[Freeipa-users] Installing IPA on Solaris 10
Andy Singleton
Andy.Singleton at tipp24os.co.uk
Fri Feb 5 16:03:05 UTC 2010
Hi Rob,
Ok ive switched on the compat plugin.
Incidentally, does this need to be done separately for all replicas?
However, when I run ldapclient init <ipa_server>, I get this message:
"Failed to find defaultSearchBase for domain"
Cheers
Andy
-----Original Message-----
From: Rob Crittenden [mailto:rcritten at redhat.com]
Sent: 03 February 2010 17:34
To: Andy Singleton; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Installing IPA on Solaris 10
Andy Singleton wrote:
> Hi Rob,
>
> Neither of the commands give any results.
/me smacks head
Ok, sorry I didn't see this the first go-round.
The Solaris nss_ldap doesn't use /etc/ldap.conf.
What you want to do is something like:
# ldapclient init ipa.example.com
This should set everything up for you on the Solaris side assuming
you're running freeIPA 1.2.2.
You'll also need to enable the compat schema on the IPA side by running
ipa-compat-manage enable and restarting the DS (if you haven't done so
already).
Note that the Solaris LDAP client assumes that if you want to use LDAP
for anything then you want to use it for EVERYTHING, so you'll want to
fix up /etc/nsswitch.conf, at least setting files and ipnodes back to
dns from ldap.
rob
>
> Andy
>
> -----Original Message-----
> From: Rob Crittenden [mailto:rcritten at redhat.com]
> Sent: 03 February 2010 16:11
> To: Andy Singleton
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Installing IPA on Solaris 10
>
> Andy Singleton wrote:
>> Hi rob,
>>
>> Glad you caught up with this problem.
>>
>> The nsswitch.conf is set up as per the install document. So:
>> passwd: files ldap[NOTFOUND=return]
>> group: files ldap[NOTFOUND=return]
>>
>> The system uses the standard solaris nss_ldap package.
>
> Ok, can you see if you can get a specific user and group:
>
> getent passwd admin
> getent group ipausers
>
> rob
>
>> Cheers
>> Andy
>>
>> ----- Original Message -----
>> From: Rob Crittenden <rcritten at redhat.com>
>> To: Andy Singleton
>> Cc: freeipa-users at redhat.com <freeipa-users at redhat.com>
>> Sent: Tue Feb 02 21:01:33 2010
>> Subject: Re: [Freeipa-users] Installing IPA on Solaris 10
>>
>> Andy Singleton wrote:
>> > Hi guys,
>> >
>> >
>> >
>> > I am installing IPA 1.2.2 client installation on one of our Solaris
>> > servers, and I cant seem to get the system to see the IPA users. “getent
>> > passwd” only returns local users, and no traffic is leaving the client
>> > for the IPA server for ldap.
>> >
>> >
>> >
>> > I have followed the instructions from the documentation, but I
>> > definitely get the feeling that something is missing.
>> >
>> > All the various configuration files are populated, and the Kerberos
>> > portion works correctly because I can obtain a ticket.
>> >
>> > So possibly there is a problem with the nss_ldap part, or the ldap.conf
>> > itself.
>> >
>> >
>> >
>> > Does anyone know common problems that might have this result on
>> Solaris 10?
>> >
>> >
>> >
>> > For reference, here is the /etc/ldap.conf file:
>> >
>> >
>> >
>> > ldap_version 3
>> >
>> > base cn=compat,dc=live,dc=tipp24,dc=net
>> >
>> > nss_base_passwd cn=users,cn=compat,dc=live,dc=tipp24,dc=net?sub
>> >
>> > nss_base_group cn=groups,cn=compat,dc=live,dc=tipp24,dc=net?sub
>> >
>> > nss_schema rfc2307bis
>> >
>> > nss_map_objectclass shadowAccount posixAccount
>> >
>> > nss_map_attribute uniqueMember member
>> >
>> > nss_initgroups_ignoreusers root,dirsrv,oracle
>> >
>> > nss_reconnect_maxsleeptime 8
>> >
>> > nss_reconnect_sleeptime 1
>> >
>> > bind_timelimit 2
>> >
>> > timelimit 4
>> >
>> > nss_srv_domain live.tipp24.net
>> >
>> > uri ldap://ipaserver1.live.tipp24.net ldap://ipaserver2.live.tipp24.net
>> >
>> >
>> >
>> > Thanks
>> >
>> > Andy
>>
>> Sorry, missed this one last week..
>>
>> What does /etc/nsswitch.conf read? Is it configured to use ldap?
>>
>> You might also try killing nscd in case it is interfering.
>>
>> rob
>>
>
More information about the Freeipa-users
mailing list