By default, the Oracle Solaris management tools are set up to operate in a local environment. For example, the Mounts and Shares tool enables you to mount and share directories on specific systems, but not in an NIS or NIS+ environment. However, you can manage information with the Users and Computers and Networks tools in a name service environment.
To work with a console tool in a name service environment, you need to create a name service toolbox, and then add the tool to that toolbox.
The RBAC security files that work with the Solaris Management Console are created when you upgrade to or install at least the Solaris 9 release. If you do not install the Solaris Management Console packages, the RBAC security files are installed without the necessary data for using RBAC. For information on the Solaris Management Console packages, see Troubleshooting the Solaris Management Console.
The RBAC security files if you are running at least the Solaris 9 release are included in your name service so that you can use the Solaris Management Console tools in a name service environment.
The security files on a local server are populated into a name service environment as part of a standard upgrade by the ypmake, nispopulate, or equivalent LDAP commands.
The following name services are supported:
The RBAC security files are created when you upgrade to or install Oracle Solaris 10.
This table briefly describes the predefined security files that are installed on a system that is running the Oracle Solaris release.
Table 2-3 RBAC Security Files
For unusual upgrade cases, you might have to use the smattrpop command to populate RBAC security files in the following instances:
When creating or modifying rights profiles
When you need to include users and roles by customizing the usr_attr file
For more information, see Role-Based Access Control (Overview) in System Administration Guide: Security Services.
The following table identifies what you need to do before you can use the Solaris Management Console in a name service environment.
The Solaris Management Console uses the term management scope to refer to the name service environment that you want to use with the selected management tool. The management scope choices for the Users tool and the Computers and Networks tool are LDAP, NIS, NIS+, or files.
The management scope that you select during a console session should correspond to the primary name service that is identified in the /etc/nsswitch.conf file.
The /etc/nsswitch.conf file on each system specifies the policy for name service lookups (where data is read from) on that system.
Note - You must make sure that the name service accessed from the console, which you specify through the console Toolbox Editor, appears in the search path of the /etc/nsswitch.conf file. If the specified name service does not appear there, the tools might behave in unexpected ways, resulting in errors or warnings.
When you use the Solaris management tools in a name service environment, you might impact many users with a single operation. For example, if you delete a user in the NIS or NIS+ name service, that user is deleted on all systems that are using NIS or NIS+.
If different systems in your network have different /etc/nsswitch.conf configurations, unexpected results might occur. So, all systems to be managed with the Solaris management tools should have a consistent name service configuration.
Applications for administering the Oracle Solaris operating system are called tools. Those tools are stored in collections referred to as toolboxes. A toolbox can be located on a local server where the console is located or on a remote machine.
Use the Toolbox Editor to do the following:
Add a new toolbox
Add tools to an existing toolbox
Change the scope of a toolbox
For example, use this tool to change the domain from local files to a name service.
Note - You can start the Toolbox Editor as a regular user. However, if you plan to make changes and save them to the default console toolbox, /var/sadm/smc/toolboxes, you must start the Toolbox Editor as root.
# /usr/sadm/bin/smc edit &
The This Computer toolbox opens.
For example, for the NIS environment, provide “NIS tools”.
For example, “tools for NIS environment” is an appropriate description.
The new toolbox is displayed in the left Navigation pane.
Use the .tbx suffix.
The new toolbox is displayed in the Navigation pane in the console window.
After you have created a name service toolbox, you can put a name service tool into it. For more information, see How to Add a Tool to a Toolbox.
In addition to the default tools that ship with the console, additional tools can be launched from the console. As these tools become available, you can add one or more tools to an existing toolbox.
You can also create a new toolbox for either local management or network management. Then, you can add tools to the new toolbox.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# /usr/sadm/bin/smc edit &
If you want to work in a name service, select the toolbox that you just created in the Toolbox Editor. For more information, see How to Create a Toolbox for a Specific Environment.
If this toolbox is a name service toolbox, choose a tool that you want to work with in the name service environment. For example, choose the Users tool.
The Local Toolbox window is displayed.
After you have created a name service toolbox and added tools to it, you can start the Solaris Management Console and open that toolbox to manage a name service environment.
Verify that the following prerequisites are met:
Ensure that the system you are logged in to is configured to work in a name service environment.
Verify that the /etc/nsswitch.conf file is configured to match your name service environment.
For more information, see How to Start the Console as Superuser or as a Role.
The toolbox is displayed in the Navigation pane.
For information about creating a toolbox for a name service, see How to Create a Toolbox for a Specific Environment.