Skip to Main Content
Forums

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Off and On LDAP User Authenticaton

807557Jan 24 2008 — edited Jan 24 2008
Before I get started describing my issue, I would like to warn everyone that I am new to solaris administration and solaris in general. So please pardon me if I mispeak or don't initially provide enough information.

I am having trouble with LDAP user authentication. I am using ldapclient to perform the mapping of user information from our Win2k3 Domain Controllers (running SFU) to our Solaris 10 box. When I configure the system initiallty everything works fine. For example, I can run:

getent passwd <AD_username>

and get all the attributes that SFU provides and login via SSH with valid AD credentails. However, for some reason after a period of time (not sure if it is a fixed period of time or vvariable) LDAP authentication will stop working, denying everyone with valid AD credentials. I have tried looking in almost every log file I can think of (/var/adm/messages, /var/ldap/cache_mgr) and there are no error messages from ldapclient. Similarly on the domain controllers I do not see any failed security audits nor any failed ldap requests.

Any ideas on what could be causing this sort of behavior?

If it helps I followed the following guide when configuring AD Integration:

http://blog.scottlowe.org/2007/04/25/solaris-10-ad-integration-version-3/

Listed below is my ldap_client_file (sensative information removed):
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= <my_dc>
NS_LDAP_SEARCH_BASEDN= dc=<my_domain>,dc=<extension>
NS_LDAP_AUTH= simple
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:dc=<my_domain>,dc=<extension>?sub
NS_LDAP_SERVICE_SEARCH_DESC= group:dc=<my_domain>,dc=<extension>?sub
NS_LDAP_ATTRIBUTEMAP= shadow:uid=msSFU30Name
NS_LDAP_ATTRIBUTEMAP= shadow:userpassword=msSFU30Password
NS_LDAP_ATTRIBUTEMAP= shadow:shadowflag=msSFU30ShadowFlag
NS_LDAP_ATTRIBUTEMAP= passwd:loginshell=msSFU30LoginShell
NS_LDAP_ATTRIBUTEMAP= passwd:homedirectory=msSFU30HomeDirectory
NS_LDAP_ATTRIBUTEMAP= passwd:uid=msSFU30Name
NS_LDAP_ATTRIBUTEMAP= passwd:uidnumber=msSFU30UidNumber
NS_LDAP_ATTRIBUTEMAP= passwd:gidnumber=msSFU30GidNumber
NS_LDAP_ATTRIBUTEMAP= passwd:gecos=displayName
NS_LDAP_ATTRIBUTEMAP= group:gidnumber=msSFU30GidNumber
NS_LDAP_ATTRIBUTEMAP= group:memberuid=msSFU30UidNumber
NS_LDAP_ATTRIBUTEMAP= group:userpassword=msSFU30Password
NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=user
NS_LDAP_OBJECTCLASSMAP= passwd:posixAccount=user
NS_LDAP_OBJECTCLASSMAP= group:posixGroup=group
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Feb 21 2008
Added on Jan 24 2008
#oracle-solaris, #solaris-10
4 comments
194 views