Hello, I have roughly 700 devices running OpenSolaris snv_81 with crossbow.
I used Sun's ldapclient to initialize the box to use LDAP authentication against an OpenLDAP server with no problems. However, if I try to use ldapclient from any non-global zone (each box has 3 additional zones on it) it totally locks up the machine and I have to reboot it. Here's a snippet from a non-global zone: bash-3.2# uname -a SunOS opensolaris-logging 5.11 net-virt_xb_21_snv_81_021308 i86pc i386 i86pc * I can ping the ldap server, and connect to it on port 389: bash-3.2# ping 10.x.x.208 10.x.x.208 is alive bash-3.2# telnet 10.x.x.208 389 Trying 10.x.x.208... Connected to 10.x.x.208. Escape character is '^]'. * However, when I try and initialize the ldapclient, here's what happens: bash-3.2# /usr/sbin/ldapclient manual -v -a defaultsearchbase=dc=foo,dc= net -a domainname=foo.net 10.x.x.208 Parsing defaultsearchbase=dc=foo,dc=net Parsing domainname=foo.net Arguments parsed: defaultSearchBase: dc=foo,dc=net domainName: foo.net defaultServerList: 10.x.x.208 Handling manual option Proxy DN: NULL Proxy password: NULL Authentication method: 0 Authentication method: 0 No proxyDN/proxyPassword required About to modify this machines configuration by writing the files Stopping network services sendmail not running nscd not running autofs not running ldap not running nisd not running nis(yp) not running file_backup: stat(/etc/nsswitch.conf)=0 file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf) file_backup: stat(/etc/defaultdomain)=0 file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain) file_backup: stat(/var/nis/NIS_COLD_START)=-1 file_backup: No /var/nis/NIS_COLD_START file. file_backup: nis domain is "foo.net" file_backup: stat(/var/yp/binding/foo.net)=-1 file_backup: No /var/yp/binding/foo.net directory. file_backup: stat(/var/ldap/ldap_client_file)=0 file_backup: (/var/ldap/ldap_client_file -> /var/ldap/restore/ldap_client_file) file_backup: (/var/ldap/ldap_client_cred -> /var/ldap/restore/ldap_client_cred) Starting network services start: /usr/bin/domainname foo.net... success start: sleep 100000 microseconds start: sleep 200000 microseconds start: sleep 400000 microseconds start: sleep 800000 microseconds start: sleep 1600000 microseconds start: sleep 3200000 microseconds start: sleep 6400000 microseconds start: sleep 12800000 microseconds start: sleep 25600000 microseconds start: sleep 51200000 microseconds start: sleep 17700000 microseconds start: network/ldap/client:default... timed out start: network/ldap/client:default... offline to disable stop: sleep 100000 microseconds stop: sleep 200000 microseconds stop: sleep 400000 microseconds stop: sleep 800000 microseconds stop: sleep 1600000 microseconds stop: sleep 3200000 microseconds stop: sleep 6400000 microseconds stop: sleep 12800000 microseconds stop: sleep 25600000 microseconds stop: sleep 8900000 microseconds stop: network/ldap/client:default... timed out restart: sleep 100000 microseconds restart: sleep 200000 microseconds restart: milestone/name-services:default... success Error resetting system. Recovering old system settings. Stopping network services sendmail not running nscd not running autofs not running Stopping ldap stop: sleep 100000 microseconds stop: sleep 200000 microseconds stop: sleep 400000 microseconds stop: sleep 800000 microseconds stop: sleep 1600000 microseconds stop: sleep 3200000 microseconds stop: sleep 6400000 microseconds stop: sleep 12800000 microseconds stop: sleep 25600000 microseconds stop: sleep 8900000 microseconds stop: network/ldap/client:default... timed out Stopping ldap failed with (7) Error (1) while stopping services during reset recover: stat(/var/ldap/restore/defaultdomain)=0 recover: open(/var/ldap/restore/defaultdomain) recover: read(/var/ldap/restore/defaultdomain) recover: old domainname "foo.net" recover: stat(/var/ldap/restore/ldap_client_file)=0 recover: file_move(/var/ldap/restore/ldap_client_file, /var/ldap/ldap_client_file)=0 recover: stat(/var/ldap/restore/ldap_client_cred)=0 recover: file_move(/var/ldap/restore/ldap_client_cred, /var/ldap/ldap_client_cred)=0 recover: stat(/var/ldap/restore/NIS_COLD_START)=-1 recover: stat(/var/ldap/restore/foo.net)=-1 recover: stat(/var/ldap/restore/nsswitch.conf)=0 recover: file_move(/var/ldap/restore/nsswitch.conf, /etc/nsswitch.conf)=0 recover: stat(/var/ldap/restore/defaultdomain)=0 recover: file_move(/var/ldap/restore/defaultdomain, /etc/defaultdomain)=0 Starting network services start: /usr/bin/domainname foo.net... success restart: sleep 100000 microseconds restart: milestone/name-services:default... success At this point the box has dropped off the network and it needs to be rebooted (I did this via the serial console) Any thoughts? I need to get LDAP working on ~2100 non-global zones. Thanks... -- Josh Rivel Senior Security Engineer Reliant Security 450 7th Avenue, Suite 2305 New York, NY 10023 (o) 646.867.1270 (c) 914.439.7548 (f) 212.695.1225 _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org