Connect Solaris ldapclient to a Oracle internet directory
Date: Wed, 18 Jun 2008 06:22:45 -0700 (PDT)
Message-ID: <b3ca07d0-d334-4230-bed6-6d334a1acdc9@i76g2000hsf.googlegroups.com>
Hi,
I am looking for informations howto connect Solaris native ldapclient
to a Oracle internet directory.
Or a solution for the following problem:
Solaris 10
ldapclient init works
ssh with a ldap user doesn't
error:
Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 219349 auth.debug]
pam_unix_auth: user MYUSER not found
Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 453631 auth.debug] tid= 1:
Adding connection (serverAddr=xxx.xxx.xxx.xxx:389)
Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 776464 auth.debug] tid= 1:
Initialized sessionPool
Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 816976 auth.debug] tid= 1:
Connection added [0]
Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 467101 auth.debug] tid= 1:
connectionID=1024
Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 805042 auth.debug] tid= 1:
shared=1
Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 982078 auth.debug] tid= 1:
usedBit=0
Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 727660 auth.debug] tid= 1:
threadID=1
Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 577507 auth.debug] tid= 1:
serverAddr=xxx.xxx.xxx.xxx:389
Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 939703 auth.debug] tid= 1:
AuthType=0
Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 142272 auth.debug] tid= 1:
TlsType=0
Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 537450 auth.debug] tid= 1:
SaslMech=0
Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 625532 auth.debug] tid= 1:
SaslOpt=0
Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 323218 auth.debug] tid= 1:
unlocking sessionLock
Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 800047 auth.info] Keyboard-
interactive (PAM) userauth failed[13] while authenticating: No account
present for user
Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 800047 auth.info] Failed
keyboard-interactive for <invalid username> from xxx.xxx.xxx.xxx port
1463 ssh2
ldapclient list
NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_SERVERS= 10.0.0.1:389 NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=com NS_LDAP_CACHETTL= 0 NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:simple
/etc/pam.conf
#ident "@(#)pam.conf 1.29 05/06/08 SMI"
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# PAM configuration
#
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
#
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
#
# Authentication management
#
#
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1 login auth sufficient pam_ldap.so.1 login auth required pam_dhkeys.so.1 login auth required pam_unix_cred.so.1
#login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1 login auth binding pam_unix_auth.so.1 server_policy login auth required pam_ldap.so.1 debug
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_cred.so.1#
#rlogin auth required pam_unix_auth.so.1
# Kerberized rlogin service
#
krlogin auth required pam_unix_cred.so.1 krlogin auth binding pam_krb5.so.1 krlogin auth required pam_unix_auth.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_cred.so.1
#
# Kerberized rsh service
#
#krsh auth required pam_unix_cred.so.1
#krsh auth binding pam_krb5.so.1
#krsh auth required pam_unix_auth.so.1
#
# Kerberized telnet service
#
#ktelnet auth required pam_unix_cred.so.1
#ktelnet auth binding pam_krb5.so.1
#ktelnet auth required pam_unix_auth.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite pam_authtok_get.so.1 ppp auth required pam_dhkeys.so.1 ppp auth required pam_unix_cred.so.1 ppp auth required pam_unix_auth.so.1 ppp auth required pam_dial_auth.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for
authentication
#
other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_cred.so.1
#other auth required pam_unix_auth.so.1
#other auth sufficient pam_krb5.so.1
other auth binding pam_unix_auth.so.1 server_policy other auth required pam_ldap.so.1 debug
#
# passwd command (explicit because of a different authentication
module)
#
#passwd auth required pam_passwd_auth.so.1
passwd auth sufficient pam_passwd_auth.so.1 debug passwd auth sufficient pam_ldap.so.1 debug
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account
management
#
other account requisite pam_roles.so.1other account sufficient pam_unix_account.so.1 debug other account sufficient pam_ldap.so.1 debug
#other account required pam_unix_account.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session
management
#
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password
management
#
other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_authtok_check.so.1 other password required pam_authtok_store.so.1
#
# Support for Kerberos V5 authentication and example configurations
can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#
krlogin auth required pam_krb5.so.1 krsh auth required pam_krb5.so.1 ktelnet auth required pam_krb5.so.1Received on Wed Jun 18 2008 - 08:22:45 CDT