Last week, i wrote:
-----------------------------------------------------------------------------
i've moved our system over to solaris 2.3 this week, in a bit of a rush, and
things aren't entirely successful.
1 - i set up a flat NIS+ domain with only one server, using the nisserver
script. other machines became clients of this by auto-installing afterwards.
i gave each user a "normal passwd" with the User Manager, because the
"cleared until first login" option doesn't know about NIS+. But now, the
only way to change passwds is with User Manager:
- only root has the permission to change passwords.
- nispasswd (as root) changes it, but then User Manager can't read the
entries.
2 - this lunchtime, xlock suddenly stopped accepting passwords for users. we
had to remotely log in and kill the process.
3 - our printer (a LaserWriter II) just aborted a job with:
printer startup %%[ status: busy; source: serial 25<EOT>
i guess this is a timeout, btu how to i get rid of it...?
steve
------------------------------------------------------------------------------
the password problem has pretty much been solved by sun support. a bug in
User Manager creates the credentials for the new user, owned by the principle
executing User Manager, not by the new user. There are a couple of patches to
fix this:
5.3 101384-01
5.2 101268-01
...but sun supplied a script which will go through and fix all the current
credentials, which is what i've used. the script is included at the end of this
message.
The xlock problem was because auto-installed machines use nis+, but aren't
authenticated. running nisclient -i on the machines and rebooting fixes this
problem.
no details on the printer problem yet.
steve
-----------------8<------------------------8<----------------------------------
#!/bin/ksh
# ******************************************************
# * *
# * DISCLAIMER *
# * *
# ******************************************************
#
#
# The contents of this file are intended to be read as
# an example. This is not a supported product of Sun
# Microsystems and no hotline calls will be accepted
# which directly relate to this information.
#
# NO LIABILITY WILL BE ACCEPTED BY SUN MICROSYSTEMS FOR
# ANY LOSS (DIRECT OR CONSEQUENTIAL) INCURRED IN ANY WAY
# BY ANY PARTY THROUGH THE USE OF THIS INFORMATION.
#
# NO WARRANTY OF ANY SORT IS IMPLIED OR GIVEN FOR ANY
# CODE DERIVED FROM THIS INFORMATION.
#
#
#
DOMAINNAME=$(nisdefaults -d)
fix_cred()
{
IFS=": $IFS"
while read cname auth_type auth_name public_data private_data
do
if is_owner $cname
then
:
else
nischown $cname [cname=$cname,auth_type=DES]cred.org_dir.$DOMAINNAME
fi
done
}
is_owner()
{
owner=$(nismatch -o cname=$1 auth_type=DES cred.org_dir.$DOMAINNAME |\
awk '{ if ( $1 == "Owner" ) { print $3 }}' )
if [ "$1" = "${owner}" ]
then
return 0
fi
return 1
}
nismatch auth_type=DES cred.org_dir.${DOMAINNAME} | fix_cred
exit
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:55 CDT