[Freeipa-users] Solaris 10 as IPA Client?

Dmitri Pal dpal at redhat.com
Sat Dec 3 18:52:39 UTC 2011 

On 12/01/2011 05:09 AM, Sigbjorn Lie wrote:
> Hi,
>
> I use Solaris 10 as clients, several different updates. They all work fine. I have replaced the
> default DUAConfigProfile though, to include netgroups and automount support, and use SSL
> authenticated connctions, but the default should work well for basic user and group. Even though
> it uses unencrypted, unauthenticated connections to the LDAP server. :)
>
> Please note that you really need to change /etc/nsswitch.ldap before running the ldapclient
> script, as this is being copied into /etc/nsswitch.conf by the ldapclient script. The default
> nsswitch.ldap sets hosts to look from ldap, and removes dns. This does not work with IPA as it
> relies on DNS for name lookups, and the hosts tables does not exist in IPA's LDAP server. This
> prevents the ldap client from starting.
>
> I've configured my nsswitch.ldap to only look up passwd, group, automount, netgroup and ethers for
> now.
>
> Remember to configure the kerberos client afterwards. AES256 (which is the first KRB encryption
> type in IPA) was not included in Solaris 10 until Update 8 from what I've read. On these machines
> I have created keytabs using only AES128 and below for the keytab, and limiting enctypes in
> krb5.conf using default_tkt_enctypes and default_tgs_enctypes to AES128 and downwards.
>
>
Also Solaris assumes 2307 schema AFAIR and IPA is 2307bis.
So you need to enable compat tree on ipa side and point your Solaris
nss_ldap to the compat tree.

> Regards,
> Siggi
>
>
>
>
>
>
> On Thu, December 1, 2011 06:31, Craig T wrote:
>> Hi,
>>
>>
>> Anyone had any success using Solaris 10 as a IPA client (using ipa-server-2.1.1-4.el6.x86_64)?
>> Does anyone have any more detailed documentation on the topic? I find that Section "3.3.1.
>> Configuring Solaris 10" from the Identitiy Management Guide very light.
>>
>>
>>
>> #Solaris 10 (Newest Edition)
>> Oracle Solaris 10 8/11 s10x_u10wos_17b X86
>> Copyright (c) 1983, 2011, Oracle and/or its affiliates. All rights reserved.
>> Assembled 23 August 2011
>>
>>
>>
>> bash-3.2# ldapclient -v init chtvm-389.teratext.saic.com.au Arguments parsed:
>> defaultServerList: chtvm-389.teratext.saic.com.au
>> Handling init option
>> About to configure machine by downloading a profile
>> No profile specified. Using "default"
>> Proxy DN: NULL
>> Proxy password: NULL
>> Authentication method: 0
>> No proxyDN/proxyPassword required
>> Shadow Update is not enabled, no adminDN/adminPassword is required.
>> About to modify this machines configuration by writing the files
>> Stopping network services
>> Stopping sendmail
>> stop: sleep 100000 microseconds
>> stop: network/smtp:sendmail... success
>> Stopping nscd
>> stop: sleep 100000 microseconds
>> stop: sleep 200000 microseconds
>> stop: system/name-service-cache:default... success
>> Stopping autofs
>> stop: sleep 100000 microseconds
>> stop: sleep 200000 microseconds
>> stop: sleep 400000 microseconds
>> stop: sleep 800000 microseconds
>> stop: sleep 1600000 microseconds
>> stop: sleep 3200000 microseconds
>> stop: system/filesystem/autofs:default... success
>> ldap not running nisd not running nis(yp) not running file_backup: stat(/etc/nsswitch.conf)=0
>> file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
>> file_backup: stat(/etc/defaultdomain)=0
>> file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
>> file_backup: stat(/var/nis/NIS_COLD_START)=-1
>> file_backup: No /var/nis/NIS_COLD_START file.
>> file_backup: nis domain is "teratext.saic.com.au"
>> file_backup: stat(/var/yp/binding/teratext.saic.com.au)=-1
>> file_backup: No /var/yp/binding/teratext.saic.com.au directory.
>> file_backup: stat(/var/ldap/ldap_client_file)=-1
>> file_backup: No /var/ldap/ldap_client_file file.
>> Starting network services
>> start: /usr/bin/domainname teratext.saic.com.au... success
>> start: sleep 100000 microseconds
>> start: sleep 200000 microseconds
>> start: sleep 400000 microseconds
>> start: sleep 800000 microseconds
>> start: sleep 1600000 microseconds
>> start: sleep 3200000 microseconds
>> start: sleep 6400000 microseconds
>> start: sleep 12800000 microseconds
>> start: sleep 25600000 microseconds
>> start: sleep 51200000 microseconds
>>
>>>>> start: sleep 17700000 microseconds                             <<<<
>>>>> start: network/ldap/client:default... timed out                <<<<
>>>>> start: network/ldap/client:default... offline to disable       <<<<
>>>>> stop: sleep 100000 microseconds                                <<<<
>>>>>
>> stop: sleep 200000 microseconds
>> stop: sleep 400000 microseconds
>> stop: sleep 800000 microseconds
>> stop: sleep 1600000 microseconds
>> stop: sleep 3200000 microseconds
>> stop: sleep 6400000 microseconds
>> stop: sleep 12800000 microseconds
>> stop: sleep 25600000 microseconds
>> stop: sleep 8900000 microseconds
>> stop: network/ldap/client:default... timed out
>> start: sleep 100000 microseconds
>> start: system/filesystem/autofs:default... success
>> start: sleep 100000 microseconds
>> start: system/name-service-cache:default... success
>> start: sleep 100000 microseconds
>> start: sleep 200000 microseconds
>> start: network/smtp:sendmail... success
>>
>>>>> restart: sleep 100000 microseconds                             <<<<
>>>>> restart: milestone/name-services:default... success            <<<<
>>>>> Error resetting system.                                        <<<<
>>>>> Recovering old system settings.                                <<<<
>>>>> Stopping network services                                      <<<<
>>>>>
>> Stopping sendmail
>> stop: sleep 100000 microseconds
>> stop: network/smtp:sendmail... success
>> Stopping nscd
>> stop: sleep 100000 microseconds
>> stop: sleep 200000 microseconds
>> stop: system/name-service-cache:default... success
>> Stopping autofs
>> stop: sleep 100000 microseconds
>> stop: sleep 200000 microseconds
>> stop: sleep 400000 microseconds
>> stop: sleep 800000 microseconds
>> stop: sleep 1600000 microseconds
>> stop: sleep 3200000 microseconds
>> stop: system/filesystem/autofs:default... success
>> Stopping ldap
>> stop: sleep 100000 microseconds
>> stop: sleep 200000 microseconds
>> stop: sleep 400000 microseconds
>> stop: sleep 800000 microseconds
>> stop: sleep 1600000 microseconds
>> stop: sleep 3200000 microseconds
>> stop: sleep 6400000 microseconds
>> stop: sleep 12800000 microseconds
>> stop: sleep 25600000 microseconds
>> stop: sleep 8900000 microseconds
>> stop: network/ldap/client:default... timed out
>> Stopping ldap failed with (7)
>> Error (1) while stopping services during reset
>> recover: stat(/var/ldap/restore/defaultdomain)=0
>> recover: open(/var/ldap/restore/defaultdomain)
>> recover: read(/var/ldap/restore/defaultdomain)
>> recover: old domainname "teratext.saic.com.au"
>> recover: stat(/var/ldap/restore/ldap_client_file)=-1
>> recover: stat(/var/ldap/restore/ldap_client_cred)=-1
>> recover: stat(/var/ldap/restore/NIS_COLD_START)=-1
>> recover: stat(/var/ldap/restore/teratext.saic.com.au)=-1
>> recover: stat(/var/ldap/restore/nsswitch.conf)=0
>> recover: file_move(/var/ldap/restore/nsswitch.conf, /etc/nsswitch.conf)=0
>> recover: stat(/var/ldap/restore/defaultdomain)=0
>> recover: file_move(/var/ldap/restore/defaultdomain, /etc/defaultdomain)=0
>> Starting network services
>> start: /usr/bin/domainname teratext.saic.com.au... success
>> start: sleep 100000 microseconds
>> start: system/filesystem/autofs:default... success
>> start: sleep 100000 microseconds
>> start: sleep 200000 microseconds
>> start: sleep 400000 microseconds
>> start: system/name-service-cache:default... success
>> start: sleep 100000 microseconds
>> start: network/smtp:sendmail... success
>> restart: sleep 100000 microseconds
>> restart: sleep 200000 microseconds
>> restart: milestone/name-services:default... success
>>
>>
>>
>>
>> Regards,
>>
>>
>> Craig
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list