Вы находитесь на странице: 1из 6

Configuring LDAP Client

Solaris 9

1. create /etc/inet/hosts entry punldap01

2. run following commands

#domainname vxindia.veritas.com

#domainname >/etc/defaultdomain

#ldapclient –v init punldap01

3. Update /etc/nsswitch.conf as below

# /etc/nsswitch.ldap:

# An example file that could be copied over to /etc/nsswitch.conf; it

# uses LDAP in conjunction with files.

# "hosts:" and "services:" in this file are used only if the

# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.

# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.

passwd: files ldap

group: files ldap

# consult /etc "files" only if ldap is down.

hosts: files dns ldap

ipnodes: files
# Uncomment the following line and comment out the above to resolve

# both IPv4 and IPv6 addresses from the ipnodes databases. Note that

# IPv4 addresses are searched in all of the ipnodes databases before

# searching the hosts databases. Before turning this option on, consult

# the Network Administration Guide for more details on using IPv6.

#ipnodes: ldap [NOTFOUND=return] files

networks: files ldap

protocols: files ldap

rpc: files ldap

ethers: files ldap

netmasks: files ldap

bootparams: files ldap

publickey: ldap [NOTFOUND=return] files

netgroup: ldap

automount: files ldap

aliases: files ldap

# for efficient getservbyname() avoid ldap

services: files ldap

sendmailvars: files

printers: user files ldap

auth_attr: files ldap

prof_attr: files ldap

project: files ldap

4. Update /etc/pam.conf as below

# PAM configuration

# Authentication management

# login service (explicit because of pam_dial_auth)

login auth requisite pam_authtok_get.so.1

login auth required pam_dhkeys.so.1

login auth required pam_dial_auth.so.1

login auth binding pam_unix_auth.so.1 server_policy

login auth required pam_ldap.so.1

# rlogin service (explicit because of pam_rhost_auth)

rlogin auth sufficient pam_rhosts_auth.so.1

rlogin auth requisite pam_authtok_get.so.1

rlogin auth required pam_dhkeys.so.1

rlogin auth binding pam_unix_auth.so.1 server_policy

rlogin auth required pam_ldap.so.1

# rsh service (explicit because of pam_rhost_auth,

# and pam_unix_auth for meaningful pam_setcred)

rsh auth sufficient pam_rhosts_auth.so.1

rsh auth required pam_unix_auth.so.1


# PPP service (explicit because of pam_dial_auth)

ppp auth requisite pam_authtok_get.so.1

ppp auth required pam_dhkeys.so.1

ppp auth required pam_dial_auth.so.1

ppp auth binding pam_unix_auth.so.1 server_policy

ppp auth required pam_ldap.so.1

# Default definitions for Authentication management

# Used when service name is not explicitly mentioned for authentication

other auth requisite pam_authtok_get.so.1

other auth required pam_dhkeys.so.1

other auth binding pam_unix_auth.so.1 server_policy

other auth required pam_ldap.so.1

# passwd command (explicit because of a different authentication module)

passwd auth binding pam_passwd_auth.so.1 server_policy

passwd auth required pam_ldap.so.1

# cron service (explicit because of non-usage of pam_roles.so.1)

cron account required pam_projects.so.1

cron account required pam_unix_account.so.1

# Default definition for Account management

# Used when service name is not explicitly mentioned for account management

other account requisite pam_roles.so.1

other account required pam_projects.so.1

other account binding pam_unix_account.so.1 server_policy

other account required pam_ldap.so.1

# Default definition for Session management

# Used when service name is not explicitly mentioned for session management

other session required pam_unix_session.so.1

# Default definition for Password management

# Used when service name is not explicitly mentioned for password management

other password required pam_dhkeys.so.1

other password requisite pam_authtok_get.so.1

other password requisite pam_authtok_check.so.1

other password required pam_authtok_store.so.1 server_policy

# Support for Kerberos V5 authentication (uncomment to use Kerberos)

#rlogin auth optional pam_krb5.so.1 try_first_pass

#login auth optional pam_krb5.so.1 try_first_pass

#other auth optional pam_krb5.so.1 try_first_pass

#cron account optional pam_krb5.so.1

#other account optional pam_krb5.so.1

#other session optional pam_krb5.so.1

#other password optional pam_krb5.so.1 try_first_pass

Try logging on to server with your vxindia NIS+ username and password (it is same in ldap). If
this works you are all set client is configured.

Configuring LDAP Client for Solaris version 2.6, 7, and 8

Coming Soon....