Dont know if anyone is still reading these, but if there are here goes :) I have been following the documentation on http://www.sun.com/bigadmin/features/articles/kerberos_s10.pdf for solaris 10, but i thought that it would probably be exactly the same for opensolaris 2009/06, i have made some changed to the ldap serviceSearchDescriptor for passwd and groups so that it searches from the base, instead of just the users container, so it is:
ldapclient -v manual \ -a credentialLevel=self \ -a authenticationMethod=sasl/gssapi \ -a defaultSearchBase=dc=development01,dc=tag,dc=no \ -a domainName=development01.tag.no \ -a defaultServerList=172.16.40.157 \ -a attributeMap=passwd:gecos=cn \ -a attributeMap=passwd:homedirectory=unixHomeDirectory \ -a objectClassMap=group:posixGroup=group \ -a objectClassMap=passwd:posixAccount=user \ -a objectClassMap=shadow:shadowAccount=user \ -a serviceSearchDescriptor=passwd:dc=development01,dc=tag,dc=no?sub \ -a serviceSearchDescriptor=group:dc=development01,dc=tag,dc=no?sub I ahve set up everything as described, the computer is in active directory, it got a kerberos ticket, dns is fine, time is synced etc. but i get the following errors: I can not login via ssh with an active directory account. if i try a getent passwd [username] I get only the local accounts and the following error in /var/adm/messages: Jun 25 09:13:30 FORCE nscd[3333]: [ID 545954 user.error] libsldap: makeConnection: failed to open connection using sasl/GSSAPI to ForestDnsZones.development01.tag.no Jun 25 09:13:30 FORCE nscd[3333]: [ID 545954 user.error] libsldap: makeConnection: failed to open connection using sasl/GSSAPI to ForestDnsZones.development01.tag.no if i try a ldapclient -l passwd [username] i get: ldaplist: LDAP error (openConnection: GSSAPI bind failed - 82 Local error) and in messages: Jun 25 11:06:57 FORCE ldaplist[4082]: [ID 545954 user.error] libsldap: makeConnection: failed to open connection using sasl/GSSAPI to ForestDnsZones.development01.tag.no Jun 25 11:06:57 FORCE ldaplist[4082]: [ID 545954 user.error] libsldap: makeConnection: failed to open connection using sasl/GSSAPI to ForestDnsZones.development01.tag.no anyone any ideas about whats wrong? -- This message posted from opensolaris.org _______________________________________________ sysadmin-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
