[SunRay-Users] NSCM not working with ldap.

Mon, 09 Jan 2006 12:15:48 -0800 

Gurus,
        I've posted on this before but never got an answer nor worked through 
it.  
I'm revisiting this issue now that we have better hardware and are using the 
failover features of SRSS3.1.  I'm hoping someone out there can 
clarify(solve) this for  me.  Basically Non Smart Card Mobile sessions do not 
work for us.  You get the first login window...everything appears normal, 
second login window comes up...start logging in and then kicked immediately 
back to main window.  If I don't use NSCM, users have no problem logging in 
and authenticating.  I'm a bit stumped as to where I should be looking at to 
resolve this problem.

Current setup is V490 in a failover configuration with Solaris 10 and 
Blastwave.org KDE 3.4.  We use nss_ldap which we call pam_padl.so.1 so as to 
not overwrite SUN's pam_ldap.so.1.  Since most of our services require 
"other" authentication  (ssh,dtlogin, sudo) the only change we made to the 
pam.conf PRIOR to installing the SRSS3.1 software was:

other   auth requisite          pam_authtok_get.so.1
other   auth required           pam_dhkeys.so.1
other   auth required           pam_unix_cred.so.1
other   auth sufficient         pam_unix_auth.so.1
other   auth required           pam_padl.so.1 use_first_pass


After adding SRSS3.1, the pam.conf shows the utnsclogin params the ldap 
information included.  Yet I still can't get past the 2nd login window 
successfully. 

#added to utnsclogin by SunRay Server Software -- utnsclogin
utnsclogin auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 
property=username
utnsclogin auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1
utnsclogin auth requisite pam_authtok_get.so.1
utnsclogin auth required pam_dhkeys.so.1
utnsclogin auth required pam_unix_cred.so.1
utnsclogin auth sufficient pam_unix_auth.so.1
utnsclogin auth required pam_padl.so.1 use_first_pass
utnsclogin account requisite pam_roles.so.1
utnsclogin account required pam_padl.so.1 ignore_unknown_user \ 
ignore_authinfo_unavail
utnsclogin account required pam_unix_account.so.1
utnsclogin session required pam_unix_session.so.1
utnsclogin password required pam_dhkeys.so.1
utnsclogin password requisite pam_authtok_get.so.1
utnsclogin password requisite pam_authtok_check.so.1
utnsclogin password required pam_authtok_store.so.1


Any/all help greatly appreciated.  Thanks in advance.


Randy Romero
CONFIDENTIALITY NOTICE: This e-mail may contain information that is privileged, 
confidential or otherwise protected from disclosure. If you are not the 
intended recipient of this e-mail, please notify the sender immediately by 
return e-mail, purge it and do not disseminate or copy it.

Attachment: pgpadlAgUz7df.pgp
Description: PGP signature

_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users

Reply via email to