Re: Openldap: ssh works, su does not
From: Vsevolod (Simon) Ilyushchenko (simonf_at_cshl.edu)
Date: 08/02/05
- Previous message: Marek Grinberg: "Re: How do I setup network printer ?"
- Maybe in reply to: Vsevolod (Simon) Ilyushchenko: "Openldap: ssh works, su does not"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 01 Aug 2005 20:27:19 -0400 To: David Stipp <dstipp@uiuc.edu>, sunmanagers@sunmanagers.org
David,
Thanks a lot!!! Adding the shadowAccount class did let me to 'su' and to
use OpenSSH, and after a reboot the process list has also been fixed!
Simon
David Stipp wrote on 08/01/2005 07:39 PM:
> On Mon, Aug 01, 2005 at 07:09:40PM -0400, Vsevolod (Simon) Ilyushchenko wrote:
>
>>Hi,
>>
>>I've tried to use Openldap client libraries on a Solaris 9 machine to
>>connect to an Openldap server, as described here:
>>
>>http://www.bolthole.com/solaris/LDAP.html
>>and here:
>>http://netmojo.ca/howto/solaris-openldap.html#LastStep
>>
>>In particular, I've taken pam.conf (below) from the second page.
>
>
> Something I came across was with the difference between objectClass:
> posixAccount and objectClass: shadowAccount.
>
> posixAccount would allow nss to work, but if you look at the ldap
> queries, it is searching for shadowAccount then uid.
>
> So, I needed shadowaccount in the entries before Solaris would use them.
>
> # dstipp, people, coolhack.net
> dn: uid=dstipp,ou=people,dc=coolhack,dc=net
> uid: dstipp
> cn: David Stipp
> homePhone: 217-xxx-xxxx
> givenName: David
> sn: Stipp
> mail: dstipp@coolhack.net
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: top
> objectClass: kerberosSecurityObject
> krbName: dstipp@COOLHACK.NET
> loginShell: /bin/zsh
> uidNumber: 1000
> gidNumber: 100
> homeDirectory: /home/dstipp
> gecos: David Stipp,,,217-xxx-xxxx
>
> Not sure if this helps or not. It may help you to run the ldapserver in
> query logging mode, then try to see what queries work and what fail.
>
> David
>
-- Simon (Vsevolod ILyushchenko) simonf@cshl.edu http://www.simonf.com Terrorism is a tactic and so to declare war on terrorism is equivalent to Roosevelt's declaring war on blitzkrieg. Zbigniew Brzezinski, U.S. national security advisor, 1977-81 _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
- Previous message: Marek Grinberg: "Re: How do I setup network printer ?"
- Maybe in reply to: Vsevolod (Simon) Ilyushchenko: "Openldap: ssh works, su does not"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
