[nssldap] Solaris 10, nscd, Bug 369 issues

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Paul Tipper <p.tipper [at] lancaster.ac.uk>
To: nssldap [at] padl.com
Subject: [nssldap] Solaris 10, nscd, Bug 369 issues
Date: Tue, 11 Aug 2009 13:02:23 +0100

Greetings,

I'm trying to integrate a Solaris 10 machine with Active Directory
(using SFU 3.5) and since our schema is based on RFC2307bis groups (as
I understand it) Solaris's ldap client can't seem to deal with this.

So we've compiled and installed nss_ldap (version 264) from Padl,
building it against OpenLDAP (2.4.16) and having that authenticate
against our AD by use of GSSAPI and a kerberos key in the machines
keytab generated with ktpass.exe (full details are available of
exactly what we've done if anyone wants them).

The Solaris machine machine has the following showrev information:
Release: 5.10
Kernel architecture: sun4u
Application architecture: sparc
Hardware provider: Sun_Microsystems
Domain: lancs.local
Kernel version: SunOS 5.10 Generic_127127-11

I've also installed patch 140391-03
(http://sunsolve.sun.com/search/document.do?assetkey=1-21-140391-03-1)
which apparently fixes bug 6644077 which is related to nscd rejecting
forign nss backends.


However we've hit a snag involving nscd and what I assume is bug 369
in the Padl bugtracker (http://bugzilla.padl.com/show_bug.cgi?id=369)

Essentially if nscd is running then id, getent passwd and other calls
fail.

If nscd is not running these calls work fine, and the machine can be
logged into, authenticating against LDAP via PAM, which suggests that
our configuration is correct at least in this point.  However once
logged into programs like klist and ssh cannot be run as they seem to
depend on nscd.


I've tried the suggested solution in the bugzilla page, getting the
svc:/network/ldap/client:default service running.  Although I've not
tried renaming the library and functions.  This doesn't seem to change
the behaviour of nscd, as soon as its running these calls fail.


Can anyone offer any other suggestions for what I'm doing wrong?  Do I
just need to wait for the next release of nss_ldap?  Should I be
replying on the bugzilla?


If any more information is required on compilation options or
configuration used then please ask on or off list, I just didn't want
to swamp peoples inboxes.


Regards,

paul.


-- 
 ~ Paul Tipper ~
ISS Unix Support, Lancaster University
Website: http://www.lancs.ac.uk/~tipper/
Email: <p.tipper@lancaster.ac.uk>  PGP Key: 0x8E8C2E9F

[nssldap] Solaris 10, nscd, Bug 369 issues, Paul Tipper

Re: [nssldap] Solaris 10, nscd, Bug 369 issues, Thomas Glanzmann
Re: [nssldap] Solaris 10, nscd, Bug 369 issues, Howard Wilkinson

Prev by Date: Re: [nssldap] wireshark shows successful ldap searches, but no nss or pam stuff works
Next by Date: Re: [nssldap] Solaris 10, nscd, Bug 369 issues
Previous by thread: Re: [nssldap] wireshark shows successful ldap searches, but no nss or pam stuff works
Next by thread: Re: [nssldap] Solaris 10, nscd, Bug 369 issues