sorry for not replying earlier, i was busy trying to fix it and i managed to use rbac roles and profiles defined locally to be used by LDAP MS AD users.
it was more simple than i thought ..
all you have to do is define rbac properly then edit the /etc/user_attr manually and add a line per user.
file attached (snapshot) of /etc/user_attr line needs to be added for each MS AD user
then login with AD user normally , su to RBAC role and thats it , you have Primary Administrator Role.
soon ill finish documenting the complete procedure as proof of concept for the management , along with auto creation of home directories if it didnt exist using one of two options (compiled pam or auto_home with NFS).
sorry again for the late reply and thanks to you all.
whoever needs a copy of the document (within a week will be ready) inshallah, drop me and email of i can post it here too if needed.
All newly created Aix5 users are forced to change password first time when they log in. We know removing the ADMCHG flag in passwd file will not prompt the user for change password. But we are trying to figure out the similar solution if the user is created as a LDAP user ?. Any help?
Thanks... (0 Replies)
hi,
is it possible to link users on a LDAP-Server from one container to another?
we have two trees, one for AIX and one for solaris-linux
but we have a few users in both trees, they should have the same password and a password change must affect both entries
we use IBM Directory Server... (3 Replies)
Hi All,
i would like to know if it's possible to create a new custom role on HMC to manage only one LPAR and few activity on it (START,STOP,CONSOLE).
It's possible create this custom role?
If yes where i can read something about?
Thanks in advance.
Bye.
Zio (1 Reply)
Hello everyone, I am having trouble with something, and I can't find the right answer online. On our company, we are using LDAP Authentication with Active Directory (Windows 2008 Servers) to have a centralized management of AIX 7.1 users.
So far so good, but now, we want to implement RBAC on... (7 Replies)
I have these two table. How do I see if user roles and system roles are seperated?
SQL> desc DBA_ROLES;
Name Null? Type
----------------------------------------- -------- ----------------------------
ROLE NOT NULL... (1 Reply)
I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful.
The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Oracle Solaris 10 9/10 s10s_u9wos_14a SPARC
Hi, just starting with RBAC. I have managed to create a test user with assigned roles:
Basic Actions
Basic Solaris UserI also didroleadd -d /export/home/userrole -m userrolebut when I didrolemod -P "Basic Actions" userrole
rolemod -P "Basic... (1 Reply)
Discussion started by: rino19ny
1 Replies
LEARN ABOUT FREEBSD
roledel
roledel(1M) System Administration Commands roledel(1M)NAME
roledel - delete a role's login from the system
SYNOPSIS
roledel [-r] role
DESCRIPTION
The roledel utility deletes a role account from the system and makes the appropriate account-related changes to the system file and file
system. roledel also removes the role from each user's list of assumable roles.
OPTIONS
The following options are supported:
-r Remove the role's home directory from the system. This directory must exist. The files and directories under the home
directory will no longer be accessible following successful execution of the command.
OPERANDS
The following operands are supported:
role An existing role name to be deleted.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
2 Invalid command syntax. A usage message for the roledel command is displayed.
6 The account to be removed does not exist.
8 The account to be removed is in use.
10 Cannot update the /etc/group or /etc/user_attr file but the login is removed from the /etc/passwd file.
12 Cannot remove or otherwise modify the home directory.
FILES
/etc/passwd system password file
/etc/shadow system file containing roles' encrypted passwords and related information
/etc/group system file containing group definitions
/etc/user_attr system file containing additional role attributes
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
|ATTRIBUTE TYPE |ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO auths(1), passwd(1), profiles(1), roles(1), users(1B), groupadd(1M), groupdel(1M), groupmod(1M), logins(1M), roleadd(1M), rolemod(1M),
useradd(1M), userdel(1M), usermod(1M), passwd(4), prof_attr(4), user_attr(4), attributes(5)NOTES
The roledel utility only deletes an account definition that is in the local /etc/group, /etc/passwd, /etc/shadow, and /etc/user_attr file.
file. If a network name service such as NIS or NIS+ is being used to supplement the local /etc/passwd file with additional entries, roledel
cannot change information supplied by the network name service.
SunOS 5.10 8 Sep 1999 roledel(1M)