Skip to Main Content
Forums

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

LDAP over SSL for Solaris 9 / Solaris 10

807559Jan 4 2008 — edited Feb 20 2008
I have successfully configured Solaris-10 clients to use Windows 2003 R2 Active Directory for LDAP authentication over SSL. However, my production environment is still running on Solaris-9. I am able to make Kerberos and ldapsearch working on Solaris-9, but I am still NOT able to use PuTTY to make authentication with AD.

I reviewed all my steps that I configured on Solaris-10, but somewhat I could not make it work on Solaris-9. If anybody sucessfully deployed on Solaris-9, please advices! Any helps greatly appreciated.

Here are what I got so far on Solaris-9
=======================================================
KERBEROS
=======================================================
#getent passwd aduser
aduser:1000:1000:aduser:/export/home/aduser:/bin/sh

#kinit aduser@CONSOTO.COM
Password for aduser@CONSOTO.COM:
#
#klist
Ticket cache: /tmp/krb5cc_0
Default principal: aduser@CONSOTO.COM

Valid starting Expires Service principal
Fri Jan 04 17:22:34 2008 Sat Jan 05 03:22:34 2008 krbtgt/CONSOTO.COM@CONSOTO.COM
renew until Fri Jan 11 17:22:34 2008
#

=======================================================
LDAPSEARCH / SSL
=======================================================
#ldapsearch -v -h sundc1.consoto.com -p 636 -Z -P /var/ldap/cert8.db -D cn=administrator,cn=users,dc=consoto,dc=com -w - -b "dc=consoto,dc=com" -v -s base "objectclass=*"
Enter bind password:
ldapsearch: started Fri Jan 4 17:23:52 2008

LDAP Library Information -
Highest supported protocol version: 3
LDAP API revision: 2005
API vendor name: Sun Microsystems Inc.
Vendor-specific version: 5.08
LDAP API Extensions:
SERVER_SIDE_SORT (revision 1)
VIRTUAL_LIST_VIEW (revision 1)
PERSISTENT_SEARCH (revision 1)
PROXY_AUTHORIZATION (revision 1)
X_LDERRNO (revision 1)
X_MEMCACHE (revision 1)
X_IO_FUNCTIONS (revision 1)
X_EXTIO_FUNCTIONS (revision 1)
X_DNS_FUNCTIONS (revision 1)
X_MEMALLOC_FUNCTIONS (revision 1)
X_THREAD_FUNCTIONS (revision 1)
X_EXTHREAD_FUNCTIONS (revision 1)
X_GETLANGVALUES (revision 1)
X_CLIENT_SIDE_SORT (revision 1)
X_URL_FUNCTIONS (revision 1)
X_FILTER_FUNCTIONS (revision 1)

ldap_init( sundc1.consoto.com, 636 )
ldaptool_getcertpath -- /var/ldap/cert8.db
ldaptool_getkeypath -- .
ldaptool_getdonglefilename -- (null)
filter pattern: objectclass=*
returning: ALL
filter is: (objectclass=*)
version: 1
dn: dc=consoto,dc=com
objectClass: top
objectClass: domain
objectClass: domainDNS
distinguishedName: DC=consoto,DC=com
instanceType: 5
whenCreated: 20071220204021.0Z
whenChanged: 20071226231851.0Z
subRefs: DC=ForestDnsZones,DC=consoto,DC=com
subRefs: DC=DomainDnsZones,DC=consoto,DC=com
subRefs: CN=Configuration,DC=consoto,DC=com
uSNCreated: 4098
uSNChanged: 16663
name: consoto
objectGUID:: bM0hWw8HKEOYCFN3yQ==
creationTime: 128426572605937500
forceLogoff: -9223372036854775808
lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
lockoutThreshold: 0
maxPwdAge: -37108517437440
minPwdAge: -864000000000
minPwdLength: 7
modifiedCountAtLastProm: 0
nextRid: 1003
pwdProperties: 1
pwdHistoryLength: 24
objectSid:: AQQAAAAAAAUAAYA4LaLGUspxVHsMP
serverState: 1
uASCompat: 1
modifiedCount: 129
auditingPolicy:: AAE=
nTMixedDomain: 0
rIDManagerReference: CN=RID Manager$,CN=System,DC=consoto,DC=com
fSMORoleOwner: CN=NTDS Settings,CN=SUNDC1,CN=Servers,CN=Default-First-Site-Nam e,CN=Sites,CN=Configuration,DC=consoto,DC=com
systemFlags: -1946157056
wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS Quotas,DC=sunl
ab,DC=com
wellKnownObjects: B:32:F4BE92A4C777485E878E9421D53087DB:CN=Microsoft,CN=Progra
m Data,DC=consoto,DC=com
wellKnownObjects: B:32:09460C08AE1E4A4EA0F64AEE7DAA1E5A:CN=Program Data,DC=sun
lab,DC=com
wellKnownObjects: B:32:22B70C67D56E4EFB91E9300FCA3DC1AA:CN=ForeignSecurityPrin
cipals,DC=consoto,DC=com
wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted Objects,DC=
consoto,DC=com
wellKnownObjects: B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=s
unlab,DC=com
wellKnownObjects: B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=sun
lab,DC=com
wellKnownObjects: B:32:AB1D30F3768811D1ADED00C04FD8D5CD:CN=System,DC=consoto,DC
=com
wellKnownObjects: B:32:A361B2FFFFD211D1AA4B00C04FD7D83A:OU=Domain Controllers,
DC=consoto,DC=com
wellKnownObjects: B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=consoto
,DC=com
wellKnownObjects: B:32:A9D1CA15768811D1ADED00C04FD8D5CD:CN=Users,DC=consoto,DC=
com
objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=consoto,DC=com
isCriticalSystemObject: TRUE
gPLink: [LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=Syste
m,DC=consoto,DC=com;0]
masteredBy: CN=NTDS Settings,CN=SUNDC1,CN=Servers,CN=Default-First-Site-Name,C
N=Sites,CN=Configuration,DC=consoto,DC=com
ms-DS-MachineAccountQuota: 10
msDS-Behavior-Version: 2
msDS-PerUserTrustQuota: 1
msDS-AllUsersTrustQuota: 1000
msDS-PerUserTrustTombstonesQuota: 10
msDs-masteredBy: CN=NTDS Settings,CN=SUNDC1,CN=Servers,CN=Default-First-Site-N
ame,CN=Sites,CN=Configuration,DC=consoto,DC=com
dc: consoto
1 matches
#

-------------------------

I am thinking about pam.conf file or ldapclient's configuration file, any suggestion?
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 19 2008
Added on Jan 4 2008
#oracle-solaris, #solaris-9
11 comments
626 views