SUMMARY: Solaris 8 LDAP client pam.conf problem

From: Sundaram Ramasamy <sun_at_percipia.com>
Date: Tue Oct 14 2003 - 14:26:32 EDT
Hi all,

Thanks for all your help. finally I was able to configure openldap
authentication for Solaris 8 using Solaris native ldap package.

Here is my configuartion

bash-2.03# cat ldap_client_cred
#
# Do not edit this file manually; your changes will be lost.Please use
ldapclient (1M) instead.
#
NS_LDAP_BINDDN= cn=Manager,dc=percipia,dc=com
NS_LDAP_BINDPASSWD= {NS1}xxxxxxxxx
bash-2.03# cat ldap_client_file
#
# Do not edit this file manually; your changes will be lost.Please use
ldapclient (1M) instead.
#
NS_LDAP_FILE_VERSION= 1.0
NS_LDAP_SERVERS= xx.xx.xx.xx
NS_LDAP_SEARCH_BASEDN= dc=percipia,dc=com
NS_LDAP_AUTH= NS_LDAP_AUTH_SIMPLE
NS_LDAP_TRANSPORT_SEC= NS_LDAP_SEC_NONE
NS_LDAP_SEARCH_REF= NS_LDAP_NOREF
NS_LDAP_DOMAIN= percipia.com
NS_LDAP_EXP= 1066155358
NS_LDAP_SEARCH_DN= passwd:(ou=People,dc=percipia,dc=com)
NS_LDAP_SEARCH_DN= shadow:(ou=People,dc=percipia,dc=com)
NS_LDAP_SEARCH_SCOPE= NS_LDAP_SCOPE_ONELEVEL
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_BIND_TIME= 30
bash-2.03#

bash-2.03# cat /etc/pam.conf
# PAM configuration
#
# Authentication management
#
rsh     auth required   /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other   auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
other   auth required /usr/lib/security/$ISA/pam_ldap.so.1 use_first_pass

#
# Account management
#
other   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
#other   account required        /usr/lib/security/$ISA/pam_projects.so.1
other   account sufficient      /usr/lib/security/$ISA/pam_unix.so.1
other   account required        /usr/lib/security/$ISA/pam_ldap.so.1
use_first_pass

#
# Session management
#
other session sufficient /usr/lib/security/$ISA/pam_unix.so.1
other session optional   /usr/lib/security/$ISA/pam_ldap.so.1 use_first_pass

#
# Password management
#
other   password sufficient      /usr/lib/security/$ISA/pam_ldap.so.1
other   password required        /usr/lib/security/$ISA/pam_unix.so.1
use_first_pass


Thanks
SR

----- Original Message ----- 
From: "Sundaram Ramasamy" <sun@percipia.com>
To: <sunmanagers@sunmanagers.org>
Sent: Thursday, October 09, 2003 5:10 PM
Subject: Solaris 8 LDAP client pam.conf problem


> Hi all,
>
> I am trying to configure Solaris 8 for open LDAP client authentication.
Now
>
> getent passwd list the all users from the LDAP. But id/su/ssh programs
> failed to login.
>
> ===========================
> # getent passwd | grep spais
> spais::1006:100:System User:/home/spais:/bin/bash
> # grep spais /etc/passwd
> # id spais
> id: invalid user name: "spais"
>
> =======================
>
> Here is my pam.conf file
>
> #
> #ident  "@(#)pam.conf   1.14    99/09/16 SMI"
> #
> # Copyright (c) 1996-1999, Sun Microsystems, Inc.
> # All Rights Reserved.
> #
> # PAM configuration
> #
> # Authentication management
> #
> #login   auth required   /usr/lib/security/pam_winbind.so
>
> login   auth sufficient   /lib/security/pam_ldap.so debug
> login   auth required   /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
> login   auth required   /usr/lib/security/$ISA/pam_dial_auth.so.1
> try_first_pass
> #
> #rlogin  auth sufficient /usr/lib/security/pam_winbind.so
>
> rlogin   auth sufficient   /lib/security/pam_ldap.so debug
> rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
> rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
>
> #
> #dtlogin auth sufficient /usr/lib/security/pam_winbind.so
> dtlogin  auth sufficient   /lib/security/pam_ldap.so debug
> dtlogin auth required   /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
>
> #
> rsh    auth sufficient   /lib/security/pam_ldap.so debug
> rsh     auth required   /usr/lib/security/$ISA/pam_rhosts_auth.so.1
> #other   auth sufficient /usr/lib/security/pam_winbind.so
> other   auth sufficient   /lib/security/pam_ldap.so debug
> other   auth required   /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
> #
> # Account management
> #
> #
> #login   account sufficient      /usr/lib/security/pam_winbind.so
> login   account sufficient      /lib/security/pam_ldap.so debug
> login   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
> login   account required        /usr/lib/security/$ISA/pam_unix.so.1
> #
> #dtlogin account sufficient      /usr/lib/security/pam_winbind.so
> dtlogin   account sufficient      /lib/security/pam_ldap.so debug
> dtlogin account requisite       /usr/lib/security/$ISA/pam_roles.so.1
> dtlogin account required        /usr/lib/security/$ISA/pam_unix.so.1
> #
> #other   account sufficient      /usr/lib/security/pam_winbind.so
> other   account sufficient      /lib/security/pam_ldap.so debug
> other   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
> other   account required        /usr/lib/security/$ISA/pam_unix.so.1
> #
> # Session management
> #
> other   session sufficient   /lib/security/pam_ldap.so debug
> other   session required     /usr/lib/security/$ISA/pam_unix.so.1
> dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
> #
> # Password management
> #
> #other   password sufficient     /usr/lib/security/pam_winbind.so
> other   password sufficient      /lib/security/pam_ldap.so debug
> other   password required       /usr/lib/security/$ISA/pam_unix.so.1
> #
> # Support for Kerberos V5 authentication (uncomment to use Kerberos)
> #
> #rlogin auth optional   /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
> #login  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
> #dtlogin        auth optional   /usr/lib/security/$ISA/pam_krb5.so.1
> try_first_pass
> #other  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
> #dtlogin        account optional /usr/lib/security/$ISA/pam_krb5.so.1
> #other  account optional /usr/lib/security/$ISA/pam_krb5.so.1
>
> Any idea what I am doing wrong?
>
> Thanks
> SR
> _______________________________________________
> sunmanagers mailing list
> sunmanagers@sunmanagers.org
> http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Tue Oct 14 14:26:28 2003

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:23 EST