I currently have a small network that is comprised of Solaris 10 08/07 machines
with Trusted Extensions enable on all machines. The network does have a
Trusted Extensions LDAP server that serves the network. The LDAP server is
Directory Server 5.2 P4. I have not loaded any patch clusters on any of the
systems.
When I create a user I have to perform a lengthy process to ensure the user can
log in at multiple levels simultaneously. After the user is created, the
process is as follows:
On the LDAP/Home Directory Server (My LDAP Server also serves the Home
Directories)
1. Log into the system as the newly created user
2. Ensure the session is Trusted JDS.
3. Ensure “Restrict to Single level” is selected.
4. Select the Lowest Level Label available to the user. For example if
your label encodings file contain the labels FU and BAR, with FU being
dominated by BAR you would select FU.
5. Continue the login process. A single level desktop would be displayed
and the user can open terminal windows, etc..
6. Logout of the system. Do not logout until a desktop is displayed.
7. Repeat steps 1-6 for all possible labels for the user, selecting 1 at a
time.
8. Once the user has a desktop at all levels, log in to the system.
9. Make sure “Restrict to Single Label” is NOT checked.
10. Select the Highest possible label for the user. This will enable the
user to select workspaces at all levels.
11. The desktop is loaded for the highest label available.
12. In the workspace selector, select each workspace and change the label
on the workspace to another security label.
13. Repeat step 12 until all labels are represented. (The only desktop the
will be available is the highest level desktop, the other desktops WILL NOT be
loaded)
14. Log out and log back in again ensuring that the “Restrict to Single
Label” is NOT checked and select the highest possible label for the user. At
this point all desktops will appear.
15. Repeat the entire process for every client machine that the user will
need access to.
This process only needs to be executed once for each user on each system for
all labels. Currently this is a small network, and although time consuming this
process is Ok. However, as the network increases and users increase the process
will to cumbersome.
I have read in the TX install guide explains this process for the Home
Directory server. But I have to do this on the clients as well. Once the
process is complete I can log in as the user and verify that autofs is mounting
the home directory properly. I have not tried the script that is in the
install guide either. I will need to modify the script to ensure only new
users are given home dirs.
Has anyone else experienced this behavior or found a fix? Again I am running
DS 5.2 P4 and no additional patch clusters.
This message posted from opensolaris.org
_______________________________________________
opensolaris-help mailing list
[email protected]
