Solaris 10 automount against OpenLDAP server

Similar Messages

• Native ldap client doesn't work with an openldap Server : No root DSE data

  Hello!
  My configuration :
  - an openldap 2.2.23 server (linux debian) (server name = serv_annu)
  - a ldap client (solaris 10) (server name = client_annu)
  I want to configure my client by using Solaris Native ldap and I follow the excellent doc of gary tay (http://web.singnet.com.sg/~garyttt)
  I use TLS and I had generated a certificate by using Mozilla . TLS works because ldapsearch from my solaris client works:
  FROM CLIENT_ANNU:
  +# ldapsearch -h server_annu -p 636 -b"dc=mydomain,dc=fr" -s base -Z -P /var/ldap/cert8.db "objectclass=*"+
  version: 1
  dn: dc=mydomain,dc=fr
  dc: mydomain
  objectClass: top
  objectClass: dcObject
  objectClass: organization
  objectClass: nisDomainObject
  nisDomain: mydomain.fr
  o: mydomain
  LOG FROM SERVER_ANNU:
  Apr 2 09:52:40 server_annu slapd[17068]: conn=267 fd=10 ACCEPT from IP=172.30.69.216:36020 (IP=0.0.0.0:636)
  Apr 2 09:52:40 server_annu slapd[17068]: conn=267 op=0 SRCH base="dc=mydomain,dc=fr" scope=0 deref=0 filter="(objectClass=*)"
  Apr 2 09:52:40 server_annu slapd[17068]: conn=267 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
  Apr 2 09:52:40 server_annu slapd[17068]: conn=267 op=1 UNBIND
  Apr 2 09:52:40 server_annu slapd[17068]: conn=267 fd=10 closed
  1) I add DUAConfigProfile.schema and solaris.schema on my openldap server.
  2) I add a nisDomainObject at the root DN (see the result of the ldapsearch above)
  3) I Add ACL in slapd.conf to allow reading of rootDSE.
  access to dn.base="" by ssf=128 * read
  4) I launch on my solaris client
  crle -u -s /usr/lib/mps
  crle -64 -u -s /usr/lib/mps/64
  5) I can't apply result.c patch on my openldap server (production server!) then I can't create /var/ldap/ldap_client_file and /var/ldap/ldap_client_cred by using ldapclient command. Then I create manually /var/ldap/ldap_client_file and /var/ldap/ldap_client_cred : the syntax is correct because the "ldapclient list" command works :
  +# ldapclient list+
  NS_LDAP_FILE_VERSION= 2.0
  NS_LDAP_BINDDN= uid=toto,ou=People,dc=people1,dc=mydomain,dc=fr
  +NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c411+
  NS_LDAP_SERVERS= server_annu
  NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=fr
  NS_LDAP_AUTH= tls:simple
  NS_LDAP_CREDENTIAL_LEVEL= anonymous
  NOTE : I've had to add NS_LDAP_BINDDN and NS_LDAP_BINDPASSWD even if I use anonymous credential level because I get an error when I launch ldap client process.
  Then here, everything is apparently OK but when I enable ldap client process the cachemgr process is running about 30s then it crashes:
  FROM CLIENT_ANNU:
  svcadm disable /network/ldap/client;svcadm enable /network/ldap/client
  +/etc/init.d/nscd stop;/etc/init.d/nscd start+
  LOG FROM SERVER_ANNU:
  Apr 2 09:54:59 server_annu slapd[17068]: conn=268 fd=10 ACCEPT from IP=172.30.69.216:36021 (IP=0.0.0.0:389)
  Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
  Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=0 SRCH attr=supportedControl supportedsaslmechanisms
  Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=0 SEARCH RESULT tag=101 err=0 nentries=0 text=
  Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=1 UNBIND
  Apr 2 09:54:59 server_annu slapd[17068]: conn=268 fd=10 closed
  Apr 2 09:54:59 server_annu slapd[17068]: conn=269 fd=10 ACCEPT from IP=172.30.69.216:36022 (IP=0.0.0.0:389)
  Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
  Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=0 SRCH attr=supportedControl supportedsaslmechanisms
  Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=0 SEARCH RESULT tag=101 err=0 nentries=0 text=
  Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=1 UNBIND
  Apr 2 09:54:59 server_annu slapd[17068]: conn=269 fd=10 closed...
  FROM CLIENT ANNU :
  +# /usr/lib/ldap/ldap_cachemgr -g+
  cachemgr configuration:
  server debug level 0
  server log file "/var/ldap/cachemgr.log"
  number of calls to ldapcachemgr 2
  cachemgr cache data statistics:
  Configuration refresh information:
  Previous refresh time: 2008/04/02 09:58:12
  Next refresh time: 2008/04/02 21:58:12
  Server information:
  Previous refresh time: 2008/04/02 09:58:32
  Next refresh time: 2008/04/02 09:58:33
  server: server_annu, status: ERROR
  error message: No root DSE data returned.*
  Cache data information:
  Maximum cache entries: 256
  Number of cache entries: 0
  My problem is why I get the following error message : No root DSE data returned.
  Thanks in advance for your help!

  Hi
  Is your OpenLDAP server configured to allow anonymous read of the rootDSE attributes ?
  Regards,
  Ludovic.

• OpenLDAP Server have Problems with the automounter of Mac OSX 10.5.5 client

  Hi,
  we are using OpenLDAP Server on a Debian OS base. I had connect the LDAP Server with the MACMini with Mac OSX 10.5.5. The LDAP Server is based on OpenLDAP running on Debian Linux.
  The Users can login on the Mac Computers and they do have the right goups. I have a problem with the autompunterMaps because the homes and volumes are not mounted in the Mac environment. So the users have a different home directory at each computer and no volumes to work with.
  The LDIF I use for the automounter is following:
  dn: ou=automaster_directlinx86, ou=autofs, ou=ai,
  dc=TechFak,dc=Uni-Bielefe
  ld,dc=DE
  ou: automaster_directlinx86
  objectClass: top
  objectClass: automountMap
  dn: cn=\/homes, ou=automaster_directlinx86, ou=autofs, ou=ai,
  dc=TechFak,dc
  =Uni-Bielefeld,dc=DE
  objectClass: automount
  automountInformation:
  ldap:ldap.TechFak.Uni-Bielefeld.DE:ou=auto_homes,ou=aut
  ofs,ou=ai,dc=TechFak,dc=Uni-Bielefeld,dc=DE -nosuid,nobrowse
  cn: /homes
  dn: cn=\/vol, ou=automaster_directlinx86, ou=autofs, ou=ai,
  dc=TechFak,dc=U
  ni-Bielefeld,dc=DE
  objectClass: automount
  automountInformation:
  ldap:ldap.TechFak.Uni-Bielefeld.DE:ou=autovollinx86,o
  u=autofs,ou=ai,dc=TechFak,dc=Uni-Bielefeld,dc=DE
  cn: /vol
  dn: ou=autovollinx86, ou=autofs, ou=ai, dc=TechFak,dc=Uni-Bielefeld,dc=DE
  ou: autovollinx86
  objectClass: automountMap
  dn: cn=ai, ou=autovollinx86, ou=autofs, ou=ai,
  dc=TechFak,dc=Uni-Bielefeld,
  dc=DE
  objectClass: automount
  automountInformation: -rw,intr,nolock thor:/export/ai/external/vol/&
  cn: ai
  dn: cn=airobots, ou=autovollinx86, ou=autofs, ou=ai,
  dc=TechFak,dc=Uni-Biel
  efeld,dc=DE
  objectClass: automount
  automountInformation: -rw,intr,nolock thor:/export/ai/external/vol/&
  cn: airobots
  dn: cn=mobirob, ou=autovollinx86, ou=autofs, ou=ai,
  dc=TechFak,dc=Uni-Biele
  feld,dc=DE
  objectClass: automount
  automountInformation: -rw,intr,nolock thor:/export/ai/external/vol/&
  cn: mobirob
  dn: ou=auto_homes, ou=autofs, ou=ai, dc=TechFak,dc=Uni-Bielefeld,dc=DE
  ou: auto_homes
  objectClass: automountMap
  dn: cn=efrese, ou=auto_homes, ou=autofs, ou=ai,
  dc=TechFak,dc=Uni-Bielefeld,d
  c=DE
  objectClass: automount
  automountInformation: thor:/export/ai/external/homes/staff/&
  cn: efrese
  dn: cn=fsiepman, ou=auto_homes, ou=autofs, ou=ai,
  dc=TechFak,dc=Uni-Bielefeld
  ,dc=DE
  objectClass: automount
  automountInformation: thor:/export/ai/external/homes/staff/&
  cn: fsiepman
  dn: cn=fyuan, ou=auto_homes, ou=autofs, ou=ai,
  dc=TechFak,dc=Uni-Bielefeld,dc
  =DE
  objectClass: automount
  automountInformation: thor:/export/ai/external/homes/staff/&
  cn: fyuan
  In the /etc/auto_master I added the line
  SRC base="ou=ai, dc=TechFak,dc=Uni-Bielefeld,dc=DE" scope=ALL
  filter="(&(|(objectClass=automount))"
  to mount the /volumes but just the volume /vol and /homes are mounted to the Mac OS System.
  Thanks.

  Hi.
  Have a look at http://www.afp548.com/article.php?story=20061126220622764
  and there is very good information in Apple's training texts for 10.5 server.
  You can buy the print book or purchase an account with Safari Books in order to read it online,
  see
  http://my.safaribooksonline.com/9780321591067
  Chpt 3 is on working with 3rd-party OpenLDAP servers

• Solaris 8 and iPlanet Directory Server 5.1: Help

  Could anyone help with advice or where to find documentation of how to setup a Solaris 8 client machine to authenticate against iPlanet Directory Server 5.1? The only documentation (eg books, BluePrint articles) I can find cover iPlanet Directory 4.11 or 4.12 and a Solaris 8 client. Even the tools from the BluePrint Tools area at Sun only talk about using iPlanet Directory Server 4.11/12. Quite a lot seems to have change from iDS 4.12 to iDS5.1.
  Any help would be greatly appreciated.
  Thanks in advance,
  Stewart

  Hi Steven, I suppose that this question is identical to your other question: " Topic: solaris 8 client setup with solaris 9 ldap".
  So the answer will be the same.
  You may find what you are looking for in the following technical note: http://knowledgebase.iplanet.com/ikb/kb/articles/7966.html
  It is called: "Cookbook for Solaris 8 client with Directory Server 5.1/Solaris 9"
  Cheers / Damien.

• Automount using OpenLDAP broken on Lion

  Hi everyone,
  Having a wierd issue with my new MacBook Air with Lion. I have the OpenLDAP server set up and can successfully authenticate and login users on it. The only thing that is broken is the automount. The Lion MacBook Air can read the automount keys from the LDAP server (verified with dscl), but automount refuses to use them (even when /etc/auto_master has only one line "+auto_master" uncommented). Using automount with the /etc/auto_master and /etc/auto_home works fine.
  I'm using the same configuration that is working just fine with my other Mac running Snow Leopard, so the issue can't be on the server side.
  The automount doc on the Lion MacBook is the same as on Snow Leopard, but following it does not help.
  Anybody run into similar issues? any ideas? is there an equivalent to nsswitch.conf on Macs?
  Thanks!

  Here's the skeleton of my configurations, for Autofs Linux and OSX interoperability :
  dn: automountMapName=auto.master,dc=example,dc=com
  objectClass: top
  objectClass: automountMap
  automountMapName: auto.master
  dn: automountKey=/home,automountMapName=auto.master,dc=example,dc=com
  objectClass: automount
  automountInformation: auto_home
  automountKey: /home
  dn: automountMapName=auto_master,dc=example,dc=com
  objectClass: top
  objectClass: automountMap
  automountMapName: auto_master
  dn: automountKey=/home,automountMapName=auto_master,dc=example,dc=com
  objectClass: automount
  automountInformation: auto_home -nobrowse,hidefromfinder
  automountKey: /home
  dn: automountMapName=auto_home,dc=example,dc=com
  objectClass: automountMap
  automountMapName: auto_home
  dn: automountKey=an_user,automountMapName=auto_home,dc=example,dc=com
  objectClass: automount
  automountInformation: -fstype=nfs,vers=3,soft,intr,rsize=16384,wsize=16384,nosuid fileserver.example.com:/vol/home/&
  automountKey: an_user

• Connecting to a remote OpenLDAP server over SSL.

  I've been trying for several weeks now to get a remote OpenLDAP server up and running; configured in such a way that it only allows SSL and requires certificate validation.
  I've created a CA with a self-signed certificate.
  I used that CA to create a server and client certificate.
  The server certificate is in /etc/ssl/certs, has a link by the name of its hash.0 pointing to it; permissions are all correct and /etc/ssl/slapd.conf point to it and the CA certificate.
  The client certificate is on my MacBook Pro in /etc/ssl/certs along with the CA certificate; each of which also has its hash linked to it. /etc/ssl/ldap.conf is set up properly, the permissions are correct, and the following test command ran as my user produces a successful result:
  ldapsearch -v -x -H ldaps://ldap.foo.org -b "dc=foo,dc=org" -d -1
  Now the problem part. I open Directory Utility; go to Services with Advanced Settings enabled. After unlocking it, I click the LDAPv3 and the pencil icon.
  I hit New... in the window that pops up and use ldap.foo.org as servername, SSL box ticked. I hit Continue, and behold; nothing happens.
  It is to say; Directory Utility hangs for a while; after which it goes back to the box I clicked Continue in without any error or warning popping up; but obviously hasn't advanced.
  The server logs indicate my Mac had actually connected; received the server certificate; but didn't send a client certificate at which point the TLS connection got aborted for some reason and the session ended.
  My Mac Console shows something even more bizare, though:
  11/09/08 23:09:22 com.apple.DirectoryServices[97123] Assertion failed: (ld != NULL), function ldapsearchext, file search.c, line 76.
  My suspicion is that Directory Utility can't verify the server certificate and aborts the TLS connection. I expect it also uses /etc/openldap/ldap.conf? How can I diagnose the root of this problem?
  Thanks a lot for your assistance; I just can't figure this out and any hint or pointer would be greatly appreciated. It now just looks like OSX does not support a secure LDAP over SSL configuration.
  Though it currently isn't set up to be that way, I'd like to have my client also provide a certificate (CN=lhunath.foo.org) and have the server validate that. For now I've got the server set to:
  TLSVerifyClient never
  (And of course, the client:)
  TLS_REQCERT demand
  Message was edited by: lhunath

  By the way; about the assertion error I get in Console; here's the relevant source of ldap.c. Looks like ld is not set; probably something going wrong before that with setting up the TLS connection, perhaps? Or not?
  * ldapsearchext - initiate an ldap search operation.
  * Parameters:
  * ld LDAP descriptor
  int
  ldapsearchext(
  LDAP *ld,
  assert( ld != NULL );

• How can I modify datas on one OpenLDAP server

  Hello, I am testing Leopard server 10.5.2 ; we have one open ldap server on our network with more than 700 users and I can access to it on the workgroup manager. Unfortunately I can't modify the datas which are on the open ldap server (only with Workgroup manager) but I have no authentification problem using Safari and a php module (cn=admin.....+ password). Is it normal ? Can I import the accounts on my OD Server. This one is setup as a OD Master. As we have a lot of people on the Openldap server I don't want to recreate them manualy.
  Thank you.

  Hi
  Yes you should be able to do this. Passwords will probably not be transferred over. However once transferred you can specify a password policy for all users to change their passwords at next log in.
  You don't say which existing LDAP server you have. It may be advisable to you use a 3rd-Party application to transfer Users etc over. I've heard that Excel can be used although I have always used Passenger.
  Tony

• Can you make Kerberos validate a ticket against the server?

  I do not know if what I am describing is possible/feasible - so please forgive my ignorance.
  I am trying to create a Kerberos single sign-on java desktop application (there is on webpage involved, and we does not try to log into other applications from there), using only the functionality built into Java (we are running Java 6.0), and on WIndows XP.
  The point of what we are trying to do is to archive the ability to
  1) Authenticate the user of the program, both for history keeping, but also to keep people who have no business out of our application (we do not explicitly need authorization, as this is taken care of internally in the application)
  2) Avoid any kind of log-in screen (in other words single sign-on, with the sign-on to the Windows user account as the first and only sign on).
  in that prioritized order.
  After having poking around for a while we finally got Kerberos in a semi working state - without any forms of external configuration files. However, the only way I have found to avoid having to deal with the CallbackHandler (which would mean we would need to have the user intervene - invalidating #2) has been to add the cachedTicket option.
  However, when I do so, there does not seem to be made any kind of validation against the server (the realm and KDC information can be freely set to gibberish - and it works even if the account that I do it from has been invalidated). This seems almost (I said almost) seems as unsafe as the "System.getProperty( "user.name" );" we started looking at in the beginning.
  If I have to go through the CallbackHandler then everything is OK (fails if the realm and KDC information is not correct - and likewise when my account has been deactivated, fails on any possible combination of bad password and/or username).
  So my question is: Is there a way to login securely, without having to prompt the user for his windows account and password (perhaps a special configuration). If so, do I need to use a keytab (we would prefer not to, but if that is what it takes....), should I look into authorization as a workaround (if it indeed could as such), using a third party Kerberos system (such as the one from FemiLab), something entirely different - or is what I am describing impossible?
  If needed I would be able to provide code snippets.
  Thank you for your time :)

  Hi,
  I've attached the llb file from the examples folder \LabVIEW\Examples\Comm
  This is a LabVIEW 5.1.1 folder but it should open in Ver 6 OK. But there maybe some links to other example VI.
  Regards
  Ray Farmer
  Regards
  Ray Farmer
  Attachments:
  comm.zip ‏335 KB

• Recompiling xf86-video-intel 2.9.0 against xorg-server 1.6.5

  When xf86-video-intel 2.9.0 will come into [extra], it will have been compiled against xorg-server 1.7.0 or later. I'll stay with 1.6.5 for the time being, and I want to know if I need to recompile xf86-video-intel. The sources (intel 2.9.0 and server 1.6.5) are compatible. Will the binaries be if video-intel was compiled against a different version of xorg-server?

  I have replaced xf86-video-intel by xf86-video-intel-legacy

• Messaging Server authenticate against directory server

  Just wonder how to make messaging server authenticate against directory server? Basically I created users on the directroy server, and would like to let these users to access messaging server?
  Thanks for advice!

  I'm sorry, your question doesn't really make any sense.
  Messaging Server always authenticates to users in a Directory.
  How did you "create users"? That may be the problem. If you don't create the users with the provisioning tools provided with Messaging, then the users don't have the correct object classes and attributes to function as Messaging users.

• Address Book - self signed LDAPS certifiate on openldap server

  I'm fairly new to the Mac, but I'm not new to FreeBSD or *NIX type boxes.
  I'm trying to get Address Book to contact my openldap server that runs on OpenBSD. I have it working well with thunderbird, horde + (l)imp, dovecot, and various other openldap client based pieces of software. I use a self signed certificate on the server as most do. The key with the openldap client libraries normally is changing /etc/openldap/ldap.conf to not require a valid certificate from the server with the following setting:
  TLS_REQCERT never
  This setting is present in my version of OS X by default. On other *NIX machines i've had to set that manually.
  If there is any chrooting involved by the client, clearly another copy of /etc/openldap/ldap.conf is necessary in the chrooted area. Does anyone know if Address Book chroots itself? Or why it isn't paying attention to the /etc/openldap/ldap.conf? I get a clear message on the server that the client is rejecting the self signed certificate.
  Thanks much for your time,
  Geff
  Mac Book   Mac OS X (10.4.8)  

  Where's the button for "Yes, I answered my own question." ???? Okay ... <rant on> I guess Apple is no different from everything else: openbsd, linux, windows, open source, closed source, etc. always answering our own questions. I feel like the software isn't even tested. A FIX or some more information would be nice. </rant off>
  Okay here's the deal. I don't have a cert signed by an approved CA so I'm not sure if one would have to jump through fewer hoops to get it to work with a "proper" (non-self signed) cert. Turns out if you are using AddressBook to attempt to go to an LDAP server and you want SSL with a self signed cert, it seems that AddressBook won't properly attach to the LDAP server on port 636. Even tho that's what happens to the PORT setting when you CLICK THE BUTTON (bitter, am I ranting again? ). So what you do is click the button for "SSL" and then REVERT THE PORT back MANUALLY to 389. (more bitter) This causes addressbook to ... well ... uhm ... WORK. What ends up happening is that it makes a non-ssl connection initially and then upgrades the connection via "STARTTLS" to an encrypted connection. There one setting that you should have in slapd.conf (or like file) before doing this.
  # Sample security restrictions
  # Require integrity protection (prevent hijacking)
  # Require 112-bit (3DES or better) encryption for updates
  # Require 63-bit encryption for simple bind
  # security ssf=1 update_ssf=112 simple_bind=64
  security simple_bind=64
  This requires the connection to have at least the minimum amount of encryption before the bind (authenticate) process. Keep in mind if you add this setting, anything that previously attempted to bind clear text (even on localhost) will fail. However you should never be sending a password in the clear.
  Geff

• Mountain Lion can't authenticate against OpenLDAP/Kerberos KDC

  Please help this joint venture customer Apple—
  I have been unable to succesfully login with network accounts since upgrading to Mountain Lion.
  However, I can login via ssh and am issued kerberos tickets and all autofs mounted directories mount as expected.
  I have modified the following files:
  /etc/pam.d/authorization
  # authorization: auth account
  auth       sufficient     pam_krb5.so use_first_pass default_principal
  auth       optional       pam_ntlm.so use_first_pass
  auth       required       pam_opendirectory.so use_first_pass
  account    required       pam_opendirectory.so
  /etc/pam.d/screensaver
  auth       sufficient     pam_krb5.so use_first_pass default_principal
  auth       required       pam_opendirectory.so use_first_pass
  account    required       pam_opendirectory.so
  account    sufficient     pam_self.so
  account    required       pam_group.so no_warn group=admin,wheel fail_safe
  account    required       pam_group.so no_warn deny group=admin,wheel ruser fail_safe
  /etc/pam.d/sshd
  auth       sufficient     pam_krb5.so default_principal
  auth       optional       pam_ntlm.so try_first_pass
  auth       optional       pam_mount.so try_first_pass
  auth       required       pam_opendirectory.so try_first_pass
  account    required       pam_nologin.so
  account    required       pam_sacl.so sacl_service=ssh
  account    required       pam_opendirectory.so
  password   required       pam_opendirectory.so
  session    required       pam_launchd.so
  session    optional       pam_mount.so
  /etc/openldap/ldap.conf
  # LDAP Defaults
  # See ldap.conf(5) for details
  # This file should be world readable but not world writable.
  BASE dc=foo,dc=bar
  URI ldap://dummy.foo.bar
  TLS_CACERT  /etc/openldap/dummy.ldap.pem
  TLS_REQCERT allow
  TIMELIMIT   20
  TIMEOUT     30
  TLS_CACERTDIR /etc/openldap/cacerts
  /etc/krb5.conf
  [libdefaults]
  default_realm = FOO.BAR
  noaddresses = TRUE
  dns_lookup_realm = false
  dns_lookup_kdc = false
  ticket_lifetime = 24h
  renew_lifetime = 7d
  forwardable = true
  proxiable = true
  allow_weak_crypto = true
  [realms]
  FOO.BAR = {
    kdc = dummy.foo.bar.:88
    admin_server = dummy.foo.bar.:88
    default_domain = foo.bar
  [domain_realm]
  .foo.bar = FOO.BAR
  foo.bar = FOO.BAR
  [appdefaults]
  pam = {
    debug = true
    ticket_lifetime = 36000
    renew_lifetime = 36000
    forwardable = true
    krb4_convert = false
  I've edited my OD config template as documented online... (my EL6 OpenLDAP server advertises GSSAPI)
  <key>Denied SASL Methods</key>
                                <array>
                                          <string>CRAM-MD5</string>
                                          <string>DIGEST-MD5</string>
                                          <string>NTLM</string>
                                          <string>GSSAPI</string>
                                </array>
  In my troubleshooting I have found the following links:
  http://www.fh-trier.de/index.php?id=12207
  http://itsabicycle.com/2011/10/14/ldap-authentication-simple-binds-os-x-lion-107 2/
  http://blog.smalleycreative.com/administration/fixing-openldap-authentication-on -os-x-lion/
  http://derflounder.wordpress.com/2012/03/02/
  https://discussions.apple.com/thread/3832156?start=0&tstart=0
  http://www.diastelo.org/blog/mac-os-x-10-7-kerberos-is-back/
  http://iwatts.blogspot.ca/2012/01/osx-1072-openldap-authentication.html
  Please help!
  Rob

  I've found that also adding the /etc/auth changes that have been used in the past OS versions can help with auth at the loginwindow:
  /bin/cp /etc/authorization /etc/authorization.save
  /usr/libexec/PlistBuddy /etc/authorization -c "set rights:system.login.console:mechanisms:4 builtin:krb5authnoverify,privileged"

• Mount homedir autofs with openldap server

  I'm having trouble mounting home directories on mac clients running leopard from a linux openldap server. The login/password auth works fine, but somehow the autofs is not working correctly with the openldap server.
  I need some help in troubleshooting. From what I've read on the web, autofs is now suppose to work in leopard.
  Thanks,
  Yasi

  Sounds like something you should be posting to the server or linux forums.

• Automounting home directories from Redhat Linux OpenLDAP server

  We have an existing, functioning autofs environment here. At least the linux boxes have no problem automounting user home directories.
  I am looking for a more comprehensive solution to getting our macs integrated into this environment.
  What should the ldap entries contain?
  What should the attribute mappings be set to.
  I have ldap authentication working - the only thing left is automounting.
  Also - is there a way to get the nfs client to work over secure ports by default? Or is this a BSD thing?
  Thanks

  http://rajeev.name/blog/2007/12/09/integrating-leopard-autofs-with-ldap/
  There's some additional LDAP schema stuff that has to be done; Apple seems to have gone with the most absolutely bleeding edge RFC for automounts - and then removed all legacy support.
  This covers most of the issues, however, there is one that I'm still unable to resolve:
  typically, a linux box does autofs using an entry like
  "* -fstype=nfs foo:/home/&"
  LDAP uses a slighty different entry, but it works.
  I haven't for the life of me been able to get auto.home mounting from LDAP as easily as if it is defined in the file.
  The frustrating part is that the post gives a really good example LDIF; but it still doesn't seem to work.
  So while I have other automounts working wonderfully, the wildcarded home directories are still a bust.
  So if you're willing to forgo using LDAP for autofs mounting home, then hard-coding /etc/auto_home will fit the bill.
  But since the link seems to imply that it works, I'm wondering what's gong on...
  Message was edited by: pariah0
  Trying to get the asterisk...

• Solaris 8 on Intel STL2 server board - installation problem

  Hi,
  I try to install Solaris 8 (4/01) on Intel STL2 server board (P III 866 MHz, SDRAM 512 ECC Reg, Adaptec AIC7899 Dual Channel-one Ultra160/LVD channel, Intel PRO/100+ Fast Ethernet Controller, ATI Rage* IIC SVGA) - without success.
  It recognizes all devices but after I choose Solaris Interactive installation (from CD labeled Solaris 8 Software 1 of 2 Intel Platform Edition) it displays:
  Booting kernel/unix...
  SunOS Release 5.8 Version...
  then reboots after 2 seconds.
  Since Intel STL2 board appears in the HCL for Solaris 8 I have struggled a while with the problem. I have not found neither post nor driver update information concerning this issue on the Solaris' related Web sites.
  Finally, I found the very strange specification update info of STL2 board, published by Intel:
  "13. Sun* Solaris* 8 installation issues
  PROBLEM: Sun Solaris 8 cannot be installed on the STL2 server board with any BIOS version later than BIOS Release 1.1, Build 15. The system reboots during install and therefore the installation cannot be completed.
  IMPLICATION: Installation of Sun Solaris 8 cannot be completed on an STL2 server board running any BIOS release later than BIOS Release 1.1, Build 15.
  WORKAROUND: Sun Solaris* 8 will successfully install on the STL2 server board with BIOS Release 1.1, Build 15."
  My BIOS release on the STL2 board is 1.7. It's too new to install Solaris 8 !?!
  I am unable to get an old STL2 model with BIOS 1.1. Is there a way to update anything in the Solaris 8 in order to set it up on the new model of Intel STL2 server platform?
  I would appreciate any help. Thanks.
  Matt

  The problem has been resolved.
  I got the older BIOS 1.1 Build 15 for Intel STL2 from Intel Internet Support. After I installed BIOS 1.1 instead of BIOS 1.7 had no problem with installation of Solaris 8.
  Matt