Solaris as FreeIPA (IdM) client

root@sol-x86:/# ldapsearch -h freeipa-server -b "dc=kompanija,dc=com" -s sub "ou=profile" 
version: 1
dn: ou=profile,dc=kompanija,dc=com
objectClass: top
objectClass: organizationalUnit
ou: profiles
ou: profile

root@sol-x86:/# ldapsearch -h freeipa-server -b "dc=kompanija,dc=com" -s sub "objectclass=DUAConfigProfile"
version: 1
dn: cn=default,ou=profile,dc=kompanija,dc=com
defaultServerList: freeipa-server.kompanija.com
defaultSearchBase: dc=us,dc=oracle,dc=com
objectClass: top
objectClass: DUAConfigProfile
serviceSearchDescriptor: group:cn=groups,cn=compat,dc=kompanija,dc=com
serviceSearchDescriptor: passwd:cn=users,cn=accounts,dc=kompanija,dc=com
searchTimeLimit: 15
followReferrals: TRUE
objectclassMap: shadow:shadowAccount=posixAccount
bindTimeLimit: 5
authenticationMethod: none
cn: default

root@sol-x86:/# cat /etc/inet/ntp.conf
disable auth
server 10.x.x.x
driftfile /var/ntp/ntp.drift
statsdir /var/ntp/ntpstats/
filegen peerstats file peerstats type day enable
filegen loopstats file loopstats type day enable

root@sol-x86:/# svcadm enable ntp
root@sol-x86:/# svccfg -s svc:/network/ntp:default setprop config/verbose_logging = true

root@sol-x86:/# svcadm restart svc:/network/ntp:default

root@sol-x86:/# svcprop -p config/verbose_logging svc:/network/ntp:default
true

root@sol-x86:/# ntpq -p
 remote    refid st t when poll reach   delay   offset  jitter
===============================================================
*ntpserver    3 u   12   64    1    0.198   -3.978   0.000

search  kompanija.com
nameserver      10.x.x.x

# svccfg -s svc:/network/dns/client
svc:/network/dns/client> setprop config/domain = astring: kompanija.com
svc:/network/dns/client> setprop config/search = astring: "kompanija.com"
svc:/network/dns/client> setprop config/nameserver = (10.x.x.x 10.z.z.z)

# svcadm refresh svc:/network/dns/client
# svcadm restart svc:/network/dns/client

passwd: files ldap [NOTFOUND=return]
group:  files ldap [NOTFOUND=return]

# svccfg -s svc:/system/name-service/switch
svc:/system/name-service/switch> setprop config/password = astring: "files ldap [NOTFOUND=return]"
svc:/system/name-service/switch> setprop config/group = astring: "files ldap [NOTFOUND=return]"
svc:/system/name-service/switch> listprop

# svcadm refresh svc:/system/name-service/switch
# svcadm restart svc:/system/name-service/switch
# svccfg -s svc:/system/name-service/switch listprop | grep ldap
config/password                astring     "files ldap [NOTFOUND=return]"
config/group                   astring     "files ldap [NOTFOUND=return]"

# cat /etc/pam.d/login
auth    requisite       pam_authtok_get.so.1
auth    sufficient      pam_krb5.so.1
auth    required        pam_dhkeys.so.1
auth    required        pam_unix_cred.so.1
auth    required        pam_unix_auth.so.1 use_first_pass
auth    required        pam_dial_auth.so.1

[libdefaults]
default_realm = KOMPANIJA.COM
verify_ap_req_nofail = false
[realms]
KOMPANIJA.COM = {
kdc = freeipa-server.kompanija.com:88
admin_server = freeipa-server.kompanija.com:749
}
[domain_realm]
us.oracle.com = KOMPANIJA.COM
.us.oracle.com = KOMPANIJA.COM
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
kdc_rotate = {
 period = 1d
 version = 10
}
[appdefaults]
kinit = {
renewable = true
forwardable= true
}

root@sol-x86:/# ldapclient init freeipa-server.kompanija.com
System successfully configured

# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= freeipa-server.kompanija.com
NS_LDAP_SEARCH_BASEDN= dc=kompanija,dc=com
NS_LDAP_AUTH= none
NS_LDAP_SEARCH_REF= TRUE
NS_LDAP_SEARCH_TIME= 15
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= default
NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=kompanija,dc=com
NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=accounts,dc=kompanija,dc=com
NS_LDAP_BIND_TIME= 5
NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount

root@sol-x86:/# domainname kompanija.com

root@sol-x86:/#  svcadm restart ldap/client 

login as: zarko1
Using keyboard-interactive authentication.
Password:
Using keyboard-interactive authentication.
Your Kerberos account/password will expire in 89 days.
Last login: Wed Jul 13 14:20:44 2016 from some-box
Oracle Corporation      SunOS 5.11      11.3    September 2015

zarko1@sol-x86:/$ klist
Ticket cache: FILE:/tmp/krb5cc_1377600004
Default principal: zarko1@KOMPANIJA.COM
Valid starting               Expires               Service principal
13/07/2016 14:21  14/07/2016 14:21  krbtgt/KOMPANIJA.COM@KOMPANIJA.COM
        renew until 20/07/2016 14:21

# ldapsearch -h ca-ldapserver -b "dc=kompanija,dc=com" -s sub "objectclass=DUAConfigProfile" 
version: 1
dn: cn=default,ou=profile,dc=kompanija,dc=com
defaultServerList: ca-ldapserver.kompanija.com 
defaultSearchBase: dc=kompanija,dc=com
objectClass: top
objectClass: DUAConfigProfile
serviceSearchDescriptor: group:cn=groups,cn=compat,dc=us,dc=oracle,dc=com
serviceSearchDescriptor: passwd:cn=users,cn=accounts,dc=us,dc=oracle,dc=com
searchTimeLimit: 15
followReferrals: TRUE
objectclassMap: shadow:shadowAccount=posixAccount
bindTimeLimit: 5
authenticationMethod: none
cn: default

# cat /etc/inet/ntp.conf
disable auth
server 10.a.c.1
driftfile /var/ntp/ntp.drift
statsdir /var/ntp/ntpstats/
filegen peerstats file peerstats type day enable
filegen loopstats file loopstats type day enable

# svcadm enable ntp 
# ntpq -p 
     remote           refid      st t when poll reach   delay   offset    disp
==============================================================================
 10.a.c.1     10.a.b.1       3 u   61   64    1     0.21   -1.612 15875.0

search  kompanija.com
nameserver      10.x.x.x

passwd: files ldap [NOTFOUND=return]
group:  files ldap [NOTFOUND=return]

# cat /etc/pam.conf 
login   auth requisite          pam_authtok_get.so.1
login   auth    sufficient      pam_krb5.so.1
login   auth required           pam_dhkeys.so.1
login   auth required           pam_unix_cred.so.1
login   auth required           pam_unix_auth.so.1      use_first_pass
login   auth required           pam_dial_auth.so.1
rlogin  auth sufficient         pam_rhosts_auth.so.1
rlogin  auth requisite          pam_authtok_get.so.1
rlogin  auth required           pam_dhkeys.so.1
rlogin  auth required           pam_unix_cred.so.1
rlogin  auth required           pam_unix_auth.so.1
krlogin auth required           pam_unix_cred.so.1
krlogin auth    sufficient              pam_krb5.so.1
rsh     auth sufficient         pam_rhosts_auth.so.1
rsh     auth required           pam_unix_cred.so.1
krsh    auth required           pam_unix_cred.so.1
krsh    auth required           pam_krb5.so.1
ktelnet auth required           pam_unix_cred.so.1
ktelnet auth required           pam_krb5.so.1
ppp     auth requisite          pam_authtok_get.so.1
ppp     auth required           pam_dhkeys.so.1
ppp     auth required           pam_unix_cred.so.1
ppp     auth required           pam_unix_auth.so.1
ppp     auth required           pam_dial_auth.so.1
other   auth requisite          pam_authtok_get.so.1
other   auth sufficient         pam_krb5.so.1
other   auth required           pam_dhkeys.so.1
other   auth required           pam_unix_cred.so.1
other   auth required           pam_unix_auth.so.1
passwd  auth required           pam_passwd_auth.so.1
cron    account required        pam_unix_account.so.1
other   account requisite       pam_roles.so.1
other   account required        pam_unix_account.so.1
other   session required        pam_unix_session.so.1
other   password required       pam_dhkeys.so.1
other   password requisite      pam_authtok_get.so.1
other   password requisite      pam_authtok_check.so.1 force_check
other   password required       pam_authtok_store.so.1

[libdefaults]
default_realm = KOMPANIJA.COM
verify_ap_req_nofail = false
[realms]
KOMPANIJA.COM = {
kdc = freeipa-server.kompanija.com:88
admin_server = freeipa-server.kompanija.com:749
}
[domain_realm]
us.oracle.com = KOMPANIJA.COM
.us.oracle.com = KOMPANIJA.COM
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
kdc_rotate = {
 period = 1d
 version = 10
}
[appdefaults]
kinit = {
renewable = true
forwardable= true
}

root@sol-x86:/# ldapclient init freeipa-server.kompanija.com
System successfully configured

# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= freeipa-server.kompanija.com
NS_LDAP_SEARCH_BASEDN= dc=kompanija,dc=com
NS_LDAP_AUTH= none
NS_LDAP_SEARCH_REF= TRUE
NS_LDAP_SEARCH_TIME= 15
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= default
NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=kompanija,dc=com
NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=accounts,dc=kompanija,dc=com
NS_LDAP_BIND_TIME= 5
NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount

root@sol-x86:/# domainname kompanija.com

root@sol-x86:/#  svcadm restart ldap/client

$ svcadm restart svc:/system/name-service-cache:default ; svcadm restart ldap/client

$ /usr/bin/ldaplist  -l passwd zarko 
dn: uid=zarko,cn=users,cn=accounts,dc=kompanija,dc=com
        title: Super User
        displayName: Zarko D
        uid: zarko
        --shortened -- 
        cn: Zarko D
        uidNumber: 485400013
        gidNumber: 485400013

login as: zarko
Using keyboard-interactive authentication.
Password:
Last login: Fri Aug 26 16:12:36 2016 from dhcp-vpn-bla-bla
Could not chdir to home directory /home/zarko: No such file or directory
Oracle Corporation      SunOS 5.10      Generic Patch   January 2005
-bash-3.2$