solaris 10 ldapclient error resetting system Rixeyville Virginia

Address PO Box 133, Orlean, VA 20128
Phone (540) 314-4955
Website Link
Hours

solaris 10 ldapclient error resetting system Rixeyville, Virginia

After all, that's what we installed the Identity Management for Unix for. You may need to restart it manually for changes to take effect. grep ldap /var/svc/log/* /var/svc/log/network-ldap-client:default.log:[ Sep 2 17:02:19 Executing start m ethod ("/lib/svc/method/ldap-client start") ] /var/svc/log/network-ldap-client:default.log:/usr/lib/ldap/ldap_cachemgr: failed . add "dns" to hosts and ipnodes lines # cp /etc/nsswitch.ldap /etc/nsswitch.ldap.orig # vi /etc/nsswitch.ldap passwd: files ldap group: files ldap hosts: files dns ipnodes: files dns netgroup: files automount: files ldap

success Error resetting system. Check system messages: # dmesg Check ldap_cachemgr logilfe # cat /var/ldap/cachemgr.log Now verify that the LDAP posix userdatabases are accessible: # getent passwd tathalma # getent group hsluma See if automounter There are several ways to configure the LDAP client on Solaris, since we'll use a bind user we'll use the proxy method. You can not post a blank message.

I wonder what the status is on that... Setting the proxyDN and proxyPassword did, indeed, help. At least that's what 'man ldapsearch' says it uses, and the requirement seems to come from the shared libsldap used by ldapsearch and ldapclient. cert7.db, I think.

Is that happening in the Duckwater project, or is that something different? This can take up to 30sec for the first time.) # ls /home/wizard Step 6: Adapt pam.conf to allow ldap authentication Don't forget that PAM is required for user authentication. I wonder what the status is on that... maintenance start: sleep 100000 microseconds start: system/filesystem/autofs:default...

So, I guess I get to add shadowAccount entries to all of the users that I want to have login privs to this system. -Nick -- This message posted from opensolaris.org At least that's what 'man ldapsearch' says it uses, and the requirement seems to come from the shared libsldap used by ldapsearch and ldapclient. Does anyone have any more detailed documentation on the topic? timed out <<<< >>> start: network/ldap/client:default...

restoring from maintenance state stop: network/ldap/client:default... success start: sleep 10 microseconds start: network/ldap/client:default... Note On Solaris 10, to just be able to use ssh the following changes would be sufficient: # vi /etc/pam.conf Add: other auth binding pam_unix_auth.so.1 server_policy other auth required pam_ldap.so.1 Remove: Thu Sep 2 17:32:56.9181 Starting ldap_cachemgr, logfile /var/ldap/cachemgr.log [...] I can confirm that /var/ldap/ldap_client_file does not exist.

success start: sleep 100000 microseconds start: sleep 200000 microseconds start: sleep 400000 microseconds start: sleep 800000 microseconds start: sleep 1600000 microseconds start: sleep 3200000 microseconds start: sleep 6400000 microseconds start: sleep I find that Section "3.3.1. success start: sleep 100000 microseconds start: sleep 200000 microseconds start: sleep 400000 microseconds start: system/name-service-cache:default... success Stopping nscd stop: sleep 100000 microseconds stop: sleep 200000 microseconds stop: system/name-service-cache:default...

I see the point of having a centrally-controlled LDAP configuration that makes it easy to configure the LDAP client, but when it has to look it up in LDAP, that seems Error resetting system. Recovering old system settings. timed out restart: sleep 100000 microseconds restart: milestone/name-services:default...

See: http://docs.sun.com/app/docs/doc/816-4556/schemas-111?a=view for an example /etc/pam.conf for using pam_ldap. References http://blogs.sun.com/baban/entry/steps_to_setup_ssl_using http://docs.sun.com/app/docs/doc/816-5166/6mbb1kq6e?a=view Create default.tls profile Create NEW PROFILE for use in intranet with encryption tls:simple # ldapclient genprofile -a profileName=default.tls \ -a defaultSearchBase=dc=el,dc=campus,dc=intern \ -a authenticationMethod=tls:simple \ -a defaultServerList="10.31.0.26 10.31.0.27" The output is not consistent, as it is different each time what service fails, but after a reboot, this is always the output i'm getting solaris share|improve this question edited Jun I still wonder why ... :-) Like Show 0 Likes(0) Actions 5.

Both SSL with proxy credential level or anonymous without SSL work fine but as you know these configurations are not pretty secure. When configuring a host in one of the intranet-vlans, execute on the host: # cp /net/dsp3/data/home/wizard/Library/ldap/*.db /var/ldap/ # chmod 444 /var/ldap/*.db When configuring a host in one of the DMZs (no success start: sleep 100000 microseconds start: network/smtp:sendmail... I know a few things but I'm not at liberty to comment since it isn't my project.

It has been broken like that since Solaris 10 (and perhaps the backported ldapclient used by Solaris 8). All rights reserved. # Use is subject to license terms. # # PAM configuration # # Unless explicitly defined, all services use the modules # defined in the "other" section. # offline to disable stop: sleep 100000 microseconds stop: sleep 200000 microseconds stop: sleep 400000 microseconds stop: sleep 800000 microseconds stop: sleep 1600000 microseconds stop: sleep 3200000 microseconds stop: sleep 6400000 microseconds Cheers, Chris ldapclient manual: Error resetting system 2010-03-23 Thread Nick Aha!

Has anyone tried this? Here's the command I'm using: # ldapclient manual -a serviceSearchDescriptor=passwd:dc=domain,dc=com?sub -a serviceSearchDescriptor=group:dc=domain,dc=com?sub -a defaultSearchScope=sub -a objectclassMap=passwd:posixAccount=posixAccount -a objectclassMap=group:posixGroup=posixGroup -a credentialLevel=anonymous -a authenticationMethod=tls:simple -a followReferrals=TRUE -a bindTimeLimit=10 -a defaultSearchBase=dc=domain,dc=com -a defaultServerList=server1.domain.com server2.domain.com Stopping network services Stopping sendmail stop: sleep 100000 microseconds stop: network/smtp:sendmail... success start: sleep 100000 microseconds start: system/name-service-cache:default...

maintenance start: sleep 10 microseconds start: system/filesystem/autofs:default... Recovering old system settings. success Stopping ldap stop: network/ldap/client:default... Solaris 9 This chapter explains the steps required to configure a Solaris 9 system to use LDAP.

http://hub.opensolaris.org/bin/view/Project+duckwater/ I assume the name refers to things being serene on the surface and paddling like crazy underwater :-) Cheers, Chris ldapclient manual: Error resetting system 2010-03-24 Thread Darren J Moffat But first you'll need a AD user which is enabled for Unix authentication. See step_6simple_functional_tests. From: Craig T To: FreeIPAUsers Subject: [Freeipa-users] Solaris 10 as IPA Client?

Was the term "Quadrant" invented for Star Trek How to describe very tasty and probably unhealthy food How come Ferengi starships work? Clear history to remove bind password: # history -c DMZ Now init the local client: # ldapclient -v init -a profileName=dmz.tls -a domainName=el.campus.intern \ -a proxyDN=cn=proxyagent,ou=profile,dc=el,dc=campus,dc=intern \ -a proxyPassword= 147.88.212.12 ^^^^^^^^^^^ About to modify this machines configuration by writing the files Stopping network services Stopping sendmail [...] restart: milestone/name-services:default...