Aaron Mills
2009-Mar-16 17:25 UTC
[Fedora-directory-users] Solaris 10 central auth through FDS
Hi All,
I¹m trying to hook a bunch of Solaris 10 boxes into my FDS install for
central user authentication. I¹ve already got a dozen or so linux boxes
authenticating off FDS 1.1.3.
I was reading the documentation here:
http://directory.fedoraproject.org/wiki/Howto:SolarisClient#Solaris_10_LDAP_
Client
Which seems to be slightly outdated (idsconfig fails consistently). Is there
a newer doc out there somewhere and/or has anyone had success with the
Wiki¹s instructions? Any advice would be much appreciated.
Thanks,
-Aaron
--
Aaron Mills
Systems Administrator
Return Path
http://www.returnpath.net
Luke Bigum
2009-Mar-16 22:17 UTC
[Fedora-directory-users] RE: Solaris 10 central auth through FDS
Aaron, that''s the documentation I followed, it should be correct. Make
sure you take a note of the first point and modify the script. Here''s
my copy of the chk_ids_version function:
chk_ids_version()
{
[ $DEBUG -eq 1 ] && ${ECHO} "In chk_ids_version()"
# check iDS version number.
eval "${LDAPSEARCH} ${SERVER_ARGS} -b cn=monitor -s base
\"objectclass=*\" version | ${GREP} \"^version=\"
| cut -f2 -d''/'' | cut -f1 -d'' '' >
${TMPDIR}/checkDSver 2>&1"
if [ $? -ne 0 ]; then
${ECHO} "ERROR: Can not determine the version number of iDS!"
exit 1
fi
IDS_VER=`cat ${TMPDIR}/checkDSver`
IDS_MAJVER=`${ECHO} ${IDS_VER} | cut -f1 -d.`
IDS_MINVER=`${ECHO} ${IDS_VER} | cut -f2 -d.`
if [ "${IDS_MAJVER}" != "5" ] && [
"${IDS_MAJVER}" != "6" ] && [
"${IDS_MAJVER}" != "1" ]; then
${ECHO} "ERROR: $PROG only works with JES DS version 5.x and 6.x
and FDS 1.1.3, not ${IDS_VER}."
exit 1
fi
if [ $DEBUG -eq 1 ]; then
${ECHO} " IDS_MAJVER = $IDS_MAJVER"
${ECHO} " IDS_MINVER = $IDS_MINVER"
fi
}
If that doesn''t fix your problem, can you find out where in the script
it''s dying?
Luke Bigum
Systems Administrator
(p) 1300 661 668
(f) 1300 661 540
(e) lbigum@iseek.com.au<mailto:lbigum@iseek.com.au>
http://www.iseek.com.au<http://www.iseek.com.au/>
Level 1, 100 Ipswich Road Woolloongabba QLD 4102
[cid:image001.jpg@01C9A6D8.BED66C40]
This e-mail and any files transmitted with it may contain confidential and
privileged material for the sole use of the intended recipient. Any review, use,
distribution or disclosure by others is strictly prohibited. If you are not the
intended recipient (or authorised to receive for the recipient), please contact
the sender by reply e-mail and delete all copies of this message.
From: fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Aaron Mills
Sent: Tuesday, 17 March 2009 3:26 AM
To: discussion list for the Fedora Directory server project.
Subject: [Fedora-directory-users] Solaris 10 central auth through FDS
Hi All,
I''m trying to hook a bunch of Solaris 10 boxes into my FDS install for
central user authentication. I''ve already got a dozen or so linux boxes
authenticating off FDS 1.1.3.
I was reading the documentation here:
http://directory.fedoraproject.org/wiki/Howto:SolarisClient#Solaris_10_LDAP_Client
Which seems to be slightly outdated (idsconfig fails consistently). Is there a
newer doc out there somewhere and/or has anyone had success with the
Wiki''s instructions? Any advice would be much appreciated.
Thanks,
-Aaron
--
Aaron Mills
Systems Administrator
Return Path
http://www.returnpath.net
Aaron Mills
2009-Mar-18 20:02 UTC
Re: [Fedora-directory-users] RE: Solaris 10 central auth through FDS
Thanks for the help I¹m following this doc a little more closely, but I¹m
stuck at the part where it says to add the nisDomain attribute type to the
root node:
http://directory.fedoraproject.org/wiki/Howto:SolarisClient#Solaris_10_LDAP_
Client
When I attempt to add the following:
dn: dc=foobar,dc=com
changetype: modify
add: nisdomain
nisdomain: foobar.com
I get the error: ³additional info: attribute "nisDomain" not allowed²
I¹ve double checked the object type of my domain and it¹s set to domain and
top. Is there another value I need to modify? The solaris client keeps
failing with this:
NOTFOUND:Could not find the nisDomainObject for DN dc=foobar, dc=com
-Aaron
On 3/16/09 4:17 PM, "Luke Bigum" <lbigum@iseek.com.au> wrote:
> Aaron, that''s the documentation I followed, it should be correct.
Make sure
> you take a note of the first point and modify the script. Here''s
my copy of
> the chk_ids_version function:
>
> chk_ids_version()
> {
> [ $DEBUG -eq 1 ] && ${ECHO} "In chk_ids_version()"
>
> # check iDS version number.
> eval "${LDAPSEARCH} ${SERVER_ARGS} -b cn=monitor -s base
\"objectclass=*\"
> version | ${GREP} \"^version=\"
> | cut -f2 -d''/'' | cut -f1 -d'' '' >
${TMPDIR}/checkDSver 2>&1"
> if [ $? -ne 0 ]; then
> ${ECHO} "ERROR: Can not determine the version number of
iDS!"
> exit 1
> fi
> IDS_VER=`cat ${TMPDIR}/checkDSver`
> IDS_MAJVER=`${ECHO} ${IDS_VER} | cut -f1 -d.`
> IDS_MINVER=`${ECHO} ${IDS_VER} | cut -f2 -d.`
> if [ "${IDS_MAJVER}" != "5" ] && [
"${IDS_MAJVER}" != "6" ] && [
> "${IDS_MAJVER}" != "1" ]; then
> ${ECHO} "ERROR: $PROG only works with JES DS version 5.x and
6.x and
> FDS 1.1.3, not ${IDS_VER}."
> exit 1
> fi
> if [ $DEBUG -eq 1 ]; then
> ${ECHO} " IDS_MAJVER = $IDS_MAJVER"
> ${ECHO} " IDS_MINVER = $IDS_MINVER"
> fi
> }
>
> If that doesn''t fix your problem, can you find out where in the
script it''s
> dying?
>
>
> Luke Bigum
> Systems Administrator
> (p) 1300 661 668
> (f) 1300 661 540
> (e) lbigum@iseek.com.au <mailto:lbigum@iseek.com.au>
> http://www.iseek.com.au <http://www.iseek.com.au/>
> Level 1, 100 Ipswich Road Woolloongabba QLD 4102
>
>
>
> This e-mail and any files transmitted with it may contain confidential and
> privileged material for the sole use of the intended recipient. Any review,
> use, distribution or disclosure by others is strictly prohibited. If you
are
> not the intended recipient (or authorised to receive for the recipient),
> please contact the sender by reply e-mail and delete all copies of this
> message.
>
>
>
> From: fedora-directory-users-bounces@redhat.com
> [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Aaron Mills
> Sent: Tuesday, 17 March 2009 3:26 AM
> To: discussion list for the Fedora Directory server project.
> Subject: [Fedora-directory-users] Solaris 10 central auth through FDS
>
> Hi All,
>
> I¹m trying to hook a bunch of Solaris 10 boxes into my FDS install for
central
> user authentication. I¹ve already got a dozen or so linux boxes
authenticating
> off FDS 1.1.3.
>
> I was reading the documentation here:
>
http://directory.fedoraproject.org/wiki/Howto:SolarisClient#Solaris_10_LDAP_Cl
> ient
>
> Which seems to be slightly outdated (idsconfig fails consistently). Is
there a
> newer doc out there somewhere and/or has anyone had success with the Wiki¹s
> instructions? Any advice would be much appreciated.
>
> Thanks,
>
> -Aaron
>
--
Aaron Mills
Systems Administrator
Return Path
http://www.returnpath.net
Luke Bigum
2009-Mar-18 22:40 UTC
RE: [Fedora-directory-users] RE: Solaris 10 central auth through FDS
''nisDomain'' is an attribute of the obectClass
''nisDomainObect'', so first you''ll want to (something
like):
dn: dc=foobar,dc=com
changetype: modify
add: objectClass
objectClass: nisDomainObject
Luke Bigum
Systems Administrator
(p) 1300 661 668
(f) 1300 661 540
(e) lbigum@iseek.com.au<mailto:lbigum@iseek.com.au>
http://www.iseek.com.au<http://www.iseek.com.au/>
Level 1, 100 Ipswich Road Woolloongabba QLD 4102
[cid:image001.jpg@01C9A86E.6A1CA1A0]
This e-mail and any files transmitted with it may contain confidential and
privileged material for the sole use of the intended recipient. Any review, use,
distribution or disclosure by others is strictly prohibited. If you are not the
intended recipient (or authorised to receive for the recipient), please contact
the sender by reply e-mail and delete all copies of this message.
From: fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Aaron Mills
Sent: Thursday, 19 March 2009 6:03 AM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] RE: Solaris 10 central auth through FDS
Thanks for the help - I''m following this doc a little more closely, but
I''m stuck at the part where it says to add the nisDomain attribute type
to the root node:
http://directory.fedoraproject.org/wiki/Howto:SolarisClient#Solaris_10_LDAP_Client
When I attempt to add the following:
dn: dc=foobar,dc=com
changetype: modify
add: nisdomain
nisdomain: foobar.com
I get the error: "additional info: attribute "nisDomain" not
allowed"
I''ve double checked the object type of my domain and it''s set
to domain and top. Is there another value I need to modify? The solaris client
keeps failing with this:
NOTFOUND:Could not find the nisDomainObject for DN dc=foobar, dc=com
-Aaron
On 3/16/09 4:17 PM, "Luke Bigum" <lbigum@iseek.com.au> wrote:
Aaron, that''s the documentation I followed, it should be correct. Make
sure you take a note of the first point and modify the script. Here''s
my copy of the chk_ids_version function:
chk_ids_version()
{
[ $DEBUG -eq 1 ] && ${ECHO} "In chk_ids_version()"
# check iDS version number.
eval "${LDAPSEARCH} ${SERVER_ARGS} -b cn=monitor -s base
\"objectclass=*\" version | ${GREP} \"^version=\"
| cut -f2 -d''/'' | cut -f1 -d'' '' >
${TMPDIR}/checkDSver 2>&1"
if [ $? -ne 0 ]; then
${ECHO} "ERROR: Can not determine the version number of iDS!"
exit 1
fi
IDS_VER=`cat ${TMPDIR}/checkDSver`
IDS_MAJVER=`${ECHO} ${IDS_VER} | cut -f1 -d.`
IDS_MINVER=`${ECHO} ${IDS_VER} | cut -f2 -d.`
if [ "${IDS_MAJVER}" != "5" ] && [
"${IDS_MAJVER}" != "6" ] && [
"${IDS_MAJVER}" != "1" ]; then
${ECHO} "ERROR: $PROG only works with JES DS version 5.x and 6.x
and FDS 1.1.3, not ${IDS_VER}."
exit 1
fi
if [ $DEBUG -eq 1 ]; then
${ECHO} " IDS_MAJVER = $IDS_MAJVER"
${ECHO} " IDS_MINVER = $IDS_MINVER"
fi
}
If that doesn''t fix your problem, can you find out where in the script
it''s dying?
Luke Bigum
Systems Administrator
(p) 1300 661 668
(f) 1300 661 540
(e) lbigum@iseek.com.au <mailto:lbigum@iseek.com.au>
http://www.iseek.com.au <http://www.iseek.com.au/>
Level 1, 100 Ipswich Road Woolloongabba QLD 4102
[cid:image001.jpg@01C9A86E.6A1CA1A0]
This e-mail and any files transmitted with it may contain confidential and
privileged material for the sole use of the intended recipient. Any review, use,
distribution or disclosure by others is strictly prohibited. If you are not the
intended recipient (or authorised to receive for the recipient), please contact
the sender by reply e-mail and delete all copies of this message.
From: fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Aaron Mills
Sent: Tuesday, 17 March 2009 3:26 AM
To: discussion list for the Fedora Directory server project.
Subject: [Fedora-directory-users] Solaris 10 central auth through FDS
Hi All,
I''m trying to hook a bunch of Solaris 10 boxes into my FDS install for
central user authentication. I''ve already got a dozen or so linux boxes
authenticating off FDS 1.1.3.
I was reading the documentation here:
http://directory.fedoraproject.org/wiki/Howto:SolarisClient#Solaris_10_LDAP_Client
Which seems to be slightly outdated (idsconfig fails consistently). Is there a
newer doc out there somewhere and/or has anyone had success with the
Wiki''s instructions? Any advice would be much appreciated.
Thanks,
-Aaron
--
Aaron Mills
Systems Administrator
Return Path
http://www.returnpath.net