Verify That the Solaris Management Console Contains Trusted Extensions Information

For an illustration of the Solaris Management Console configuration requirements for a network with an LDAP server and for a network without an LDAP server, see Client-Server Communication With the Solaris Management Console in Oracle Solaris Trusted Extensions Administrator’s Procedures.

Before You Begin

You must be logged in to an LDAP client in an administrative role, or as superuser. To make a system an LDAP client, see Make the Global Zone an LDAP Client in Trusted Extensions.

To administer the local system, you must have completed Initialize the Solaris Management Console Server in Trusted Extensions.

To connect to a Console server on a remote system from the local system, you must have completed Initialize the Solaris Management Console Server in Trusted Extensions on both systems. Also, on the remote system, you must have completed Enable the Solaris Management Console to Accept Network Communications.

To administer the databases in the LDAP naming service from the LDAP client, on the LDAP server you must have completed Edit the LDAP Toolbox in the Solaris Management Console, in addition to the preceding procedures.

1. Start the Solaris Management Console.

   # /usr/sbin/smc &

2. Open a Trusted Extensions toolbox.

   A Trusted Extensions toolbox has the value Policy=TSOL.

   • On a trusted network that uses LDAP as a naming service, perform the following tests:

     1. To check that local administrative databases can be accessed, open the following toolbox:

        This Computer (this-host: Scope=Files, Policy=TSOL)

     2. To check that the LDAP server's local administrative databases can be accessed, specify the following toolbox:

        This Computer (ldap-server: Scope=Files, Policy=TSOL)

     3. To check that the naming service databases on the LDAP server can be accessed, specify the following toolbox:

        This Computer (ldap-server: Scope=LDAP, Policy=TSOL)

   • On a trusted network that does not use LDAP as a naming service, perform the following tests:

     1. To check that local administrative databases can be accessed, open the following toolbox:

        This Computer (this-host: Scope=Files, Policy=TSOL)

     2. To check that a remote system's local administrative databases can be accessed, specify the following toolbox:

        This Computer (remote-system: Scope=Files, Policy=TSOL)

3. Under System Configuration, navigate to Computers and Networks, then Security Templates.

4. Check that the correct templates and labels have been applied to the remote systems.

   ---

   Note –

   When you try to access network database information from a system that is not the LDAP server, the operation fails. The Console allows you to log in to the remote host and open the toolbox. However, when you try to access or change information, the following error message indicates that you have selected Scope=LDAP on a system that is not the LDAP server:

   Management server cannot perform the operation requested. ... Error extracting the value-from-tool. The keys received from the client were machine, domain, Scope. Problem with Scope.

   ---

Troubleshooting

To troubleshoot LDAP configuration, see Chapter 13, LDAP Troubleshooting (Reference), in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).