Scribd
Upload
116 views6 pages

Configuring LDAP Client: Solaris 9

The document provides instructions for configuring an LDAP client on a Solaris 9 system. It involves: 1) Creating a hosts entry for the LDAP server and running commands to initialize the LDAP client. 2) Updating NSSwitch.conf to prioritize LDAP for authentication. 3) Modifying Pam.conf to use LDAP for authentication. Once these steps are completed, users should be able to log in with their LDAP credentials, confirming the LDAP client configuration is complete. The document notes configuration instructions for earlier Solaris versions will be provided at a later time.

Uploaded by

ccoker
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
116 views6 pages

Configuring LDAP Client: Solaris 9

The document provides instructions for configuring an LDAP client on a Solaris 9 system. It involves: 1) Creating a hosts entry for the LDAP server and running commands to initialize the LDAP client. 2) Updating NSSwitch.conf to prioritize LDAP for authentication. 3) Modifying Pam.conf to use LDAP for authentication. Once these steps are completed, users should be able to log in with their LDAP credentials, confirming the LDAP client configuration is complete. The document notes configuration instructions for earlier Solaris versions will be provided at a later time.

Uploaded by

ccoker
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 6

Configuring LDAP Client

Solaris 9

1. create /etc/inet/hosts entry

10.217.160.130        punldap01

2. run following commands

#domainname vxindia.veritas.com

#domainname >/etc/defaultdomain

#ldapclient –v init punldap01

3. Update /etc/nsswitch.conf as below

# /etc/nsswitch.ldap:

# An example file that could be copied over to /etc/nsswitch.conf; it

# uses LDAP in conjunction with files.

# "hosts:" and "services:" in this file are used only if the

# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.

# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.

passwd:     files ldap

group:      files ldap

# consult /etc "files" only if ldap is down.

hosts:      files dns ldap

ipnodes:    files
# Uncomment the following line and comment out the above to resolve

# both IPv4 and IPv6 addresses from the ipnodes databases. Note that

# IPv4 addresses are searched in all of the ipnodes databases before

# searching the hosts databases. Before turning this option on, consult

# the Network Administration Guide for more details on using IPv6.

#ipnodes:    ldap [NOTFOUND=return] files

networks:   files ldap

protocols:  files ldap

rpc:        files ldap

ethers:     files ldap

netmasks:   files ldap

bootparams: files ldap

publickey:  ldap [NOTFOUND=return] files

netgroup:   ldap

automount:  files ldap

aliases:    files ldap

# for efficient getservbyname() avoid ldap

services:   files ldap

sendmailvars:   files

printers:            user files ldap

auth_attr: files ldap

prof_attr: files ldap

project:    files ldap

4. Update /etc/pam.conf  as below


# PAM configuration

# Authentication management

# login service (explicit because of pam_dial_auth)

login  auth     requisite pam_authtok_get.so.1

login  auth     required  pam_dhkeys.so.1

login  auth     required  pam_dial_auth.so.1

login  auth     binding   pam_unix_auth.so.1 server_policy

login  auth     required  pam_ldap.so.1

# rlogin service (explicit because of pam_rhost_auth)

rlogin  auth     sufficient pam_rhosts_auth.so.1

rlogin  auth     requisite  pam_authtok_get.so.1

rlogin  auth     required   pam_dhkeys.so.1

rlogin  auth     binding    pam_unix_auth.so.1 server_policy

rlogin  auth     required   pam_ldap.so.1

# rsh service (explicit because of pam_rhost_auth,

# and pam_unix_auth for meaningful pam_setcred)

rsh     auth sufficient         pam_rhosts_auth.so.1

rsh     auth required           pam_unix_auth.so.1


#

# PPP service (explicit because of pam_dial_auth)

ppp     auth requisite          pam_authtok_get.so.1

ppp     auth required           pam_dhkeys.so.1

ppp     auth required           pam_dial_auth.so.1

ppp     auth binding            pam_unix_auth.so.1 server_policy

ppp     auth required           pam_ldap.so.1

# Default definitions for Authentication management

# Used when service name is not explicitly mentioned for authentication

other   auth requisite          pam_authtok_get.so.1

other   auth required           pam_dhkeys.so.1

other   auth binding            pam_unix_auth.so.1 server_policy

other   auth required           pam_ldap.so.1

# passwd command (explicit because of a different authentication module)

passwd auth     binding   pam_passwd_auth.so.1 server_policy

passwd auth     required  pam_ldap.so.1

# cron service (explicit because of non-usage of pam_roles.so.1)

cron    account required        pam_projects.so.1


cron    account required        pam_unix_account.so.1

# Default definition for Account management

# Used when service name is not explicitly mentioned for account management

other  account  requisite pam_roles.so.1

other  account  required  pam_projects.so.1

other  account  binding   pam_unix_account.so.1 server_policy

other  account  required  pam_ldap.so.1

# Default definition for Session management

# Used when service name is not explicitly mentioned for session management

other   session required        pam_unix_session.so.1

# Default definition for Password management

# Used when service name is not explicitly mentioned for password management

other  password required  pam_dhkeys.so.1

other  password requisite pam_authtok_get.so.1

other  password requisite pam_authtok_check.so.1

other  password required  pam_authtok_store.so.1 server_policy

# Support for Kerberos V5 authentication (uncomment to use Kerberos)

#
#rlogin         auth optional           pam_krb5.so.1 try_first_pass

#login          auth optional           pam_krb5.so.1 try_first_pass

#other          auth optional           pam_krb5.so.1 try_first_pass

#cron           account optional        pam_krb5.so.1

#other          account optional        pam_krb5.so.1

#other          session optional        pam_krb5.so.1

#other          password optional       pam_krb5.so.1 try_first_pass

Try logging on to server with your vxindia NIS+ username and password (it is same in ldap). If
this works you are all set client is configured.

Configuring LDAP Client for Solaris version 2.6, 7, and 8

Coming Soon....

You might also like