Omnios ipa client
From Asenjo
Revision as of 23:15, 31 March 2013 by Natxo (Talk | contribs) (Created page with "Category:Omnios Category:IPA To enable ldap queries from an omnios server we need to use the ldapclient tool as documented in http://docs.oracle.com/cd/E19253-01/816-...")
To enable ldap queries from an omnios server we need to use the ldapclient tool as documented in http://docs.oracle.com/cd/E19253-01/816-4556/clientsetup-1/index.html
But there is a catch22 when using ldapclient: the tool copies the file /etc/nsswitch.ldap to /etc/nsswitch.conf and this file has this line:
hosts: files ldap
What this means is that all dns queries will ask first the local hosts file and then the ldap servers, but this is not what we want. When trying to configure the ldap resolution I was running into this problem:
# ldapclient init -v -a profileName=default kdc.ipa.asenjo.nxParsing profileName=default
Arguments parsed:
profileName: default
defaultServerList: kdc.ipa.asenjo.nx
Handling init option
About to configure machine by downloading a profile
Proxy DN: NULL
Proxy password: NULL
Authentication method: 0
No proxyDN/proxyPassword required
Shadow Update is not enabled, no adminDN/adminPassword is required.
About to modify this machines configuration by writing the files
Stopping network services
Stopping sendmail
stop: network/smtp:sendmail... failed: entity not found
Stopping sendmail failed with (1). You may need to restart it manually for changes to take effect.
nscd not running
autofs not running
Stopping ldap
stop: network/ldap/client:default... restoring from maintenance state
stop: sleep 100000 microseconds
stop: network/ldap/client:default... success
nis(yp) not running
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: nis domain is "ipa.asenjo.nx"
file_backup: stat(/var/yp/binding/ipa.asenjo.nx)=-1
file_backup: No /var/yp/binding/ipa.asenjo.nx directory.
file_backup: stat(/var/ldap/ldap_client_file)=-1
file_backup: No /var/ldap/ldap_client_file file.
Starting network services
start: /usr/bin/domainname ipa.asenjo.nx... success
start: sleep 100000 microseconds
start: sleep 200000 microseconds
start: sleep 400000 microseconds
start: sleep 800000 microseconds
start: sleep 1600000 microseconds
start: sleep 3200000 microseconds
start: sleep 6400000 microseconds
start: sleep 12800000 microseconds
start: sleep 25600000 microseconds
start: sleep 51200000 microseconds
start: sleep 17700000 microseconds
start: network/ldap/client:default... timed out
start: network/ldap/client:default... offline to disable
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: network/ldap/client:default... success
restart: sleep 100000 microseconds
restart: milestone/name-services:default... success
Error resetting system.
Recovering old system settings.
Stopping network services
Stopping sendmail
stop: network/smtp:sendmail... failed: entity not found
Stopping sendmail failed with (1). You may need to restart it manually for changes to take effect.
nscd not running
autofs not running
ldap not running
nis(yp) not running
recover: stat(/var/ldap/restore/defaultdomain)=0
recover: open(/var/ldap/restore/defaultdomain)
recover: read(/var/ldap/restore/defaultdomain)
recover: old domainname "ipa.asenjo.nx"
recover: stat(/var/ldap/restore/ldap_client_file)=-1
recover: stat(/var/ldap/restore/ldap_client_cred)=-1
recover: stat(/var/ldap/restore/ipa.asenjo.nx)=-1
recover: stat(/var/ldap/restore/nsswitch.conf)=0
recover: file_move(/var/ldap/restore/nsswitch.conf, /etc/nsswitch.conf)=0
recover: stat(/var/ldap/restore/defaultdomain)=0
recover: file_move(/var/ldap/restore/defaultdomain, /etc/defaultdomain)=0
Starting network services
start: /usr/bin/domainname ipa.asenjo.nx... success
start: sleep 100000 microseconds
start: sleep 200000 microseconds
start: network/ldap/client:default... maintenance
restart: sleep 100000 microseconds
restart: milestone/name-services:default... success
Error (1) while starting services during reset
After modifying /etc/nsswitch.ldap to have the line
hosts: files dns
I rerun the ldapclient command and this time it worked as it should:
# ldapclient init -v -a profileName=default kdc.ipa.asenjo.nx
Parsing profileName=default
Arguments parsed:
profileName: default
defaultServerList: kdc.ipa.asenjo.nx
Handling init option
About to configure machine by downloading a profile
Proxy DN: NULL
Proxy password: NULL
Authentication method: 0
No proxyDN/proxyPassword required
Shadow Update is not enabled, no adminDN/adminPassword is required.
About to modify this machines configuration by writing the files
Stopping network services
Stopping sendmail
stop: network/smtp:sendmail... failed: entity not found
Stopping sendmail failed with (1). You may need to restart it manually for changes to take effect.
nscd not running
autofs not running
Stopping ldap
stop: network/ldap/client:default... restoring from maintenance state
stop: sleep 100000 microseconds
stop: network/ldap/client:default... success
nis(yp) not running
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: nis domain is "ipa.asenjo.nx"
file_backup: stat(/var/yp/binding/ipa.asenjo.nx)=-1
file_backup: No /var/yp/binding/ipa.asenjo.nx directory.
file_backup: stat(/var/ldap/ldap_client_file)=-1
file_backup: No /var/ldap/ldap_client_file file.
Starting network services
start: /usr/bin/domainname ipa.asenjo.nx... success
start: sleep 100000 microseconds
start: sleep 200000 microseconds
start: network/ldap/client:default... success
restart: sleep 100000 microseconds
restart: milestone/name-services:default... success
System successfully configured
root@testomnios:~# id admin
uid=642800000(admin) gid=642800000(admins) groups=642800000(admins),642801438(libvirt)
