Hi all, Thanks for all your help. finally I was able to configure openldap authentication for Solaris 8 using Solaris native ldap package. Here is my configuartion bash-2.03# cat ldap_client_cred # # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead. # NS_LDAP_BINDDN= cn=Manager,dc=percipia,dc=com NS_LDAP_BINDPASSWD= {NS1}xxxxxxxxx bash-2.03# cat ldap_client_file # # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead. # NS_LDAP_FILE_VERSION= 1.0 NS_LDAP_SERVERS= xx.xx.xx.xx NS_LDAP_SEARCH_BASEDN= dc=percipia,dc=com NS_LDAP_AUTH= NS_LDAP_AUTH_SIMPLE NS_LDAP_TRANSPORT_SEC= NS_LDAP_SEC_NONE NS_LDAP_SEARCH_REF= NS_LDAP_NOREF NS_LDAP_DOMAIN= percipia.com NS_LDAP_EXP= 1066155358 NS_LDAP_SEARCH_DN= passwd:(ou=People,dc=percipia,dc=com) NS_LDAP_SEARCH_DN= shadow:(ou=People,dc=percipia,dc=com) NS_LDAP_SEARCH_SCOPE= NS_LDAP_SCOPE_ONELEVEL NS_LDAP_SEARCH_TIME= 30 NS_LDAP_BIND_TIME= 30 bash-2.03# bash-2.03# cat /etc/pam.conf # PAM configuration # # Authentication management # rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1 other auth sufficient /usr/lib/security/$ISA/pam_unix.so.1 other auth required /usr/lib/security/$ISA/pam_ldap.so.1 use_first_pass # # Account management # other account requisite /usr/lib/security/$ISA/pam_roles.so.1 #other account required /usr/lib/security/$ISA/pam_projects.so.1 other account sufficient /usr/lib/security/$ISA/pam_unix.so.1 other account required /usr/lib/security/$ISA/pam_ldap.so.1 use_first_pass # # Session management # other session sufficient /usr/lib/security/$ISA/pam_unix.so.1 other session optional /usr/lib/security/$ISA/pam_ldap.so.1 use_first_pass # # Password management # other password sufficient /usr/lib/security/$ISA/pam_ldap.so.1 other password required /usr/lib/security/$ISA/pam_unix.so.1 use_first_pass Thanks SR ----- Original Message ----- From: "Sundaram Ramasamy" <sun@percipia.com> To: <sunmanagers@sunmanagers.org> Sent: Thursday, October 09, 2003 5:10 PM Subject: Solaris 8 LDAP client pam.conf problem > Hi all, > > I am trying to configure Solaris 8 for open LDAP client authentication. Now > > getent passwd list the all users from the LDAP. But id/su/ssh programs > failed to login. > > =========================== > # getent passwd | grep spais > spais::1006:100:System User:/home/spais:/bin/bash > # grep spais /etc/passwd > # id spais > id: invalid user name: "spais" > > ======================= > > Here is my pam.conf file > > # > #ident "@(#)pam.conf 1.14 99/09/16 SMI" > # > # Copyright (c) 1996-1999, Sun Microsystems, Inc. > # All Rights Reserved. > # > # PAM configuration > # > # Authentication management > # > #login auth required /usr/lib/security/pam_winbind.so > > login auth sufficient /lib/security/pam_ldap.so debug > login auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass > login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1 > try_first_pass > # > #rlogin auth sufficient /usr/lib/security/pam_winbind.so > > rlogin auth sufficient /lib/security/pam_ldap.so debug > rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1 > rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass > > # > #dtlogin auth sufficient /usr/lib/security/pam_winbind.so > dtlogin auth sufficient /lib/security/pam_ldap.so debug > dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass > > # > rsh auth sufficient /lib/security/pam_ldap.so debug > rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1 > #other auth sufficient /usr/lib/security/pam_winbind.so > other auth sufficient /lib/security/pam_ldap.so debug > other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass > # > # Account management > # > # > #login account sufficient /usr/lib/security/pam_winbind.so > login account sufficient /lib/security/pam_ldap.so debug > login account requisite /usr/lib/security/$ISA/pam_roles.so.1 > login account required /usr/lib/security/$ISA/pam_unix.so.1 > # > #dtlogin account sufficient /usr/lib/security/pam_winbind.so > dtlogin account sufficient /lib/security/pam_ldap.so debug > dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1 > dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1 > # > #other account sufficient /usr/lib/security/pam_winbind.so > other account sufficient /lib/security/pam_ldap.so debug > other account requisite /usr/lib/security/$ISA/pam_roles.so.1 > other account required /usr/lib/security/$ISA/pam_unix.so.1 > # > # Session management > # > other session sufficient /lib/security/pam_ldap.so debug > other session required /usr/lib/security/$ISA/pam_unix.so.1 > dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1 > # > # Password management > # > #other password sufficient /usr/lib/security/pam_winbind.so > other password sufficient /lib/security/pam_ldap.so debug > other password required /usr/lib/security/$ISA/pam_unix.so.1 > # > # Support for Kerberos V5 authentication (uncomment to use Kerberos) > # > #rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass > #login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass > #dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 > try_first_pass > #other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass > #dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1 > #other account optional /usr/lib/security/$ISA/pam_krb5.so.1 > > Any idea what I am doing wrong? > > Thanks > SR > _______________________________________________ > sunmanagers mailing list > sunmanagers@sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Tue Oct 14 14:26:28 2003
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:23 EST