From: Christophe Dupre (duprec@scorec.rpi.edu)
Date: Fri Apr 11 2003 - 17:09:47 EDT
Hello everyone,
I have Solaris 8 2/02 setup with Sun ONE Directory Server 5.1 SP2 running.
I have created several instances of posixAccount in the directory, and I
have setup the machine using ldapclient. I have modified nsswitch.conf to
have:
passwd: files ldap [TRYAGAIN=5]
group: files ldap [TRYAGAIN=5]
I can use getent to get passwd and group entry from the LDAP server.
I have setup pam.conf:
login auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
login auth required /usr/lib/security/$ISA/pam_ldap.so.1 try_first_pass debug
login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
other auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
other auth required /usr/lib/security/$ISA/pam_ldap.so.1 try_first_pass
other password sufficient /usr/lib/security/$ISA/pam_unix.so.1
other password required /usr/lib/security/$ISA/pam_ldap.so.1
And yet, I can't su/ssh/passwd for accounts defined in ldap. I get:
bash-2.03# passwd zeghal
passwd(SYSTEM): zeghal does not exist
passwd(LDAP): zeghal does not exist
Permission denied
ldapclient configuration:
# ldapclient -l
NS_LDAP_FILE_VERSION = 1.0
NS_LDAP_SERVERS = 127.0.0.1
NS_LDAP_SEARCH_BASEDN = dc=foo,dc=com
NS_LDAP_AUTH = NS_LDAP_AUTH_NONE
NS_LDAP_TRANSPORT_SEC = NS_LDAP_SEC_NONE
NS_LDAP_SEARCH_REF = NS_LDAP_FOLLOWREF
NS_LDAP_DOMAIN = foo.com
NS_LDAP_EXP = Fri Apr 11 23:32:40 2003
NS_LDAP_SEARCH_SCOPE = NS_LDAP_SCOPE_ONELEVEL
NS_LDAP_SEARCH_TIME = 30
NS_LDAP_BIND_TIME = 30
Help would be appreciated.
-- Christophe Dupre System Administrator, Scientific Computation Research Center Rensselaer Polytechnic Institute Troy, NY USA Phone: (518) 276-2578 - Fax: (518) 276-4886 _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:11 EDT