[Fedora-directory-users] Solaris9 client problems / questions
Susan
logastellus at yahoo.com
Tue May 16 20:37:22 UTC 2006
--- Jo De Troy <jo.de.troy at gmail.com> wrote:
> Secondly I don't see how I can get TLS working, in the Solaris client howto
> document it's written to start up netscape and connect to
> http://ldapserver:636 to somehow get the certifcates for the Solaris client.
> I must be doing something wrong, since this just doesn't work. Is there
> another way of getting the required certificates on the Solaris client? I
> guess I only need the CA certificates on the Solaris client or not?
>
Yep. Somebody posted this procedure (I'm sorry, I forgot the gentleman's name) but the following
worked for me.
Solaris 10 client config
* Download the nspr, and nss packages for Solaris 9 here
(http://sourceforge.net/project/showfiles.php?group_id=19386) and install them.
* Get Sun one Resource Kit here: http://www.sun.com/download/products.xml?id=3f74a0db and
install it.
* Next run this command to setup your certificate database:
# LD_LIBRARY_PATH=/usr/lib:/usr/local/lib ; export LD_LIBRARY_PATH
# /opt/sunone/lib/nss/bin/certutil -N -d /var/ldap
* Add hosts entry to /etc/hosts for Ldap server, matching the certificate name
* Get CA cert from directory using these commands:
[root at corporate-ds alias]# pwd
/opt/fedora-ds/alias
[root at corporate-ds alias]# ../shared/bin/certutil -L -d . -n "CA certificate" -r > /root/cert.der
* Copy it to the solaris server, and import it with this:
/opt/sunone/lib/nss/bin/certutil -A -n "CA certificate" -i /export/home/mmont/cert.der -t
"CTu,u,u" -d /var/ldap/
* Run this command to set ldap client settings on the machine:
ldapclient -v manual -a authenticationMethod=tls:simple -a credentialLevel=proxy -a
defaultSearchBase="dc=cors,dc=cy,dc=com" \
-a domainName=cors.cy.com -a followReferrals=false \
-a serviceSearchDescriptor="netgroup: ou=netgroup,dc=cors,dc=cy,dc=com" \
-a preferredServerList=119.15.70.17 -a serviceAuthenticationMethod=pam_ldap:tls:simple \
-a proxyPassword=password -a proxyDn=cn=proxyagent,ou=profile,dc=cors,dc=cy,dc=com
* Restart ldap.client:
# /etc/init.d/ldap.client stop ; sleep 2 ; /etc/init.d/ldap.client start
That should do it. Test settings with id, getent, or ldaplist: (You must be root, or sudo to use
ldaplist)
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Fedora-directory-users
mailing list