I'm just going to disable nwam just in case. I won't be using it in my "production" setup as I will have several VLANs.
I only left it on for now to do these simple tests in VMs. On Nov 18, 2010, at 5:35, Chris Ridd <chrisr...@mac.com> wrote: > > On 18 Nov 2010, at 10:27, Tom Kranz wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> On 18 Nov 2010, at 02:41, Patrick O'Sullivan wrote: >> >>> I've gotten a config working where I have Kerberos auth to AD and >>> passwd lookups via LDAP to AD. I enable it, and it works fine, but on >>> a reboot, it stops working. Please let me know if you have any >>> thoughts as to why this happens. (This behavior is common to both >>> oi147 and Solaris 11 Express.) >>> >> >> At this stage (after you've run ldapclient) /var/ldap/ldap_client_file >> should be populated with the correct values - is that the case? >> >> There were a couple of long standing bugs in Solaris 10 - one of them was >> where the LDAP client couldn't contact an LDAP server when it came to update >> it's configuration, it would write down a zero byte ldap_client_file - with >> predictable results. >> >> The other one was when /var filled up, even for a moment, ldap_client_file >> would be zeroed out when doing a profile refresh. Both partly stem from LDAP >> client profile updates moving ldap_client_file before getting an update, and >> then not being able/willing to move it back again if something goes wrong. >> >> However, I think the problem here is - are you storing this LDAP profile in >> AD? The LDAP client will do a refresh of the config from the profile on the >> LDAP server - I suspect on boot it's trying to do a refresh, not finding a >> profile, and the zeroing out ldap_client_file. >> >> You need to keep an LDAP client profile in the right container in the tree >> because clients will poll and refresh from that profile. > > FWIW another possibility is that nwam is getting involved - getting the DHCP > response and from the options set in that response, deciding to ignore the > local nsswitch LDAP settings. > > A grub through the NWAM changes between 133 and 147 might bear fruit. > > Cheersm > > Chris > > _______________________________________________ > OpenIndiana-discuss mailing list > OpenIndiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss