[OpenIndiana-discuss] Amnesiac LDAP Configuration
Patrick O'Sullivan
irish at insaneirish.com
Thu Nov 18 14:46:52 UTC 2010
/var/ldap/ldap_client_file is populated correctly. Further, it's
identical to the version that ldapclient backs up in the restore
directory.
/etc/nsswitch.conf looks good too.
On Nov 18, 2010, at 1:55, Chris Ridd <chrisridd at mac.com> wrote:
>
> On 18 Nov 2010, at 02:41, Patrick O'Sullivan wrote:
>
>> I've gotten a config working where I have Kerberos auth to AD and
>> passwd lookups via LDAP to AD. I enable it, and it works fine, but on
>> a reboot, it stops working. Please let me know if you have any
>> thoughts as to why this happens. (This behavior is common to both
>> oi147 and Solaris 11 Express.)
>>
>> Configuring ldapclient:
>>
>> $ sudo ldapclient -v manual -a credentialLevel=self -a
>> authenticationMethod=sasl/gssapi -a defaultSearchBase=dc=osulvn,dc=net
>> -a domainName=osulvn.net -a defaultServerList=ad1.osulvn.net -a
>> attributeMap=passwd:gecos=cn -a
>> attributeMap=passwd:homedirectory=unixHomeDirectory -a
>> objectClassMap=group:posixGroup=group -a
>> objectClassMap=passwd:posixAccount=user -a
>> objectClassMap=shadow:shadowAccount=user -a
>> serviceSearchDescriptor=passwd:cn=users,dc=osulvn,dc=net?one -a
>> serviceSearchDescriptor=group:cn=users,dc=osulvn,dc=net?one
>> ...
>> System successfully configured
>> $ getent passwd userfoo
>> userfoo:x:20002:30000:User Foo:/home/userfoo:/bin/bash
>>
>> At this point I can login as userfoo with GSSAPI auth over ssh or with
>> a password on the console.
>>
>> After I reboot, I can no longer login as userfoo and 'getent' returns nothing.
>
> Yes, I'm seeing the same. At the point it has lost its mojo (:-) what's in the /var/ldap/ldap_client_file and is your nsswitch.conf what it should be or has something changed them?
>
> FWIW just re-running the ldapclient command (with flags) fixes things. I have a shell script that calls it with all our local values in, which makes things a little easier.
>
> Cheers,
>
> Chris
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
More information about the OpenIndiana-discuss
mailing list