Authenticating Solaris box against Open Directory

0

I've spent a few days looking for guides to this. The sites I've found was last touched upon in 2004 and gave no answers.

I have an Open Directory server running on a Mac OSX 10.8 box.

I want to have my solaris boxes authenticate users against this OD server.

What I've found so far is that Solaris ships with a script called "ldapclient". this script is run with a range of options to setup the connection. However, different sites I've been to suggest that other plugins are required (gecos, Kerberos, etc.). I have found no thorough documentation of this issue and am wondering, if it is even possible for solaris to authenticate against OD.

Has anyone tried this? Any successful attempts?

what I've tried is to run

ldapclient -v manual \
-a credentialLevel=anonymous \
-a defaultSearchBase=dc=<server-hostname>,dc=example,dc=com \
-a serviceSearchDescriptor=passwd:cn=users,dc=<server-hostname>,dc=example,dc=com \
-a attributeMap=passwd:gecos=cn \
-a serviceSearchDescriptor=group:cn=groups,dc=<server-hostname>,dc=example,dc=com \
-a serviceAuthenticationMethod=pam_ldap:simple <server-hostname>

The -v flag is for verbosity, and from what i gather, the machine sets up a bunch of options while networking is turned off, and when it tries to start up networking again, it fails and rolls back.

without the line with gecos, I get

Parsing credentialLevel=anonymous
Parsing defaultSearchBase=dc=<server-hostname>,dc=example,dc=com
Parsing serviceSearchDescriptor=passwd:cn=users,dc=<server-hostname>,dc=example,dc=com
Arguments parsed:
        defaultSearchBase: dc=<server-hostname>,dc=example,dc=com
        credentialLevel: anonymous
        serviceSearchDescriptor: 
                arg[0]: passwd:cn=users,dc=<server-hostname>,dc=example,dc=com
Handling manual option
Manual failed: Missing required defaultServerList or preferredServerList attribute.

with the line, as is shown above, I get

Parsing credentialLevel=anonymous
Parsing defaultSearchBase=dc=<server-hostname>,dc=example,dc=com
Parsing serviceSearchDescriptor=passwd:cn=users,dc=<server-hostname>,dc=example,dc=com
Parsing attributeMap=passwd:gecos=cn
Parsing serviceSearchDescriptor=group:cn=groups,dc=<server-hostname>,dc=example,dc=com
Parsing serviceAuthenticationMethod=pam_ldap:simple
Arguments parsed:
        serviceAuthenticationMethod: 
                arg[0]: pam_ldap:simple
        defaultSearchBase: dc=<server-hostname>,dc=example,dc=com
        credentialLevel: anonymous
        attributeMap: 
                arg[0]: passwd:gecos=cn
        serviceSearchDescriptor: 
                arg[0]: passwd:cn=users,dc=<server-hostname>,dc=example,dc=com
                arg[1]: group:cn=groups,dc=<server-hostname>,dc=example,dc=com
        defaultServerList: <server-hostname>
Handling manual option
Proxy DN: NULL
Proxy password: NULL
Credential level: 0
Authentication method: 0
Authentication method: 0
No proxyDN/proxyPassword required
Shadow Update is not enabled, no adminDN/adminPassword is required.
About to modify this machines configuration by writing the files
Stopping network services
sendmail not running
nscd not running
autofs not running
ldap not running
nisd not running
nis(yp) not running
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: stat(/var/nis/NIS_COLD_START)=-1
file_backup: No /var/nis/NIS_COLD_START file.
file_backup: nis domain is "<server-hostname>.example.com"
file_backup: stat(/var/yp/binding/<server-hostname>.example.com)=-1
file_backup: No /var/yp/binding/<server-hostname>.example.com directory.
file_backup: stat(/var/ldap/ldap_client_file)=0
file_backup: (/var/ldap/ldap_client_file -> /var/ldap/restore/ldap_client_file)
file_backup: (/var/ldap/ldap_client_cred -> /var/ldap/restore/ldap_client_cred)
Starting network services
start: /usr/bin/domainname <server-hostname>.example.com... success
start: sleep 100000 microseconds
start: sleep 200000 microseconds
start: sleep 400000 microseconds
start: sleep 800000 microseconds
start: sleep 1600000 microseconds
start: sleep 3200000 microseconds
start: sleep 6400000 microseconds
start: sleep 12800000 microseconds
start: sleep 25600000 microseconds
start: sleep 51200000 microseconds
start: sleep 17700000 microseconds
start: network/ldap/client:default... timed out
start: network/ldap/client:default... offline to disable
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: sleep 400000 microseconds
stop: sleep 800000 microseconds
stop: sleep 1600000 microseconds
stop: sleep 3200000 microseconds
stop: sleep 6400000 microseconds
stop: sleep 12800000 microseconds
stop: sleep 25600000 microseconds
stop: sleep 8900000 microseconds
stop: network/ldap/client:default... timed out
restart: sleep 100000 microseconds
restart: milestone/name-services:default... success
Error resetting system.
Recovering old system settings.
Stopping network services
sendmail not running
nscd not running
autofs not running
Stopping ldap
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: sleep 400000 microseconds
stop: sleep 800000 microseconds
stop: sleep 1600000 microseconds
stop: sleep 3200000 microseconds
stop: sleep 6400000 microseconds
stop: sleep 12800000 microseconds
stop: sleep 25600000 microseconds
stop: sleep 8900000 microseconds
stop: network/ldap/client:default... timed out
Stopping ldap failed with (7)
Error (1) while stopping services during reset
recover: stat(/var/ldap/restore/defaultdomain)=0
recover: open(/var/ldap/restore/defaultdomain)
recover: read(/var/ldap/restore/defaultdomain)
recover: old domainname "<server-hostname>.example.com"
recover: stat(/var/ldap/restore/ldap_client_file)=0
recover: file_move(/var/ldap/restore/ldap_client_file, /var/ldap/ldap_client_file)=0
recover: stat(/var/ldap/restore/ldap_client_cred)=0
recover: file_move(/var/ldap/restore/ldap_client_cred, /var/ldap/ldap_client_cred)=0
recover: stat(/var/ldap/restore/NIS_COLD_START)=-1
recover: stat(/var/ldap/restore/<server-hostname>.example.com)=-1
recover: stat(/var/ldap/restore/nsswitch.conf)=0
recover: file_move(/var/ldap/restore/nsswitch.conf, /etc/nsswitch.conf)=0
recover: stat(/var/ldap/restore/defaultdomain)=0
recover: file_move(/var/ldap/restore/defaultdomain, /etc/defaultdomain)=0
Starting network services
start: /usr/bin/domainname <server-hostname>.example.com... success
restart: sleep 100000 microseconds
restart: milestone/name-services:default... success

I've replaced the actual domain with .example.com The server is without errors, as every other platform is authenticating fine.

The output is not consistent, as it is different each time what service fails, but after a reboot, this is always the output i'm getting

Eldamir

Posted 2012-11-06T07:42:00.997

Reputation: 225

Answers

1

Right, I cannot give any insights in the mechanics of all of this, but i seem to have solved the problem.

All that needed to be done is that instead of the server hostname at the end, it should be the IP address, like the following

ldapclient -v manual \
-a credentialLevel=anonymous \
-a defaultSearchBase=dc=<server-hostname>,dc=example,dc=com \
-a serviceSearchDescriptor=passwd:cn=users,dc=<server-hostname>,dc=example,dc=com \
-a attributeMap=passwd:gecos=cn \
-a serviceSearchDescriptor=group:cn=groups,dc=<server-hostname>,dc=example,dc=com \
-a serviceAuthenticationMethod=pam_ldap:simple xxx.xxx.xxx.xxx

Now it works :)

Eldamir

Posted 2012-11-06T07:42:00.997

Reputation: 225

Asked: 2012-11-06T07:42:00.997

Viewed: 1 092 times

Active: 2014-06-25T11:59:14.770