Hi LIst, i have successfully configured my solaris 10 with AD through IPA 4.1.2
the issue i am facing is,only one AD user can able to solaris here is the getent passwd: <skipped> nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: *b...@infra.com:x:531001104:531001104:ben:/home/infra.com/ben <http://infra.com/ben>:* auth:x:643400008:643400008:auth auth:/home/auth:/bin/sh shyam:x:643400007:643400007:shyam A:/export/home/shyam:/bin/bash jude:x:643400006:643400006:jude joseph:/export/home/jude:/bin/bash admin:x:643400000:643400000:Administrator:/home/admin:/bin/bash user ben is from AD and can able to su to that user.i have tried with other users and it's not happening. here is my configuration file: pam.conf # login service (explicit because of pam_dial_auth) # login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth sufficient pam_krb5.so.1 login auth required pam_unix_cred.so.1 login auth required pam_unix_auth.so.1 login auth required pam_dial_auth.so.1 # # rlogin service (explicit because of pam_rhost_auth) # rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_cred.so.1 rlogin auth required pam_unix_auth.so.1 # # Kerberized rlogin service # krlogin auth required pam_unix_cred.so.1 krlogin auth required pam_krb5.so.1 # # rsh service (explicit because of pam_rhost_auth, # and pam_unix_auth for meaningful pam_setcred) # rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_cred.so.1 # # Kerberized rsh service # krsh auth required pam_unix_cred.so.1 krsh auth required pam_krb5.so.1 # # Kerberized telnet service # ktelnet auth required pam_unix_cred.so.1 ktelnet auth required pam_krb5.so.1 # # PPP service (explicit because of pam_dial_auth) # ppp auth requisite pam_authtok_get.so.1 ppp auth required pam_dhkeys.so.1 ppp auth required pam_unix_cred.so.1 ppp auth required pam_unix_auth.so.1 ppp auth required pam_dial_auth.so.1 # # Default definitions for Authentication management # Used when service name is not explicitly mentioned for authentication # other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_cred.so.1 other auth sufficient pam_krb5.so.1 other auth required pam_unix_auth.so.1 other auth sufficient pam_ldap.so.1 # passwd command (explicit because of a different authentication module) # passwd auth required pam_passwd_auth.so.1 # # cron service (explicit because of non-usage of pam_roles.so.1) # cron account required pam_unix_account.so.1 # # Default definition for Account management # Used when service name is not explicitly mentioned for account management # other account requisite pam_roles.so.1 other account required pam_unix_account.so.1 other account required pam_krb5.so.1 other account sufficient pam_ldap.so.1 # # Default definition for Session management # Used when service name is not explicitly mentioned for session management # other session required pam_unix_session.so.1 # # Default definition for Password management # Used when service name is not explicitly mentioned for password management # other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 # Password construction requirements apply to all users. # Remove force_check to have the traditional authorized administrator # bypass of construction requirements. other password requisite pam_authtok_check.so.1 force_check other password sufficient pam_krb5.so.1 other password required pam_authtok_store.so.1 ldap_client_file: # # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead. # NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_SERVERS= 172.16.107.244 NS_LDAP_SEARCH_BASEDN= dc=solaris,dc=local NS_LDAP_AUTH= simple NS_LDAP_CACHETTL= 0 NS_LDAP_CREDENTIAL_LEVEL= proxy NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=solaris,dc=local NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=compat,dc=solaris,dc=local NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount nsswitch.conf: # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. passwd: files ldap [NOTFOUND=return] group: files ldap [NOTFOUND=return] # consult /etc "files" only if ldap is down. hosts: dns files AD authentication is working some level and it restricted to only one user. *b...@infra.com:x:531001104:531001104:ben:/home/infra.com/ben <http://infra.com/ben>:* auth:x:643400008:643400008:auth auth:/home/auth:/bin/sh shyam:x:643400007:643400007:shyam A:/export/home/shyam:/bin/bash jude:x:643400006:643400006:jude joseph:/export/home/jude:/bin/bash admin:x:643400000:643400000:Administrator:/home/admin:/bin/bash other than user "ben" all other users are local IPA users. how can i troubleshot this issue
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project