...
OBS: I don´t have any OU named 'people'. My OU´s are "func", "profs",
"alunos", etc. I could not to change this "people" of Solaris... :-(
If you don't use the people tree you will have to tell the ldap Solaris
client in it's config file (ldap_client_file) by adding something like
NS_LDAP_SEARCH_DN= passwd:(ou=People,dc=ViaWest,dc=Net)
NS_LDAP_SEARCH_DN= shadow:(ou=People,dc=ViaWest,dc=Net)
Hello
Thank you very much Thomas. I edited directly the file with these options
and apparently THIS error was corrected. From my server (Debian) log file:
Jul 22 09:06:22 server slapd[31513]: conn=526 op=0 SRCH
base="ou=func,dc=my,dc=domain" scope=1
filter="(&(objectClass=shadowAccount)(uid=user1))"
But... I still can´t login. :-(
Apparently, there are one PAM error. From my client (Solaris 9) log file,
when I try to login in X interface:
Jul 22 09:06:22 client dtlogin[25021]: [ID 505537 user.info] libldap:
Resolving server name "server.my.domain"
Jul 22 09:06:24 client last message repeated 5 times
Jul 22 09:06:24 client dtlogin[25021]: [ID 316739 user.error] pam_ldap: no
legal authentication method configured
Jul 22 09:06:25 client dtlogin[25021]: [ID 505537 user.info] libldap:
Resolving server name "server.my.domain"
Jul 22 09:06:25 client dtlogin[25021]: [ID 316739 user.error] pam_ldap: no
legal authentication method configured
If I try with SSH, the error is identical:
Jul 22 09:10:22 client sshd[27938]: [ID 505537 auth.info] libldap:
Resolving server name "server.my.domain"
Jul 22 09:10:24 client last message repeated 10 times
Jul 22 09:10:24 client sshd[27938]: [ID 316739 auth.error] pam_ldap: no
legal authentication method configured
Jul 22 09:10:24 client sshd[27938]: [ID 505537 auth.info] libldap:
Resolving server name "server.my.domain"
Jul 22 09:10:25 client sshd[27938]: [ID 316739 auth.error] pam_ldap: no
legal authentication method configured
Jul 22 09:10:25 client sshd[27938]: [ID 800047 auth.info] Failed password
for peterson from 200.188.161.5 port 4539 ssh2
Jul 22 09:10:25 client sshd[27938]: [ID 800047 auth.info] Failed none for
peterson from 200.188.161.5 port 4539 ssh2
My Solaris client /etc/pam.conf is:
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login auth required pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_dial_auth.so.1
login auth sufficient pam_unix_auth.so.1
login auth required pam_ldap.so.1 try_first_pass
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth required pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth sufficient pam_unix_auth.so.1
rlogin auth required pam_ldap.so.1 try_first_pass
#
# rsh service (explicit because of pam_rhost_auth)
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_authtok_get.so.1
rsh auth required pam_dhkeys.so.1
rsh auth sufficient pam_unix_auth.so.1
rsh auth required pam_ldap.so.1 try_first_pass
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth required pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_dial_auth.so.1
ppp auth sufficient pam_unix_auth.so.1
ppp auth required pam_ldap.so.1 try_first_pass
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authenctication
#
other auth required pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth sufficient pam_unix_auth.so.1
other auth required pam_ldap.so.1 try_first_pass
#
# passwd command (explicit because of a different authentication module)
#
passwd auth sufficient pam_passwd_auth.so.1
passwd auth required pam_ldap.so.1 try_first_pass
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron account required pam_projects.so.1
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account requisite pam_roles.so.1
other account required pam_projects.so.1
other account required pam_unix_account.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password
management
#
other password required pam_dhkeys.so.1
other password required pam_authtok_get.so.1
other password required pam_authtok_check.so.1
other password sufficient pam_authtok_store.so.1
other password required pam_ldap.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional pam_krb5.so.1 try_first_pass
#login auth optional pam_krb5.so.1 try_first_pass
#other auth optional pam_krb5.so.1 try_first_pass
#cron account optional pam_krb5.so.1
#other account optional pam_krb5.so.1
#other session optional pam_krb5.so.1
#other password optional pam_krb5.so.1 try_first_pass
and my Debian server slapd.conf is:
# SERVER slapd.conf
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
#
pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args
#
password-hash {CRYPT}
access to attribute=userPassword
by self write
by dn="cn=admin,dc=my,dc=domain" write
by * compare
#
access to *
by * read
#
database bdb
suffix "dc=my,dc=domain"
rootdn "cn=admin,dc=my,dc=domain"
rootpw {MD5}PASSWORD==
#
directory /usr/local/var/openldap-data
#
index cn,sn,uid pres,eq,approx,sub
index objectClass eq
#
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /usr/local/etc/openldap/certs/newcert.pem
TLSCertificateKeyFile /usr/local/etc/openldap/certs/newreq.pem
TLSCACertificateFile /usr/local/etc/openldap/certs/demoCA/cacert.pem
#
# END FILE
Can anyone help me with this? Or send me a functional Solaris 9
/etc/pam.conf. In Red Hat Linux, the authentication is working very well...
:-(
Thanks in advance