I'm not sure if this will help (not being a Solaris shop), but when we rolled 
out IPA in our environment, I had some trouble with ssh and kerberos auth 
working correctly.  As it turned out, the fix was adding reverse lookup records 
(PTR) in the DNS for all the servers. 


-----Original Message-----
>From: Luke Kearney <l...@kearney.jp>
>Sent: Mar 13, 2013 4:39 PM
>To: Freeipa-users@redhat.com
>Subject: [Freeipa-users] Solaris Clients
>I have recently been working on integrating our solaris 10 fleet with FreeIPA. 
>The first 'test' host went relatively smoothly and we recently created a new 
>test host. Only this time it was more challenging to get the system working.
>On our original test installation every step went almost exactly as per the 
>documentation [ 
> ] 
>On the second install we found that whilst we were able to retrieve user 
>account information via LDAP we could not login via ssh and kerberos for any 
>amount of trying. This was overcome by inserting the following line into 
>other         account            sufficient              pam_ldap.so.1
>Where is had not been needed on test host1.
>To the extent it works and doesn't break something else this is all fine. I 
>understand why it works as the information in ldap is needed to open the 
>terminal session, why would one need this stanza but not the other?
>If anyone can shed any light on this I would be most appreciative.
>Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to