[prev in list] [next in list] [prev in thread] [next in thread]
List: pamldap
Subject: Re: [pamldap] pam_ldap and nss_ldap on solaris 7
From: jehan.procaccia () int-evry ! Fr
Date: 2001-01-25 15:44:01
[Download RAW message or body]
IT finally works :-) see below...
Joerg Paysen wrote:
>
> On Thu, 25 Jan 2
>
> 001 jehan.procaccia@int-evry.Fr wrote:
>
> Hi,
>
> this is how a got pam+nss ldap to work on solaris 7:
>
> First, nss_ldap looks up a user if it doesnt exist
> in /etc/passwd if /etc/nsswitch.conf looks like
>
> ...
> passwd: files ldap
> ...
>
> pam_ldap is only responsible for authentication.
>
> On my linux ldap server I run openldap-2.0.7.
> I use the migartion script which I changed that way
> that uid < 100 are not included to the ldap database.
> (I think its a bad idea to provide root password over
> network.)
> I think its extremly important that you have a
> /etc/shadow file so that an ObjectClass shadowAccount
> will be created in the ldap database. My experience is
> that without shadowAccount nss_ldap does not work on
> solaris!!
>
Great !!! that was it, I used migration tools with nis map, it didn't
included the shadowAccount objectclass . Now I recreated my openldap
directory from /etc/passwd and /etc/shadow and it works better, I can
telnet , su from solaris to the openldap server.
If its not already mentioned on the docs (MigrationTools, nss_lapd,
pam_ldap READMEs ...) it would be a good idea to do it in order to
prevent other people wasting time on this !
I still have one small problem, password changing:
$ passwd
passwd: Changing password for procacci
Enter login(LDAP) password:
New password:
Re-enter new password:
LDAP password information update failed: Success
Çè
Autorisation refusée
(traduction: authorisation refused)
I already had this under linux, I'll check out my confs.
Thanks a lot.
--
Jehan Procaccia
Institut National des Telecommunications| Email :
Jehan.Procaccia@int-evry.fr
9 rue Charles Fourier | Tel : +33 (0) 160764436
91011 Evry France | Fax : +33 (0) 160764321
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic