[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: openldap, pam_ldap, and solaris 8
At 12:03 PM 4/6/2004, Mark wrote:
>I can't seem to get the solaris 8 to authenticate via openldap...
Your post should be directed to a more appropriate list,
such as a list about Solaris authentication or pam_ldap
(e.g., pamldap@padl.com). Your post is off-topic here
(as not being specific to OpenLDAP Software).
>i have set up a user named testuser but i can't seem to get it to login...it just hangs..., ldapsearch binds with the user and i can do a search using testuser with commands like ldapmodify and ldapsearch...so i think its something wrong in the pam_ldap?
>
>also...when i try to authenticate via ldap, my su - wont work from the other accounts, and my sudo hangs as well...
>is there something wrong in the config?
>
>any help in direction would be appreciated.
>
>thanx,
>m
>
>==========================================
>my nsswitch.conf
>
>passwd: files ldap
>group: files ldap
>
># You must also set up the /etc/resolv.conf file for DNS name
># server lookup. See resolv.conf(4).
>hosts: files dns
>ipnodes: files
># Uncomment the following line and comment out the above to resolve
># both IPv4 and IPv6 addresses from the ipnodes databases. Note that
># IPv4 addresses are searched in all of the ipnodes databases before
># searching the hosts databases. Before turning this option on, consult
># the Network Administration Guide for more details on using IPv6.
>#ipnodes: files dns
>
>networks: files
>protocols: files
>rpc: files
>ethers: files
>netmasks: files
>bootparams: files
>publickey: files
># At present there isn't a 'files' backend for netgroup; the system will
># figure it out pretty quickly, and won't use netgroups at all.
>netgroup: files
>automount: files
>aliases: files
>services: files
>sendmailvars: files
>printers: user files
>
>auth_attr: files
>prof_attr: files
>project: files
>
>========================================
>my pam.conf
>
>
>#
>#ident "@(#)pam.conf 1.16 01/01/24 SMI"
>#
># Copyright (c) 1996-2000 by Sun Microsystems, Inc.
># All rights reserved.
>#
># PAM configuration
>#
># Authentication management
>#
>#login auth required /usr/lib/security/$ISA/pam_unix.so.1
>login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
>
>
>login auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
>login auth required /opt/pam_ldap/current/lib/security/pam_ldap.so.1 use_first_pass
>
>#
>#rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
>rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
>#
>dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
>#
>#rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
>#other auth required /usr/lib/security/$ISA/pam_unix.so.1
>
>other auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
>other auth required /opt/pam_ldap/current/lib/security/pam_ldap.so.1 use_first_pass
>
>
>#
># Account management
>#
>login account requisite /usr/lib/security/$ISA/pam_roles.so.1
>login account required /usr/lib/security/$ISA/pam_projects.so.1
>#login account required /usr/lib/security/$ISA/pam_unix.so.1
>
>login account sufficient /usr/lib/security/$ISA/pam_unix.so.1
>login account required /opt/pam_ldap/current/lib/security/pam_ldap.so.1 use_first_pass
>
>
>#
>dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
>dtlogin account required /usr/lib/security/$ISA/pam_projects.so.1
>dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
>#
>other account requisite /usr/lib/security/$ISA/pam_roles.so.1
>#other account required /usr/lib/security/$ISA/pam_projects.so.1
>#other account required /usr/lib/security/$ISA/pam_unix.so.1
>
>
>#other account required /usr/lib/security/$ISA/pam_projects.so.1
>other account sufficient /usr/lib/security/$ISA/pam_unix.so.1
>other account required /opt/pam_ldap/current/lib/security/pam_ldap.so.1 use_first_pass
>
>
>
>
>#
># Session management
>#
>other session required /usr/lib/security/$ISA/pam_unix.so.1
>#
># Password management
>#
>#other password required /usr/lib/security/$ISA/pam_unix.so.1
>
>other password sufficient /usr/lib/security/$ISA/pam_unix.so.1
>other password required /opt/pam_ldap/current/lib/security/pam_ldap.so try_first_pass
>
>
>
>
>dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
>#
># Support for Kerberos V5 authentication (uncomment to use Kerberos)
>#
>#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
>#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
>#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
>#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
>#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1
>#other account optional /usr/lib/security/$ISA/pam_krb5.so.1
>#other session optional /usr/lib/security/$ISA/pam_krb5.so.1
>#other password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
>#
># Support for Solaris PPP (sppp)
>ppp auth required /usr/lib/security/$ISA/pam_unix.so.1
>ppp auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
>ppp account requisite /usr/lib/security/$ISA/pam_roles.so.1
>ppp account required /usr/lib/security/$ISA/pam_projects.so.1
>ppp account required /usr/lib/security/$ISA/pam_unix.so.1
>ppp session required /usr/lib/security/$ISA/pam_unix.so.1