Hi Josh, Given that no one has responded to this in 2 weeks, I think you'll need to place a call to Sun Support to get this resolved, if you haven't already.
On Tue, Nov 25, 2008 at 1:02 PM, Josh Rivel <[EMAIL PROTECTED]> wrote: > Hello, > > I have roughly 700 devices running OpenSolaris snv_81 with crossbow. > > I used Sun's ldapclient to initialize the box to use LDAP authentication > against an OpenLDAP server with no problems. > > However, if I try to use ldapclient from any non-global zone (each box has 3 > additional zones on it) it totally locks up the machine and I have to reboot > it. > > Here's a snippet from a non-global zone: > bash-3.2# uname -a > SunOS opensolaris-logging 5.11 net-virt_xb_21_snv_81_021308 i86pc i386 i86pc > > * I can ping the ldap server, and connect to it on port 389: > > bash-3.2# ping 10.x.x.208 > 10.x.x.208 is alive > bash-3.2# telnet 10.x.x.208 389 > Trying 10.x.x.208... > Connected to 10.x.x.208. > Escape character is '^]'. > > * However, when I try and initialize the ldapclient, here's what happens: > > bash-3.2# /usr/sbin/ldapclient manual -v -a defaultsearchbase=dc=foo,dc= > net -a domainname=foo.net 10.x.x.208 > Parsing defaultsearchbase=dc=foo,dc=net > Parsing domainname=foo.net > Arguments parsed: > defaultSearchBase: dc=foo,dc=net > domainName: foo.net > defaultServerList: 10.x.x.208 > Handling manual option > Proxy DN: NULL > Proxy password: NULL > Authentication method: 0 > Authentication method: 0 > No proxyDN/proxyPassword required > About to modify this machines configuration by writing the files > Stopping network services > sendmail not running > nscd not running > autofs not running > ldap not running > nisd not running > nis(yp) not running > file_backup: stat(/etc/nsswitch.conf)=0 > file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf) > file_backup: stat(/etc/defaultdomain)=0 > file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain) > file_backup: stat(/var/nis/NIS_COLD_START)=-1 > file_backup: No /var/nis/NIS_COLD_START file. > file_backup: nis domain is "foo.net" > file_backup: stat(/var/yp/binding/foo.net)=-1 > file_backup: No /var/yp/binding/foo.net directory. > file_backup: stat(/var/ldap/ldap_client_file)=0 > file_backup: (/var/ldap/ldap_client_file -> > /var/ldap/restore/ldap_client_file) > file_backup: (/var/ldap/ldap_client_cred -> > /var/ldap/restore/ldap_client_cred) > Starting network services > start: /usr/bin/domainname foo.net... success > start: sleep 100000 microseconds > start: sleep 200000 microseconds > start: sleep 400000 microseconds > start: sleep 800000 microseconds > start: sleep 1600000 microseconds > start: sleep 3200000 microseconds > start: sleep 6400000 microseconds > start: sleep 12800000 microseconds > start: sleep 25600000 microseconds > start: sleep 51200000 microseconds > start: sleep 17700000 microseconds > start: network/ldap/client:default... timed out > start: network/ldap/client:default... offline to disable > stop: sleep 100000 microseconds > stop: sleep 200000 microseconds > stop: sleep 400000 microseconds > stop: sleep 800000 microseconds > stop: sleep 1600000 microseconds > stop: sleep 3200000 microseconds > stop: sleep 6400000 microseconds > stop: sleep 12800000 microseconds > stop: sleep 25600000 microseconds > stop: sleep 8900000 microseconds > stop: network/ldap/client:default... timed out > restart: sleep 100000 microseconds > restart: sleep 200000 microseconds > restart: milestone/name-services:default... success > Error resetting system. > Recovering old system settings. > Stopping network services > sendmail not running > nscd not running > autofs not running > Stopping ldap > stop: sleep 100000 microseconds > stop: sleep 200000 microseconds > stop: sleep 400000 microseconds > stop: sleep 800000 microseconds > stop: sleep 1600000 microseconds > stop: sleep 3200000 microseconds > stop: sleep 6400000 microseconds > stop: sleep 12800000 microseconds > stop: sleep 25600000 microseconds > stop: sleep 8900000 microseconds > stop: network/ldap/client:default... timed out > Stopping ldap failed with (7) > Error (1) while stopping services during reset > recover: stat(/var/ldap/restore/defaultdomain)=0 > recover: open(/var/ldap/restore/defaultdomain) > recover: read(/var/ldap/restore/defaultdomain) > recover: old domainname "foo.net" > recover: stat(/var/ldap/restore/ldap_client_file)=0 > recover: file_move(/var/ldap/restore/ldap_client_file, > /var/ldap/ldap_client_file)=0 > recover: stat(/var/ldap/restore/ldap_client_cred)=0 > recover: file_move(/var/ldap/restore/ldap_client_cred, > /var/ldap/ldap_client_cred)=0 > recover: stat(/var/ldap/restore/NIS_COLD_START)=-1 > recover: stat(/var/ldap/restore/foo.net)=-1 > recover: stat(/var/ldap/restore/nsswitch.conf)=0 > recover: file_move(/var/ldap/restore/nsswitch.conf, /etc/nsswitch.conf)=0 > recover: stat(/var/ldap/restore/defaultdomain)=0 > recover: file_move(/var/ldap/restore/defaultdomain, /etc/defaultdomain)=0 > Starting network services > start: /usr/bin/domainname foo.net... success > restart: sleep 100000 microseconds > restart: milestone/name-services:default... success > > At this point the box has dropped off the network and it needs to be rebooted > (I did this via the serial console) > > Any thoughts? I need to get LDAP working on ~2100 non-global zones. > > Thanks... > > -- > Josh Rivel > Senior Security Engineer > Reliant Security > 450 7th Avenue, Suite 2305 > New York, NY 10023 > (o) 646.867.1270 > (c) 914.439.7548 > (f) 212.695.1225 > > _______________________________________________ > zones-discuss mailing list > zones-discuss@opensolaris.org > -- --JeffV _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
