From: Adams, Mike (Mike) (mike.a.adams@verizonbusiness.com)
Date: Fri Dec 22 2006 - 16:59:57 EST
I've been able to make some progress.
Out of nowhere I started getting errors about not being able to
connect to the LDAP server. I ldapclient uninit'd and tried to init
again. The init was successful, but I still couldn't ldaplist, or see
any users at all. I did uninit again and this time I init'd ldap without
SSL.
Without SSL, everything works great. RBAC works, netgroups work.
I uninit and reinit with the SSL profile, Users work, netgroups work,
but RBAC does not. I disable SSL, RBAC works again.
Why would RBAC fail when I use LDAPS instead of LDAP?
-----Original Message-----
From: sunmanagers-bounces@sunmanagers.org
[mailto:sunmanagers-bounces@sunmanagers.org] On Behalf Of Adams, Mike
(Mike)
Sent: Friday, December 22, 2006 1:21 PM
To: sunmanagers@sunmanagers.org
Subject: LDAP problems with Solaris 10?
Managers,
I've got two problems with LDAP on Solaris 10.
My first problem is with RBAC. I've gotten RBAC working over ldap in
Solaris 9. In my lab I've got three servers. A Sun ONE Directory Server
5.2 2005Q4 running Solaris 9, and two LDAP clients. One running Solaris
10, the other Solaris 9. Both clients are able to authenticate users via
LDAP. I've got a user created in ldap. This user has the Primary
Administrator assigned to it, and his shell is set to pfksh.
When I log into the Solaris 9 host, everything works as expected. I
provide my login credentials and I am authenticated. I type id -a and it
shows uid 0. When I log into the Solaris 10 host, I have no extended
privileges. When I run profiles it says Primary Administrator, Basic
Solaris User, All. When I run auths, it says solaris.* (as expected).
However, I have no elevated access. It's as if my shell is unaware of
the RBAC attributes.
The second problem is with netgroups. If I change my nsswitch.conf to
read passwd: compat and passwd_compat: files ldap and add a netgroup to
/etc/passwd, I can not see any ldap users on my system. If I change it
to passwd: files ldap, the ldap users are there, and can log in. I had a
similar problem with Solaris 9 before I installed patch 112960-40. I
couldn't find a similar patch for Solaris 10.
Am I missing something? I've gotten all of the same stuff to work on
a Solaris 9 box, Are there some pam changes that I need to make for
Solaris 10 to support netgroups and RBAC in ldap?
-------------------------------------
Mike Adams
Verizon Business
Application Solutions
Systems Engineering and Operations
mike.a.adams@verizonbusiness.com
Tel: 916.649.6244 / Cell: 916.838.1790
-------------------------------------
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:41:23 EDT