/var/ldap/ldap_client_file is populated correctly. Further, it's identical to the version that ldapclient backs up in the restore directory.
/etc/nsswitch.conf looks good too. On Nov 18, 2010, at 1:55, Chris Ridd <chrisr...@mac.com> wrote: > > On 18 Nov 2010, at 02:41, Patrick O'Sullivan wrote: > >> I've gotten a config working where I have Kerberos auth to AD and >> passwd lookups via LDAP to AD. I enable it, and it works fine, but on >> a reboot, it stops working. Please let me know if you have any >> thoughts as to why this happens. (This behavior is common to both >> oi147 and Solaris 11 Express.) >> >> Configuring ldapclient: >> >> $ sudo ldapclient -v manual -a credentialLevel=self -a >> authenticationMethod=sasl/gssapi -a defaultSearchBase=dc=osulvn,dc=net >> -a domainName=osulvn.net -a defaultServerList=ad1.osulvn.net -a >> attributeMap=passwd:gecos=cn -a >> attributeMap=passwd:homedirectory=unixHomeDirectory -a >> objectClassMap=group:posixGroup=group -a >> objectClassMap=passwd:posixAccount=user -a >> objectClassMap=shadow:shadowAccount=user -a >> serviceSearchDescriptor=passwd:cn=users,dc=osulvn,dc=net?one -a >> serviceSearchDescriptor=group:cn=users,dc=osulvn,dc=net?one >> ... >> System successfully configured >> $ getent passwd userfoo >> userfoo:x:20002:30000:User Foo:/home/userfoo:/bin/bash >> >> At this point I can login as userfoo with GSSAPI auth over ssh or with >> a password on the console. >> >> After I reboot, I can no longer login as userfoo and 'getent' returns >> nothing. > > Yes, I'm seeing the same. At the point it has lost its mojo (:-) what's in > the /var/ldap/ldap_client_file and is your nsswitch.conf what it should be or > has something changed them? > > FWIW just re-running the ldapclient command (with flags) fixes things. I have > a shell script that calls it with all our local values in, which makes things > a little easier. > > Cheers, > > Chris > > _______________________________________________ > OpenIndiana-discuss mailing list > OpenIndiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
