Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Active Directory + Solaris integration

Status
Not open for further replies.

andysys

IS-IT--Management
May 20, 2003
103
IN
Hello folks!!!

We have a Active directory & Linux/Solaris setup integrated.
Scenario -

1. AD Server [ OS- Windows 2000 Advanced server ]
2. CLients - Redhat Linux 9/Ad.server 2.1/Ad.server 3.0
3. Solaris 8 & Solaris 9
4. HP-UX 11.11i

Windows services for unix [SFU] has been installed on AD Server.All unix servers has been configured as LDAP client for AD.AD users logs into the these client using their domain id.


Problem facing -

If any user changes password from AD Windows client machine,he is unable to login to Solaris 8.Whereas after changing password login to Linux/Solaris 9 & HP-UX clients
it works without any error.

This login problem occurs only with SOLARIS 8 .
We are using SUNWlldap on solaris.

Observation - [On solairs 8 client]
1.I am able to get users list after changing password for any user .
2. I am able to su - username.

Action taken -
1.Rebooted system.
2.Checked for AD replciation from AD Site & services.
3.Restarted nscd service.

Workaround provided -
If user changes password from AD domain controller,he can login to Solaris 8 client.
But this is not a good solution.We can not provide access to domain controller for all users.


We need to solve this on priority.
Any help would be greatly appreciated.

Thanks
Andy







 
Hello Experts!

Any clue.I am on top of a gun.
 
just guessing: slow updates from AD to Solaris cache, I suggest to stop nscd, you do not really need this.

Doublecheck the patches on the Solaris box; if they are more or less up to date: call Sun Service

Best Regards, Franz
--
UNIX System Manager from Munich, Germany
 
Hi Franz,

Thanks for you reply.

1. We already tried this but it didn't work.
2. Tried by installing patch 108993-48 but it stopped login for all users.
Were unable to get userslist.
#getent passwd

Removed patch...users login started ok on it.

Thanks
Andy
 
Hello Folks,

Any clue...this would be of great help for me.

Thanks
Andy
 
Sounds like the client update to the domain controller is slow..check it's timeouts and syncronization intervals. I'd bet the old password would still work for about 30 min after the password change.
 
Hi WhiteVolg,

You are right.In this case old password works in some cases.
How I can set the synchronization period.
I tried with Active directory sites & services,rebooting
solaris machines.

Any help would be greatly appreciated.

Thanks
Andy
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top