Skip to Main Content
Forums

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Ldap client configuration solaris 10

2990054Dec 2 2015 — edited Dec 3 2015

I'm trying to configure an ldap client in oracle solaris 10 system to connect at my server ldap in centos6 IpaServer, but I retrive this error in /var/adm/messages when the configuration is complete:

Dec  2 11:45:10 mirzcsdbs07 sshd[4241]: [ID 316739 auth.error] pam_ldap: no legal authentication method configured

I have configure ldapclient in this way, after generation of cert and copy it to my client:

ldapclient -v init -a profileName=default -a proxyDN="uid=solaris_secure,cn=sysaccounts,cn=etc,dc=2irgdc,dc=lan" -a proxyPassword=xxxxxxxxx -a domainname=2irgdc.lan -D uid=solaris_secure,cn=sysaccounts,cn=etc,dc=2irgdc,dc=lan -w xxxxxxxxx 192.168.0.123

I have try to modify pam.conf in any way, this is the last configuration:

#

# Authentication management

#

# login service (explicit because of pam_dial_auth)

#

login   auth requisite        pam_authtok_get.so.1

login   auth required         pam_dhkeys.so.1

login   auth required         pam_unix_cred.so.1

login   auth required         pam_dial_auth.so.1

login   auth binding          pam_unix_auth.so.1 server_policy

login   auth required         pam_ldap.so.1

#

# rlogin service (explicit because of pam_rhost_auth)

#

rlogin  auth sufficient       pam_rhosts_auth.so.1

rlogin  auth requisite        pam_authtok_get.so.1

rlogin  auth required         pam_dhkeys.so.1

rlogin  auth required         pam_unix_cred.so.1

rlogin  auth binding          pam_unix_auth.so.1 server_policy

rlogin  auth required         pam_ldap.so.1

#

# rsh service (explicit because of pam_rhost_auth,

# and pam_unix_auth for meaningful pam_setcred)

#

rsh     auth sufficient       pam_rhosts_auth.so.1

rsh     auth required         pam_unix_cred.so.1

rsh     auth binding          pam_unix_auth.so.1 server_policy

rsh     auth required         pam_ldap.so.1

#

# PPP service (explicit because of pam_dial_auth)

#

ppp     auth requisite        pam_authtok_get.so.1

ppp     auth required         pam_dhkeys.so.1

ppp     auth required         pam_dial_auth.so.1

ppp     auth binding          pam_unix_auth.so.1 server_policy

ppp     auth required         pam_ldap.so.1

#

# Default definitions for Authentication management

# Used when service name is not explicitly mentioned for authentication

#

other   auth requisite        pam_authtok_get.so.1

other   auth required         pam_dhkeys.so.1

other   auth required         pam_unix_cred.so.1

other   auth binding          pam_unix_auth.so.1 server_policy

other   auth required         pam_ldap.so.1

#

# passwd command (explicit because of a different authentication module)

#

passwd  auth binding          pam_passwd_auth.so.1 server_policy

passwd  auth required         pam_ldap.so.1

#

# cron service (explicit because of non-usage of pam_roles.so.1)

#

cron    account required      pam_unix_account.so.1

#

# Default definition for Account management

# Used when service name is not explicitly mentioned for account management

#

other   account requisite     pam_roles.so.1

other   account binding       pam_unix_account.so.1 server_policy

other   account required      pam_ldap.so.1

#

# Default definition for Session management

# Used when service name is not explicitly mentioned for session management

#

other   session required      pam_unix_session.so.1

#

# Default definition for  Password management

# Used when service name is not explicitly mentioned for password management

#

other   password required     pam_dhkeys.so.1

other   password requisite    pam_authtok_get.so.1

other   password requisite    pam_authtok_check.so.1

other   password required     pam_authtok_store.so.1 server_policy

#

# Support for Kerberos V5 authentication and example configurations can

# be found in the pam_krb5(5) man page under the "EXAMPLES" section.

this is the output about getent, ldaplist and ldapclient list:

getent passwd adm0022

adm0022:x:718800026:718800026:User:/home/adm0022:/bin/sh

ldaplist

dn: ou=sudoers,dc=2irgdc,dc=lan

dn: cn=accounts,dc=2irgdc,dc=lan

dn: cn=alt,dc=2irgdc,dc=lan

dn: cn=automount,dc=2irgdc,dc=lan

dn: cn=etc,dc=2irgdc,dc=lan

dn: cn=hbac,dc=2irgdc,dc=lan

dn: cn=kerberos,dc=2irgdc,dc=lan

dn: cn=otp,dc=2irgdc,dc=lan

dn: cn=pbac,dc=2irgdc,dc=lan

dn: cn=radiusproxy,dc=2irgdc,dc=lan

dn: cn=selinux,dc=2irgdc,dc=lan

dn: cn=sudo,dc=2irgdc,dc=lan

dn: cn=trusts,dc=2irgdc,dc=lan

dn: ou=profile,dc=2irgdc,dc=lan

ldaplist passwd adm0022:

dn: uid=adm0022,cn=users,cn=accounts,dc=2irgdc,dc=lan

ldapclient list:

NS_LDAP_FILE_VERSION= 2.0

NS_LDAP_BINDDN= uid=solaris_secure,cn=sysaccounts,cn=etc,dc=2irgdc,dc=lan

NS_LDAP_BINDPASSWD= {NS1}8524edf56a844e8315c1bbac33

NS_LDAP_SERVERS= ldap01-rz.2irgdc.lan

NS_LDAP_SEARCH_BASEDN= dc=2irgdc,dc=lan

NS_LDAP_AUTH= none

NS_LDAP_SEARCH_REF= TRUE

NS_LDAP_SEARCH_TIME= 15

NS_LDAP_PROFILE= default

NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=accounts,dc=2irgdc,dc=lan

NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=2irgdc,dc=lan

NS_LDAP_BIND_TIME= 5

NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount

any Idea?????????

help me please!!!

bye
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Dec 31 2015
Added on Dec 2 2015
#oracle-solaris, #solaris-10
4 comments
2,431 views