Alpha2 Release Notes
en

Alpha2 Release Notes

Summary

This page is under construction.  The release notes for the alpha 2 build are being added here.

Man Pages

The following are copies of the current man page drafts:

nsadm.1m

Others TBD shortly

Tutorial/Other Docs

TBD

Alpha2 - Release Notes

This is the first in what is expected to be regular releases until
duckwater is delivered into OpenSolaris.  We are currently looking at
publishing bi-weekly releases, and will work towards syncing those
releases with the bi-weekly Nevada releases.

We are currently looking for input/comments to duckwater-discuss.
We expect, moving forward, to use duckwater-discuss for regular development
e-mail traffic.

Currently we are tracking the following issues in the current build:

1) There is a known quoting inconsistency in the nscfg setprop command.
Sometimes you can:
setprop nameserver=10.10.10.10 10.10.10.11 10.10.10.12

and sometimes this is flagged as an illegal entry.  In this case nscfg expects

    setprop nameserver="10.10.10.10 10.10.10.11 10.10.10.12"

for multivalued attributes with spaces separating the attributes.

2) Multi-values values in general still need work.

3) Other -- TBD...

General Issues:

1) the user interface is still in flux.  We are actively requesting external comments.

2) The big TBD work items including moving discovery and backend specific management to the backends (nss_*.so)

3) Integration with Caiman, NWAM etc.

4) SMF enhanced profiles -- when they become available

5) NIS+ is not currently supported.

6) other... TBD

Overview

This section gives a brief overview of the Duckwater alpha post bfu.

More details, like updated man pages, will be written up in the next few days.
For short term help, both nscfg and nsadm have built in help, or send e-mail on duckwater-discuss.

On Any System

A freshly installed system should look something like this:

    Sun Microsystems Inc.   SunOS 5.11      sparks:OPEN~_ONLY        October 2007
    bfu'ed from /net/ns-web.sfbay/tank/panjim-export/ldap/projects/duckwater/archives/dw~_1011/i386/nightly-nd on 2007-10-11
    Sun Microsystems Inc.   SunOS 5.11      snv~_74  October 2007
    # nsadm list
    Warning: no active profile!
    #

No configurations have been installed in the system.  Since this machine
was bfu'd from an existing installation you can:

    # nscfg discover
    Verbose mode on.
    The name for the back-end configuration(s) is defaulting to 'auto'
    Discover timeout is defaulting to 5 sec.
    2 back-end(s) discovered

             dns auto
                    domain = "sfbay.sun.com"
                    nameserver = "129.146.11.21 129.145.155.32 129.145.155.42"
                    search = ""
                    sortlist = ""
                    options = ""
             nis auto
                    domainname = "mpklab.sfbay.sun.com"
                    serverlist = "192.168.16.243 192.168.16.42"
             nsswitch auto
                    passwd = "files nis"
                    group = "files nis"
                    hosts = "files dns"
                    ipnodes = "files dns"
                    networks = "nis [NOTFOUND=return] files"
                    protocols = "nis [NOTFOUND=return] files"
                    rpc = "nis [NOTFOUND=return] files"
                    ethers = "nis [NOTFOUND=return] files"
                    netmasks = "nis [NOTFOUND=return] files"
                    bootparams = "nis [NOTFOUND=return] files"
                    publickey = "nis [NOTFOUND=return] files"
                    netgroup = "nis"
                    automount = "files nis"
                    aliases = "files nis"
                    services = "files nis"
                    printers = "user files nis"
                    auth_attr = "files nis"
                    prof_attr = "files nis"
                    project = "files nis"
                    tnrhtp = "files"
                    tnrhdb = "files"
                    PROF_profile_be_dns = "auto"
                    PROF_profile_be_yp = "auto"
# nsadm list Warning: no active profile! Profile 'auto' (NIS:'auto', DNS:'auto') #

In a nis/dns type environment you will get something like the above,

If you then:

    # nsadm enable auto
    Going to enable NSSP [auto].
    Going to enable dns/client.
    Going to set NIS domainname 'mpklab.sfbay.sun.com'.
    Going to enable/refresh nis/client.
    Going to disable ldap/client.
    Do you want to proceed? [y/N] y
    Going to enable dns/client.
    Going to set NIS domainname 'mpklab.sfbay.sun.com'.
    Going to enable/refresh nis/client.
    Going to disable ldap/client.
    NSSP switched successfuly.
    #

You will have enabled the duckwater profile on your system.

A list operation should show:

    # nsadm list
    (online) Profile 'auto' (NIS:'auto', DNS:'auto')
    #

The existing tools, such as ldapclient and ypinit work in conjunction
with nsadm and nscfg to create duckwater profiles.

Assuming you had an existing LDAP setup, this would create and configure
your system as an ldap client:

    # ldapclient init -a domainName=sfbay.sun.com -a proxydn=cn=proxyagent,ou=profile,dc=sfbay,dc=sun,dc=com -a proxyPassword=XXXX 10.6.50.125
    System successfully configured
    #

In this case I have 4 profiles created, and the ldap profile enabled:

    # nsadm list 
             Profile 'files'        ()
             Profile 'auto' (NIS:'auto', DNS:'auto')
             Profile 'nis'  (NIS:'auto', DNS:'auto')
    (online) Profile 'ldapclient'   (LDAP:'ldapclient', DNS:'ldapclient')
    #

Switching back to nis only is as simple as:

    # nsadm enable nis
    Going to enable NSSP [nis].
    Going to enable dns/client.
    Going to set NIS domainname 'mpklab.sfbay.sun.com'.
    Going to enable/refresh nis/client.
    Going to disable ldap/client.
    Do you want to proceed? [y/N] y
    Going to enable dns/client.
    Going to set NIS domainname 'mpklab.sfbay.sun.com'.
    Going to enable/refresh nis/client.
    Going to disable ldap/client.
    NSSP switched successfuly.
    # nsadm list
             Profile 'files'        ()
             Profile 'auto' (NIS:'auto', DNS:'auto')
    (online) Profile 'nis'  (NIS:'auto', DNS:'auto')
             Profile 'ldapclient'   (LDAP:'ldapclient', DNS:'ldapclient')
    #

LDAP server side

Assuming the LDAP server box is installed with duckwater and you have previously installed a DS (we tend to use JES DS 6.x) and have run idsconfig
and assuming the system is not in LDAP mode.  In this examples the box is running NIS.  You can do something similar to:

    # ypcat passwd > passwd
    # ypcat group > group
    # ypcat -k auto~_master > auto~_master

... similarly for

    # ldapaddent -c -H 10.6.50.125 -M sfbay.sun.com -D 'cn=directory manager' -w XXXX -f passwd passwd
    # ldapaddent -c -H 10.6.50.125 -M sfbay.sun.com -D 'cn=directory manager' -w XXXX -f passwd shadow
    # ldapaddent -c -H 10.6.50.125 -M sfbay.sun.com -D 'cn=directory manager' -w XXXX -f group group
    # ldapaddent -c -H 10.6.50.125 -M sfbay.sun.com -D 'cn=directory manager' -w XXXX -f auto~_master auto~_master

...etc...

To populate the directory straight from NIS without making the box and LDAP or other client first.

Tags:
Created by admin on 2009/10/26 12:13
Last modified by admin on 2009/10/26 12:13
XWiki Enterprise 2.7.1.34853 - Documentation