?
Solved

Solaris System login using LDAP user account

Posted on 2003-03-26
10
Medium Priority
?
566 Views
Last Modified: 2013-12-21
I have a set of client and server, both with Solaris 9 OS. I have setup the iPlanet Directory Server in the server.

I can successfully using ldapsearch to search information using both proxyagent and the username.

However, when i use the login command in the client. The user fail to login. I can see that there is request for the user information from the server log as well as snooping. Suitable information is also replied to the client.

I've tried both the pam_unix with crypt password encryption and pam_ldap with simple password. But failed.

I wonder how the client could set up those user-related information such as home directory. Does it do it automatically? Or do i need to set up the user environment in the client beforehand?
0
Comment
Question by:qqcindy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 

Expert Comment

by:austinwmatthews
ID: 8226036
LDAP should set-up the home directories, etc, automatically as long the systems are on the same network/LDAP server.

Something is missing, what is the client requesting from the server, when it fails?

Otherwise, if you don't have available space or partions to create a home dir, it will fail and you won't see any errors.  

Try to touch a dir where the user would be creating a home dir.


Are there any error(s) on screen or in /var/adm/messages?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 8237124
if you have setup the system with pam_ldap, and your iPlanet logs show the request, then the problem is most likely on the client side.
Most commona are:
  required shell is not listed in /etc/shells
  home directory does not exist, or has wrong permissions
another reason might be that the password has expired in LDAP, did you check?
0
 

Author Comment

by:qqcindy
ID: 8237340
I'm using pam_ldap. It just prompt me "Incorrect password"

"unable to refresh profile" and "unable to qualify my own domain name" are in /var/adm/messages. But i just think it won't affect the authentication at all.

My configuration in client:
domainname=nep.com
defaultsearchbase=dc=nep,dc=com
authenticationmethod=simple
proxydn=cn=proxyuser,ou=People,dc=nep,dc=com
proxypassword=proxyuser123
credentiallevel=proxy

My server has also configured CLEAR TEXT password storage.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:qqcindy
ID: 8242816
I can't find /etc/shells.

Doesn't the home directory created when I first login??
0
 

Author Comment

by:qqcindy
ID: 8242823
if i set the home directory to "/export/home/user1", will the dir be created in the server or the client?
0
 

Author Comment

by:qqcindy
ID: 8243063
if i set the home directory to "/export/home/user1", will the dir be created in the server or the client?
0
 
LVL 10

Expert Comment

by:elf_bin
ID: 8243948
Your domain name is (probably) wrong.  iDS is usually setup as a "DNS-rooted" LDAP service (sorry, Novell speak).  Administrators usually setup iDS so it uses DNS for host resolution, how's your /etc/domainname & resolv.conf?  The dc= is indicative of a DNS based LDAP tree.

You need to check that you're using simple authentication on both client and server (not only the way that things are stored).

Home directory mapping can be achieved by auto_master, as it is with other naming systems (i.e.: yp) - Sun just extended the functionality in Solaris 8 or 9, can't remember which.

Best of luck.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 8245072
> ..will the dir be created in the server or the client?
No.
you need to create the directory first. This is done by the useradd (or wharever admin tool you use to setup your new users), usually
0
 
LVL 18

Expert Comment

by:liddler
ID: 10476814
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

PAQ  No refund

Please leave any comments here within the next four days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

liddler
EE Cleanup Volunteer
0
 

Accepted Solution

by:
amp072397 earned 0 total points
ID: 10522934
PAQed - no points refunded (of 50)

amp
Community Support Moderator amp~at~experts-exchange.com
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month10 days, 11 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question