From: Sundaram Ramasamy (sun@percipia.com)
Date: Tue Oct 14 2003 - 14:23:49 EDT
Hi all,
Thanks for all your help. finally I was able to configure openldap
authentication for Solaris 8 using Solaris native ldap package.
Here is my configuartion
bash-2.03# cat ldap_client_cred
#
# Do not edit this file manually; your changes will be lost.Please use
ldapclient (1M) instead.
#
NS_LDAP_BINDDN= cn=Manager,dc=percipia,dc=com
NS_LDAP_BINDPASSWD= {NS1}xxxxxxxxx
bash-2.03# cat ldap_client_file
#
# Do not edit this file manually; your changes will be lost.Please use
ldapclient (1M) instead.
#
NS_LDAP_FILE_VERSION= 1.0
NS_LDAP_SERVERS= xx.xx.xx.xx
NS_LDAP_SEARCH_BASEDN= dc=percipia,dc=com
NS_LDAP_AUTH= NS_LDAP_AUTH_SIMPLE
NS_LDAP_TRANSPORT_SEC= NS_LDAP_SEC_NONE
NS_LDAP_SEARCH_REF= NS_LDAP_NOREF
NS_LDAP_DOMAIN= percipia.com
NS_LDAP_EXP= 1066155358
NS_LDAP_SEARCH_DN= passwd:(ou=People,dc=percipia,dc=com)
NS_LDAP_SEARCH_DN= shadow:(ou=People,dc=percipia,dc=com)
NS_LDAP_SEARCH_SCOPE= NS_LDAP_SCOPE_ONELEVEL
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_BIND_TIME= 30
bash-2.03#
bash-2.03# cat /etc/pam.conf
# PAM configuration
#
# Authentication management
#
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
other auth required /usr/lib/security/$ISA/pam_ldap.so.1 use_first_pass
#
# Account management
#
other account requisite /usr/lib/security/$ISA/pam_roles.so.1
#other account required /usr/lib/security/$ISA/pam_projects.so.1
other account sufficient /usr/lib/security/$ISA/pam_unix.so.1
other account required /usr/lib/security/$ISA/pam_ldap.so.1
use_first_pass
#
# Session management
#
other session sufficient /usr/lib/security/$ISA/pam_unix.so.1
other session optional /usr/lib/security/$ISA/pam_ldap.so.1 use_first_pass
#
# Password management
#
other password sufficient /usr/lib/security/$ISA/pam_ldap.so.1
other password required /usr/lib/security/$ISA/pam_unix.so.1
use_first_pass
Thanks
SR
----- Original Message -----
From: "Sundaram Ramasamy" <sun@percipia.com>
To: <sunmanagers@sunmanagers.org>
Sent: Thursday, October 09, 2003 5:10 PM
Subject: Solaris 8 LDAP client pam.conf problem
> Hi all,
>
> I am trying to configure Solaris 8 for open LDAP client authentication.
Now
>
> getent passwd list the all users from the LDAP. But id/su/ssh programs
> failed to login.
>
> ===========================
> # getent passwd | grep spais
> spais::1006:100:System User:/home/spais:/bin/bash
> # grep spais /etc/passwd
> # id spais
> id: invalid user name: "spais"
>
> =======================
>
> Here is my pam.conf file
>
> #
> #ident "@(#)pam.conf 1.14 99/09/16 SMI"
> #
> # Copyright (c) 1996-1999, Sun Microsystems, Inc.
> # All Rights Reserved.
> #
> # PAM configuration
> #
> # Authentication management
> #
> #login auth required /usr/lib/security/pam_winbind.so
>
> login auth sufficient /lib/security/pam_ldap.so debug
> login auth required /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
> login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
> try_first_pass
> #
> #rlogin auth sufficient /usr/lib/security/pam_winbind.so
>
> rlogin auth sufficient /lib/security/pam_ldap.so debug
> rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
> rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
>
> #
> #dtlogin auth sufficient /usr/lib/security/pam_winbind.so
> dtlogin auth sufficient /lib/security/pam_ldap.so debug
> dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
>
> #
> rsh auth sufficient /lib/security/pam_ldap.so debug
> rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
> #other auth sufficient /usr/lib/security/pam_winbind.so
> other auth sufficient /lib/security/pam_ldap.so debug
> other auth required /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
> #
> # Account management
> #
> #
> #login account sufficient /usr/lib/security/pam_winbind.so
> login account sufficient /lib/security/pam_ldap.so debug
> login account requisite /usr/lib/security/$ISA/pam_roles.so.1
> login account required /usr/lib/security/$ISA/pam_unix.so.1
> #
> #dtlogin account sufficient /usr/lib/security/pam_winbind.so
> dtlogin account sufficient /lib/security/pam_ldap.so debug
> dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
> dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
> #
> #other account sufficient /usr/lib/security/pam_winbind.so
> other account sufficient /lib/security/pam_ldap.so debug
> other account requisite /usr/lib/security/$ISA/pam_roles.so.1
> other account required /usr/lib/security/$ISA/pam_unix.so.1
> #
> # Session management
> #
> other session sufficient /lib/security/pam_ldap.so debug
> other session required /usr/lib/security/$ISA/pam_unix.so.1
> dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
> #
> # Password management
> #
> #other password sufficient /usr/lib/security/pam_winbind.so
> other password sufficient /lib/security/pam_ldap.so debug
> other password required /usr/lib/security/$ISA/pam_unix.so.1
> #
> # Support for Kerberos V5 authentication (uncomment to use Kerberos)
> #
> #rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
> #login auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
> #dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1
> try_first_pass
> #other auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
> #dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1
> #other account optional /usr/lib/security/$ISA/pam_krb5.so.1
>
> Any idea what I am doing wrong?
>
> Thanks
> SR
> _______________________________________________
> sunmanagers mailing list
> sunmanagers@sunmanagers.org
> http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:17 EDT