Using the server-secure.driver With an NIS Enabled System, Whether or Not LDoms Is Enabled

Bug ID 6533696: On a system configured to use the Network Information Services (NIS) or NIS+ name service, if the Solaris Security Toolkit software is applied with the server-secure.driver, NIS or NIS+ fails to contact external servers. A symptom of this problem is that the ypwhich(1) command (which returns the name of the NIS or NIS+ server or map master) fails with a message similar to the following:

Domain atlas some.atlas.name.com not bound on nis-server-1.c

The recommended Solaris Security Toolkit driver to use with the Logical Domains Manager is ldm_control-secure.driver, and NIS and NIS+ work with this recommended driver.

If you are using NIS as your name server, you cannot use the Solaris Security Toolkit profile server-secure.driver because you might encounter Solaris OS Bug ID 6557663, IP Filter causes panic when using ipnat.conf. However, the default Solaris Security Toolkit driver, ldm_control-secure.driver, is compatible with NIS.

Recover by Resetting Your System

1. Log in to the system console from the system controller, and if necessary, switch to the ALOM mode by typing:

   # #.

2. Power off the system by typing the following command in ALOM mode:

   sc> poweroff

3. Power on the system.

   sc> poweron

4. Switch to the console mode at the ok prompt:

   sc> console

5. Power on the system.

   ok boot -s

6. Edit the file /etc/shadow.

   Change the root entry of the shadow file to the following:

   root::6445::::::

7. Log in to the system and do one of the following:

   • Add file /etc/ipf/ipnat.conf.

   • Undo the Solaris Security Toolkit, and apply another driver.

   # /opt/SUNWjass/bin/jass-execute -ui # /opt/SUNWjass/bin/jass-execute -a ldm_control-secure.driver