LDAP and Solaris Authorization.

Hi,
Need some help. Can we do authorization of users with LDAP using PAM on Solaris. I am aware that we can use netgroups with LDAP for restricting access but is there any generic facility that can be used directly with PAM itself to restrict the users?
All ideas are appreciated.
Regards,
Abrar

I wonder anyone had successfully compiled pam_listfile.so (part of LinuxPAM) on Solaris8/9 and use it successfully in /etc/pam.conf as a mean of Authorization Control?
===
# cat /usr/share/doc/pam-0.77/txts/README.pam_listfile
SUMMARY:
pam_listfile:
Checks a specified item against a list in a file.
Options:
* item=tty
* sense=allow (action to take if found in file,
if the item is NOT found in the file, then
the opposite action is requested)
* file=/the/file/to/get/the/list/from
* onerr=succeed (if something weird happens
such as unable to open the file, what to do?)
* apply=user
restrict the user class for which the restriction
apply. Note that with item=user this
does not make sense, but for item=tty
it have a meaning. (Cristian Gafton)
Also checks to make sure that the list file is a plain
file and not world writable.
- Elliot Lee <[email protected]>, Red Hat Software.
v0.9 August 16, 1996.
===
Gary

Similar Messages

  • Linux and Solaris Clients with password policy using LDAP

    Anybody managed to get Linux (RHEL) and Solaris 9 Client authenticate against Sun Directory Server 5.2p4 using the same password policy?
    For me it looks like Linux needs attribute shadowlastchanged set to display proper Warnings, that the password will expire/needs to be changed now. On the other hand Solaris (using pam_ldap) never writes this attribute, because it's using the password policy attribute pwdchangedtime.
    Hints very wellcome!
    Can anybody confirm Solaris9 pam_unix still sets this shadow* attributes correct on any password change executed by a user?

    Hi Jeremy,
    here the answers to your questions:
    >My question is which system takes precedence over the password policy?
    Unfortunately there is no policy verification between the portal and your Sun One LDAP. So if you reset the password from the portal then only the portal password policies can be checked.
    >  If I wanted to do password resets from the Portal, does the portal then store only the password in its database?
    No, the password will be stored in the LDAP, but only if it also corresponds with the LDAP policies. If not, then you will get an error, but you will not see the real LDAP exception.
    > Also what would then happen if you tried to reset the password from the LDAP?
    The password in the LDAP does not have to fit to the Portal password policies. When you log in, the portal will only check if the password you tipped in is the new one in LDAP and will not check any policies.
    Hope this brings some light in,
    Robert

  • Creating LDAP filter in authorization rule OAM 10G

    Hi,
    I want to set up a LDAP filter in Authorization rule based on which i will redirect users to specific URL's. what is the syntax to writing LDAP filters in OAM authorization policy. Any pointers to documentation will be appreciated.
    Also i want to know whether authorizations always follow authentication. i.e. my redirection will be successful only after a user is authenticated in end application based on the headers we send out after successful authentication.
    Please Help
    Thanks
    Edited by: 904630 on Dec 27, 2011 5:34 AM
    Edited by: 904630 on Dec 27, 2011 5:36 AM

    Open Identity server console and check the attribute's Display Name and type in Object classes section. I recently faced a similar issue and it got fixed after providing these two values.
    Hope it works for your as well :)

  • Hello, Identity manager fail to add entries in the LDAP and database table

    Hello,
    Well I installed identity manager 7 in a windows 2003 advanced server.
    I I appended an NT server resource, a Mysql table, a solaris server resource and an ldap server resource.
    I created the roles for these resources and then I assigned them to an account that I created for testing purposes.
    After the aprooval, in the solaris machine, the user has been added in the user database but no home directory has been created as I didn't set the apropriate flag to true.
    I the windows resource everything worked very smooth and with no problem.
    In the ldap and mysql table resources I recieved a failure having error message null. and from a sniffing that I did for investigation I never saw a sigle packed arrive to the mysql server or to the directory server from the idm server.
    Any ideas or suggestions on what to do ?

    Well the problem with the directory server just solved.
    But the problem with mysql remains.
    The first thing that I do when I add a resource is to test the connection.
    The problem with the LDAP is that the dn was not present in the directory server. They gave me an ou that didn't exist.

  • Problems setting up ldap on solaris 10.

    when trying to set up LDAP on Solaris 10 I am asked for an LDAP profile and the address of the ldap server. I know the address of the LDAP server but what is the profile, and how do I set it up with active directory?

    Hi,
    The profile defines how the client will interact with the server. On a Solaris server, you set this file up with the /usr/lib/ldap/idsconfig command. On the client, you use ldapclient init -a profileName=xyz -a domainName=your.domain <server.ip.adderss.here:portno> portno not necessary if you are using port 389 on server. I'm not sure how you duplicate the functionality of that file from a Windows server. Maybe if you look at man page on idsconfig, it may help identify what needs to be done on Windows server to create a profile the Solaris client can use. I went to MS TechNet and searched for "ldap server for solaris client" A lot of hits. Hope this helps.
    John

  • JNDI, LDAP, and Weblogic 6.0

    Hi-
    We are encountering an issue with JNDI and spurious "socket closed"
    exceptions. The players in our environment are Weblogic 6.0, Netscape
    Directory Server 4.1, (both running on Solaris 2.8) and JNDI as of JDK 1.3.
    We do JNDI lookups to connect to LDAP and most of the time everything works
    fine. Occasionally we get the following exception.
    java.lang.NullPointerException
    at com.sun.jndi.ldap.Connection.run(Connection.java:568)
    at java.lang.Thread.run(Thread.java:484)
    Exception encountered: Socket closed
    javax.naming.CommunicationException: Socket closed. Root exception is
    java.net.SocketException: Socket closed
    at java.net.SocketOutputStream.socketWrite(Native Method)
    at java.net.SocketOutputStream.write(SocketOutputStream.java:83)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:72)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:130)
    at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:210)
    at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:497)
    at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1720)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1584)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1509)
    at
    com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.ja
    va:371)
    at
    com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeD
    irContext.java:331)
    at
    com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeD
    irContext.java:316)
    at
    javax.naming.directory.InitialDirContext.search(InitialDirContext.java:241)
    at adpsis.posse.ldap.LDAPReader.find(LDAPReader.java:37)
    at adpsis.posse.prfpos.PreferencesEJB.getUserName(PreferencesEJB.java:589)
    at
    adpsis.posse.prfpos.PreferencesEJB.getColorAttributes(PreferencesEJB.java:39
    1)
    at
    adpsis.posse.prfpos.PreferencesEJB.getColorPreferences(PreferencesEJB.java:3
    02)
    at
    adpsis.posse.prfpos.PreferencesEJBImpl.getColorPreferences(PreferencesEJBImp
    l.java:250)
    at
    adpsis.posse.prfpos.PreferencesEJBEOImpl.getColorPreferences(PreferencesEJBE
    OImpl.java:287)
    at
    adpsis.posse.prfpos.PreferencesEJBEOImpl_WLSkel.invoke(PreferencesEJBEOImpl_
    WLSkel.java:116)
    at
    weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:373)
    at
    weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java
    :128)
    at
    weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:237)
    at
    weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.
    java:118)
    at
    weblogic.rmi.internal.BasicRequestDispatcher.dispatch(BasicRequestDispatcher
    .java:115)
    at weblogic.rmi.internal.ServerRequest.sendOneWayRaw(ServerRequest.java:88)
    at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:108)
    at
    weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
    :247)
    at
    weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
    :225)
    at
    adpsis.posse.prfpos.PreferencesEJBEOImpl_WLStub.getColorPreferences(Preferen
    cesEJBEOImpl_WLStub.java:221)
    at adpsis.posse.transformer.CSSServlet.doPost(CSSServlet.java:86)
    at adpsis.posse.transformer.CSSServlet.doGet(CSSServlet.java:214)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:748)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at
    weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
    :213)
    at
    weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
    ntext.java:1265)
    at
    weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
    :1631)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
    The only way to recover is to restart the Weblogic server. The LDAP server
    appears to be running normally and continues to service other instances of
    Weblogic. No errors are logged in the LDAP server, the JNDI lookup that
    establishes the DirContext works fine on restart and is used multiple times
    with no issues until..poof..socket closed. I'm not certain which part is at
    issue, Weblogic, LDAP, or JNDI.
    Any ideas?
    Regards,
    Brett Schmoll
    ADP/SIS

    WLS 6.0 will be supported in the next release of WLCS, which is due in the
    spring.
    - Ginny
    "aamerG" <[email protected]> wrote in message
    news:3a5cb774$[email protected]..
    Hi everyone,
    we are starting a new development project and would like to use Weblogic
    6.0. How soon do you think there we be a version of WLCS which works with
    6.0.
    TIA

  • Sudo with LDAP NetGroups Solaris 10

    Hi All,
    Can some  one describe me the steps to configure sudoers to work with LDAP NetGroups Solaris 10 ?
    I am using  "sudo  1.7.2p6 " right now.
    I am able to authenticate using  the Netgroups , but not able to using sudo.
    Thanks,
    DD

    I have recently tested sudo 1.6.8p8 to be working with flat files /etc/sudoers or LDAP sudo maps, together with netgroup and automount, on a Solaris Native LDAP Client against DS5.2 server.
    I assume you use Solaris8/9 Native LDAP Client, and assume netgroup LDAP maps have been working without sudo.
    I read your other post about sudo and ldap, I think you did not configure and build "sudo" with "--with-pam", right?
    Can you provide the following details?
    1) First 10 lines of "sudo -V", i.e. "sudo -V | head".
    2) How do you configure "sudo" on the LDAP Client? i.e. ./configure options.
    3) Did you use an old gcc version eg: Solaris9 built-in gcc 3.1, to compile sudo?
    4) Content of /var/ldap/ldap_client_file.
    5) Content of /etc/ldap.conf, you should have this file.
    6) Sample ldif showing some sudoRole entries in LDAP
    7) Can you perform these commands?
    ldaplist -l sudoers
    ldaplist -l sudoers root
    ldaplist -l sudoers some_sudoRole
    8) Content of /etc/pam.conf
    9) Any other relevant details, like err in /var/adm/messages.
    Gary

  • JSDS 6.2 and Solaris 10 UNIX Accounts (simple,proxy)

    Hi,
    I just got my Solaris10 server-client setup working. Here's some items that may be useful to you: All I'm using LDAP for at this point is user authentication to include home directory management from the server ( NFS share and auto_fs setup in LDAP and on the client )
    My server is JSDS 6.2 ( at least, that's what Sun's Download Center id'd it as. Here's output of DBVERSION file:
    cat /var/opt/SUNWdsee/dsins1/db/DBVERSION
    Sun-ldbm/6.0(64-bit) SunOS 5.10 sparc
    ASSUMPTIONS:  You have the LDAP server installed and running and you are ready to run /usr/lib/ldap/idsconfig
    Both systems patched to latest Recommended cluster and patches shown at JSDS download site. Also, make sure CRYPT is selected during idsconfig.
    myserver: UE450
    (myserver-root: /:225)-> showrev
    Hostname: myserver
    Hostid: 1234567890
    Release: 5.10
    Kernel architecture: sun4u
    Application architecture: sparc
    Hardware provider: Sun_Microsystems
    Domain: example.com
    Kernel version: SunOS 5.10 Generic_127111-01
    myclient: SF V445
    (myclient-root: /:130)-> showrev
    Hostname: myclient
    Hostid: 1234567890
    Release: 5.10
    Kernel architecture: sun4u
    Application architecture: sparc
    Hardware provider: Sun_Microsystems
    Domain: example.com
    Kernel version: SunOS 5.10 Generic_127111-01
    ON CLIENT:
    ldapclient -v init -a proxyDN=cn=proxyagent,ou=profile,dc=example,dc=com
    -a profileName=myprofile my.svr.ip.addr:port (port if not 389)
    I was not fully qualifying proxyDN and this caused authentication failures. ( do not run ldapclient init until the following are done first )
    ON CLIENT: I edited stock pam.conf and made sure only atries active were those id'd in Sun's doc. Also, I made sure I followed same order in each section as compared to Sun's doc.
    pam.conf ( from Sun's JSDS Admin guide ) on LDAP client:
    (*ldap-client*-root: /var/tmp:213)-> cat /etc/pam.conf
    #ident "@(#)pam.conf 1.28 04/04/21 SMI"
    # Copyright 2004 Sun Microsystems, Inc. All rights reserved.
    # Use is subject to license terms.
    # PAM configuration
    # Unless explicitly defined, all services use the modules
    # defined in the "other" section.
    # Modules are defined with relative pathnames, i.e., they are
    # relative to /usr/lib/security/$ISA. Absolute path names, as
    # present in this file in previous releases are still acceptable.
    # Authentication management
    # login service (explicit because of pam_dial_auth)
    login auth requisite pam_authtok_get.so.1
    login auth required pam_dhkeys.so.1
    login auth required pam_unix_cred.so.1
    #login auth required pam_unix_auth.so.1
    login auth required pam_dial_auth.so.1
    login auth binding pam_unix_auth.so.1 server_policy
    login auth required pam_ldap.so.1
    # rlogin service (explicit because of pam_rhost_auth)
    rlogin auth sufficient pam_rhosts_auth.so.1
    rlogin auth requisite pam_authtok_get.so.1
    rlogin auth required pam_dhkeys.so.1
    rlogin auth required pam_unix_cred.so.1
    #rlogin auth required pam_unix_auth.so.1
    rlogin auth binding pam_unix_auth.so.1 server_policy
    rlogin auth required pam_ldap.so.1
    # Kerberized rlogin service
    krlogin auth required pam_unix_cred.so.1
    krlogin auth binding pam_krb5.so.1
    krlogin auth required pam_unix_auth.so.1
    # rsh service (explicit because of pam_rhost_auth,
    # and pam_unix_auth for meaningful pam_setcred)
    rsh auth sufficient pam_rhosts_auth.so.1
    rsh auth required pam_unix_cred.so.1
    rsh auth binding pam_unix_auth.so.1 server_policy
    rsh auth required pam_ldap.so.1
    # Kerberized rsh service
    krsh auth required pam_unix_cred.so.1
    krsh auth binding pam_krb5.so.1
    krsh auth required pam_unix_auth.so.1
    # Kerberized telnet service
    ktelnet auth required pam_unix_cred.so.1
    ktelnet auth binding pam_krb5.so.1
    ktelnet auth required pam_unix_auth.so.1
    # PPP service (explicit because of pam_dial_auth)
    ppp auth requisite pam_authtok_get.so.1
    ppp auth required pam_dhkeys.so.1
    #ppp auth required pam_unix_cred.so.1
    #ppp auth required pam_unix_auth.so.1
    ppp auth required pam_dial_auth.so.1
    ppp auth binding pam_unix_auth.so.1 server_policy
    ppp auth required pam_ldap.so.1
    # Default definitions for Authentication management
    # Used when service name is not explicitly mentioned for authentication
    other auth requisite pam_authtok_get.so.1
    other auth required pam_dhkeys.so.1
    other auth required pam_unix_cred.so.1
    #other auth required pam_unix_auth.so.1
    other auth binding pam_unix_auth.so.1 server_policy
    other auth required pam_ldap.so.1
    # passwd command (explicit because of a different authentication module)
    #passwd auth required pam_passwd_auth.so.1
    passwd auth binding pam_passwd_auth.so.1 server_policy
    passwd auth required pam_ldap.so.1
    # cron service (explicit because of non-usage of pam_roles.so.1)
    cron account required pam_unix_account.so.1
    # Default definition for Account management
    # Used when service name is not explicitly mentioned for account management
    other account requisite pam_roles.so.1
    #other account required pam_unix_account.so.1
    other account binding pam_unix_account.so.1 server_policy
    other account required pam_ldap.so.1
    # Default definition for Session management
    # Used when service name is not explicitly mentioned for session management
    other session required pam_unix_session.so.1
    # Default definition for Password management
    # Used when service name is not explicitly mentioned for password management
    other password required pam_dhkeys.so.1
    other password requisite pam_authtok_get.so.1
    other password requisite pam_authtok_check.so.1
    #other password required pam_authtok_store.so.1
    other password required pam_authtok_store.so.1 server_policy
    # Support for Kerberos V5 authentication and example configurations can
    # be found in the pam_krb5(5) man page under the "EXAMPLES" section.
    ON CLIENT: Sun's nsswitch.ldap files that get's activated after running lapclient init has LDAP take over everything. I use a trimmed-down nsswitch.conf with very few ldap entries.
    nsswitch.conf on LDAP client
    (*ldap-client*-root: /var/tmp:215)-> cat /etc/nsswitch.conf
    # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
    # Use is subject to license terms.
    # ident "@(#)nsswitch.ldap 1.10 06/05/03 SMI"
    # /etc/nsswitch.ldap:
    # An example file that could be copied over to /etc/nsswitch.conf; it
    # uses LDAP in conjunction with files.
    # "hosts:" and "services:" in this file are used only if the
    # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
    # LDAP service requires that svc:/network/ldap/client:default be enabled
    # and online.
    # the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
    passwd: files ldap
    group: files ldap
    # consult /etc "files" only if ldap is down.not using LDAP for hosts
    hosts: files dns
    # Note that IPv4 addresses are searched for in all of the ipnodes databases
    # before searching the hosts databases.
    ipnodes: files
    networks: files
    protocols: files
    rpc: files
    ethers: files
    netmasks: files
    bootparams: files
    publickey: files
    netgroup: files
    automount: files ldap
    aliases: files
    # for efficient getservbyname() avoid ldap
    services: files
    printers: user files
    auth_attr: files
    prof_attr: files
    project: files
    tnrhtp: files
    tnrhdb: files
    ON CLIENT:
    contents of /var/ldap files on client: notice fully qualified NS_LDAP_BINDDN - it me quite some time to understand that this had to be fully qualified or I would continue to get those "Error: Unable to update from profile" in /var/ldap/cachemgr.log and "openConnection: simple bind failed - No such object" in /var/adm/messages error messages.
    (*ldap-client*-root: /var/ldap:218)-> cat ldap*
    # Do not edit this file manually; your changes will be lost.Please use ldapclien
    t (1M) instead.
    NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=pacmh,dc=us,dc=eds,dc=com
    NS_LDAP_BINDPASSWD= (removed)
    # Do not edit this file manually; your changes will be lost.Please use ldapclien
    t (1M) instead.
    NS_LDAP_FILE_VERSION= 2.0
    NS_LDAP_SERVERS= my.svr.ip.addr:port (port if not 389)
    NS_LDAP_SEARCH_BASEDN= dc=example,dc=com
    NS_LDAP_AUTH= simple
    NS_LDAP_SEARCH_REF= FALSE
    NS_LDAP_SEARCH_SCOPE= one
    NS_LDAP_SEARCH_TIME= 30
    NS_LDAP_SERVER_PREF= my.svr.ip.addr:port (port if not 389)NS_LDAP_CACHETTL= 3600
    NS_LDAP_PROFILE= myprofile
    NS_LDAP_CREDENTIAL_LEVEL= proxy
    NS_LDAP_BIND_TIME= 15
    ON SERVER
    After running /usr/lib/ldap/idsconfig, I had to create VLV indexes with this command ( after idsconfig runs, it says to use directoryserver command, which does not exist in JSDS 6.2)
    /opt/SUNWdsee/ds6/bin/dsconf create-index -h myserver -p nnnn ( port if not 389 ) dc=example,dc=com getgrent gethostent [....]
    enter space-separated list of all VLV indexes idsconfig said to add after you ran idsconfig
    ON CLIENT:
    If you need to clear client init: ldapclient uninit ( if you get errors, check if ldap_cachemgr is running; if it is, kill -9 it, clear /var/ldap directory, make sure nsswitch.conf is not pointing to ldap stuff -- cp /etc/nsswitch.files /etc/nsswitch.conf
    Initialize ldapclient:
    ldapclient -v init -a proxyDN=cn=proxyagent,ou=profile,dc=example,dc=com
    -a profileName=myprofile my.svr.ip.addr:port (port if not 389)
    If this still does not work, clean up client again as before and reboot it. I had some issues w/Sun's nsswitch.conf file for LDAP taking over my client machine and rendering it useless until I rebooted it with files-settings in nsswitch.conf, making my own nsswitch.ldap file it /etc so Sun's LDAP-happy nsswitch file would not be used, and then running ldapclient init.
    ON CLIENT
    cp /etc/passwd /var/tmp/passwd.ldif ( same for group, shadow, auto_home, auto_master )
    Edit each ldif file and remove all entries other than regular user accounts and nobody/noaccess accounts
    passwd.ldif should look something like this:
    johndoe:x:146:14:John Doe:/home/johndoe:/bin/ksh
    janedoe:x:145:14:Jane Doe:/home/janedoe:/bin/ksh
    nobody:x:60001:60001:NFS Anonymous Access User:/:
    noaccess:x:60002:60002:No Access User:/:
    nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
    For auto_home, make sure each entry starts w/home-dir server's ip-addr: it'll look something like this:
    janedoe 10.10.20.50:/export/home/janedoe
    johndoe 10.10.20.50:/export/home/johndoe
    ldapaddent -D "cn=Directory Manager" -w <password> -f /var/tmp/passwd.ldif passwd
    .... group.ldif group NOTE order is important: passwd,
    .... shadow.ldif shadow group, shadow
    .... auto_home.ldif auto_home
    .... auto_master.ldif auto_master
    ON CLIENT
    /etc/auto_master
    +auto_master
    /etc/auto_home
    +auto_home
    enable these NFS daemons: ( ie. svcadm enable network/nfs/status )
    online 9:06:26 svc:/network/nfs/status:default
    online 9:06:27 svc:/network/nfs/nlockmgr:default
    online 13:09:41 svc:/network/nfs/cbd:default
    online 13:09:41 svc:/network/nfs/mapid:default
    online 13:09:41 svc:/network/nfs/client:default
    enable auto_fs
    online 13:37:42 svc:/system/filesystem/autofs:default
    ON SERVER
    enable these NFS daemons:
    online 16:36:16 svc:/network/nfs/cbd:default
    online 16:36:16 svc:/network/nfs/status:default
    online 16:36:17 svc:/network/nfs/mapid:default
    online 16:36:17 svc:/network/nfs/nlockmgr:default
    online 16:36:22 svc:/network/nfs/rquota:default
    online 16:36:22 svc:/network/nfs/client:default
    online 16:36:23 svc:/network/nfs/server:default
    ON HOME DIRECTORY SERVER
    export home dirs
    (home-dir-svr-root: /var/tmp:221)-> cat /etc/dfs/dfstab
    # Place share(1M) commands here for automatic execution
    # on entering init state 3.
    # Issue the command 'svcadm enable network/nfs/server' to
    # run the NFS daemon processes and the share commands, after adding
    # the very first entry to this file.
    # share [-F fstype] [ -o options] [-d "<text>"] <pathname> [resource]
    # .e.g,
    share -F nfs -o rw -d "home dirs" /export/home
    shareall
    enable auto_fs
    online 13:37:42 svc:/system/filesystem/autofs:default
    ON LDAP SERVER via the GUI ( not sure how to do this via command-line and since I have a JAVA GUI, I'm not going to knock myself out on the command-line trying to do something it'l take 15 seconds to do from the GUI -- command-line purists, feel free to contribute command to do this:
    From GUI, go into your DS instance: --> entry Management --> automountMapName=auto_home --> automountinformation: 144.10.199.220:/export/home/janedoe
    Verify home-dir-svr IP and home dir info are correct.
    log on as user from ldap-client
    NOTE: I did not alter any UNIX system files ( nsswitch.conf, pam.conf, passwd, auto_home, and the like) on LDAP server.
    Not sure if I missed anything, but hope this helps.
    John
    Edited by: No_Windoze on Nov 14, 2007 4:16 PM

    Just remembered something that is very subtle during idsconfig:
    At one point durint idsconfig, there's a questions about storing passwords in unix CRYPT format. You must answer yes to that question or none of this will work. The default answer is no.
    John
    Hi munnik,
    I had the same errors initially. I didn't write down what I did to clear them (oops!) but I think what I did to 'fix' this was I restarted/rebooted (can't remember which) the directory server to clear the error and then, from the client and in this order - passwd, group, shadow - I readded ldifs.
    If you're still having issues with DS, make sure the VLV index step discussed above was done, nothing missed, no errors - redo if necessary: uninit client(s), reinit client(s) with new profile created as a result of running idsconfig to recreate VLV indexes - it'll skip any VLV indexes that are in the server and display a message to that effect. It's a reather brute-force method of doing things, but I couldn't locate much in the way of troubleshooting user account creation issues.
    When I add a new user, here's what I do: add user to server where home dirs are and create a set of passwd, shadow, and auto_home ldif files with just the new user info and run ldapaddent. Then I add them to group (if necessary) with direct edit on ldap server.
    HTH
    John
    (aka NoWindoze)
    indexes and VLV Indexes 'created' when I ran idsconfig:
    uidNumber (eq,pres) skipped already exists
    ipNetworkNumber (eq,pres) skipped already exists
    gidnumber (eq,pres) skipped already exists
    oncrpcnumber (eq,pres) skipped already exists
    automountKey (eq,pres) skipped already exists
    VLV-indexes:
    getgrent vlv_index skipped already exists
    gethostent vlv_index skipped already exists
    getnetent vlv_index skipped already exists
    getpwent vlv_index skipped already exists
    getrpcent vlv_index skipped already exists
    getspent vlv_index skipped already exists
    getauhoent vlv_index skipped already exists
    getsoluent vlv_index skipped already exists
    getauduent vlv_index skipped already exists
    getauthent vlv_index skipped already exists
    getexecent vlv_index skipped already exists
    getprofent vlv_index skipped already exists
    getmailent vlv_index skipped already exists
    getbootent vlv_index skipped already exists
    getethent vlv_index skipped already exists
    getngrpent vlv_index skipped already exists
    getipnent vlv_index skipped already exists
    getmaskent vlv_index skipped already exists
    getprent vlv_index skipped already exists
    getip4ent vlv_index skipped already exists
    getip6ent vlv_index skipped already exists
    You can see indexes defined in your server with this command:
    dsconf list-indexes -h ldap.server.host.name-or.ip -p 389
    Edited by: SolarisSAinPA on Nov 30, 2007 1:05 PM
    Edited by: SolarisSAinPA on Nov 30, 2007 1:40 PM

  • Vista and Solaris 10, are they compatible?

    I have attempted to follow dual boot guides found everywhere, but none tailor specifically to (or eve mention) Vista. This is a problem, because Vista does not use the same method of boot as previous versions of NT.
    So far, in my many failed attempts at creating a Vista dual boot, I have experienced this:
    When I install Solaris 10 on any partition (Solaris installs correctly and works great), and then attempt to install Windows Vista, Vista says all of my partitions do not meet its requirements for installation (that the drive is NTFS and at least 12 GB is all it tells me). Even after formatting, deleting, recreating, and reformatting a drive, the drive is still unusable. Only after deleting ALL drives, including Solaris 10, and recreating and brand new first partition does Vista allow me to install. If I create a partition that Vista allows me to use, and also a partition to use with Solaris, and THEN install Solaris, the partition that Vista liked can no longer be used!
    When I install Windows Vista first (and it works fine) (which is what I tried first and reasoned is what I should be doing), and then install Solaris 10 on a partition (it installs correctlt and works great), I load up my computer and go into the GRUB bootloader. I can select Windows. However, when attempting to load windows, I get an error (in the Vista font by the way) that says my operating system cannot be loaded. When I load my Vista install disc, it cannot find any installations of windows, and it cannot repair the master boot record, saying something like the filesystem is corrupt. However, just as an experiment, I loaded Vista onto the former Solaris drive, and looked at my first partition. Every file was there, intact.
    I have attempted this with Windows Home Premium 32 bit, Windows Business 32 bit, and Vista Ultimate x64. I don't want to believe that it's impossible to load Vista and Solaris simultaneously, I've seen as much stating its impossibility as I've seen documents telling me how to do it (<- cold irony).
    As long as I can get AN INSTALLATION of Solaris 10 on my machine at the same time I have Vista able to boot, I'm fine, but I seem to have lost on all fronts.
    Edited by: ZetaZeta on Sep 19, 2007 12:30 AM

    In Solaris Express, this is not an issue, according to this weblog:
    http://blogs.sun.com/moinakg/entry/solaris_vista_dual_boot_conclusion
    For versions of Solaris Express prior to buid 70, this method was described for creating a dual-boot with the oh-too-picky Windows Vista:
    http://linux.wordpress.com/2007/02/17/vista-and-solaris-express-dual-boot/
    I am going to assume that setting up a dual-boot with Solaris 10 is similar to, if not the same as, Solaris Express, since the only steps specific to Solaris are the files I copy from Solaris.
    I hope this helps anyone else with a problem similar to mine.

  • I purchased a song on itunes and when I play it, it says my computer is not authorized. A window pops to authorize my computer so I type in my account info and hit authorize. After that a window pops up saying it is already authorize but still won't play.

    I purchased a song on itunes and when I play it, it says my computer is not authorized. A window pops to authorize my computer so I type in my account info and hit authorize. After that a window pops up saying it is already authorized but still won't play. None of this happens with any other songs on my itunes. I would just purchase the song again but I can't because every time I try to purchase it, the song says "play" next to it instead of "buy." When I hit play no music plays it just goes back to saying my computer is not authorized so I authorize it and it says it is already authorized then I click it again and it says my computer is not authorized. It's a never ending annoying circle. How can I get the song to play?

    If you live in a Region that allows re-downloading Music...
    Delete the Song(s) and re-download...
    See Here  >  Download Past Purchases  >  http://support.apple.com/kb/HT2519
    If not... Contact iTunes Customer Service  >  Apple  Support  iTunes Store  Contact Us

  • Windows Vista and  Solaris...10...install failed...help.

    Hi everyone!!
    i installed Solaris OS twice on my system
    i have vista previously on this...
    i made a partition for sol...
    after installation solaris boots fine
    but windows is totally corrupted and doestn boot normally
    ill have to erase the whole computers HD and then reinstall it again
    both the OSs are not working at the same time
    with solaris already installed if i try to repair or re install windows vista its erasing solaris partition totally
    please help!!! what should i do to get my system running with both OS s.
    any replies.....much awaited
    thank u so much in advance....
    -sriya
    Message was edited by:
    Sriya
    i have dell inspiron...just delivered yday...640m
    Message was edited by:
    Sriya

    Install Windows first, then Solaris {not the other way round}. When Solaris installer detects Windows installation and prompts you whether to preserve Windows partition, make sure to select 'preserve' option. I believe Solaris installer creates appropriate GRUB entries for Windows and Solaris. Even if it doesn't, you can always edit the GRUB menu after the installation is complete.
    Check the following web site if you need detailed instructions:
    http://multiboot.solaris-x86.org/index.html

  • TS1389 i have windows 8 and cant authorize my account to transfer my icloud/iphone purchases to this computer. authorize computer is not part of the store. what do i do next?

    I have windows 8 and can't authorize my account to transfer my icloud/iphone tunes to my computer. i dont seem to be able to do this from the store as it is not on the menu. my options when i click on my account are limited to stopping all devises and do not include adding a new device- i only have 4 associated with the apple id account. this is all so frustrating. HELP!

    Press the Alt and S keys and choose Authorize this Computer, or click here, follow the instructions, click on Store in the menu bar, and choose Authorize this Computer.
    (85244)

  • How do I install dual-boot Solaris 8 and Solaris 9 on one hard disk ?

    I tried to install Solaris 8 and Solaris 9 on same disk using CDs, but
    the second installation overwrote the first Solaris which was installed
    previoudly on the half-disk size partition of same disk.
    How do I install two Solarises on one hard disk ?
    Thanks
    Yakov

    There are no tricks to get Solaris to dual boot on the same drive. Just allocate and pick the free slices not used by the first Solaris install when you put in the second install. Technically speaking there is nothing preventing you from running seven separately bootable Solaris instances on the same drive (one of 8 available slices is overlap -- slice 2) provided you use a swap file on a root partition instead of reserving a whole slice for swap.

  • Dual boot windows 7 and solaris 11

    Hi Friends,
    Could some one please explain the steps to install dual boot windows 7 and solaris 11?
    Thanks
    Raja

    Install Windows leaving a partition for Solaris.  Install Solaris into the empty partition.  Reboot.  Use a partition manager if you need to shrink your current Windows Partition.  GParted works great and is free.
    alan

  • Dual Boot Windows 7 and solaris 10

    Can some body guide me how to dual boot windows 7 and solaris 10?
    Thanks

    First partition your harddisk with at least 2 primary partitions, one for windows and the other for solaris if you only have one harddisk. It would be a good idea to create an additional small boot partition as the first partition as well if you intend on using an independent boot loader but it really depends on what your machine is capable of. For example, if you have multiple harddisk and your BIOS supports it, then you could just install each OS onto its own harddisk and use the BIOS function to disable/boot off specific harddisk. Otherwise, if you only have one harddisk and created multiple partitions, install windows7 first followed by solaris10, obviously installing into different partitions. If you have created a boot partition, then you can install the boot loader into that dedicated partition.

Maybe you are looking for

  • ITunes has detected an iPhone in recovery mode. You must restore this iPhone before it can be used with iTunes

    After I unpluged my charger from the iphone it shut down and it opened up again and now it just turned on to saying to connect it to iTunes and it says I need to have it Restored. And I'm doing that but a mssg poped up saying: I need to do a Recovery

  • I keep getting "incorrect password " when I try to access my living room wifi ...

    Every time I try to access wifi in my living room I get a "incorrect password " on my ipad ...When I access wifi in my room , I have no problem .. I also have an iOS touch which it connects to living room wifi with no problem ... I've checked passwor

  • Transaction line item

    Hi, How transaction line items be maintained under sub asset. We want to maintain a hierarchy in assets as follows: Account determination-Asset Class-Group asset-Main asset-Sub asset-Transaction line item. It will help us in reporting. Please suggest

  • Open With menu won't clean up with Terminal command

    After upgrading to 10.6 last month I can't clean up my open with menu. I ran the following in Terminal and it did nothing to clean up the duplicates: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchS ervices.framework/Ve

  • SQL Query Advice

    Expert, I have prepared the below query. Now I want to add constraint that the field OPCH.NumAtCard cannot have duplicate value please advice how can I enforce this condition. Is their any other option on how enforce it. IF @transaction_type IN ( 'A'