[Freeipa-users] Installing IPA on Solaris 10

Rob Crittenden rcritten at redhat.com
Wed Feb 3 15:11:19 UTC 2010 

Andy Singleton wrote:
> Hi rob,
> 
> Glad you caught up with this problem.
> 
> The nsswitch.conf is set up as per the install document. So:
>  passwd:     files ldap[NOTFOUND=return]
>  group:    files ldap[NOTFOUND=return]
> 
> The system uses the standard solaris nss_ldap package.

Ok, can you see if you can get a specific user and group:

getent passwd admin
getent group ipausers

rob

> 
> Cheers
> Andy
> 
> ----- Original Message -----
> From: Rob Crittenden <rcritten at redhat.com>
> To: Andy Singleton
> Cc: freeipa-users at redhat.com <freeipa-users at redhat.com>
> Sent: Tue Feb 02 21:01:33 2010
> Subject: Re: [Freeipa-users] Installing IPA on Solaris 10
> 
> Andy Singleton wrote:
>  > Hi guys,
>  >
>  > 
>  >
>  > I am installing IPA 1.2.2 client installation on one of our Solaris
>  > servers, and I cant seem to get the system to see the IPA users. “getent
>  > passwd” only returns local users, and no traffic is leaving the client
>  > for the IPA server for ldap.
>  >
>  > 
>  >
>  > I have followed the instructions from the documentation, but I
>  > definitely get the feeling that something is missing.
>  >
>  > All the various configuration files are populated, and the Kerberos
>  > portion works correctly because I can obtain a ticket.
>  >
>  > So possibly there is a problem with the nss_ldap part, or the ldap.conf
>  > itself.
>  >
>  > 
>  >
>  > Does anyone know common problems that might have this result on 
> Solaris 10?
>  >
>  > 
>  >
>  > For reference, here is the /etc/ldap.conf file:
>  >
>  > 
>  >
>  > ldap_version 3
>  >
>  > base cn=compat,dc=live,dc=tipp24,dc=net
>  >
>  > nss_base_passwd cn=users,cn=compat,dc=live,dc=tipp24,dc=net?sub
>  >
>  > nss_base_group cn=groups,cn=compat,dc=live,dc=tipp24,dc=net?sub
>  >
>  > nss_schema rfc2307bis
>  >
>  > nss_map_objectclass shadowAccount posixAccount
>  >
>  > nss_map_attribute uniqueMember member
>  >
>  > nss_initgroups_ignoreusers root,dirsrv,oracle
>  >
>  > nss_reconnect_maxsleeptime 8
>  >
>  > nss_reconnect_sleeptime 1
>  >
>  > bind_timelimit 2
>  >
>  > timelimit 4
>  >
>  > nss_srv_domain live.tipp24.net
>  >
>  > uri ldap://ipaserver1.live.tipp24.net ldap://ipaserver2.live.tipp24.net
>  >
>  > 
>  >
>  > Thanks
>  >
>  > Andy
> 
> Sorry, missed this one last week..
> 
> What does /etc/nsswitch.conf read? Is it configured to use ldap?
> 
> You might also try killing nscd in case it is interfering.
> 
> rob
>

More information about the Freeipa-users mailing list