Solaris 10 Ldapclient Error Resetting System
success start: sleep 100000 microseconds start: network/smtp:sendmail... Re: Solaris ldap client problem (tls:simple + anonymous) 807573 Jul 20, 2009 2:23 PM (in response to 807573) It seems like the ldap client files are not created properly. The above problem shows by the following log entries in /var/adm/messages: libsldap: Status: 7 Mesg: Session error no available conn. Show 5 replies 1. http://nzbsites.com/solaris-10/zonepath-must-not-be-in-global-zone-root-file-system.html
More detail. Home Directory Manually create a home directory for the user you created in Active Directory, see change_home_directories_and_profile for more information regarding home directories on solaris: bash-3.00# cd /export/home/ bash-3.00# ls bash-3.00# success Stopping ldap stop: network/ldap/client:default... success ldap not running nisd not running nis(yp) not running file_backup: stat(/etc/nsswitch.conf)=0 file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf) file_backup: stat(/etc/defaultdomain)=0 file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain) file_backup: stat(/var/nis/NIS_COLD_START)=-1 file_backup: No /var/nis/NIS_COLD_START file. http://www.openldap.org/lists/openldap-technical/201009/msg00042.html
Also, I can't find some sort of bindDN option to ldapclient, nor can I find an attribute of that kind for the profile. The server serves the following profile: dn: cn=solarisbox,ou=profile,dc=acme,dc=de bindTimeLimit: 10 credentialLevel: anonymous cn: solarisbox profileTTL: 43200 searchTimeLimit: 30 defaultSearchScope: sub followReferrals: TRUE authenticationMethod: simple defaultSearchBase: dc=acme,dc=de objectClass: top objectClass: DUAConfigProfile defaultServerList: This is NOT the way to be used for normal host in the EL environment.
- success start: sleep 100000 microseconds start: system/name-service-cache:default...
- Any ideas?
- success Stopping ldap stop: sleep 100000 microseconds stop: sleep 200000 microseconds stop: sleep 400000 microseconds stop: sleep 800000 microseconds stop: sleep 1600000 microseconds stop: sleep 3200000 microseconds stop: sleep 6400000 microseconds
- success start: sleep 100000 microseconds start: system/name-service-cache:default...
- I had to edit /etc/nsswitch.ldap to make host lookups go to DNS.
- Recovering old system settings.
- file_backup: nis domain is "domain.com" file_backup: stat(/var/yp/binding/domain.com)=-1 file_backup: No /var/yp/binding/domain.com directory.
- success nisd not running nis(yp) not running recover: stat(/var/ldap/restore/defaultdomain)=0 recover: open(/var/ldap/restore/defaultdomain) recover: read(/var/ldap/restore/defaultdomain) recover: old domainname "domain.com" recover: stat(/var/ldap/restore/ldap_client_file)=-1 recover: stat(/var/ldap/restore/ldap_client_cred)=-1 recover: stat(/var/ldap/restore/NIS_COLD_START)=-1 recover: stat(/var/ldap/restore/domain.com)=-1 recover: stat(/var/ldap/restore/nsswitch.conf)=0 recover: file_move(/var/ldap/restore/nsswitch.conf, /etc/nsswitch.conf)=0 recover:
See: http://docs.sun.com/app/docs/doc/816-4556/schemas-111?a=view for an example /etc/pam.conf for using pam_ldap. I'm not sure if Solaris has the tools to manipulate these files - since my DSs run on Linux, I just used Mozilla's NSS tools from Linux to create them and Re: Solaris ldap client problem (tls:simple + anonymous) 807573 Jul 27, 2009 6:03 AM (in response to 807573) I had the same kind of problem, but when trying to init the libsldap: Status: 91 Mesg: openConnection: failed to initialize TLS security (security library: bad database.) public/ldap/ldap_client_config.txt · Last modified: 2015-06-03T13:08+0100 by tbbaenzi Page Tools Show pagesourceOld revisionsBacklinksBack to topODT export Except where
Browse other questions tagged solaris or ask your own question. References http://blogs.sun.com/baban/entry/steps_to_setup_ssl_using http://docs.sun.com/app/docs/doc/816-5166/6mbb1kq6e?a=view Create default.tls profile Create NEW PROFILE for use in intranet with encryption tls:simple # ldapclient genprofile -a profileName=default.tls \ -a defaultSearchBase=dc=el,dc=campus,dc=intern \ -a authenticationMethod=tls:simple \ -a defaultServerList="10.31.0.26 10.31.0.27" Add Solaris 9 to LDAP Stop nscd and LDAP client # /etc/init.d/nscd stop # /etc/init.d/ldap.client stop Put the keys into /var/ldap folder and correct file rights. # cp /export/home/wizard/Library/ldap/Solaris9/cert7.db \ /export/home/wizard/Library/ldap/Solaris9/key3.db https://groups.google.com/d/topic/comp.unix.solaris/bSVLXPHxxiM You can not post a blank message.
At least that's what 'man ldapsearch' says it uses, and the requirement seems to come from the shared libsldap used by ldapsearch and ldapclient. Re: Solaris ldap client problem (tls:simple + anonymous) 807573 Jul 28, 2009 7:48 AM (in response to 807573) Hi, thank you all! They must return ds1-int.services.el.campus.intern and ds2-int.services.campus.intern # getent hosts 10.31.0.26 10.31.0.26 ds1-int.services.el.campus.intern # getent hosts 10.31.0.27 10.31.0.27 ds2-int.services.el.campus.intern DMZ Test connection and certificates using ldapsearch: # ldapsearch -h 18.104.22.168 -p 636 Of course you could add the host as ldap client and reboot the system to resolve any problems, but this is often not an option.
Of course you'll also need Active Directory 2008 R2 Basic Installation and Install Solaris 10 Update 8. success Stopping nscd stop: sleep 100000 microseconds stop: sleep 200000 microseconds stop: system/name-service-cache:default... I wonder what the status is on that... Here's the verbose output...I'd very much appreciate any hints on why this is happening or what I'm doing wrong!
success */var/ldap/cachemgr.log* Tue Jun 30 10:50:51.4330 Starting ldap_cachemgr, logfile /var/ldap/cachemgr.log Tue Jun 30 10:50:51.4355 Error: Unable to read '/var/ldap/ldap_client_file': Configuration Error: No entry for 'NS_LDAP_BINDDN' found Tue Jun 30 10:50:51.4368 detachfromtty(): this contact form cert7.db, I think. I have an Open Directory server running on a Mac OSX 10.8 box. Is it worth doing an 'uninit' to zap whatever's been done?
From: Sigbjorn Lie [Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] skip to content SHIFT --- Sjoerd Hooft's InFormation Technology --- User Tools Log success restart: sleep 100000 microseconds restart: milestone/name-services:default... Date: Thu, 1 Dec 2011 16:31:06 +1100 Hi, Anyone had any success using Solaris 10 as a IPA client (using ipa-server-2.1.1-4.el6.x86_64)? http://nzbsites.com/solaris-10/how-to-enable-ftp-in-solaris-10.html success <<<< >>> Error resetting system. <<<< >>> Recovering old system settings. <<<< >>> Stopping network services <<<< Stopping sendmail stop: sleep 100000 microseconds stop: network/smtp:sendmail...
Configuring Solaris 10" from the Identitiy Management Guide very light. #Solaris 10 (Newest Edition) Oracle Solaris 10 8/11 s10x_u10wos_17b X86 Copyright (c) 1983, 2011, Oracle and/or its affiliates. failed: required constraint not met Stopping ldap failed with (1) Error (1) while stopping services during reset recover: stat(/var/ldap/restore/defaultdomain)=0 [...] I am not very familiar with solaris, so I just drop without the line with gecos, I get Parsing credentialLevel=anonymous Parsing defaultSearchBase=dc=
I also ran into an issue with the fact that Solaris's LDAP library looks for the objectClass: shadowAccount property in LDAP when it searches for valid PAM accounts (yet another thing
success nis(yp) not running recover: stat(/var/ldap/restore/defaultdomain)=0 recover: open(/var/ldap/restore/defaultdomain) recover: read(/var/ldap/restore/defaultdomain) recover: old domainname recover: stat(/var/ldap/restore/ldap_client_file)=-1 recover: stat(/var/ldap/restore/ldap_client_cred)=-1 recover: stat(/var/ldap/restore/nsswitch.conf)=0 recover: file_move(/var/ldap/restore/nsswitch.conf, /etc/nsswitch.conf)=0 recover: stat(/var/ldap/restore/defaultdomain)=0 recover: file_move(/var/ldap/restore/defaultdomain, /etc/defaultdomain)=0 Starting network services start: It has been broken like that since Solaris 10 (and perhaps the backported ldapclient used by Solaris 8). success Stopping nscd stop: sleep 10 microseconds stop: system/name-service-cache:default... success Error resetting system.
There are several ways to configure the LDAP client on Solaris, since we'll use a bind user we'll use the proxy method. From: Craig T
grep ldap /var/svc/log/* /var/svc/log/network-ldap-client:default.log:[ Sep 2 17:02:19 Executing start m ethod ("/lib/svc/method/ldap-client start") ] /var/svc/log/network-ldap-client:default.log:/usr/lib/ldap/ldap_cachemgr: failed . success restart: sleep 100000 microseconds restart: milestone/name-services:default... SunOS 5.10 Generic January 2005 -bash-3.00$ pwd /home/usrtest Resources http://docs.oracle.com/cd/E19963-01/html/821-1455/clientsetup-49.html http://www.seedsofgenius.net/solaris/solaris-authentication-login-with-active-directory http://blog.scottlowe.org/2007/04/25/solaris-10-ad-integration-version-3/ solaris, ad, ldap You could leave a comment if you were logged in. WIKI Disclaimer: As with most other things on the Internet, the content on this wiki is not supported.
At least that's what 'man ldapsearch' says it uses, and the requirement seems to come from the shared libsldap used by ldapsearch and ldapclient. Check system messages: # dmesg Check ldap_cachemgr logilfe # cat /var/ldap/cachemgr.log Now verify that the LDAP posix userdatabases are accessible: # getent passwd tathalma # getent group hsluma See if automounter All rights reserved. # # PAM configuration # # passwd command (explicit because of a different authentication module) # auth binding pam_passwd_auth.so.1 server_policy auth required pam_ldap.so.1 # # passwd service - The sites I've found was last touched upon in 2004 and gave no answers.
the client binds to a certain profile "default.tls" for example. So, I guess I get to add shadowAccount entries to all of the users that I want to have login privs to this system. -Nick -- This message posted from opensolaris.org Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the maintenance start: sleep 10 microseconds start: system/filesystem/autofs:default...
Clear history to remove bind password: # history -c DMZ Now init the local client: # ldapclient -v init -a profileName=dmz.tls -a domainName=el.campus.intern \ -a proxyDN=cn=proxyagent,ou=profile,dc=el,dc=campus,dc=intern \ -a proxyPassword=
© Copyright 2017 nzbsites.com. All rights reserved.