Chapter 2 Using Solstice AdminSuite in a Name Service Environment
The Solstice AdminSuite software can be used in different name service environments. When you use each application or AdminSuite command-line equivalent, you must specify the name service environment data you wish to modify.
This is a list of the overview information in this chapter.
Available Name Service Environments
Solstice AdminSuite can be used to manage information on the local system or across the network using a name service. The sources of information that can be managed by Solstice AdminSuite are described in Table 2-1.
Note -
When using AdminSuite with a name service, you can only modify information found in the local domain. AdminSuite does not support NIS+ or NIS subdomain modifications. If you wish to change entries in NIS or NIS+ in a subdomain, you must log in and run AdminSuite on a system within the subdomain.
Table 2-1 Available Name Service Environments
|
Name Service |
Select This Name Service to Manage ... |
|---|---|
|
NIS+ table information. This requires sysadmin group (group 14) membership and the appropriate ownership or permissions on the NIS+ tables to be modified. |
|
|
NIS map information. You must be a member of the sysadmin group. If the NIS master server is running the Solaris 1.x OS Release, you must have explicit permissions on the NIS master server to update the maps. This means an entry for your host name and user name must reside in root's .rhosts file on the NIS master server. This entry is not required if the NIS master server is running the Solaris 2.x OS Release and the Name Services Transition Kit 1.2 software and Solstice AdminSuite is installed. |
|
|
None |
The /etc files on the local system. You must be a member of the sysadmin group on the local system. |
See "Setting Up User Permissions to Use Solstice AdminSuite" for information on using Solstice AdminSuite with or without a name service environment.
The /etc/nsswitch.conf File and the Solstice AdminSuite Product
The Solstice AdminSuite software allows you to select which name service databases will be updated (written to) when you make modifications with one of the tools. However, the /etc/nsswitch.conf file on each system specifies the policy for name service lookups (where data will be read from) on that system.
Caution - It is up to the user to make sure that the name service they select from one of the tools is consistent with the specifications in the /etc/nsswitch.conf file. If the selections are not consistent, the tools may behave in unexpected ways, resulting in errors or warnings. See "Selecting a Name Service Environment" for an example of the window from which you select a name service.
The /etc/nsswitch.conf file has no effect on how the system configuration files get updated. In the /etc/nsswitch.conf file, more than one source can be specified for the databases, and complex rules can be used to specify how a lookup can be performed from multiple sources. There is no defined syntax for using the rules in the /etc/nsswitch.conf file to perform updates.
Because of this, updates are controlled by the name service selection that is made when the tools are started. The administrator must decide where the update is to take place.
When using the tools, administrative operations can take place on multiple systems with a single operation. It is possible that each of these systems could have a different /etc/nsswitch.conf configuration. This situation can make it very difficult to administer your network. It is recommended that all of the systems have a consistent set of /etc/nsswitch.conf files and that the Solstice AdminSuite software is used to administer the primary name service specified in the standard /etc/nsswitch.conf file.
With this release of the Solstice AdminSuite product, you can define a more complex update policy for the tools by using the admtblloc command. For more information on this command, refer to the admtblloc(1M) man page and see "The admtblloc Command".
Selecting a Name Service Environment
After you start the Solstice Launcher and click on a Solstice application icon, a window is displayed prompting you to select a name service. Select the name service that is appropriate for your environment.
This example is from Host Manager's Load window.
Note -
The NIS and NIS+ environments are not available for Serial Port Manager.
Working with the Name Services Transition Kit 1.2
The Name Services Transition Kit 1.2 is designed to allow you to support a NIS server running Solaris 2.x. Installing the software and setting up the Solaris 2.x NIS servers is described in the Name Services Transition Kit 1.2 Administrator's Guide. Solstice AdminSuite can manage information using the NIS name service supported by Solaris 2.x NIS servers installed with the Name Services Transition Kit 1.2 software.
On NIS servers installed with the Solaris 2.x OS Release, the Name Service Transition Kit 1.2, and Solstice AdminSuite, the configuration files stored in the /etc directory are modified by Solstice AdminSuite applications (these files are in turn automatically converted to NIS maps). If the NIS server is not installed with Solstice AdminSuite, then the directory location specified by the $DIR variable in the /var/yp/Makefile is used.
Setting Up User Permissions to Use Solstice AdminSuite
To use Solstice AdminSuite, membership in the sysadmin group (group 14) is required. See "Adding Users to the sysadmin Group" for more information.
Following are additional requirements to use Solstice AdminSuite for each name service.
User Permissions in the NIS+ Environment
The requirements for using Solstice AdminSuite are:
-
Membership in the NIS+ admin group.
-
Modify permissions on the NIS+ tables to be managed. These permissions are usually given to the NIS+ admin group members.
See Solaris Naming Administration Guide for information on adding users to a NIS+ group and granting permissions on NIS+ tables.
User Permissions in the NIS Environment
The requirements for using Solstice AdminSuite are:
-
An entry for your host name and user name in root's .rhosts file on the NIS master server if the server is running the Solaris 1.x OS Release. If the NIS master server is running the Solaris 2.x OS Release and Name Services Transition Kit 1.2 software, this entry is not required as long as Solstice AdminSuite is also installed.
-
Running ypbind with the -broadcast option, which is the default form, if you want to manage NIS map information in domains other than your own.
Note -
In order to manager NIS map information in domains other than your own, the other NIS domain masters need to be on directly attached networks.
Adding Users to the sysadmin Group
The following procedure describes how to add users to the sysadmin group using Group Manager, a tool within the Solstice AdminSuite software. To use this tool, you must be already be a member of the sysadmin group and meet the requirements for each name service listed in "Setting Up User Permissions to Use Solstice AdminSuite".
If you do not have access to a user account that is a member of the sysadmin group to run Group Manager, see the procedure to add users to the sysadmin group described in the Solstice AdminSuite 2.3 Installation and Product Notes.
How to Add a User to the sysadmin Group
-
Verify that the prerequisites described in "Requirements for Using Solstice AdminSuite Tools" are met.
-
Type solstice & in a Shell or Command Tool window.
The Solstice Launcher is displayed.
-
Click on the Group Manager icon.
-
Select the name service you wish to modify.
-
Click on OK.
The Group Manager main window is displayed.
-
Click on the sysadmin group in the Group Manager main window.
-
Select Modify from the Edit Menu.
The Modify window is displayed.
-
Add a comma-separated list of members to the Members List text box.
The list must not contain spaces.
- © 2010, Oracle Corporation and/or its affiliates