[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap, pam_ldap, and solaris 8



At 12:03 PM 4/6/2004, Mark wrote:
>I can't seem to get the solaris 8 to authenticate via openldap...

Your post should be directed to a more appropriate list,
such as a list about Solaris authentication or pam_ldap
(e.g., pamldap@padl.com).  Your post is off-topic here
(as not being specific to OpenLDAP Software).


>i have set up a user named testuser but i can't seem to get it to login...it just hangs..., ldapsearch binds with the user and i can do a search using testuser with commands like ldapmodify and ldapsearch...so i think its something wrong in the pam_ldap?
>
>also...when i try to authenticate via ldap, my su - wont work from the other accounts, and my sudo hangs as well...
>is there something wrong in the config?
>
>any help in direction would be appreciated.
>
>thanx,
>m
>
>==========================================
>my nsswitch.conf
>
>passwd:     files ldap 
>group:      files ldap
>
># You must also set up the /etc/resolv.conf file for DNS name
># server lookup.  See resolv.conf(4).
>hosts:      files dns
>ipnodes:    files
># Uncomment the following line and comment out the above to resolve
># both IPv4 and IPv6 addresses from the ipnodes databases. Note that
># IPv4 addresses are searched in all of the ipnodes databases before
># searching the hosts databases. Before turning this option on, consult
># the Network Administration Guide for more details on using IPv6.
>#ipnodes:   files dns
>
>networks:   files
>protocols:  files
>rpc:        files
>ethers:     files
>netmasks:   files
>bootparams: files
>publickey:  files
># At present there isn't a 'files' backend for netgroup;  the system will
>#   figure it out pretty quickly, and won't use netgroups at all.
>netgroup:   files
>automount:  files
>aliases:    files
>services:   files
>sendmailvars:   files
>printers:       user files
>
>auth_attr:  files
>prof_attr:  files
>project:    files
>
>========================================
>my pam.conf
>
>
>#
>#ident  "@(#)pam.conf   1.16    01/01/24 SMI"
>#
># Copyright (c) 1996-2000 by Sun Microsystems, Inc.
># All rights reserved.
>#
># PAM configuration
>#
># Authentication management
>#
>#login  auth required   /usr/lib/security/$ISA/pam_unix.so.1 
>login   auth required   /usr/lib/security/$ISA/pam_dial_auth.so.1 
>
>
>login   auth sufficient /usr/lib/security/$ISA/pam_unix.so.1 
>login   auth required   /opt/pam_ldap/current/lib/security/pam_ldap.so.1 use_first_pass
>
>#
>#rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
>rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1
>#
>dtlogin auth required   /usr/lib/security/$ISA/pam_unix.so.1
>#
>#rsh    auth required   /usr/lib/security/$ISA/pam_rhosts_auth.so.1
>#other  auth required   /usr/lib/security/$ISA/pam_unix.so.1
>
>other   auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
>other   auth required   /opt/pam_ldap/current/lib/security/pam_ldap.so.1 use_first_pass
>
>
>#
># Account management
>#
>login   account requisite       /usr/lib/security/$ISA/pam_roles.so.1 
>login   account required        /usr/lib/security/$ISA/pam_projects.so.1
>#login  account required        /usr/lib/security/$ISA/pam_unix.so.1 
>
>login   account sufficient      /usr/lib/security/$ISA/pam_unix.so.1 
>login   account required        /opt/pam_ldap/current/lib/security/pam_ldap.so.1 use_first_pass
>
>
>#
>dtlogin account requisite       /usr/lib/security/$ISA/pam_roles.so.1 
>dtlogin account required        /usr/lib/security/$ISA/pam_projects.so.1
>dtlogin account required        /usr/lib/security/$ISA/pam_unix.so.1 
>#
>other   account requisite       /usr/lib/security/$ISA/pam_roles.so.1 
>#other  account required        /usr/lib/security/$ISA/pam_projects.so.1
>#other  account required        /usr/lib/security/$ISA/pam_unix.so.1 
>
>
>#other  account required        /usr/lib/security/$ISA/pam_projects.so.1
>other   account sufficient      /usr/lib/security/$ISA/pam_unix.so.1 
>other   account required        /opt/pam_ldap/current/lib/security/pam_ldap.so.1 use_first_pass
>
>
>
>
>#
># Session management
>#
>other   session required        /usr/lib/security/$ISA/pam_unix.so.1 
>#
># Password management
>#
>#other  password required       /usr/lib/security/$ISA/pam_unix.so.1 
>
>other   password sufficient     /usr/lib/security/$ISA/pam_unix.so.1 
>other   password required       /opt/pam_ldap/current/lib/security/pam_ldap.so try_first_pass
>
>
>
>
>dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
>#
># Support for Kerberos V5 authentication (uncomment to use Kerberos)
>#
>#rlogin auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
>#login  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
>#dtlogin        auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
>#other  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
>#dtlogin        account optional /usr/lib/security/$ISA/pam_krb5.so.1
>#other  account optional /usr/lib/security/$ISA/pam_krb5.so.1
>#other  session optional /usr/lib/security/$ISA/pam_krb5.so.1
>#other  password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
>#
># Support for Solaris PPP (sppp)
>ppp     auth    required        /usr/lib/security/$ISA/pam_unix.so.1 
>ppp     auth    required        /usr/lib/security/$ISA/pam_dial_auth.so.1 
>ppp     account requisite       /usr/lib/security/$ISA/pam_roles.so.1 
>ppp     account required        /usr/lib/security/$ISA/pam_projects.so.1
>ppp     account required        /usr/lib/security/$ISA/pam_unix.so.1 
>ppp     session required        /usr/lib/security/$ISA/pam_unix.so.1