Using the server-secure.driver With an NIS Enabled System, Whether or Not LDoms Is Enabled

Bug ID 6533696: On a system configured to use the Network Information Service (NIS) or NIS+ naming service, if the Solaris Security Toolkit software is applied with the server-secure.driver, NIS or NIS+ fails to contact external servers. A symptom of this problem is that the ypwhich(1) command (which returns the name of the NIS or NIS+ server or map master) fails with a message similar to the following:

Domain atlas some.atlas.name.com not bound on nis-server-1.c

The recommended Solaris Security Toolkit driver to use with the Logical Domains Manager is ldm_control-secure.driver, and NIS and NIS+ work with this recommended driver.

If you are using NIS as your naming service, you cannot use the Solaris Security Toolkit profile server-secure.driver because you might encounter Solaris OS Bug ID 6557663, IP Filter causes panic when using ipnat.conf. However, the default Solaris Security Toolkit driver, ldm_control-secure.driver, is compatible with NIS.

Recover by Resetting Your System

1. Log in to the system controller by using the ssh command.

2. Power off the system.

   -> stop /SYS

3. Power on the system.

   -> start /SYS

4. Log in to the system console.

   -> start /SP/console

5. Boot the system.

   ok boot -s

6. Edit the file /etc/shadow.

   Change the root entry of the shadow file to the following:

   root::6445::::::

7. Log in to the system and do one of the following:

   • Add file /etc/ipf/ipnat.conf.

   • Undo the Solaris Security Toolkit, and apply another driver.

   # /opt/SUNWjass/bin/jass-execute -ui # /opt/SUNWjass/bin/jass-execute -a ldm_control-secure.driver