On 18 Nov 2010, at 02:41, Patrick O'Sullivan wrote: > I've gotten a config working where I have Kerberos auth to AD and > passwd lookups via LDAP to AD. I enable it, and it works fine, but on > a reboot, it stops working. Please let me know if you have any > thoughts as to why this happens. (This behavior is common to both > oi147 and Solaris 11 Express.) > > Configuring ldapclient: > > $ sudo ldapclient -v manual -a credentialLevel=self -a > authenticationMethod=sasl/gssapi -a defaultSearchBase=dc=osulvn,dc=net > -a domainName=osulvn.net -a defaultServerList=ad1.osulvn.net -a > attributeMap=passwd:gecos=cn -a > attributeMap=passwd:homedirectory=unixHomeDirectory -a > objectClassMap=group:posixGroup=group -a > objectClassMap=passwd:posixAccount=user -a > objectClassMap=shadow:shadowAccount=user -a > serviceSearchDescriptor=passwd:cn=users,dc=osulvn,dc=net?one -a > serviceSearchDescriptor=group:cn=users,dc=osulvn,dc=net?one > ... > System successfully configured > $ getent passwd userfoo > userfoo:x:20002:30000:User Foo:/home/userfoo:/bin/bash > > At this point I can login as userfoo with GSSAPI auth over ssh or with > a password on the console. > > After I reboot, I can no longer login as userfoo and 'getent' returns nothing.
Yes, I'm seeing the same. At the point it has lost its mojo (:-) what's in the /var/ldap/ldap_client_file and is your nsswitch.conf what it should be or has something changed them? FWIW just re-running the ldapclient command (with flags) fixes things. I have a shell script that calls it with all our local values in, which makes things a little easier. Cheers, Chris _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
