[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Help! using openldap to authenticate solaris clients



Hi Robert,

I have authentication to the ldap server working. My ldap server, dog, is running ldap 2.1.25 with pam_ldap v. 1.65 and nss_ldap v. 2.11. The config files are reasonably standard (see http://lcni.uoregon.edu/~chuck/ldap-stuff/)
When I ssh into dog using an account that exists only in the ldap directory, access is granted.


Each LDAP account has an objectClass attribute of posixAccount. The problem is that with similar config files installed on other machines, but referencing dog as the ldap server, authentication fails, see the log files at the above location. That is, I try to login to, say cat, with ldap account credentials and it fails.

Thanks for asking,
Chuck


At 09:45 AM 3/25/2004 -0700, you wrote:
Chuck

I noticed you have gotten openldap to authenticate solaris 8 clients.  I too
have tried this and found several issues.  What was your versions of
software and procedures that worked for you?


Robert Hayne

-----Original Message-----
From: Chuck Theobald [mailto:chuckt@darkwing.uoregon.edu]
Sent: Wednesday, March 24, 2004 6:00 PM
To: OpenLDAP-software@OpenLDAP.org
Subject: Help! using openldap to authenticate solaris clients


Hi,

I've got openldap running on a Solaris 8 machine (dog), set up to use
nsswitch and pam.  Authentication against the LDAP directory succeeds if I
log in directly to this machine, but when trying to log in to another
machine (cat) configured to reference dog's LDAP directory, authentication
fails.  Observing dog's slapd log shows over a hundred lines being written
when logging into dog, but only some 10 or so when trying to log in to
cat.  Both dog and cat have essentially similar pam.conf, ldap.conf, and
nsswitch.conf files.  I am using PADL's  pam_ldap and nss_ldap modules on
both machines.

I've been referencing Carter's LDAP System Adminstration book and the Sun
blueprints book but neither deal with this kind of utter failure.

Any advice?


Chuck Theobald Information Technology Consultant The Robert and Beverly Lewis Center for Neuroimaging University of Oregon P: 541-346-0343 F: 541-346-0345

Chuck Theobald Information Technology Consultant The Robert and Beverly Lewis Center for Neuroimaging University of Oregon P: 541-346-0343 F: 541-346-0345