[Freeipa-users] Solaris Clients

[Michael ORourke]

I'm not sure if this will help (not being a Solaris shop), but when we rolled out IPA in our environment, I had some trouble with ssh and kerberos auth working correctly.  As it turned out, the fix was adding reverse lookup records (PTR) in the DNS for all the servers. 

-Mike


-----Original Message-----
>From: Luke Kearney <luke at kearney.jp>
>Sent: Mar 13, 2013 4:39 PM
>To: Freeipa-users at redhat.com
>Subject: [Freeipa-users] Solaris Clients
>
>Hello,
>
>I have recently been working on integrating our solaris 10 fleet with FreeIPA. The first 'test' host went relatively smoothly and we recently created a new test host. Only this time it was more challenging to get the system working.
>
>On our original test installation every step went almost exactly as per the documentation [ http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html ] 
>
>On the second install we found that whilst we were able to retrieve user account information via LDAP we could not login via ssh and kerberos for any amount of trying. This was overcome by inserting the following line into pam.conf
>
>other         account            sufficient              pam_ldap.so.1
>
>Where is had not been needed on test host1.
>
>To the extent it works and doesn't break something else this is all fine. I understand why it works as the information in ldap is needed to open the terminal session, why would one need this stanza but not the other?
>
>If anyone can shed any light on this I would be most appreciative.
>
>Thanks
>
>_______________________________________________
>Freeipa-users mailing list
>Freeipa-users at redhat.com
>https://www.redhat.com/mailman/listinfo/freeipa-users