LDAP problems with Solaris 10?

From: Adams, Mike (Mike) (mike.a.adams@verizonbusiness.com)
Date: Fri Dec 22 2006 - 16:21:25 EST

• Next message: Chris cc: "Unable to automatically import DiskGroup in Veritas Cluster?"
• Previous message: sunny: "OFFTOPIC:Replacing HBA"
• Next in thread: Adams, Mike (Mike): "RE: LDAP problems with Solaris 10?"
• Reply: Adams, Mike (Mike): "RE: LDAP problems with Solaris 10?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Managers,

  I've got two problems with LDAP on Solaris 10.

  My first problem is with RBAC. I've gotten RBAC working over ldap in
Solaris 9. In my lab I've got three servers. A Sun ONE Directory Server
5.2 2005Q4 running Solaris 9, and two LDAP clients. One running Solaris
10, the other Solaris 9. Both clients are able to authenticate users via
LDAP. I've got a user created in ldap. This user has the Primary
Administrator assigned to it, and his shell is set to pfksh.

  When I log into the Solaris 9 host, everything works as expected. I
provide my login credentials and I am authenticated. I type id -a and it
shows uid 0. When I log into the Solaris 10 host, I have no extended
privileges. When I run profiles it says Primary Administrator, Basic
Solaris User, All. When I run auths, it says solaris.* (as expected).
However, I have no elevated access. It's as if my shell is unaware of
the RBAC attributes.

   The second problem is with netgroups. If I change my nsswitch.conf to
read passwd: compat and passwd_compat: files ldap and add a netgroup to
/etc/passwd, I can not see any ldap users on my system. If I change it
to passwd: files ldap, the ldap users are there, and can log in. I had a
similar problem with Solaris 9 before I installed patch 112960-40. I
couldn't find a similar patch for Solaris 10.

   Am I missing something? I've gotten all of the same stuff to work on
a Solaris 9 box, Are there some pam changes that I need to make for
Solaris 10 to support netgroups and RBAC in ldap?

-------------------------------------

Mike Adams

Verizon Business

Application Solutions

Systems Engineering and Operations

mike.a.adams@verizonbusiness.com

Tel: 916.649.6244 / Cell: 916.838.1790

-------------------------------------
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Chris cc: "Unable to automatically import DiskGroup in Veritas Cluster?"
• Previous message: sunny: "OFFTOPIC:Replacing HBA"
• Next in thread: Adams, Mike (Mike): "RE: LDAP problems with Solaris 10?"
• Reply: Adams, Mike (Mike): "RE: LDAP problems with Solaris 10?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:41:23 EDT