Hi, I have successfully (minus a few problems) set up authentication using the "Using Kerberos to Authenticate a Solaris 10 OS LDAP Client with Microsoft Active Directory"
This is on opensolaris (svn_111b) But I have a problem, the bind failed after a few hours, causing the server not to allow any long ons. restarting svc:/network/ldap/client:default fixes the problem. the following shows up in messages: Jun 29 20:48:18 force ldap_cachemgr[1708]: [ID 293258 daemon.warning] libsldap: Status: 7 Mesg: openConnection: GSSAPI bind failed - 82 Local error Jun 29 20:48:18 force ldap_cachemgr[1708]: [ID 545954 daemon.error] libsldap: makeConnection: failed to open connection using sasl/GSSAPI to CD2 Jun 29 20:48:18 force ldap_cachemgr[1708]: [ID 687686 daemon.warning] libsldap: Falling back to anonymous, non-SSL mode for __ns_ldap_getRootDSE. openConnection: GSSAPI bind failed - 82 Local error and at that point the following services appear to restart: svc:/system/name-service-cache:default svc:/milestone/name-services:default svc:/network/smtp:sendmail svc:/network/sendmail-client:default svc:/system/filesystem/autofs:default svc:/application/opengl/ogl-select:default svc:/network/ldap/client:default After this all logins, either via SSH CIFS etc, either fail (SSH), or are very slow to authenticate, takes maybe 3 -4 minutes (CIFS), and does the same on every activity, such and changing directories. Users cant renew their tickets, getent passwd [user] and ldaplist -l passwd [user] hangs. Restarting the LDAP client fixes it. So what is going on here? -- This message posted from opensolaris.org _______________________________________________ sysadmin-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
