Chapter 2 Working With the Solaris Management Console (Tasks)

This chapter describes the management tools that are used to perform system administration tasks. Topics include starting the Solaris Management Console (console), setting up role-based access control (RBAC) to use with the console, and working with the Solaris management tools in a name service environment.

For information about the procedures that are associated with performing system management tasks by using the Solaris Management Console, see the following task maps:

• Using the Solaris Management Tools With RBAC (Task Map)

• Using the Solaris Management Tools in a Name Service Environment (Task Map)

For information about troubleshooting Solaris Management Console problems, see Troubleshooting the Solaris Management Console.

Solaris Management Console (Overview)

The following sections provide overview information about the Solaris Manager Console.

What Is the Solaris Management Console?

The Solaris Management Console is a container for GUI-based management tools that are stored in collections referred to as toolboxes.

The console includes a default toolbox with many basic management tools, including tools for managing the following:

• Users

• Projects

• cron jobs for mounting and sharing file systems

• cron jobs for managing disks and serial ports

For a brief description of each Solaris management tool, see Table 2–1.

You can add tools to the existing toolbox, or you can create new toolboxes.

The Solaris Management Console has three primary components:

• The Solaris Management Console client

  Called the console, this component is the visible interface and contains the GUI tools that are used to perform management tasks.

• The Solaris Management Console server

  This component is located either on the same system as the console or it is remote. This component provides all of the back-end functionality that enables management through the console.

• The Solaris Management Console toolbox editor

  This application, which appears similar to the console, is used to add or modify toolboxes, to add tools to a toolbox, or to extend the scope of a toolbox. For example, you could add a toolbox to manage a name service domain.

The default toolbox is visible when you start the console.

Solaris Management Console Tools

This table describes the tools that are included in the default Solaris Management Console toolbox. Cross-references to background information for each tool are provided.

Table 2–1 Solaris Management Console Tool Suite

Category	Tool	Description	For More Information
System Status	System Information	Monitors and manages system information such as date, time, and time zone	Chapter 5, Displaying and Changing System Information (Tasks), in System Administration Guide: Advanced Administration
	Log Viewer	Monitors and manages the Solaris Management Console tools log and system logs	Chapter 14, Troubleshooting Software Problems (Overview), in System Administration Guide: Advanced Administration
	Processes	Monitors and manages system processes	Processes and System Performance in System Administration Guide: Advanced Administration
	Performance	Monitors system performance	Chapter 11, Managing System Performance (Overview), in System Administration Guide: Advanced Administration
System Configuration	Users	Manages users, rights, roles, groups, and mailing lists	What Are User Accounts and Groups? and Role-Based Access Control (Overview) in System Administration Guide: Security Services
	Projects	Creates and manages entries in the /etc/project database	Chapter 2, Projects and Tasks (Overview), in System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones
	Computers and Networks	Creates and monitors computer and network information	Solaris Management Console online help
Services	Scheduled Jobs	Creates and manages scheduled cron jobs	Ways to Automatically Execute System Tasks in System Administration Guide: Advanced Administration
Storage	Mounts and Shares	Mounts and shares file systems	Chapter 18, Mounting and Unmounting File Systems (Tasks), in System Administration Guide: Devices and File Systems
	Disks	Creates and manages disk partitions	Chapter 10, Managing Disks (Overview), in System Administration Guide: Devices and File Systems
	Enhanced Storage	Creates and manages volumes, hot spare pools, state database replicas, and disk sets	Solaris Volume Manager Administration Guide
Devices and Hardware	Serial Ports	Sets up terminals and modems	Chapter 1, Managing Terminals and Modems (Overview), in System Administration Guide: Advanced Administration

Context-sensitive help is available after you start a tool. For more in-depth online information than the context help provides, see the expanded help topics. You can access these topics from the console Help menu.

Why Use the Solaris Management Console?

The console provides a set of tools that have many benefits for administrators.

The console does the following:

• Supports all experience levels

  Inexperienced administrators can complete tasks by using the GUI, which includes dialog boxes, wizards, and context help. Experienced administrators find that the console provides a convenient, secure alternative to using a text editor to manage hundreds of configuration parameters spread across dozens, or hundreds, of systems.

• Controls user access to the system

  Although any user can access the console by default, only superuser can make changes to the initial configuration. As described in Role-Based Access Control (Overview) in System Administration Guide: Security Services, it is possible to create special user accounts called, roles, which can be assigned to users, typically administrators, who are permitted to make specific system changes.

  The key benefit of RBAC is that roles can be limited, so that users have access to only those tasks that are necessary for doing their jobs. RBAC is not required for using the Solaris management tools. You can run all of the tools as superuser, without making any changes.

• Provides a command-line interface

  If preferred, administrators can operate the Solaris management tools through a command-line interface (CLI). Some commands are written specifically to mimic the GUI tool functions, such as the commands for managing users. These commands are listed in Table 1–5, which includes the names and brief descriptions of each command. There is also a man page for each command.

  For Solaris management tools that have no special commands, such as the Mounts and Shares tool, use the standard UNIX commands.

For in-depth information about how RBAC works, its benefits, and how to apply those benefits to your site, see Role-Based Access Control (Overview) in System Administration Guide: Security Services.

To learn more about using RBAC with the Oracle Solaris management tools, see Using the Solaris Management Tools With RBAC (Task Map).

Organization of the Solaris Management Console

In the following figure, the console is shown with the Users tool open.

Figure 2–1 Solaris Management Console Users Tool

The main part of the console consists of three panes:

• Navigation pane (left) – For accessing tools (or sets of tools), folders, or other toolboxes. Icons in the navigation pane are called nodes and are expandable, if they are folders or toolboxes.

• View pane (right) – For viewing information related to the node selected in the navigation pane. The view pane shows either the contents of the selected folder, subordinate tools, or the data that is associated with the selected tool.

• Information pane (bottom) – For displaying context-sensitive help or console events.

Changing the Solaris Management Console Window

The layout of the console window is highly configurable. You can use the following features to change the console window layout:

• View menu – Use the Show option in the View menu to hide or display the optional bars and panes. The other options in the View menu control the display of nodes in the view pane.

• Console menu – Use the Preferences option to set the following: the initial toolbox, the orientation of panes, clicking or double-clicking for selection, text or icons in the tool bar, fonts, default tool loading, authentication prompts, and advanced logins.

• Context Help or Console Events toggles – Use the icons at the bottom of the information pane to toggle between the display of context-sensitive help and console events.

Solaris Management Console Documentation

The main source of documentation for using the console and its tools is the online help system. The following two forms of online help are available:

• Context-sensitive help responds to your use of the console tools.

  Clicking the cursor on tabs, entry fields, radio buttons, and so forth, causes the appropriate help to be displayed in the Information pane. You can close or reopen the Information pane by clicking the question mark button on dialog boxes and wizards.

• Expanded help topics are available from the Help menu or by clicking cross reference links in some of the context-sensitive help.

  These topics, which are displayed in a separate viewer, contain more in-depth information than is provided by the context help. Topics include: overviews of each tool, explanations of how each tool works, files that are used by a specific tool, and troubleshooting information.

For a brief overview of each tool, refer to Table 2–1.

How Much Role-Based Access Control?

As described in Why Use the Solaris Management Console?, a major advantage of using the Solaris management tools is the ability to use Role-Based Access Control (RBAC). RBAC provides administrators with access to just the tools and commands they need to perform their jobs.

Depending on your security needs, you can use varying degrees of RBAC.

RBAC Approach	Description	For More Information
No RBAC	Enables you to perform all tasks as superuser. You can log in as yourself. When you select a Solaris management tool, you specify root as the user and the root password.	How to Become Superuser (root) or Assume a Role
root as a role	Eliminates anonymous root logins and prevents users from logging in as root. This approach requires users to log in as themselves before they assume the root role. Note that you can apply this approach whether or not you are using other roles.	How to Plan Your RBAC Implementation in System Administration Guide: Security Services
Single role only	Uses the Primary Administrator role, which is essentially equivalent to having root access.	Creating the Primary Administrator Role
Suggested roles	Uses three roles that are easily configured: Primary Administrator, System Administrator, and Operator. These roles are appropriate for organizations with administrators at different levels of responsibility whose job capabilities fit the suggested roles.	Role-Based Access Control (Overview) in System Administration Guide: Security Services
Custom roles	You can add your own roles, depending on your organization's security needs.	Managing RBAC in System Administration Guide: Security Services and How to Plan Your RBAC Implementation in System Administration Guide: Security Services

Becoming Superuser (root) or Assuming a Role

Most administration tasks, such as adding users or managing file systems require that you first log in as root (UID=0) or assume a role, if you are using RBAC. The root account, also known as the superuser account, is used to make system changes and can override user file protection in emergency situations.

The superuser account and roles should be used only to perform administrative tasks to prevent indiscriminate changes to the system. The security problem that is associated with the superuser account is that this user has complete access to the system, even when performing minor tasks.

In a non-RBAC environment, you can either log in to the system as superuser or use the su command to change to the superuser account. If RBAC is implemented, you can assume roles through the console or use su and specify a role.

When you use the console to perform administration tasks, you can do one of the following:

• Log in to the console as yourself and then supply the root user name and password

• Log in to the console as yourself and then assume a role

A major benefit of RBAC is that roles can be created to give limited access to specific functions only. If you are using RBAC, you can run restricted applications by assuming a role rather than by becoming superuser.

For step-by-step instructions on creating the Primary Administrator role, see How to Create the First Role (Primary Administrator). For an overview of RBAC, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

How to Become Superuser (root) or Assume a Role

Become superuser or assume a role by using one of the following methods. Each method requires that you know either the superuser password or the role password.

1. Become superuser by selecting one of the following methods:

   • Log in as a user, then do the following:

     1. Start the Solaris Management Console.

     2. Select a Solaris management tool.

     3. Log in as root.

     This method enables to you perform any management task from the console.

     For information on starting the Solaris Management Console, see How to Start the Solaris Management Console in a Name Service Environment.

   • Log in as superuser on the system console.

     hostname console: root Password: root-password #

     The pound sign (#) is the shell prompt for the superuser account.

     This method provides complete access to all of the system commands and tools.

   • Log in as a user, then change to the superuser account by using the su command at the command line.

     % su Password: root-password #

     This method provides complete access to all of the system commands and tools.

   • Log in remotely as superuser.

     This method is not enabled by default. You must modify the /etc/default/login file to remotely log in as superuser on the system console. For information on modifying this file, see Chapter 3, Controlling Access to Systems (Tasks), in System Administration Guide: Security Services.

     This method provides complete access to all system commands and tools.

2. Assume a role.

   Select one of the following methods:

   • Log in as user, then change to a role by using the su command at the command line.

     % su role Password: role-password $

     This method provides access to all of the commands and tools that the role has access to.

   • Log in as a user, then do the following:

     1. Start the Solaris Management Console.

     2. Select a Solaris management tool.

     3. Assume a role.

     For information on starting the Solaris Management Console, see How to Start the Console as Superuser or as a Role.

     This method provides access to all of the Solaris management tools that the role has access to.

Using the Solaris Management Tools With RBAC (Task Map)

This task map describes the tasks you will need to perform, if you want to use the RBAC security features to perform administration tasks, rather than use the superuser account.

---

Note –

The information in this chapter describes how to use the console with RBAC. RBAC overview and task information is included to show how to initially set up RBAC with the console.

For detailed information about RBAC and how to use it with other applications, see Role-Based Access Control (Overview) in System Administration Guide: Security Services.

---

Task	Description	For Instructions
1. Start the console.	If your user account is already set up, start the console as yourself. Then, log in to the console as root. If you do not have a user account set up, become superuser first, and then start the console.	How to Start the Console as Superuser or as a Role
2. Add a user account for yourself.	Add a user account for yourself, if you do not have an account already.	Solaris Management Console online help  If You Are the First to Log In to the Console
3. Create the Primary Administrator role	Create the Primary Administrator role. Then, add yourself to this role.	How to Create the First Role (Primary Administrator)
4. Assume the Primary Administrator role.	Assume the Primary Administrator role after you have created this role.	How to Assume the Primary Administrator Role
5. (Optional) Make root a role.	Make root a role and add yourself to the root role, so that no other user can use the su command to become root.	How to Plan Your RBAC Implementation in System Administration Guide: Security Services
6. (Optional) Create other administrative roles.	Create other administrative roles and grant the appropriate rights to each role. Then, add the appropriate users to each role.	Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services

The following sections provide overview information and step-by-step instructions for using the Solaris Management Console and the RBAC security features.

If You Are the First to Log In to the Console

If you are the first administrator to log in to the console, start the console as a user (yourself). Then, log in as superuser. This method gives you complete access to all of the console tools.

Here are the general steps to follow, depending on whether you are using RBAC:

• Without RBAC – If you choose not to use RBAC, continue working as superuser. All other administrators will also need root access to perform their jobs.

• With RBAC – You will need to do the following:

  • If you do not already have an account, set up your user account.

  • Create the role called Primary Administrator.

  • Assign the Primary Administrator right to the role that you are creating.

  • Assign your user account to this role.

    For step-by-step instructions on creating the Primary Administrator role, see How to Create the First Role (Primary Administrator).

    For an overview of how RBAC works, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

Creating the Primary Administrator Role

An administrator role is a special user account. Users who assume a role are permitted to perform a predefined set of administrative tasks.

The Primary Administrator role is permitted to perform all administrative functions, similar to superuser.

If you are superuser, or a user who is assuming the Primary Administrator role, you can define which tasks other administrators are permitted to perform. With the help of the Add Administrative Role wizard, you can create a role, grant rights to the role, and then specify which users are permitted to assume that role. A right is a named collection of commands, or authorizations, for using specific applications. A right enables you to perform specific functions within an application. The use of rights can be granted or denied by an administrator.

The following table describes the information that you are prompted for when you create the Primary Administrator role.

Table 2–2 Field Descriptions for Adding a Role by Using the Solaris Management Console

Field name	Description
Role name	Selects the name an administrator uses to log in to a specific role.
Full name	Provides a full, descriptive name of this role. (Optional)
Description	Provides further description of this role.
Role ID number	Selects the identification number assigned to this role. This number is the same as the set of identifiers for UIDs.
Role shell	Selects the shell that runs when a user logs in to a terminal or console window and assumes a role in that window.
Create a role mailing list	Creates a mailing list with the same name as the role, if checked. You can use this list to send email to everyone assigned to the role.
Role password and confirm Password	Sets and confirms the role password.
Available rights and granted Rights	Assigns rights to this role by choosing from the list of Available Rights and adding them to the list of Granted Rights.
Select a home directory	Selects the home directory server where this role's private files will be stored.
Assign users to this role	Adds specific users to the role so that they can assume the role to perform specific tasks.

For detailed information about RBAC and instructions on how to use roles to create a more secure environment, see Role-Based Access Control (Overview) in System Administration Guide: Security Services.

How to Create the First Role (Primary Administrator)

This procedure describes how to create the Primary Administrator role and then assign it to your user account. This procedure assumes that your user account is already created.

1. Start the console as yourself.

   % /usr/sadm/bin/smc &

   For additional information about starting the console, see How to Start the Console as Superuser or as a Role.

   The console online help provides more information about creating a user account for yourself.

2. Click the This Computer icon in the Navigation pane.

3. Click System Configuration ->Users -> Administrative Roles.

4. Click Action ->Add Administrative Role.

   The Add Administrative Role wizard opens.

5. Create the Primary Administrator role with the Administrative Role wizard by following these steps:

   1. Identify the role name, which includes the full role name, description, role ID number, role shell, and whether you want to create a role mailing list. Click Next.

   2. Set and confirm the role password, then click Next.

   3. Select the Primary Administrator right from the Available Rights column, add it to Granted Rights column.

   4. Click Next.

   5. Select the home directory for the role, then click Next.

   6. Assign yourself to the list of users who can assume the role, then click Next.

   If necessary, see Table 2–2 for a description of the role fields.

6. Click Finish.

How to Assume the Primary Administrator Role

After you have created the Primary Administrator role, you will need to log in to the console as yourself, and then assume the Primary Administrator role. When you assume a role, you take on all of the attributes of that role, including the rights. At the same time, you relinquish all of your own user properties.

1. Start the console.

   % /usr/sadm/bin/smc &

   For information about starting the console, see How to Start the Console as Superuser or as a Role.

2. Log in with your user name and password.

   A list shows which roles you are permitted to assume.

3. Log in to the Primary Administrator role and provide the role password.

Starting the Solaris Management Console

The following procedure describes how to start the console and gain access to the Solaris management tools.

For instructions on what to do if you are the first user to log in to the console, see If You Are the First to Log In to the Console.

How to Start the Console as Superuser or as a Role

If you start the console as a user with your own user account, you have limited access to the Solaris management tools. For greater access, you can log in as yourself, and then log in as one of the roles that you are permitted to assume. If you are permitted to assume the role of Primary Administrator, you have access to all of the Solaris management tools. This role is equivalent to superuser.

1. Verify that you are in a window environment, such as the GNOME environment.

2. Start the console.

   % /usr/sadm/bin/smc &

   It might take a minute or two for the console to come up the first time.

   The Solaris Management Console window is displayed.

   ---

   Note –

   Open a console in your window environment to display the Solaris Management Console startup messages. Do not attempt to start the Solaris Management Console server manually before starting the Solaris Management Console application. The server starts automatically when you start the Solaris Management Console. For information on troubleshooting console problems, see Troubleshooting the Solaris Management Console.

   ---

3. Under the Management Tools icon in the Navigation pane, double-click the This Computer icon.

   A list of categories is displayed.

4. (Optional) Select the appropriate toolbox.

   If you want to use a toolbox other than the default toolbox, select that toolbox from the Navigation pane. Or, select Open Toolbox from the console menu and load the toolbox that you want.

   For information about using different toolboxes, see How to Create a Toolbox for a Specific Environment.

5. To access a particular tool, double-click the category icon.

   Use the online help to identify how to perform a specific task.

6. Double-click the tool icon.

   A pop-up Log-In window is displayed.

7. Decide if you want to use the tool as superuser or as a role.

   • If you are logging in a as superuser, enter the root password.

   • If you are logging in as yourself, backspace over the root user name, then supply your user ID and user password.

     A list of roles you can assume is displayed.

8. Select the Primary Administrator role or an equivalent role, then supply the role password.

   For step-by-step instructions on creating the Primary Administrator role, see How to Create the First Role (Primary Administrator).

   The main tool menu is displayed.

Using the Solaris Management Tools in a Name Service Environment (Task Map)

By default, the Solaris management tools are set up to operate in a local environment. For example, the Mounts and Shares tool enables you to mount and share directories on specific systems, but not in an NIS or NIS+ environment. However, you can manage information with the Users and Computers and Networks tools in a name service environment.

To work with a console tool in a name service environment, you need to create a name service toolbox, and then add the tool to that toolbox.

Task	Description	For Instructions
1. Verify prerequisites.	Verify you have completed the prerequisites before attempting to use the console in a name service environment.	Prerequisites for Using the Solaris Management Console in a Name Service Environment
2. Create a toolbox for the name service.	Use the New Toolbox wizard to create a toolbox for your name service tools.	How to Create a Toolbox for a Specific Environment
3. Add a tool to the name service toolbox.	Add the Users tool, or any other name service tool, to your name service toolbox.	How to Add a Tool to a Toolbox
4. Select the toolbox that was just created.	Select the toolbox you just created to manage name service information.	How to Start the Solaris Management Console in a Name Service Environment

RBAC Security Files

The RBAC security files that work with the Solaris Management Console are created when you upgrade to or install at least the Solaris 9 release. If you do not install the Solaris Management Console packages, the RBAC security files are installed without the necessary data for using RBAC. For information on the Solaris Management Console packages, see Troubleshooting the Solaris Management Console.

The RBAC security files if you are running at least the Solaris 9 release are included in your name service so that you can use the Solaris Management Console tools in a name service environment.

The security files on a local server are populated into a name service environment as part of a standard upgrade by the ypmake, nispopulate, or equivalent LDAP commands.

The following name services are supported:

• NIS

• NIS+

• LDAP

• files

The RBAC security files are created when you upgrade to or install Oracle Solaris 10.

This table briefly describes the predefined security files that are installed on a system that is running the Oracle Solaris release.

Table 2–3 RBAC Security Files

Local File Name	Table or Map Name	Description
/etc/user_attr	user_attr	Associates users and roles with authorizations and rights profiles
/etc/security/auth_attr	auth_attr	Defines authorizations and their attributes and identifies associated help files
/etc/security/prof_attr	prof_attr	Defines rights profiles, lists the rights profiles assigned to the authorizations, and identifies associated help files
/etc/security/exec_attr	exec_attr	Defines the privileged operations assigned to a rights profile

For unusual upgrade cases, you might have to use the smattrpop command to populate RBAC security files in the following instances:

• When creating or modifying rights profiles

• When you need to include users and roles by customizing the usr_attr file

For more information, see Role-Based Access Control (Overview) in System Administration Guide: Security Services.

Prerequisites for Using the Solaris Management Console in a Name Service Environment

The following table identifies what you need to do before you can use the Solaris Management Console in a name service environment.

Prerequisite	For More Information
Install the Oracle Solaris 10 release.	Oracle Solaris 10 9/10 Installation Guide: Basic Installations
Set up your name service environment.	System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)
Select your management scope.	Management Scope
Make sure your /etc/nsswitch.conf file is configured, so that you can access your name service data.	/etc/nsswitch.conf File

Management Scope

The Solaris Management Console uses the term management scope to refer to the name service environment that you want to use with the selected management tool. The management scope choices for the Users tool and the Computers and Networks tool are LDAP, NIS, NIS+, or files.

The management scope that you select during a console session should correspond to the primary name service that is identified in the /etc/nsswitch.conf file.

/etc/nsswitch.conf File

The /etc/nsswitch.conf file on each system specifies the policy for name service lookups (where data is read from) on that system.

---

Note –

You must make sure that the name service accessed from the console, which you specify through the console Toolbox Editor, appears in the search path of the /etc/nsswitch.conf file. If the specified name service does not appear there, the tools might behave in unexpected ways, resulting in errors or warnings.

---

When you use the Solaris management tools in a name service environment, you might impact many users with a single operation. For example, if you delete a user in the NIS or NIS+ name service, that user is deleted on all systems that are using NIS or NIS+.

If different systems in your network have different /etc/nsswitch.conf configurations, unexpected results might occur. So, all systems to be managed with the Solaris management tools should have a consistent name service configuration.

How to Create a Toolbox for a Specific Environment

Applications for administering the Oracle Solaris operating system are called tools. Those tools are stored in collections referred to as toolboxes. A toolbox can be located on a local server where the console is located or on a remote machine.

Use the Toolbox Editor to do the following:

• Add a new toolbox

• Add tools to an existing toolbox

• Change the scope of a toolbox

  For example, use this tool to change the domain from local files to a name service.

---

Note –

You can start the Toolbox Editor as a regular user. However, if you plan to make changes and save them to the default console toolbox, /var/sadm/smc/toolboxes, you must start the Toolbox Editor as root.

---

1. Start the Toolbox Editor.

   # /usr/sadm/bin/smc edit &

2. Select Open from the Toolbox menu.

3. In the Toolboxes window, select This Computer.

4. Click Open.

   The This Computer toolbox opens.

5. In the Navigation pane, select the This Computer icon again.

6. From the Action menu, select Add Folder.

7. Use the Folder wizard to add a new toolbox for your name service environment.

   1. Name and Description – Provide a name in the Full Name window, then click Next.

      For example, for the NIS environment, provide “NIS tools”.

   2. Provide a description in the Description window, then click Next.

      For example, “tools for NIS environment” is an appropriate description.

   3. Icons – Use the default value for the Icons, then click Next.

   4. Management Scope – Select Override.

   5. Under the Management Scope pull-down menu, Select your name service u.

   6. Add the name service master name in the Server field, if necessary.

   7. In the Domain field, add the domain that is managed by the server.

   8. Click Finish.

      The new toolbox is displayed in the left Navigation pane.

8. Select the new toolbox icon, then select Save As from the Toolbox menu.

9. In the Local Toolbox Filename dialog, enter the toolbox path name.

   Use the .tbx suffix.

   /var/sadm/smc/toolboxes/this_computer/toolbox-name.tbx

10. Click Save.

    The new toolbox is displayed in the Navigation pane in the console window.

See Also

After you have created a name service toolbox, you can put a name service tool into it. For more information, see How to Add a Tool to a Toolbox.

How to Add a Tool to a Toolbox

In addition to the default tools that ship with the console, additional tools can be launched from the console. As these tools become available, you can add one or more tools to an existing toolbox.

You can also create a new toolbox for either local management or network management. Then, you can add tools to the new toolbox.

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Start the Toolbox Editor, if necessary.

   # /usr/sadm/bin/smc edit &

3. Select the toolbox.

   If you want to work in a name service, select the toolbox that you just created in the Toolbox Editor. For more information, see How to Create a Toolbox for a Specific Environment.

4. From the Action menu, select Add Tool.

5. Use the Add Tool wizard to add the new tool.

   1. Server Selection – Add the name service master in the Server window. Click Next.

   2. Tools Selection – Select the tool you want to add from the Tools window. Click Next.

      If this toolbox is a name service toolbox, choose a tool that you want to work with in the name service environment. For example, choose the Users tool.

   3. Name and Description – Accept the default values, then click Next.

   4. Icons – Accept the default values, unless you have created custom icons. Click Next.

   5. Management Scope – Accept the default value, “Inherit from Parent.” Click Next.

   6. Tool Loading – Accept the default value, “Load tool when selected.” Click Finish.

6. To save the updated toolbox, Select Save.

   The Local Toolbox window is displayed.

How to Start the Solaris Management Console in a Name Service Environment

After you have created a name service toolbox and added tools to it, you can start the Solaris Management Console and open that toolbox to manage a name service environment.

Before You Begin

Verify that the following prerequisites are met:

• Ensure that the system you are logged in to is configured to work in a name service environment.

• Verify that the /etc/nsswitch.conf file is configured to match your name service environment.

1. Start the Solaris Management Console.

   For more information, see How to Start the Console as Superuser or as a Role.

2. Select the toolbox that you created for the name service

   The toolbox is displayed in the Navigation pane.

   For information about creating a toolbox for a name service, see How to Create a Toolbox for a Specific Environment.

Adding Tools to the Solaris Management Console

You can add legacy tools or unbundled tools to the console. If you want to add authentication to these tools, see Managing RBAC in System Administration Guide: Security Services.

How to Add a Legacy Tool to a Toolbox

A legacy tool is any application that was not designed specifically as a Solaris management tool. Each tool you add to a toolbox can then be launched from the Solaris Management Console.

You can add the following types of legacy tool applications to a console toolbox:

• X applications

• Command-line interface (CLI) applications

• HTML applications

1. Become superuser or assume an equivalent role.

2. Start the Solaris Management Console Toolbox Editor, if necessary.

   # /usr/sadm/bin/smc edit &

3. Open the toolbox to which you want to add the legacy application.

   The toolbox selected is opened in the Toolbox Editor.

4. Select the node in the toolbox to which you want to add the legacy application.

   A legacy application can be added to the top node of a toolbox or to another folder.

5. Click Action -> Add Legacy Application.

   The General panel of the Legacy Application Wizard is displayed.

6. Follow the instructions in the wizard.

7. Save the toolbox in the Toolbox Editor.

How to Install an Unbundled Tool

If you want to add a new tool package that can be launched from the Solaris Management Console, use the following procedure.

1. Become superuser or assume an equivalent role.

2. Install the new tool package.

   # pkgadd ABCDtool

3. Restart the console, so that it recognizes the new tool.

   1. Stop the console server.

      # /etc/init.d/init.wbem stop

   2. Start the console server.

      # /etc/init.d/init.wbem start

4. To verify that the new tool is displayed, start the console.

   For more information, see How to Start the Console as Superuser or as a Role.

Troubleshooting the Solaris Management Console

Before following this troubleshooting procedure, make sure that the following packages are installed:

• SUNWmc – Solaris Management Console 2.1 (Server Components)

• SUNWmcc – Solaris Management Console 2.1 (Client Components)

• SUNWmccom – Solaris Management Console 2.1 (Common Components)

• SUNWmcdev – Solaris Management Console 2.1 (Development Kit)

• SUNWmcex – Solaris Management Console 2.1 (Examples)

• SUNWwbmc – Solaris Management Console 2.1 (WBEM Components)

These packages provide the basic Solaris Management Console launcher. Note that you must install the SUNWCprog cluster to use the Solaris Management Console and all of its tools.

How to Troubleshoot the Solaris Management Console

The client and the server are started automatically when you start the Solaris Management Console.

If the console is visible and you are having trouble running the tools, the server might not be running, or the server might be in a problem state that can be resolved by stopping and restarting it.

1. Become superuser or assume an equivalent role.

2. Determine whether the console server is running.

   # /etc/init.d/init.wbem status

   If the console server is running, you should see a message similar the following:

   SMC server version 2.1.0 running on port 898.

3. If the console server is not running, start it.

   # /etc/init.d/init.wbem start

   After a short time, you should see a message similar to the following:

   SMC server is ready.

4. If the server is running, and you are still having problems, do the following:

   1. Stop the console server.

      # /etc/init.d/init.wbem stop

      You should see a message similar to the following:

      Shutting down SMC server on port 898.

   2. Start the console server.

      # /etc/init.d/init.wbem start