-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 18 Nov 2010, at 02:41, Patrick O'Sullivan wrote:
I've gotten a config working where I have Kerberos auth to AD and passwd lookups via LDAP to AD. I enable it, and it works fine, but on a reboot, it stops working. Please let me know if you have any thoughts as to why this happens. (This behavior is common to both oi147 and Solaris 11 Express.)
At this stage (after you've run ldapclient) /var/ldap/ldap_client_file should be populated with the correct values - is that the case?
There were a couple of long standing bugs in Solaris 10 - one of them was where the LDAP client couldn't contact an LDAP server when it came to update it's configuration, it would write down a zero byte ldap_client_file - with predictable results.
The other one was when /var filled up, even for a moment, ldap_client_file would be zeroed out when doing a profile refresh. Both partly stem from LDAP client profile updates moving ldap_client_file before getting an update, and then not being able/ willing to move it back again if something goes wrong.
However, I think the problem here is - are you storing this LDAP profile in AD? The LDAP client will do a refresh of the config from the profile on the LDAP server - I suspect on boot it's trying to do a refresh, not finding a profile, and the zeroing out ldap_client_file.
You need to keep an LDAP client profile in the right container in the tree because clients will poll and refresh from that profile.
Cheers, TOM - -- Tom Kranz Email: t...@gaeltd.com Skype: siliconbunny Mobile: 07779 149281 Phone/fax: 01344 773240 http://www.gaeltd.com http://www.linkedin.com/in/tomkranz -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAkzk/4QACgkQCaTe3ZK74hmAZQCeO+wSoLy8jiQG2hKJ1vRj3zju ekwAn26JK8oTCGWE3KEYTcOD2hafUtJB =L2es -----END PGP SIGNATURE----- _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
