-=Step-by-Step Sun Directory Server Installation for Solaris 10=-
This document starts with an installed Solaris 10 server and covers the installation of a Whole-Root Zone, custom configuration for the zone, the installation of sudo and some other nice to haves.
Let’s begin by downloading all of the necessary files …
Go to http://www.sunfreeware.com and download the latest version of sudo for Solaris 10.
If you want Windows authentication, you might want to download pGina from http://pgina.sourceforge.net
Go to http://www.sun.com/download to go down under the heading Identity Management and click on Directory Server. Click on Directory Server 5 2005Q4 (5.2 P4) –> Click on download –> Sign In with your Sun access account –> Accept License Agreement –> and download.
Place all of the software in the /zones/pub directory (accept for pGina of course)
Create a zone
Within the directory which will be holding the zones, create a directory called ldapserver1. In this example, I will assume that the mount point is /zones/ldapserver1). Also, create a directory to share between the global and whole-root zone. Typically I make the /zones directory a mount to a SAN or something other than mounted off the root (/). I utilize /zones/pub as a common storage area for patches and software.
# mkdir /zones/ldapserver1
# mkdir /zones/pub
Prepare a zone creation script which is called ldapserver1.zone. I typically keep this file in the directory of the zone being created (/zones/ldapserver1). Notice what your physical network interface is before hand by issuing the following command:
root@sol10globalzone# ifconfig -a
# vi /zones/ldapserver1/ldapserver1.zone
create -b
set zonepath=/zones/ldapserver1
set autoboot=true
add fs
set dir=/pub
set special=/zones/pub
set type=lofs
end
# only add if CDROM exists
add fs
set dir=/cdrom
set special=/cdrom
set type=lofs
end
add net
set address=192.168.1.XXX
set physical=pcn0 #whatever your physical interface is
end
Install the zone
# cd /zones/ldapserver1
# zonecfg –z ldapserver1 –f ldapserver1.zone
# chmod 700 /zones/ldapserver1
# zonecfg –z ldapserver1 info
# zonecfg –z ldapserver1 verify
# zoneadm –z ldapserver1 install
# zoneadm list –icv
# zoneadm –z ldapserver1 ready
# zoneadm –z ldapserver1 boot
# zlogin –C ldapserver1 –> ensure it works and then exit …
You must have the zone configured to resolve its name through /etc/hosts or through a DNS server. Fix this first, if not using DNS, then put and entry into your /etc/hosts that looks like this:
# vi /etc/hosts
127.0.0.1 localhost loghost
192.168.1.XXX ldapserver1.domain.com ldapserver1
Reboot or restart network service …
Let’s Configure the ldapserver1
1. zlogin -z ldapserver1
2. vi /etc/passwd –> change shell from /sbin/sh to /bin/bash
3. vi /root/.profile and add custom prompt and add path
export PS1=�33[32;2mu@h e[31;2mtn e[30;0mw $
PATH=$PATH:/usr/local/bin:/usr/local/sbin
:wq then su – to see changes
4. vi /etc/hosts and add all of the machines
# cat /net//jumpstart/config/hosts >> /etc/hosts
5. vi /etc/resolv.conf and change server to
6. SUDO Setup
# gunzip /pub/sudo-1.6.8p9-sol10-sparc-local.gz
# pkgadd -d /pub/sudo-1.6.8p9-sol10-sparc-local
--> select 1 --> y --> y (add local admin user accounts by issuing
visudo command)
# groupadd -g 101 ldap
# mkdir /var/Sun
# useradd -g 101 -u 101 -c “ldap privsep” -d /var/Sun/mps -m -s /bin/bash ldap
# passwd ldap --> Password#1
# usermod -K defaultpriv=basic,net_privaddr ldap
7. Installation of iPlanet LDAP
# cd /pub
# gunzip ds* ; tar xvf ds*
# ./setup --> Enter --> Enter --> Enter --> yes
Fully Qualified Computer Name [ldapserver1.domain.com] Enter –> Enter –> Enter –> Enter –> Enter –> System User: ldap –> System Group: ldap –> Enter –> Enter –> Enter –> Enter –> Enter –>
admin Enter –> Password (twice) = Password#1 –> Enter –> Enter –> Password#1 –> Enter –> Enter –> watch progress bar …
Enter to end installation
8. Add the following Startup script:
# vi /etc/init.d/dscontrol
#!/sbin/sh
#
# Copyright (c) 2001 by Sun Microsystems, Inc
# All rights reserved.
#
#ident “@(#)slapd and admin 5.2p4 09/29/06″
case “$1″ in
start)
/var/Sun/mps/slapd-ldapserver1/start-slapd
/var/Sun/mps/start-admin
;;
restart)
/var/Sun/mps/slapd-ldapserver1/restart-slapd
/var/Sun/mps/restart-admin
;;
stop)
/var/Sun/mps/slapd-ldapserver1/stop-slapd
/var/Sun/mps/stop-admin
;;
*)
echo “Usage: $0 { start | restart | stop }”
exit 1
;;
esac
exit 0
# chmod 755 /etc/init.d/dscontrol
# ln -s /etc/init.d/dscontrol /etc/rc3.d/S90dscontrol
# ln -s /etc/init.d/dscontrol /etc/rc1.d/K90dscontrol
9. Configuration of IDS
# cd /usr/lib/ldap
# ./idsconfig –> y
hostname to setup: ldapserver1 –> Enter –> Enter –> passwd = Password#1 –> Enter –>
Enter –> Enter –> Enter –> Enter –> Enter –> Credential level = 2 –> Authentication Methods = 2 –> another Auth Method = n –> Enter –> Enter –> crypt format = y –> Enter –> Enter –> Enter –> Enter –> Enter –> Enter –> Enter –> passwd for proxyagent = differentpasswd (twice) –> committing changes = y
Exit the ldap server completely
10. Launching LDAP GUI and adding users (from SunRay or other Sun box)
# ssh -X username@ldapserver1.domain.com
# sudo mkdir /export/home/ ; chown /export/home/
# sudo /var/Sun/mps/startconsole & (is your local user in the sudoers file?)
–> Login using admin and Password#1
–> Open ldapserver1.domain.com
–> Open Server Group
–> Click on Directory Server and click on the Open button, this will launch a new window.
–> Click on the Directory Tab and Open dc=domain,dc=com
–> Open the last user created –> click on Posix User and note the UID
–> Right Click on People and select New –> User (opens a new window)
–> Fill in all of the blanks allowing the username to be first initial lastname.
–> Click on Posix user in the left sidebar menu
–> Click on Enable Posix User Attributes and enter the information, Gecos is optional information, usually I put the whole user’s name like the comment field when doing useradd. –> Click the OK button.
–> Right Click on new user’s name –> Edit with Generic Editor –> Click on gray area called Object class and then click on the Add Value button on the Right.
–> Within the open window, select shadowaccount and click the OK button –> and OK again to close the user window.
11. Initiating a Solaris 10 server as an LDAP Client
# Ensure that LDAP Client can resolve LDAP server name
# ssh @
# su -
# ldapclient init -a profileName=default
-a domainName=domain.com
-a proxyDN=cn=proxyagent,ou=profile,dc=domain,dc=com
-a proxyPassword=differentpasswd
-a defaultServerList=192.168.1.XXX (should get successfully configured)
# vi /etc/nssitch.conf –> should look like this …
passwd: files ldap
group: files ldap
hosts: files
ipnodes: files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
netgroup: files ldap
automount: files ldap
aliases: files ldap
services: files ldap
printers: user files ldap
auth_attr: files ldap
prof_attr: files ldap
project: files ldap
Autohome Installation within LDAP
Login in to the native LDAP (Light-Weight Directory Access Protocol) client
and perform the following steps.
1.Create an auto_master file:
root@ldapclient# vi /tmp/auto_master
# Master map for automounter
/home auto_home -nobrowse
2.Add it to LDAP database:
root@ldapclient# /usr/sbin/ldapaddent -D “cn=directory manager” -w password -f /tmp/auto_master auto_master
1 entries added
3. Create an auto_home file
root@ldapclient# vi /tmp/auto_home
# Home directory map for automounter
* nfsserver:/nfs/home/&
4. Add to LDAP database:
root@ldapclient# /usr/sbin/ldapaddent -D “cn=directory manager” -w dirmanager -f
/etc/auto_home auto_home
1 entries added
The automount maps will be stored as below in the directory server
root@ldapclient# ldaplist -l auto_master
dn: automountKey=/test,automountMapName=auto_master,o=sun.com
objectClass: automount
objectClass: top
automountKey: /home
automountInformation: auto_home -nobrowse
root@ldapclient# ldaplist -l auto_home
dn: automountKey=*,automountMapName=auto_home,o=sun.com
objectClass: automount
objectClass: top
automountKey: *
automountInformation: snoopy:/nfs/home/&
5. Start automount daemon
/etc/init.d/autofs start
6. Create a user in directory server and specify user’s home directory
root@ldapclient# /usr/bin/ldapsearch -b “o=domain.com” uid=ldapuser homedirectory
uid=ldapuser,ou=people,o=domain.com
homedirectory=/home/ldapuser
7. Login as a user and automount will mount the user’s home directory.
{loadposition user9}
Related Articles By Tags:
{loadposition user1}
