after install, re-configure networking. this will remove all profiles and anything that may muck up correct connectivity later on.
[undo]
yep. you start out by unconfiguring the default. go figure, right? well, this gets rid of all the confusion created by np and loc and "network magic."
# sysconfig configure -s
system will shut down; upon system start logon as "alternate account".
[ssh]
allow root ssh login solaris 11.
/etc/ssh/sshd_config PermitRootLogin = yes /etc/default/login #CONSOLE =/dev/login
# rolemod -K type=normal root
[ldap]
what's ldap up to?
svc */ldap/*
svcadm enable network/ldap/client:default svcadm enable network/nis/domain svcs -l network/ldap/client:default /usr/lib/ldap/ldap_cachemgr -g
svcs -l network/ldap/client:default
make sure the deps are online.
ldapclient -v manual \ -a defaultServerList=xx.xx.xx.xx \ -a defaultSearchBase=dc=xx,dc=xx,dc=xx \ -a defaultSearchScope=sub \ -a bindTimeLimit=20 \ -a credentialLevel=proxy \ -a authenticationMethod=simple \ -a proxyDN=cn=admin,dc=xx,dc=xx,dc=xx \ -a proxyPassword=aStringValue \ -a serviceSearchDescriptor=passwd:ou=users,dc=xx,dc=xx,dc=xx \ -a serviceSearchDescriptor=shadow:ou=users,dc=xx,dc=xx,dc=xx \ -a serviceSearchDescriptor=group:ou=groups,dc=xx,dc=xx,dc=xx \ -a followReferrals=true
# ldapclient list
determine that all fields are thus:
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=admin,dc=xx,dc=xx,dc=xx
NS_LDAP_BINDPASSWD= {NS1}poop
NS_LDAP_SERVERS= xx.xx.xx.xx
NS_LDAP_SEARCH_BASEDN= dc=xx,dc=xx,dc=xx
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= TRUE
NS_LDAP_SEARCH_SCOPE= sub
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=users,dc=xx,dc=xx,dc=xx
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=users,dc=xx,dc=xx,dc=xx
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=groups,dc=xx,dc=xx,dc=xx
NS_LDAP_BIND_TIME= 30
in pam.conf have:
# login service (explicit because of pam_dial_auth) # login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth required pam_unix_cred.so.1 login auth required pam_dial_auth.so.1 login auth binding pam_unix_auth.so.1 server_policy login auth required pam_ldap.so.1
http://docs.oracle.com/cd/E23823_01/html/816-5166/ldapclient-1m.html shows all the neat switches.
[nsswitch]
# svccfg svc:> select name-service/switch svc:/system/name-service/switch> setprop config/host = astring: "files dns" svc:/system/name-service/switch> setprop config/ipnodes = astring: "files dns" svc:/system/name-service/switch> select system/name-service/switch:default svc:/system/name-service/switch:default> refresh svc:/system/name-service/switch:default> validate svc:/system/name-service/switch:default> exit # svcadm enable dns/client # svcadm refresh name-service/switch # grep host /etc/nsswitch.conf hosts: files dns # cat /etc/resolv.conf
No comments:
Post a Comment