Dear all, I have problems connecting an open solaris 10 box to a novell linux ldap server (or better say: I am a newbie on this stuff and am confused about the right configuration). First I made a normal installation as a standalone box. I installed openssh and openldap via csw. Now I want to connect it to our ldap server. The nsswitch.conf looks like this: passwd: files ldap group: files ldap hosts: files dns ipnodes: files dns networks: files protocols: files rpc: files ethers: files netmasks: files bootparams: files publickey: files netgroup: files automount: files aliases: files services: files printers: user files auth_attr: files prof_attr: files project: files
The pam.conf is this: login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth required pam_unix_cred.so.1 login auth required pam_unix_auth.so.1 login auth required pam_dial_auth.so.1 rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_cred.so.1 rlogin auth required pam_unix_auth.so.1 krlogin auth required pam_unix_cred.so.1 krlogin auth binding pam_krb5.so.1 krlogin auth required pam_unix_auth.so.1 rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_cred.so.1 krsh auth required pam_unix_cred.so.1 krsh auth binding pam_krb5.so.1 krsh auth required pam_unix_auth.so.1 ktelnet auth required pam_unix_cred.so.1 ktelnet auth binding pam_krb5.so.1 ktelnet auth required pam_unix_auth.so.1 ppp auth requisite pam_authtok_get.so.1 ppp auth required pam_dhkeys.so.1 ppp auth required pam_unix_cred.so.1 ppp auth required pam_unix_auth.so.1 ppp auth required pam_dial_auth.so.1 other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_cred.so.1 other auth required pam_unix_auth.so.1 passwd auth required pam_passwd_auth.so.1 cron account required pam_unix_account.so.1 other account requisite pam_roles.so.1 other account required pam_unix_account.so.1 other session required pam_unix_session.so.1 other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_authtok_check.so.1 other password required pam_authtok_store.so.1 Since we don't have a proxy, I left /var/ldap/ldap_client_cred empty. The /var/ldap/ldap_client_file looks: NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_SERVERS= ldap NS_LDAP_SEARCH_BASEDN= o=mpia NS_LDAP_AUTH= simple NS_LDAP_CACHETTL= 3600 NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=people,o=mpia NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=people,o=mpia NS_LDAP_SERVICE_SEARCH_DESC= group:ou=group,o=mpia (Do I need these two files since I have /opt/csw/etc/ldap.conf ?) 'svcs -a | grep ldap' gives this: offline 11:23:08 svc:/network/cswopenldap:default maintenance 11:23:11 svc:/network/ldap/client:default svcadm enable svc:/network/cswopenldap:default and svcadm restart svc:/network/cswopenldap:default don't give a different result on 'svcs -a' So, 'ldapclient init IP-of-ldap-server' cannot work. And 'getent passwd' gives only the local /etc/passwd contents. I looked around in the internet but did not find any answer which solves my problem. I wonder what I have done wrong or whether I have something to add into the ldap server configuration. Does anybody in the list have experience with solaris 10 as an ldap client? Any hint is welcome. With kind regards, Ulrich Hiller -- Ulrich Hiller Max-Planck-Institut fuer Astronomie Koenigstuhl 17 69117 Heidelberg Germany phone +49 6221 528238 fax +49 6221 528246 email [EMAIL PROTECTED] _______________________________________________ opensolaris-discuss mailing list [email protected]
