Re: Connect Solaris ldapclient to a Oracle internet directory

On 18 Jun., 15:48, "Shakespeare" <what...@[EMAIL PROTECTED]
> wrote:
> "Shakespeare" <what...@[EMAIL PROTECTED]
> schreef in
berichtnews:485910d1$0$14342=
$e4fe514c@[EMAIL PROTECTED]
>
>
>
>
>
> > "denis" <Denis.Nick...@[EMAIL PROTECTED]
> schreef in bericht
>
>news:b3ca07d0-d334-4230-bed6-6d334a1acdc9@[EMAIL PROTECTED]
> >> Hi,
>
> >> I am looking for informations howto connect Solaris native ldapclient
> >> to a Oracle internet directory.
> >> Or a solution for the following problem:
> >> Solaris 10
> >> ldapclient init works
> >> ssh with a ldap user doesn't
> >> error:
>
> >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 219349 auth.debug]
> >> pam_unix_auth: user MYUSER not found
> >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 453631 auth.debug] tid=3D
1:
> >> Adding connection (serverAddr=3Dxxx.xxx.xxx.xxx:389)
> >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 776464 auth.debug] tid=3D
1:
> >> Initialized sessionPool
> >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 816976 auth.debug] tid=3D
1:
> >> Connection added [0]
> >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 467101 auth.debug] tid=3D
1:
> >> connectionID=3D1024
> >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 805042 auth.debug] tid=3D
1:
> >> shared=3D1
> >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 982078 auth.debug] tid=3D
1:
> >> usedBit=3D0
> >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 727660 auth.debug] tid=3D
1:
> >> threadID=3D1
> >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 577507 auth.debug] tid=3D
1:
> >> serverAddr=3Dxxx.xxx.xxx.xxx:389
> >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 939703 auth.debug] tid=3D
1:
> >> AuthType=3D0
> >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 142272 auth.debug] tid=3D
1:
> >> TlsType=3D0
> >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 537450 auth.debug] tid=3D
1:
> >> SaslMech=3D0
> >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 625532 auth.debug] tid=3D
1:
> >> SaslOpt=3D0
> >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 323218 auth.debug] tid=3D
1:
> >> unlocking sessionLock
> >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 800047 auth.info] Keyboard-
> >> interactive (PAM) userauth failed[13] while authenticating: No
account
> >> present for user
> >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 800047 auth.info] Failed
> >> keyboard-interactive for <invalid username> from xxx.xxx.xxx.xxx ****t
> >> 1463 ssh2
>
> >> ldapclient list
> >> NS_LDAP_FILE_VERSION=3D 2.0
> >> NS_LDAP_SERVERS=3D 10.0.0.1:389
> >> NS_LDAP_SEARCH_BASEDN=3D dc=3Dmydomain,dc=3Dcom
> >> NS_LDAP_CACHETTL=3D 0
> >> NS_LDAP_SERVICE_AUTH_METHOD=3D pam_ldap:simple
>
> >> /etc/pam.conf
> >> #ident =A0"@[EMAIL PROTECTED]
(#)pam.conf =A0 1.29 =A0 =A005/06/08 SMI"
> >> #
> >> # Copyright 2004 Sun Microsystems, Inc. =A0All rights reserved.
> >> # Use is subject to license terms.
> >> #
> >> # PAM configuration
> >> #
> >> # Unless explicitly defined, all services use the modules
> >> # defined in the "other" section.
> >> #
> >> # Modules are defined with relative pathnames, i.e., they are
> >> # relative to /usr/lib/security/$ISA. Absolute path names, as
> >> # present in this file in previous releases are still acceptable.
> >> #
> >> # Authentication management
> >> #
> >> #
> >> # login service (explicit because of pam_dial_auth)
> >> #
> >> login =A0 auth requisite =A0 =A0 =A0 =A0 =A0pam_authtok_get.so.1
> >> login =A0 auth sufficient =A0 =A0 =A0 =A0 pam_ldap.so.1
> >> login =A0 auth required =A0 =A0 =A0 =A0 =A0 pam_dhkeys.so.1
> >> login =A0 auth required =A0 =A0 =A0 =A0 =A0 pam_unix_cred.so.1
> >> #login =A0auth required =A0 =A0 =A0 =A0 =A0 pam_unix_auth.so.1
> >> login =A0 auth required =A0 =A0 =A0 =A0 =A0 pam_dial_auth.so.1
> >> login =A0 =A0auth binding =A0 =A0 =A0 =A0 =A0 pam_unix_auth.so.1
serve=
r_policy
> >> login =A0 =A0auth required =A0 =A0 =A0 =A0 =A0pam_ldap.so.1 debug
>
> >> #
> >> # rlogin service (explicit because of pam_rhost_auth)
> >> #
> >> rlogin =A0auth sufficient =A0 =A0 =A0 =A0 pam_rhosts_auth.so.1
> >> rlogin =A0auth requisite =A0 =A0 =A0 =A0 =A0pam_authtok_get.so.1
> >> rlogin =A0auth required =A0 =A0 =A0 =A0 =A0 pam_dhkeys.so.1
> >> rlogin =A0auth required =A0 =A0 =A0 =A0 =A0 pam_unix_cred.so.1
> >> #rlogin auth required =A0 =A0 =A0 =A0 =A0 pam_unix_auth.so.1
> >> #
> >> # Kerberized rlogin service
> >> #
> >> krlogin auth required =A0 =A0 =A0 =A0 =A0 pam_unix_cred.so.1
> >> krlogin auth binding =A0 =A0 =A0 =A0 =A0 =A0pam_krb5.so.1
> >> krlogin auth required =A0 =A0 =A0 =A0 =A0 pam_unix_auth.so.1
> >> #
> >> # rsh service (explicit because of pam_rhost_auth,
> >> # and pam_unix_auth for meaningful pam_setcred)
> >> #
> >> rsh =A0 =A0 auth sufficient =A0 =A0 =A0 =A0 pam_rhosts_auth.so.1
> >> rsh =A0 =A0 auth required =A0 =A0 =A0 =A0 =A0 pam_unix_cred.so.1
> >> #
> >> # Kerberized rsh service
> >> #
> >> #krsh =A0 auth required =A0 =A0 =A0 =A0 =A0 pam_unix_cred.so.1
> >> #krsh =A0 auth binding =A0 =A0 =A0 =A0 =A0 =A0pam_krb5.so.1
> >> #krsh =A0 auth required =A0 =A0 =A0 =A0 =A0 pam_unix_auth.so.1
> >> #
> >> # Kerberized telnet service
> >> #
> >> #ktelnet =A0 =A0 =A0 =A0auth required =A0 =A0 =A0 =A0 =A0
pam_unix_cre=
d.so.1
> >> #ktelnet =A0 =A0 =A0 =A0auth binding =A0 =A0 =A0 =A0 =A0
=A0pam_krb5.s=
o.1
> >> #ktelnet =A0 =A0 =A0 =A0auth required =A0 =A0 =A0 =A0 =A0
pam_unix_aut=
h.so.1
> >> #
> >> # PPP service (explicit because of pam_dial_auth)
> >> #
> >> ppp =A0 =A0 auth requisite =A0 =A0 =A0 =A0 =A0pam_authtok_get.so.1
> >> ppp =A0 =A0 auth required =A0 =A0 =A0 =A0 =A0 pam_dhkeys.so.1
> >> ppp =A0 =A0 auth required =A0 =A0 =A0 =A0 =A0 pam_unix_cred.so.1
> >> ppp =A0 =A0 auth required =A0 =A0 =A0 =A0 =A0 pam_unix_auth.so.1
> >> ppp =A0 =A0 auth required =A0 =A0 =A0 =A0 =A0 pam_dial_auth.so.1
> >> #
> >> # Default definitions for Authentication management
> >> # Used when service name is not explicitly mentioned for
> >> authentication
> >> #
> >> other =A0 auth requisite =A0 =A0 =A0 =A0 =A0pam_authtok_get.so.1
> >> other =A0 auth required =A0 =A0 =A0 =A0 =A0 pam_dhkeys.so.1
> >> other =A0 auth required =A0 =A0 =A0 =A0 =A0 pam_unix_cred.so.1
> >> #other =A0auth required =A0 =A0 =A0 =A0 =A0 pam_unix_auth.so.1
> >> #other =A0auth sufficient =A0 =A0 =A0 =A0 pam_krb5.so.1
> >> other auth binding =A0 =A0 =A0 =A0 =A0 =A0 =A0pam_unix_auth.so.1
serve=
r_policy
> >> other auth required pam_ldap.so.1 debug
> >> #
> >> # passwd command (explicit because of a different authentication
> >> module)
> >> #
> >> #passwd auth required =A0 =A0 =A0 =A0 =A0 pam_passwd_auth.so.1
> >> passwd auth sufficient pam_passwd_auth.so.1 debug
> >> passwd auth sufficient =A0 pam_ldap.so.1 debug
> >> #
> >> # cron service (explicit because of non-usage of pam_roles.so.1)
> >> #
> >> cron =A0 =A0account required =A0 =A0 =A0 =A0pam_unix_account.so.1
> >> #
> >> # Default definition for Account management
> >> # Used when service name is not explicitly mentioned for account
> >> management
> >> #
> >> other =A0 account requisite =A0 =A0 =A0 pam_roles.so.1
> >> #other =A0account required =A0 =A0 =A0 =A0pam_unix_account.so.1
> >> other account sufficient pam_unix_account.so.1 debug
> >> other account sufficient pam_ldap.so.1 debug
> >> #
> >> # Default definition for Session management
> >> # Used when service name is not explicitly mentioned for session
> >> management
> >> #
> >> other =A0 session required =A0 =A0 =A0 =A0pam_unix_session.so.1
> >> #
> >> # Default definition for =A0Password management
> >> # Used when service name is not explicitly mentioned for password
> >> management
> >> #
> >> other =A0 password required =A0 =A0 =A0 pam_dhkeys.so.1
> >> other =A0 password requisite =A0 =A0 =A0pam_authtok_get.so.1
> >> other =A0 password requisite =A0 =A0 =A0pam_authtok_check.so.1
> >> other =A0 password required =A0 =A0 =A0 pam_authtok_store.so.1
> >> #
> >> # Sup****t for Kerberos V5 authentication and example configurations
> >> can
> >> # be found in the pam_krb5(5) man page under the "EXAMPLES" section.
> >> #
> >> krlogin auth required =A0 =A0 =A0 =A0 =A0 pam_krb5.so.1
> >> krsh =A0 =A0auth required =A0 =A0 =A0 =A0 =A0 pam_krb5.so.1
> >> ktelnet auth required =A0 =A0 =A0 =A0 =A0 pam_krb5.so.1
>
> Sorry, forgot to copy/paste the entries I was pointing at:
>
> Are these entries
>
> =A0 NS_LDAP_SERVERS=3D 10.0.0.1:389
> =A0 NS_LDAP_SEARCH_BASEDN=3D dc=3Dmydomain,dc=3Dcom
>
> =A0a) unmodified taken from your configuration?
> =A0b) correct?
>
> =A0Did you perform any preparations on the OID to make it work with
Solar=
is
> =A0Ldap Client?
>
> =A0Shakespeare- Zitierten Text ausblenden -
>
> - Zitierten Text anzeigen -

yes, they are (the original values) because the ldapclient initialize
sucessfully and ldapsearch works with these values.