For unusual upgrade cases, you might have to use the smattrpop command to populate RBAC security files in the following instances:

• When creating or modifying rights profiles, or

• When you need to include users and roles by customizing the usr_attr file.

For more information, see "Role-Based Access Control (Overview)" in System Administration Guide: Security Services.

Prerequisites for Using the Solaris Management Console in a Name Service Environment

The following table identifies what you need to do before you can use the Solaris Management Console in a name service environment.

Management Scope

The Solaris Management Console uses the term management scope to refer to the name service environment that you want to use with the selected management tool. The management scope choices for the Users and Computers and Networks tools are LDAP, NIS, NIS+, or files.

The management scope that you select during a console session should correspond to the primary name service identified in the /etc/nsswitch.conf file.

The /etc/nsswitch.conf File

The /etc/nsswitch.conf file on each system specifies the policy for name service lookups (where data is read from) on that system.

Note - You must make sure that the name service accessed from the console, which you specify through the console Toolbox Editor, appears in the search path of the /etc/nsswitch.conf file. If the specified name service does not appear there, the tools might behave in unexpected ways, resulting in errors or warnings.

When using the Solaris managements tools in a name service environment, you might impact many users with a single operation. For example, if you delete a user in the NIS name service, that user is deleted on all systems that are using NIS.

If different systems in your network have different /etc/nsswitch.conf configurations, unexpected results might occur. So, all systems to be managed with the Solaris management tools should have a consistent name service configuration.

How to Create a Toolbox for a Specific Environment

Applications for administering the Solaris operating system are called tools, and those tools are stored in collections referred to as toolboxes. A toolbox can be located on a local server, where the console is located, or on a remote machine.

Use the Toolbox Editor to add a new toolbox, to add tools to an existing toolbox, or to change the scope of a toolbox. For example, to change the domain from local files to a name service.

Note - You can start the Toolbox Editor as a normal user. However, if you plan to make changes and save them to the default console toolbox, /var/sadm/smc/toolboxes, you must start the Toolbox Editor as root.

1. Start the Toolbox Editor.

   # /usr/sadm/bin/smc edit &

   
   

2. Select Open from the Toolbox menu.

3. Select the This Computer icon in the Toolboxes: window.

4. Click Open.

   The This Computer toolbox opens in the window.

5. Select the This Computer icon again in the Navigation pane.

6. Select Add Folder from the Action menu.

7. Use the Folder wizard to add a new toolbox for your name service environment.

   1. Name and Description - Provide a name in the Full Name window. Click Next.

      For example, "NIS tools" for the NIS environment.

   2. Provide a description in the Description window. Click Next.

      For example, "tools for NIS environment."

   3. Icons - Use the default value for the Icons. Click Next.

   4. Management Scope - Select Override.

   5. Select your name service under the Management Scope pull-down menu.

   6. Add the name service master name in the Server: field, if necessary.

   7. Add the domain managed by the server in the Domain: field.

   8. Click Finish.

      The new toolbox appears in the left Navigation pane.

8. Select the new toolbox icon.

9. Select Save As from the Toolbox menu.

10. Enter the toolbox path name in the Local Toolbox Filename: dialog box. Use the .tbx suffix.

    /var/sadm/smc/toolboxes/this_computer/toolbox-name.tbx

    
    

11. Click Save.

    The new toolbox appears in the Navigation pane in the console window.

Where to Go From Here

After you have created a name service toolbox, you can put a name service tool into it. For more information, see How to Add a Tool to a Toolbox.

How to Add a Tool to a Toolbox

In addition to the default tools that ship with the console, additional tools that can be launched from the console are being developed. As these tools become available, you can add one or more tools to an existing toolbox.

You can also create a new toolbox, for either local management or network management, and then add tools to the new toolbox.

1. Become superuser or assume an equivalent role.

2. Start the Toolbox Editor, if necessary.

   # /usr/sadm/bin/smc edit &

   
   

3. Select the toolbox.

   If you want to work in a name service, select the toolbox you just created in the Toolbox Editor.

   For more information, see How to Create a Toolbox for a Specific Environment.

4. Select Add Tool from the Action menu.

5. Use the Add Tool wizard to add the new tool.

   1. Server Selection - Add the name service master in the Server: window. Click Next.

   2. Tools Selection - Select the tool you want to add from the Tools: window. Click Next.

      If this tool box is a name service toolbox, choose a tool you want to work in a name service environment. For example, the Users Tools.

   3. Name and Description - Accept the default values. Click Next.

   4. Icons - Accept the default values, unless you have created custom icons. Click Next.

   5. Management Scope - Accept the default value "Inherit from Parent." Click Next.

   6. Tool Loading - Accept the default "Load tool when selected." Click Finish.

6. Select Save from the Toolbox menu to save the updated toolbox.

   The Local Toolbox window is displayed.