Thursday, August 9, 2012

oracle solaris 11 is all new all the time

it is.

after install, re-configure networking. this will remove all profiles and anything that may muck up correct connectivity later on.

[undo]
yep. you start out by unconfiguring the default. go figure, right? well, this gets rid of all the confusion created by np and loc and "network magic."

# sysconfig configure -s

system will shut down; upon system start logon as "alternate account".

[ssh]
allow root ssh login solaris 11.

/etc/ssh/sshd_config
PermitRootLogin = yes

/etc/default/login
#CONSOLE =/dev/login

# rolemod -K type=normal root

[ldap]
what's ldap up to?
svc */ldap/*
svcadm enable network/ldap/client:default
svcadm enable network/nis/domain
svcs -l network/ldap/client:default
/usr/lib/ldap/ldap_cachemgr -g

svcs -l network/ldap/client:default
make sure the deps are online.

ldapclient -v manual \
-a defaultServerList=xx.xx.xx.xx \
-a defaultSearchBase=dc=xx,dc=xx,dc=xx \
-a defaultSearchScope=sub \
-a bindTimeLimit=20 \
-a credentialLevel=proxy \
-a authenticationMethod=simple \
-a proxyDN=cn=admin,dc=xx,dc=xx,dc=xx \
-a proxyPassword=aStringValue \
-a serviceSearchDescriptor=passwd:ou=users,dc=xx,dc=xx,dc=xx \
-a serviceSearchDescriptor=shadow:ou=users,dc=xx,dc=xx,dc=xx \
-a serviceSearchDescriptor=group:ou=groups,dc=xx,dc=xx,dc=xx \
-a followReferrals=true

# ldapclient list
determine that all fields are thus:
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=admin,dc=xx,dc=xx,dc=xx
NS_LDAP_BINDPASSWD= {NS1}poop
NS_LDAP_SERVERS= xx.xx.xx.xx
NS_LDAP_SEARCH_BASEDN= dc=xx,dc=xx,dc=xx
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= TRUE
NS_LDAP_SEARCH_SCOPE= sub
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=users,dc=xx,dc=xx,dc=xx
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=users,dc=xx,dc=xx,dc=xx
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=groups,dc=xx,dc=xx,dc=xx
NS_LDAP_BIND_TIME= 30

in pam.conf have:
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth required pam_dial_auth.so.1
login auth binding pam_unix_auth.so.1 server_policy
login auth required pam_ldap.so.1

http://docs.oracle.com/cd/E23823_01/html/816-5166/ldapclient-1m.html shows all the neat switches.

[nsswitch]

# svccfg
svc:> select name-service/switch
svc:/system/name-service/switch> setprop config/host = astring: "files dns"
svc:/system/name-service/switch> setprop config/ipnodes = astring: "files dns"
svc:/system/name-service/switch> select system/name-service/switch:default
svc:/system/name-service/switch:default> refresh
svc:/system/name-service/switch:default> validate
svc:/system/name-service/switch:default> exit
# svcadm enable dns/client
# svcadm refresh name-service/switch
# grep host /etc/nsswitch.conf
hosts:  files dns
# cat /etc/resolv.conf
Post a Comment