Solaris ldap Authentication

Posted by Tman on Server Fault See other posts from Server Fault or by Tman
Published on 2011-01-31T12:46:44Z Indexed on 2012/09/11 3:40 UTC
Read the original article Hit count: 528

Filed under:
|
|

Iv been having a trouble trying to get my Solaris 10 server to authenticate against an eDir server.im managed to Set up my linux(RHeL,SLES) servers to authenticate against the ldap Server.which works fine.

Here is my configuration Files.

ldapclient list:

NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=proxyuser,o=AEDev
NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c22222233
NS_LDAP_SERVERS= 192.168.0.19
NS_LDAP_SEARCH_BASEDN= ou=auth,o=AEDev
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_SCOPE= sub
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= anonymous
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=Groups,ou=auth,o=AEDev
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=users,ou=auth,o=AEDev?sub?objectClass=shadowAccount
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=auth,o=AEDev?sub?objectClass=posixAccount
NS_LDAP_BIND_TIME= 10
NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:simple

getent passwd works fine:

root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh
svctag:x:95:12:Service Tag UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
tlla:x:2012:100::/home/tlla:
test:x:2011:100::/home/test:
thato:x:2010:100::/home/thato:

pam.conf

login auth sufficient pam_unix_auth.so.1 #server_policy
login auth sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass
login auth required pam_dial_auth.so.1

rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth sufficient pam_unix_auth.so.1
rlogin auth sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass

rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_cred.so.1
rsh auth sufficient pam_unix_auth.so.1 #server_policy
rsh auth sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass

other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth sufficient pam_unix_auth.so.1
other auth sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass

passwd auth required pam_passwd_auth.so.1
passwd auth sufficient pam_unix_auth.so.1

ssh account sufficient pam_unix.so.1
ssh account sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass

other account requisite pam_roles.so.1
other account sufficient pam_unix_account.so.1
other account sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass

other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
other password sufficient pam_unix.so.1
other password sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass

Local Authentication Works But LDAP Authentication Doesn't Work.

© Server Fault or respective owner

Related posts about solaris

Related posts about ldap