On 12/01/2011 05:09 AM, Sigbjorn Lie wrote: > Hi, > > I use Solaris 10 as clients, several different updates. They all work fine. I > have replaced the > default DUAConfigProfile though, to include netgroups and automount support, > and use SSL > authenticated connctions, but the default should work well for basic user and > group. Even though > it uses unencrypted, unauthenticated connections to the LDAP server. :) > > Please note that you really need to change /etc/nsswitch.ldap before running > the ldapclient > script, as this is being copied into /etc/nsswitch.conf by the ldapclient > script. The default > nsswitch.ldap sets hosts to look from ldap, and removes dns. This does not > work with IPA as it > relies on DNS for name lookups, and the hosts tables does not exist in IPA's > LDAP server. This > prevents the ldap client from starting. > > I've configured my nsswitch.ldap to only look up passwd, group, automount, > netgroup and ethers for > now. > > Remember to configure the kerberos client afterwards. AES256 (which is the > first KRB encryption > type in IPA) was not included in Solaris 10 until Update 8 from what I've > read. On these machines > I have created keytabs using only AES128 and below for the keytab, and > limiting enctypes in > krb5.conf using default_tkt_enctypes and default_tgs_enctypes to AES128 and > downwards. > > Also Solaris assumes 2307 schema AFAIR and IPA is 2307bis. So you need to enable compat tree on ipa side and point your Solaris nss_ldap to the compat tree.
> Regards, > Siggi > > > > > > > On Thu, December 1, 2011 06:31, Craig T wrote: >> Hi, >> >> >> Anyone had any success using Solaris 10 as a IPA client (using >> ipa-server-2.1.1-4.el6.x86_64)? >> Does anyone have any more detailed documentation on the topic? I find that >> Section "3.3.1. >> Configuring Solaris 10" from the Identitiy Management Guide very light. >> >> >> >> #Solaris 10 (Newest Edition) >> Oracle Solaris 10 8/11 s10x_u10wos_17b X86 >> Copyright (c) 1983, 2011, Oracle and/or its affiliates. All rights reserved. >> Assembled 23 August 2011 >> >> >> >> bash-3.2# ldapclient -v init chtvm-389.teratext.saic.com.au Arguments parsed: >> defaultServerList: chtvm-389.teratext.saic.com.au >> Handling init option >> About to configure machine by downloading a profile >> No profile specified. Using "default" >> Proxy DN: NULL >> Proxy password: NULL >> Authentication method: 0 >> No proxyDN/proxyPassword required >> Shadow Update is not enabled, no adminDN/adminPassword is required. >> About to modify this machines configuration by writing the files >> Stopping network services >> Stopping sendmail >> stop: sleep 100000 microseconds >> stop: network/smtp:sendmail... success >> Stopping nscd >> stop: sleep 100000 microseconds >> stop: sleep 200000 microseconds >> stop: system/name-service-cache:default... success >> Stopping autofs >> stop: sleep 100000 microseconds >> stop: sleep 200000 microseconds >> stop: sleep 400000 microseconds >> stop: sleep 800000 microseconds >> stop: sleep 1600000 microseconds >> stop: sleep 3200000 microseconds >> stop: system/filesystem/autofs:default... success >> ldap not running nisd not running nis(yp) not running file_backup: >> stat(/etc/nsswitch.conf)=0 >> file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf) >> file_backup: stat(/etc/defaultdomain)=0 >> file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain) >> file_backup: stat(/var/nis/NIS_COLD_START)=-1 >> file_backup: No /var/nis/NIS_COLD_START file. >> file_backup: nis domain is "teratext.saic.com.au" >> file_backup: stat(/var/yp/binding/teratext.saic.com.au)=-1 >> file_backup: No /var/yp/binding/teratext.saic.com.au directory. >> file_backup: stat(/var/ldap/ldap_client_file)=-1 >> file_backup: No /var/ldap/ldap_client_file file. >> Starting network services >> start: /usr/bin/domainname teratext.saic.com.au... success >> start: sleep 100000 microseconds >> start: sleep 200000 microseconds >> start: sleep 400000 microseconds >> start: sleep 800000 microseconds >> start: sleep 1600000 microseconds >> start: sleep 3200000 microseconds >> start: sleep 6400000 microseconds >> start: sleep 12800000 microseconds >> start: sleep 25600000 microseconds >> start: sleep 51200000 microseconds >> >>>>> start: sleep 17700000 microseconds <<<< >>>>> start: network/ldap/client:default... timed out <<<< >>>>> start: network/ldap/client:default... offline to disable <<<< >>>>> stop: sleep 100000 microseconds <<<< >>>>> >> stop: sleep 200000 microseconds >> stop: sleep 400000 microseconds >> stop: sleep 800000 microseconds >> stop: sleep 1600000 microseconds >> stop: sleep 3200000 microseconds >> stop: sleep 6400000 microseconds >> stop: sleep 12800000 microseconds >> stop: sleep 25600000 microseconds >> stop: sleep 8900000 microseconds >> stop: network/ldap/client:default... timed out >> start: sleep 100000 microseconds >> start: system/filesystem/autofs:default... success >> start: sleep 100000 microseconds >> start: system/name-service-cache:default... success >> start: sleep 100000 microseconds >> start: sleep 200000 microseconds >> start: network/smtp:sendmail... success >> >>>>> restart: sleep 100000 microseconds <<<< >>>>> restart: milestone/name-services:default... success <<<< >>>>> Error resetting system. <<<< >>>>> Recovering old system settings. <<<< >>>>> Stopping network services <<<< >>>>> >> Stopping sendmail >> stop: sleep 100000 microseconds >> stop: network/smtp:sendmail... success >> Stopping nscd >> stop: sleep 100000 microseconds >> stop: sleep 200000 microseconds >> stop: system/name-service-cache:default... success >> Stopping autofs >> stop: sleep 100000 microseconds >> stop: sleep 200000 microseconds >> stop: sleep 400000 microseconds >> stop: sleep 800000 microseconds >> stop: sleep 1600000 microseconds >> stop: sleep 3200000 microseconds >> stop: system/filesystem/autofs:default... success >> Stopping ldap >> stop: sleep 100000 microseconds >> stop: sleep 200000 microseconds >> stop: sleep 400000 microseconds >> stop: sleep 800000 microseconds >> stop: sleep 1600000 microseconds >> stop: sleep 3200000 microseconds >> stop: sleep 6400000 microseconds >> stop: sleep 12800000 microseconds >> stop: sleep 25600000 microseconds >> stop: sleep 8900000 microseconds >> stop: network/ldap/client:default... timed out >> Stopping ldap failed with (7) >> Error (1) while stopping services during reset >> recover: stat(/var/ldap/restore/defaultdomain)=0 >> recover: open(/var/ldap/restore/defaultdomain) >> recover: read(/var/ldap/restore/defaultdomain) >> recover: old domainname "teratext.saic.com.au" >> recover: stat(/var/ldap/restore/ldap_client_file)=-1 >> recover: stat(/var/ldap/restore/ldap_client_cred)=-1 >> recover: stat(/var/ldap/restore/NIS_COLD_START)=-1 >> recover: stat(/var/ldap/restore/teratext.saic.com.au)=-1 >> recover: stat(/var/ldap/restore/nsswitch.conf)=0 >> recover: file_move(/var/ldap/restore/nsswitch.conf, /etc/nsswitch.conf)=0 >> recover: stat(/var/ldap/restore/defaultdomain)=0 >> recover: file_move(/var/ldap/restore/defaultdomain, /etc/defaultdomain)=0 >> Starting network services >> start: /usr/bin/domainname teratext.saic.com.au... success >> start: sleep 100000 microseconds >> start: system/filesystem/autofs:default... success >> start: sleep 100000 microseconds >> start: sleep 200000 microseconds >> start: sleep 400000 microseconds >> start: system/name-service-cache:default... success >> start: sleep 100000 microseconds >> start: network/smtp:sendmail... success >> restart: sleep 100000 microseconds >> restart: sleep 200000 microseconds >> restart: milestone/name-services:default... success >> >> >> >> >> Regards, >> >> >> Craig >> >> >> _______________________________________________ >> Freeipa-users mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users > > -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
