Bob Doolittle wrote on 04/14/06 01:21 PM:
This is a bit peculiar looking. What version of Solaris?
Did you run ldapclient to initialize your pam.conf?
I don't believe ldapclient touches pam.conf - ldapclient sets up the
LDAP nameservice, not PAM. pam_ldap wiring into pam.conf is a separate
step.
http://docs.sun.com/app/docs/doc/816-4556/6maort2sp?q=pam_ldap&a=view
~D..
What does the "other" stack look like (or "dtlogin",
if you have one)?
To get your 3.1 patch level, you can run:
on sparc: showrev -p | grep 120879
on x86: showrev -p | grep 120880
-Bob
Blaine Hulbert wrote:
What does pam.conf stack for dtlogin-SunRay look like?
dtlogin-SunRay auth sufficient /opt/SUNWut/lib/pam_sunray.so
dtlogin-SunRay auth requisite /opt/SUNWut/lib/sunray_get_user.so.1
property=username
dtlogin-SunRay auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1
dtlogin-SunRay auth requisite /opt/SUNWut/lib/sunray_get_user.so.1
prompt
dtlogin-SunRay auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1
clearuser
dtlogin-SunRay auth requisite pam_authtok_get.so.1
dtlogin-SunRay auth required pam_dhkeys.so.1
dtlogin-SunRay auth required pam_unix_cred.so.1
dtlogin-SunRay auth required pam_unix_auth.so.1
dtlogin-SunRay auth required pam_ldap.so.1
dtlogin-SunRay account requisite pam_roles.so.1
dtlogin-SunRay account required pam_unix_account.so.1
dtlogin-SunRay account required pam_ldap.so.1
dtlogin-SunRay session required pam_unix_session.so.1
dtlogin-SunRay password required pam_dhkeys.so.1
dtlogin-SunRay password requisite pam_authtok_get.so.1
dtlogin-SunRay password requisite pam_authtok_check.so.1
dtlogin-SunRay password required pam_authtok_store.so.1
How about utnsclogin?
utnsclogin auth requisite /opt/SUNWut/lib/sunray_get_user.so.1
property=usernameutnsclogin auth required
/opt/SUNWut/lib/pam_sunray_amgh.so.1
utnsclogin auth requisite pam_authtok_get.so.1
utnsclogin auth required pam_dhkeys.so.1
utnsclogin auth required pam_unix_cred.so.1
utnsclogin auth required pam_unix_auth.so.1
utnsclogin auth required pam_ldap.so.1
utnsclogin account requisite pam_roles.so.1
utnsclogin account required pam_unix_account.so.1
utnsclogin session required pam_unix_session.so.1
utnsclogin password required pam_dhkeys.so.1
utnsclogin password requisite pam_authtok_get.so.1
utnsclogin password requisite pam_authtok_check.so.1
utnsclogin password required pam_authtok_store.so.1
utnsclogin account required pam_ldap.so.1
What version of SRSS, including patch level?
3.1 - sorry - I don't know where to find the patch level
Are you having trouble with card-based logins, or NSCM
logins?
card
thank you.
-Bob
Blaine Hulbert wrote:
After a ton of configuration and testing, I have finally been able to
authenticate to my solaris 10 box using pam ldap and DS 5.2 in every
way
ie ssh, telnet, console, xnest (for testing) etc.
I cannot figure out why I am not able to login with a sunray session.
All my access logs (that I know of) are giving me no clues.
nsswitch.conf, pam.conf (added utlogin auth req. pam_ldap.so.. etc.),
ldap_client_file, etc all look ok.
This is just a quick post to see if anyone has a suggestion on where
else to look?
Thanks
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
