[Freeipa-users] IPA Solaris Clients
Rob Crittenden
rcritten at redhat.com
Tue Jan 6 15:30:49 UTC 2009
Brian Likosar wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Rob Crittenden wrote:
>> Look in /var/ldap/ldap_client_file on a Solaris machine to verify that
>> the configuration is ok (you don't want to make manual changes here,
>> they will be lost).
>
> This file does not exist, nor is it referenced in the Client Config
> documentation. Does Solaris not respect the /etc/ldap.conf file?
Ah, sorry. I incorrectly assumed you were using the native nss_ldap
instead of the PAM nss_ldap that we built. freeIPA v1.2 added support
for the native nss_ldap so our package isn't required any more.
Still, it should work. You did install the package using pkgadd, right?
>> See if you can contact the LDAP server using ldapsearch:
>>
>> % ldapsearch -h ipa.example.com -b "dc=example,dc=com" uid=admin
>
> This worked perfectly.
Ok, that's good to know.
>
>> If the connection fails see if you have a firewall in between (iptables
>> on Linux).
>>
>> Logs to check are:
>>
>> Solaris: /var/adm/messages
>> Linux: /var/log/dirsrv/slapd-INSTANCE/access
>>
>> If the Solaris machine is issuing LDAP queries you'd see them in the FDS
>> access log eventually (there is a 30-second buffer by default).
>
> The only LDAP queries the Solaris machine makes are when I run the
> ldapsearch command. I've followed the setup on the freeipa.org site,
> and ldap[NOTFOUND=return] is included in /etc/nsswitch.conf, but it
> still seems to make no calls to FDS. Any other ideas?
Hmm. Can you restart/kill nscd?
rob
More information about the Freeipa-users
mailing list