On 18 Nov 2010, at 10:27, Tom Kranz wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On 18 Nov 2010, at 02:41, Patrick O'Sullivan wrote: > >> I've gotten a config working where I have Kerberos auth to AD and >> passwd lookups via LDAP to AD. I enable it, and it works fine, but on >> a reboot, it stops working. Please let me know if you have any >> thoughts as to why this happens. (This behavior is common to both >> oi147 and Solaris 11 Express.) >> > > At this stage (after you've run ldapclient) /var/ldap/ldap_client_file should > be populated with the correct values - is that the case? > > There were a couple of long standing bugs in Solaris 10 - one of them was > where the LDAP client couldn't contact an LDAP server when it came to update > it's configuration, it would write down a zero byte ldap_client_file - with > predictable results. > > The other one was when /var filled up, even for a moment, ldap_client_file > would be zeroed out when doing a profile refresh. Both partly stem from LDAP > client profile updates moving ldap_client_file before getting an update, and > then not being able/willing to move it back again if something goes wrong. > > However, I think the problem here is - are you storing this LDAP profile in > AD? The LDAP client will do a refresh of the config from the profile on the > LDAP server - I suspect on boot it's trying to do a refresh, not finding a > profile, and the zeroing out ldap_client_file. > > You need to keep an LDAP client profile in the right container in the tree > because clients will poll and refresh from that profile.
FWIW another possibility is that nwam is getting involved - getting the DHCP response and from the options set in that response, deciding to ignore the local nsswitch LDAP settings. A grub through the NWAM changes between 133 and 147 might bear fruit. Cheersm Chris _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
