?
Solved

Solaris System login using LDAP user account

Posted on 2003-03-26
10
Medium Priority
?
573 Views
Last Modified: 2013-12-21
I have a set of client and server, both with Solaris 9 OS. I have setup the iPlanet Directory Server in the server.

I can successfully using ldapsearch to search information using both proxyagent and the username.

However, when i use the login command in the client. The user fail to login. I can see that there is request for the user information from the server log as well as snooping. Suitable information is also replied to the client.

I've tried both the pam_unix with crypt password encryption and pam_ldap with simple password. But failed.

I wonder how the client could set up those user-related information such as home directory. Does it do it automatically? Or do i need to set up the user environment in the client beforehand?
0
Comment
Question by:qqcindy
10 Comments
 

Expert Comment

by:austinwmatthews
ID: 8226036
LDAP should set-up the home directories, etc, automatically as long the systems are on the same network/LDAP server.

Something is missing, what is the client requesting from the server, when it fails?

Otherwise, if you don't have available space or partions to create a home dir, it will fail and you won't see any errors.  

Try to touch a dir where the user would be creating a home dir.


Are there any error(s) on screen or in /var/adm/messages?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 8237124
if you have setup the system with pam_ldap, and your iPlanet logs show the request, then the problem is most likely on the client side.
Most commona are:
  required shell is not listed in /etc/shells
  home directory does not exist, or has wrong permissions
another reason might be that the password has expired in LDAP, did you check?
0
 

Author Comment

by:qqcindy
ID: 8237340
I'm using pam_ldap. It just prompt me "Incorrect password"

"unable to refresh profile" and "unable to qualify my own domain name" are in /var/adm/messages. But i just think it won't affect the authentication at all.

My configuration in client:
domainname=nep.com
defaultsearchbase=dc=nep,dc=com
authenticationmethod=simple
proxydn=cn=proxyuser,ou=People,dc=nep,dc=com
proxypassword=proxyuser123
credentiallevel=proxy

My server has also configured CLEAR TEXT password storage.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:qqcindy
ID: 8242816
I can't find /etc/shells.

Doesn't the home directory created when I first login??
0
 

Author Comment

by:qqcindy
ID: 8242823
if i set the home directory to "/export/home/user1", will the dir be created in the server or the client?
0
 

Author Comment

by:qqcindy
ID: 8243063
if i set the home directory to "/export/home/user1", will the dir be created in the server or the client?
0
 
LVL 10

Expert Comment

by:elf_bin
ID: 8243948
Your domain name is (probably) wrong.  iDS is usually setup as a "DNS-rooted" LDAP service (sorry, Novell speak).  Administrators usually setup iDS so it uses DNS for host resolution, how's your /etc/domainname & resolv.conf?  The dc= is indicative of a DNS based LDAP tree.

You need to check that you're using simple authentication on both client and server (not only the way that things are stored).

Home directory mapping can be achieved by auto_master, as it is with other naming systems (i.e.: yp) - Sun just extended the functionality in Solaris 8 or 9, can't remember which.

Best of luck.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 8245072
> ..will the dir be created in the server or the client?
No.
you need to create the directory first. This is done by the useradd (or wharever admin tool you use to setup your new users), usually
0
 
LVL 18

Expert Comment

by:liddler
ID: 10476814
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

PAQ  No refund

Please leave any comments here within the next four days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

liddler
EE Cleanup Volunteer
0
 

Accepted Solution

by:
amp072397 earned 0 total points
ID: 10522934
PAQed - no points refunded (of 50)

amp
Community Support Moderator amp~at~experts-exchange.com
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question