Hi Lizhong,
On Tue, Mar 17, 2009 at 11:34:17AM +0800, Lizhong Li wrote:
> Renee and Anurag,
>
> I found the issues in bits Mar 12, too. Please check the following
> description.
>
> The difference is that you are using the user with "defaultpriv=basic",
> I'm trying the one with "auths=solaris.network.autoconf.read" or
> "auths=solaris.network.autoconf.write"
> "auths=solaris.network.autoconf.read,auths=solaris.network.autoconf.write"
>
> * Here is the result for user with "auths=solaris.network.autoconf.read"
>
> # firering:exp# su - nwamtest
> Sun Microsystems Inc. SunOS 5.11 nwam1-build:2009-03-12 Mar. 12, 2009
> SunOS Internal Development: am223141 2009-03-12 [nwam1-build]
> bfu'ed from
>
> /net/zhadum.east/export/ws/am223141/nwam1-build/archives/sparc/nightly.2009-03-12
> on 2009-03-15
> Sun Microsystems Inc. SunOS 5.11 snv_107 November 2008
>
> bash-3.2$ /usr/sbin/nwamcfg list
> NCPs:
> User
> Automatic
> Locations:
> myloc1
> ENMs:
> myenm1
> myenm2
>
> bash-3.2$ /usr/sbin/nwamcfg -f nwamcfg_destroy_a.s
> Configuration read.
>
> bash-3.2$ echo $?
> 0
>
> This shouldn't be 0.
>
> bash-3.2$ cat /etc/user_attr | grep nwamtest
> nwamtest::::type=normal;auths=solaris.network.autoconf.read
>
> bash-3.2$ /usr/sbin/nwamcfg list
> NCPs:
> User
> Automatic
> Locations:
> myloc1
> ENMs:
> myenm1
> myenm2
What exactly should nwamcfg_destroy_a.s do? It does look like no profiles
were removed, based on the before and after 'nwamcfg list' commands. I'm
trying to understand why you're seeing such different results from Anurag.
It would also be helpful if you could show the output of the 'auths' command,
to make sure that the user_attr entry is being interpreted as expected.
> * Here is the result for user with "auths=solaris.network.autoconf.write"
>
> bash-3.2$ cat /etc/user_attr | grep nwamtest
>
> nwamtest::::type=normal;auths=solaris.network.autoconf.read,auths=solaris.network.autoconf.write
I think this user_attr entry is at least part of the problem. As I
mentioned in the mail I sent last week, I believe the correct syntax
is
nwamtest::::type=normal;auths=solaris.network.autoconf.read,solaris.network.autoconf.write
That is, there is no "auths=" before the second authorization name.
It should be 'auths=AUTH1,AUTH2 rather than 'auths=AUTH1,auths=AUTH2'.
Again, using the 'auths' command instead of grep'ing in the user_attr
file will give us a more definitive answer about what auths the user
really has at the time you run the test.
thanks,
renee
> bash-3.2$ /usr/sbin/nwamcfg list
> NCPs:
> User
> Automatic
> Locations:
> myloc1
> ENMs:
> myenm1
> myenm2
> bash-3.2$ /usr/sbin/nwamcfg -f nwamcfg_destroy_a.s
> Configuration read.
> bash-3.2$ echo $?
> 0
> bash-3.2$ /usr/sbin/nwamcfg list
> NCPs:
> User
> Automatic
> Locations:
> myloc1
> ENMs:
> myenm1
> myenm2
>
> The configuration is not destroyed, I think this is an issue.
>
> > bash-3.2$ nwamcfg -f /var/tmp/myenm.nwamcfg.script
> > On line 5 of /var/tmp/myenm.nwamcfg.script:
> > Commit error: Insufficient privileges for action
> > bash-3.2$ echo $?
> > 1
> >
> > bash-3.2$ nwamcfg
> > nwamcfg> create loc test-loc
> > Created loc 'test-loc'. Walking properties ...
> > activation-mode (manual) [manual|conditional-any|conditional-all]>
> > nameservices (dns) [dns|files|nis|ldap]>
> > nameservices-config-file ("/etc/nsswitch.dns")>
> > dns-nameservice-configsrc (dhcp) [manual|dhcp]>
> > hosts-file>
> > nfsv4-domain>
> > ipfilter-config-file>
> > ipfilter-v6-config-file>
> > ipnat-config-file>
> > ippool-config-file>
> > ike-config-file>
> > ipsecpolicy-config-file>
> > svcs-enable>
> > svcs-disable>
> > nwamcfg:loc:test-loc> verify
> > All properties verified
> > nwamcfg:loc:test-loc> commit
> > Commit error: Insufficient privileges for action
> > nwamcfg:loc:test-loc> exit
> > Commit error: Insufficient privileges for action
> > Configuration not saved; really quit (y/[n])? y
> > bash-3.2$
> >
> > do you still get this problem? can you provide details/steps you took to
> > get this including aths and profiles the user.
> >
> > Thanks,
> > Anurag
> >
> >
>
> --
> Thanks,
> Lizhong
>
