I got it working in Solaris 9 in the following fashion:

To set up a Solaris 9 machine for LDAP instead of NIS, one simply needs
to do the following:

edit /etc/nsswitch.ldap

Change the hosts: line from
hosts: ldap [blah.....] files
to
hosts: files dns

and then run this command:

ldapclient manual -a authenticationMethod=none -a
defaultSearchBase=dc=stanford,dc=edu -a
defaultServerList="ldap-test1.Stanford.EDU" -a domainName="stanford.edu"
-a followReferrals=false -a
serviceSearchDescriptor=passwd:cn=accounts,dc=stanford,dc=edu\?sub -a
serviceSearchDescriptor=group:cn=accounts,dc=stanford,dc=edu\?sub

Of course, this only works for Stanford, but it gives you an idea how to
configure it.



For Solaris 8:

1. Create /var/ldap/ldap_client_file
#
# Do not edit this file manually; your changes will be lost.Please use
# ldapclien
t (1M) instead.
#
NS_LDAP_FILE_VERSION= 1.0
NS_LDAP_SERVERS= 172.24.14.237:389
NS_LDAP_SEARCH_BASEDN= dc=stanford,dc=edu
NS_LDAP_AUTH= NS_LDAP_AUTH_NONE
NS_LDAP_TRANSPORT_SEC= NS_LDAP_SEC_NONE
NS_LDAP_SEARCH_REF= NS_LDAP_NOREF
NS_LDAP_DOMAIN= stanford.edu
NS_LDAP_EXP= 1045640377
NS_LDAP_SEARCH_DN= passwd:(cn=accounts,dc=stanford,dc=edu),
group:(cn=accounts,d c=stanford,dc=edu)
NS_LDAP_SEARCH_SCOPE= NS_LDAP_SCOPE_SUBTREE
NS_LDAP_SEARCH_TIME= 30


2.Create /var/ldap/ldap_client_cred:
#
# Do not edit this file manually; your changes will be lost.Please use
# ldapclient (1M) instead.
#
NS_LDAP_BINDDN= cn=accounts,dc=stanford,dc=edu

3. Edit /etc/nsswitch.conf so the passwd: line to read:

passwd: file ldap


4. tests:

/usr/bin/listuser


--Quanah

--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html



__________________________________________________________________
                       Matthew W. Mauzy
                     Systems Administrator
                     Applied Math @ UNC-CH
email : mauzy@amath.unc.edu           pager : mpager@amath.unc.edu
(W) 919.962.9819   www.amath.unc.edu/~mauzy/   (P) 919.347.0390
__________________________________________________________________