Re: Openldap: ssh works, su does not

From: Vsevolod (Simon) Ilyushchenko (simonf@cshl.edu)
Date: Mon Aug 01 2005 - 20:27:19 EDT

• Next message: stan: "print spooler problem"
• Previous message: Marek Grinberg: "Re: How do I setup network printer ?"
• Maybe in reply to: Vsevolod (Simon) Ilyushchenko: "Openldap: ssh works, su does not"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

David,

Thanks a lot!!! Adding the shadowAccount class did let me to 'su' and to
use OpenSSH, and after a reboot the process list has also been fixed!

Simon

David Stipp wrote on 08/01/2005 07:39 PM:
> On Mon, Aug 01, 2005 at 07:09:40PM -0400, Vsevolod (Simon) Ilyushchenko wrote:
>
>>Hi,
>>
>>I've tried to use Openldap client libraries on a Solaris 9 machine to
>>connect to an Openldap server, as described here:
>>
>>http://www.bolthole.com/solaris/LDAP.html
>>and here:
>>http://netmojo.ca/howto/solaris-openldap.html#LastStep
>>
>>In particular, I've taken pam.conf (below) from the second page.
>
>
> Something I came across was with the difference between objectClass:
> posixAccount and objectClass: shadowAccount.
>
> posixAccount would allow nss to work, but if you look at the ldap
> queries, it is searching for shadowAccount then uid.
>
> So, I needed shadowaccount in the entries before Solaris would use them.
>
> # dstipp, people, coolhack.net
> dn: uid=dstipp,ou=people,dc=coolhack,dc=net
> uid: dstipp
> cn: David Stipp
> homePhone: 217-xxx-xxxx
> givenName: David
> sn: Stipp
> mail: dstipp@coolhack.net
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: top
> objectClass: kerberosSecurityObject
> krbName: dstipp@COOLHACK.NET
> loginShell: /bin/zsh
> uidNumber: 1000
> gidNumber: 100
> homeDirectory: /home/dstipp
> gecos: David Stipp,,,217-xxx-xxxx
>
> Not sure if this helps or not. It may help you to run the ldapserver in
> query logging mode, then try to see what queries work and what fail.
>
> David
>

-- 
Simon (Vsevolod ILyushchenko)   simonf@cshl.edu
				http://www.simonf.com
Terrorism is a tactic and so to declare war on terrorism
is equivalent to Roosevelt's declaring war on blitzkrieg.
Zbigniew Brzezinski, U.S. national security advisor, 1977-81
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: stan: "print spooler problem"
• Previous message: Marek Grinberg: "Re: How do I setup network printer ?"
• Maybe in reply to: Vsevolod (Simon) Ilyushchenko: "Openldap: ssh works, su does not"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:31:13 EDT