Hello,
I have roughly 700 devices running OpenSolaris snv_81 with crossbow.
I used Sun's ldapclient to initialize the box to use LDAP authentication
against an OpenLDAP server with no problems.
However, if I try to use ldapclient from any non-global zone (each box has 3
additional zones on it) it totally locks up the machine and I have to reboot it.
Here's a snippet from a non-global zone:
bash-3.2# uname -a
SunOS opensolaris-logging 5.11 net-virt_xb_21_snv_81_021308 i86pc i386 i86pc
* I can ping the ldap server, and connect to it on port 389:
bash-3.2# ping 10.x.x.208
10.x.x.208 is alive
bash-3.2# telnet 10.x.x.208 389
Trying 10.x.x.208...
Connected to 10.x.x.208.
Escape character is '^]'.
* However, when I try and initialize the ldapclient, here's what happens:
bash-3.2# /usr/sbin/ldapclient manual -v -a defaultsearchbase=dc=foo,dc=
net -a domainname=foo.net 10.x.x.208
Parsing defaultsearchbase=dc=foo,dc=net
Parsing domainname=foo.net
Arguments parsed:
defaultSearchBase: dc=foo,dc=net
domainName: foo.net
defaultServerList: 10.x.x.208
Handling manual option
Proxy DN: NULL
Proxy password: NULL
Authentication method: 0
Authentication method: 0
No proxyDN/proxyPassword required
About to modify this machines configuration by writing the files
Stopping network services
sendmail not running
nscd not running
autofs not running
ldap not running
nisd not running
nis(yp) not running
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: stat(/var/nis/NIS_COLD_START)=-1
file_backup: No /var/nis/NIS_COLD_START file.
file_backup: nis domain is "foo.net"
file_backup: stat(/var/yp/binding/foo.net)=-1
file_backup: No /var/yp/binding/foo.net directory.
file_backup: stat(/var/ldap/ldap_client_file)=0
file_backup: (/var/ldap/ldap_client_file -> /var/ldap/restore/ldap_client_file)
file_backup: (/var/ldap/ldap_client_cred -> /var/ldap/restore/ldap_client_cred)
Starting network services
start: /usr/bin/domainname foo.net... success
start: sleep 100000 microseconds
start: sleep 200000 microseconds
start: sleep 400000 microseconds
start: sleep 800000 microseconds
start: sleep 1600000 microseconds
start: sleep 3200000 microseconds
start: sleep 6400000 microseconds
start: sleep 12800000 microseconds
start: sleep 25600000 microseconds
start: sleep 51200000 microseconds
start: sleep 17700000 microseconds
start: network/ldap/client:default... timed out
start: network/ldap/client:default... offline to disable
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: sleep 400000 microseconds
stop: sleep 800000 microseconds
stop: sleep 1600000 microseconds
stop: sleep 3200000 microseconds
stop: sleep 6400000 microseconds
stop: sleep 12800000 microseconds
stop: sleep 25600000 microseconds
stop: sleep 8900000 microseconds
stop: network/ldap/client:default... timed out
restart: sleep 100000 microseconds
restart: sleep 200000 microseconds
restart: milestone/name-services:default... success
Error resetting system.
Recovering old system settings.
Stopping network services
sendmail not running
nscd not running
autofs not running
Stopping ldap
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: sleep 400000 microseconds
stop: sleep 800000 microseconds
stop: sleep 1600000 microseconds
stop: sleep 3200000 microseconds
stop: sleep 6400000 microseconds
stop: sleep 12800000 microseconds
stop: sleep 25600000 microseconds
stop: sleep 8900000 microseconds
stop: network/ldap/client:default... timed out
Stopping ldap failed with (7)
Error (1) while stopping services during reset
recover: stat(/var/ldap/restore/defaultdomain)=0
recover: open(/var/ldap/restore/defaultdomain)
recover: read(/var/ldap/restore/defaultdomain)
recover: old domainname "foo.net"
recover: stat(/var/ldap/restore/ldap_client_file)=0
recover: file_move(/var/ldap/restore/ldap_client_file,
/var/ldap/ldap_client_file)=0
recover: stat(/var/ldap/restore/ldap_client_cred)=0
recover: file_move(/var/ldap/restore/ldap_client_cred,
/var/ldap/ldap_client_cred)=0
recover: stat(/var/ldap/restore/NIS_COLD_START)=-1
recover: stat(/var/ldap/restore/foo.net)=-1
recover: stat(/var/ldap/restore/nsswitch.conf)=0
recover: file_move(/var/ldap/restore/nsswitch.conf, /etc/nsswitch.conf)=0
recover: stat(/var/ldap/restore/defaultdomain)=0
recover: file_move(/var/ldap/restore/defaultdomain, /etc/defaultdomain)=0
Starting network services
start: /usr/bin/domainname foo.net... success
restart: sleep 100000 microseconds
restart: milestone/name-services:default... success
At this point the box has dropped off the network and it needs to be rebooted
(I did this via the serial console)
Any thoughts? I need to get LDAP working on ~2100 non-global zones.
Thanks...
--
Josh Rivel
Senior Security Engineer
Reliant Security
450 7th Avenue, Suite 2305
New York, NY 10023
(o) 646.867.1270
(c) 914.439.7548
(f) 212.695.1225
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org
