-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18 Nov 2010, at 02:41, Patrick O'Sullivan wrote:

I've gotten a config working where I have Kerberos auth to AD and
passwd lookups via LDAP to AD. I enable it, and it works fine, but on
a reboot, it stops working. Please let me know if you have any
thoughts as to why this happens. (This behavior is common to both
oi147 and Solaris 11 Express.)


At this stage (after you've run ldapclient) /var/ldap/ldap_client_file should be populated with the correct values - is that the case?

There were a couple of long standing bugs in Solaris 10 - one of them was where the LDAP client couldn't contact an LDAP server when it came to update it's configuration, it would write down a zero byte ldap_client_file - with predictable results.

The other one was when /var filled up, even for a moment, ldap_client_file would be zeroed out when doing a profile refresh. Both partly stem from LDAP client profile updates moving ldap_client_file before getting an update, and then not being able/ willing to move it back again if something goes wrong.

However, I think the problem here is - are you storing this LDAP profile in AD? The LDAP client will do a refresh of the config from the profile on the LDAP server - I suspect on boot it's trying to do a refresh, not finding a profile, and the zeroing out ldap_client_file.

You need to keep an LDAP client profile in the right container in the tree because clients will poll and refresh from that profile.

Cheers,
TOM


- --
Tom Kranz
Email: t...@gaeltd.com  Skype: siliconbunny
Mobile: 07779 149281    Phone/fax: 01344 773240
http://www.gaeltd.com           http://www.linkedin.com/in/tomkranz




-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAkzk/4QACgkQCaTe3ZK74hmAZQCeO+wSoLy8jiQG2hKJ1vRj3zju
ekwAn26JK8oTCGWE3KEYTcOD2hafUtJB
=L2es
-----END PGP SIGNATURE-----

_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Reply via email to