root@sol-x86:/# ldapsearch -h freeipa-server -b "dc=kompanija,dc=com" -s sub "ou=profile" version: 1 dn: ou=profile,dc=kompanija,dc=com objectClass: top objectClass: organizationalUnit ou: profiles ou: profile root@sol-x86:/# ldapsearch -h freeipa-server -b "dc=kompanija,dc=com" -s sub "objectclass=DUAConfigProfile" version: 1 dn: cn=default,ou=profile,dc=kompanija,dc=com defaultServerList: freeipa-server.kompanija.com defaultSearchBase: dc=us,dc=oracle,dc=com objectClass: top objectClass: DUAConfigProfile serviceSearchDescriptor: group:cn=groups,cn=compat,dc=kompanija,dc=com serviceSearchDescriptor: passwd:cn=users,cn=accounts,dc=kompanija,dc=com searchTimeLimit: 15 followReferrals: TRUE objectclassMap: shadow:shadowAccount=posixAccount bindTimeLimit: 5 authenticationMethod: none cn: default |
root@sol-x86:/# cat /etc/inet/ntp.conf disable auth server 10.x.x.x driftfile /var/ntp/ntp.drift statsdir /var/ntp/ntpstats/ filegen peerstats file peerstats type day enable filegen loopstats file loopstats type day enable |
root@sol-x86:/# svcadm enable ntp root@sol-x86:/# svccfg -s svc:/network/ntp:default setprop config/verbose_logging = true root@sol-x86:/# svcadm restart svc:/network/ntp:default root@sol-x86:/# svcprop -p config/verbose_logging svc:/network/ntp:default true root@sol-x86:/# ntpq -p remote refid st t when poll reach delay offset jitter =============================================================== *ntpserver 3 u 12 64 1 0.198 -3.978 0.000 |
search kompanija.com nameserver 10.x.x.x |
# svccfg -s svc:/network/dns/client svc:/network/dns/client> setprop config/domain = astring: kompanija.com svc:/network/dns/client> setprop config/search = astring: "kompanija.com" svc:/network/dns/client> setprop config/nameserver = (10.x.x.x 10.z.z.z) # svcadm refresh svc:/network/dns/client # svcadm restart svc:/network/dns/client |
passwd: files ldap [NOTFOUND=return] group: files ldap [NOTFOUND=return] |
# svccfg -s svc:/system/name-service/switch svc:/system/name-service/switch> setprop config/password = astring: "files ldap [NOTFOUND=return]" svc:/system/name-service/switch> setprop config/group = astring: "files ldap [NOTFOUND=return]" svc:/system/name-service/switch> listprop # svcadm refresh svc:/system/name-service/switch # svcadm restart svc:/system/name-service/switch # svccfg -s svc:/system/name-service/switch listprop | grep ldap config/password astring "files ldap [NOTFOUND=return]" config/group astring "files ldap [NOTFOUND=return]" |
# cat /etc/pam.d/login auth requisite pam_authtok_get.so.1 auth sufficient pam_krb5.so.1 auth required pam_dhkeys.so.1 auth required pam_unix_cred.so.1 auth required pam_unix_auth.so.1 use_first_pass auth required pam_dial_auth.so.1 |
[libdefaults] default_realm = KOMPANIJA.COM verify_ap_req_nofail = false [realms] KOMPANIJA.COM = { kdc = freeipa-server.kompanija.com:88 admin_server = freeipa-server.kompanija.com:749 } [domain_realm] us.oracle.com = KOMPANIJA.COM .us.oracle.com = KOMPANIJA.COM [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log kdc_rotate = { period = 1d version = 10 } [appdefaults] kinit = { renewable = true forwardable= true } |
root@sol-x86:/# ldapclient init freeipa-server.kompanija.com System successfully configured # ldapclient list NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_SERVERS= freeipa-server.kompanija.com NS_LDAP_SEARCH_BASEDN= dc=kompanija,dc=com NS_LDAP_AUTH= none NS_LDAP_SEARCH_REF= TRUE NS_LDAP_SEARCH_TIME= 15 NS_LDAP_CACHETTL= 43200 NS_LDAP_PROFILE= default NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=kompanija,dc=com NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=accounts,dc=kompanija,dc=com NS_LDAP_BIND_TIME= 5 NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount |
root@sol-x86:/# domainname kompanija.com |
root@sol-x86:/# svcadm restart ldap/client |
login as: zarko1 Using keyboard-interactive authentication. Password: Using keyboard-interactive authentication. Your Kerberos account/password will expire in 89 days. Last login: Wed Jul 13 14:20:44 2016 from some-box Oracle Corporation SunOS 5.11 11.3 September 2015 zarko1@sol-x86:/$ klist Ticket cache: FILE:/tmp/krb5cc_1377600004 Default principal: zarko1@KOMPANIJA.COM Valid starting Expires Service principal 13/07/2016 14:21 14/07/2016 14:21 krbtgt/KOMPANIJA.COM@KOMPANIJA.COM renew until 20/07/2016 14:21 |
# ldapsearch -h ca-ldapserver -b "dc=kompanija,dc=com" -s sub "objectclass=DUAConfigProfile" version: 1 dn: cn=default,ou=profile,dc=kompanija,dc=com defaultServerList: ca-ldapserver.kompanija.com defaultSearchBase: dc=kompanija,dc=com objectClass: top objectClass: DUAConfigProfile serviceSearchDescriptor: group:cn=groups,cn=compat,dc=us,dc=oracle,dc=com serviceSearchDescriptor: passwd:cn=users,cn=accounts,dc=us,dc=oracle,dc=com searchTimeLimit: 15 followReferrals: TRUE objectclassMap: shadow:shadowAccount=posixAccount bindTimeLimit: 5 authenticationMethod: none cn: default |
# cat /etc/inet/ntp.conf disable auth server 10.a.c.1 driftfile /var/ntp/ntp.drift statsdir /var/ntp/ntpstats/ filegen peerstats file peerstats type day enable filegen loopstats file loopstats type day enable |
# svcadm enable ntp # ntpq -p remote refid st t when poll reach delay offset disp ============================================================================== 10.a.c.1 10.a.b.1 3 u 61 64 1 0.21 -1.612 15875.0 |
search kompanija.com nameserver 10.x.x.x |
passwd: files ldap [NOTFOUND=return] group: files ldap [NOTFOUND=return] |
# cat /etc/pam.conf login auth requisite pam_authtok_get.so.1 login auth sufficient pam_krb5.so.1 login auth required pam_dhkeys.so.1 login auth required pam_unix_cred.so.1 login auth required pam_unix_auth.so.1 use_first_pass login auth required pam_dial_auth.so.1 rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_cred.so.1 rlogin auth required pam_unix_auth.so.1 krlogin auth required pam_unix_cred.so.1 krlogin auth sufficient pam_krb5.so.1 rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_cred.so.1 krsh auth required pam_unix_cred.so.1 krsh auth required pam_krb5.so.1 ktelnet auth required pam_unix_cred.so.1 ktelnet auth required pam_krb5.so.1 ppp auth requisite pam_authtok_get.so.1 ppp auth required pam_dhkeys.so.1 ppp auth required pam_unix_cred.so.1 ppp auth required pam_unix_auth.so.1 ppp auth required pam_dial_auth.so.1 other auth requisite pam_authtok_get.so.1 other auth sufficient pam_krb5.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_cred.so.1 other auth required pam_unix_auth.so.1 passwd auth required pam_passwd_auth.so.1 cron account required pam_unix_account.so.1 other account requisite pam_roles.so.1 other account required pam_unix_account.so.1 other session required pam_unix_session.so.1 other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_authtok_check.so.1 force_check other password required pam_authtok_store.so.1 |
[libdefaults] default_realm = KOMPANIJA.COM verify_ap_req_nofail = false [realms] KOMPANIJA.COM = { kdc = freeipa-server.kompanija.com:88 admin_server = freeipa-server.kompanija.com:749 } [domain_realm] us.oracle.com = KOMPANIJA.COM .us.oracle.com = KOMPANIJA.COM [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log kdc_rotate = { period = 1d version = 10 } [appdefaults] kinit = { renewable = true forwardable= true } |
root@sol-x86:/# ldapclient init freeipa-server.kompanija.com System successfully configured # ldapclient list NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_SERVERS= freeipa-server.kompanija.com NS_LDAP_SEARCH_BASEDN= dc=kompanija,dc=com NS_LDAP_AUTH= none NS_LDAP_SEARCH_REF= TRUE NS_LDAP_SEARCH_TIME= 15 NS_LDAP_CACHETTL= 43200 NS_LDAP_PROFILE= default NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=kompanija,dc=com NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=accounts,dc=kompanija,dc=com NS_LDAP_BIND_TIME= 5 NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount |
root@sol-x86:/# domainname kompanija.com |
root@sol-x86:/# svcadm restart ldap/client |
$ svcadm restart svc:/system/name-service-cache:default ; svcadm restart ldap/client |
$ /usr/bin/ldaplist -l passwd zarko dn: uid=zarko,cn=users,cn=accounts,dc=kompanija,dc=com title: Super User displayName: Zarko D uid: zarko --shortened -- cn: Zarko D uidNumber: 485400013 gidNumber: 485400013 |
login as: zarko Using keyboard-interactive authentication. Password: Last login: Fri Aug 26 16:12:36 2016 from dhcp-vpn-bla-bla Could not chdir to home directory /home/zarko: No such file or directory Oracle Corporation SunOS 5.10 Generic Patch January 2005 -bash-3.2$ |