Re: [zones-discuss] trying to login with solaris Ldap client

Enda O'Connor Wed, 22 Aug 2007 04:10:50 -0700

Daniel Pérez del Campo wrote:
>
>
>
>> From: "Enda O'Connor ( Sun Micro Systems Ireland)" 
>> <[EMAIL PROTECTED]>
>> To: Daniel Pérez del Campo <[EMAIL PROTECTED]>
>> CC: zones-discuss@opensolaris.org
>> Subject: Re: [zones-discuss] trying to login with solaris Ldap client
>> Date: Tue, 21 Aug 2007 13:43:21 +0100
>>
>>
>>> <= bdb_equality_candidates: (uid) index_param failed (18)
>>> conn=76 op=98 SEARCH RESULT tag=101 err=0 nentries=1 text=
>>> conn=76 op=99 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 
>>> deref=3 filter="(&(objectClass=posixAccount)(uid=dpercam))"
>>> conn=76 op=99 SRCH attr=cn uid uidnumber gidnumber gecos description 
>>> homedirectory loginshell
>>> <= bdb_equality_candidates: (uid) index_param failed (18)
>>> conn=76 op=99 SEARCH RESULT tag=101 err=0 nentries=1 text=
>>>
>>> Does anybody know what could be the problem??? I'm desesperate!
>>>
>>> Thank you very much.
>>>
>>> Daniel Pérez
>>>
>>>
>>> _______________________________________________
>>> zones-discuss mailing list
>>> zones-discuss@opensolaris.org
>>
>> Looks like a pam issue?
>>
>> the server is finding the entry (nentries=1)
>>
>> What have you configured in /etc/pam.conf
>> read man -s5 pam_ldap to get an idea
>>
>> so at a guess from your env above
>> change
>>
>> <service name> auth required pam_unix_auth.so.1
>> to
>>
>> <service name> auth binding pam_unix_auth.so.1 server_policy
>>
>> for all lines that match and add
>> <service name> auth required pam_ldap.so.1
>>
>> once for each srvice name that you changed.
>>
>>
>> Also add the line
>> other password required   pam_authtok_store.so.1 server_policy
>>
>>
>> other than that not too clear what is wrong.
>> Enda
>
> I have changed the pam.conf as you said, but the problem is the same. 
> It forces me to change the password again and again. The pam.conf is 
> this:
>
> login    auth requisite        pam_authtok_get.so.1
> login    auth required        pam_dhkeys.so.1
> login    auth required        pam_unix_cred.so.1
> login    auth binding            pam_unix_auth.so.1 server_policy
> login   auth required         pam_ldap.so.1
> login    auth required        pam_dial_auth.so.1
>
> rlogin    auth sufficient        pam_rhosts_auth.so.1
> rlogin    auth requisite        pam_authtok_get.so.1
> rlogin    auth required        pam_dhkeys.so.1
> rlogin    auth required        pam_unix_cred.so.1
> rlogin    auth binding            pam_unix_auth.so.1 server_policy
> rlogin  auth required           pam_ldap.so.1
>
> krlogin    auth required        pam_unix_cred.so.1
> krlogin    auth binding        pam_krb5.so.1
> krlogin    auth binding            pam_unix_auth.so.1 server_policy
> krlogin auth required           pam_ldap.so.1
>
> rsh    auth sufficient        pam_rhosts_auth.so.1
> rsh    auth required        pam_unix_cred.so.1
>
> krsh    auth required        pam_unix_cred.so.1
> krsh    auth binding        pam_krb5.so.1
> krsh    auth binding            pam_unix_auth.so.1 server_policy
> krsh    auth required           pam_ldap.so.1
>
> ktelnet    auth required        pam_unix_cred.so.1
> ktelnet    auth binding        pam_krb5.so.1
> ktelnet    auth binding            pam_unix_auth.so.1 server_policy
> ktelnet auth required           pam_ldap.so.1
>
> ppp    auth requisite        pam_authtok_get.so.1
> ppp    auth required        pam_dhkeys.so.1
> ppp    auth required        pam_unix_cred.so.1
> ppp    auth binding            pam_unix_auth.so.1 server_policy
> ppp     auth required           pam_ldap.so.1
> ppp    auth required        pam_dial_auth.so.1
>
> other    auth requisite        pam_authtok_get.so.1
> other    auth required        pam_dhkeys.so.1
> other    auth required        pam_unix_cred.so.1
> other    auth binding            pam_unix_auth.so.1 server_policy
> other   auth required           pam_ldap.so.1
>
> passwd    auth required        pam_passwd_auth.so.1
>
> cron    account required    pam_unix_account.so.1
>
> other    account requisite    pam_roles.so.1
> other    account required    pam_unix_account.so.1
>
> other    session required    pam_unix_session.so.1
>
> other    password required    pam_dhkeys.so.1
> other    password requisite    pam_authtok_get.so.1
> other    password requisite    pam_authtok_check.so.1
> #other    password required    pam_authtok_store.so.1
> other   password required       pam_authtok_store.so.1 server_policy
>
> I don't know what to do.
> Does anybody know what is the problem??
> Thank you very much.
>
> Daniel Perez
>
> _________________________________________________________________
> MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/
>
I'm not familiar with openldap config as such but I did find the 
following link which might help you out
http://docs.lucidinteractive.ca/index.php/Solaris_LDAP_client_with_OpenLDAP_server


have a read through it, seems you might have some work to do on the ldap 
server side

regards
Enda
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] trying to login with solaris Ldap client

Reply via email to