Solaris 10 ldap client logon problem

From: Will Dowling (will.dowling@nuim.ie)
Date: Thu Apr 05 2007 - 10:50:13 EDT

• Next message: Dave Martini 1: "SUMMARY: How to install openssh on Solaris 8"
• Previous message: Markus Mayer: "Difficulties with Live Upgrade"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hey guys,
I have a Solaris 9 server running Sun One Directory Server 5.2 with
several Solaris 9 clients. They connect to the server no problem. I
setup a Solaris 10 client and proceeded to enable it to use ldap. It is
definately connecting to the ldap server as getent passwd username,
ldaplist, and id all return valid entries in ldap.
The problem is that I cannot login via SSH or at desktop. I reckon it
must be something to do with pam.conf.
I check several examples on the web even copied the example from the Sun
knowledge base site but still no cigar. Here is my pam.conf and
nsswitch.conf.

Any help greatly appreciated.
---------------------------------------------------------------------------------------------------------

pam.conf

login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_dial_auth.so.1
login auth required pam_unix_cred.so.1
login auth binding pam_unix_auth.so.1 server_policy
login auth required pam_ldap.so.1

other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth binding pam_unix_auth.so.1 server_policy
other auth required pam_ldap.so.1

passwd auth sufficient pam_passwd_auth.so.1
passwd auth binding pam_passwd_auth.so.1 server_policy
passwd auth required pam_ldap.so.1

other account requisite pam_roles.so.1
other account sufficient pam_unix_account.so.1
other account binding pam_unix_account.so.1 server_policy
other account required pam_ldap.so.1

other session required pam_unix_session.so.1

other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1 server_policy

---------------------------------------------------------------------------------------------------------

nsswitch.conf

passwd: files ldap
group: files ldap

# consult /etc "files" only if ldap is down.
hosts: ldap dns [NOTFOUND=return] files

# Note that IPv4 addresses are searched for in all of the ipnodes databases
# before searching the hosts databases.
ipnodes: files

networks: ldap [NOTFOUND=return] files
protocols: ldap [NOTFOUND=return] files
rpc: ldap [NOTFOUND=return] files
ethers: ldap [NOTFOUND=return] files
netmasks: ldap [NOTFOUND=return] files
bootparams: ldap [NOTFOUND=return] files
publickey: ldap [NOTFOUND=return] files

netgroup: ldap

automount: files ldap
aliases: files ldap

# for efficient getservbyname() avoid ldap
services: files ldap

printers: user files ldap

auth_attr: files ldap
prof_attr: files ldap

project: files ldap

---------------------------------------------------------------------------------------------------------

Cheers,
 will
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Dave Martini 1: "SUMMARY: How to install openssh on Solaris 8"
• Previous message: Markus Mayer: "Difficulties with Live Upgrade"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:41:51 EDT