Managing  NIS accounts on Solaris resource

Similar Messages

• Solaris Resource Management.

  Hi there, i'm using solaris resource management in a server with more thant 2thousand acounts.
  Created profiles for users, defaul, staff, root and services.
  But while using rctladm to enable syslog'ing, I set up global flags of "deny" and "no-local-action" in almos everything.
  Now, many aplications don't work because they are denied enough process.max-stack-size and process.max-file-descriptor for them to work.
  Aplications such has prstat.
  I have warnings like this all over dmesg:
  Sep 21 16:01:13 thor genunix: [ID 883052 kern.notice] basic rctl process.max-file-descriptor (value 256) exceeded by process 15080
  Sep 21 16:01:13 thor genunix: [ID 883052 kern.notice] basic rctl process.max-stack-size (value 8388608) exceeded by process 15081
  Sep 21 16:01:13 thor genunix: [ID 883052 kern.notice] basic rctl process.max-file-descriptor (value 256) exceeded by process 15081
  Sep 21 16:01:13 thor genunix: [ID 883052 kern.notice] basic rctl process.max-stack-size (value 8388608) exceeded by process 15082
  Sep 21 16:01:13 thor genunix: [ID 883052 kern.notice] basic rctl process.max-stack-size (value 8388608) exceeded by process 15083
  Sep 21 16:01:13 thor genunix: [ID 883052 kern.notice] basic rctl process.max-file-descriptor (value 256) exceeded by process 15083
  Sep 21 16:01:14 thor genunix: [ID 883052 kern.notice] basic rctl process.max-stack-size (value 8388608) exceeded by process 15084
  Sep 21 16:01:14 thor genunix: [ID 883052 kern.notice] basic rctl process.max-file-descriptor (value 256) exceeded by process 15084
  Sep 21 16:01:17 thor genunix: [ID 883052 kern.notice] basic rctl process.max-stack-size (value 8388608) exceeded by process 15085
  Sep 21 16:01:17 thor genunix: [ID 883052 kern.notice] basic rctl process.max-stack-size (value 8388608) exceeded by process 15088
  Sep 21 16:01:17 thor genunix: [ID 883052 kern.notice] basic rctl process.max-stack-size (value 8388608) exceeded by process 15089
  Sep 21 16:01:17 thor genunix: [ID 883052 kern.notice] basic rctl process.max-stack-size (value 8388608) exceeded by process 15090
  Sep 21 16:01:17 thor genunix: [ID 883052 kern.notice] basic rctl process.max-stack-size (value 8388608) exceeded by process 15091
  Sep 21 16:01:24 thor genunix: [ID 883052 kern.notice] basic rctl process.max-stack-size (value 8388608) exceeded by process 15092
  Sep 21 16:01:24 thor genunix: [ID 883052 kern.notice] basic rctl process.max-file-descriptor (value 256) exceeded by process 15092
  I don't find a way to disable the global flags.
  Can anyone tell me:
  how to disable global flags?
  how to disable and enable solaris resource management all together?

  Hi there, i'm using solaris resource management in a
  server with more thant 2thousand acounts.
  Created profiles for users, defaul, staff, root and
  services.Seeing the contents of your /etc/project file could be helpful.
  But while using rctladm to enable syslog'ing, I set up
  global flags of "deny" and "no-local-action" in almos
  everything.The flags on the right hand side of the rctladm(1M) output are read-only:
  they are telling you the characteristics of the resource control in question (what
  operations the system will allow the resource control to take).
  Now, many aplications don't work because they are
  denied enough process.max-stack-size and
  process.max-file-descriptor for them to work.
  Applications such has prstat.If prstat(1) is failing due to the process.max-file-descriptor control value, that's
  probably a bug. prstat(1) is more likely bumping into the limit to assess how many file
  descriptors are available, and then carrying on--you're just seeing a log message since
  prstat(1) tested the file descriptor limit, and you've enabled syslog for that control. Please
  post the prstat(1) output, and we'll figure out if something's breaking.
  I don't find a way to disable the global flags. You can't. I would disable the syslog action on the process.max-stack-size control first;
  there is an outstanding bug on this control, in that it will report a false triggering event--
  no actual effect to the process. (If you send me some mail, I will add you as a call record
  on the bug.)
  Can anyone tell me:
  how to disable global flags?
  how to disable and enable solaris resource management
  all together?You could raise all of the control values, but the resource control facility (like the resource
  limit facility it superseded) is always active. Let's figure out if you're hitting the bug I mentioned,
  and then figure out how to proceed.
  - Stephen
  Stephen Hahn, PhD Solaris Kernel Development, Sun Microsystems
  [email protected]

• Integration with Resource Managers such as Solaris Resource Manager

  Hi,
  are there any plans in the Diablo release of WLS and/or any other release for integrating WLS with Solaris Resource Managers and/or any other vendor resource managers ?
  Where can I find more details ?
  thanks

  Abhishe,
  Cisco has a repository of tested integrations using Cisco Unified Border Element to bridge different PBX systems as well as integrate with SIP PSTN providers.  Avaya, Nortel, Siemens are all in there.
  Raw URL:
  http://www.cisco.com/en/US/solutions/ns340/ns414/ns728/networking_solutions_products_genericcontent0900aecd805bd13d.html
  -Steven

• Solaris resource adapter

  Wanted to Know whether the out of the box Solaris resource adapter manages passwords for users in the Solaris resource from IDM.
  like changing passwords, Unlocking accounts etc..

  I don't quite see what you need it for? As I can see (and use in my custom shellscript adaptors) IDM simply calls the passwd command with either -l og -u to lock or unlock a user, which then sets the password to a LK. This value is probably retrieved by IDM whenever a query on any given user is made, to see if it has been locked or not.
  There is a inactive value in the resource schema, but I think this is only used by the adaptor to know if a useraccount should be locked.

• More than one accounts in a resource

  I am trying to load the SQL table, but I can pass only one row at a time to the resource.
  I do see in the manual that there is a logic(as per the manual) to add multiple accounts to a resource i.e.
  The accounts attribute contains a list of objects for each account linked to the dentity Manager user. Each account object contains the values of the account ttributes retrieved from the resource. The name of each account object is typically the name of the associated resource. If
  more than one account exists for a given resource, the object names take a suffix of the form |n where n is an integer. The first account on a resource has no suffix; the second account has the suffix |2. The third account on a resource has |3, etc.
  I tried this, but this was not working. Can anyone help me with this.

  I am trying that thru my workflow: The followings is my code
  My table name is userroleable. and i canot enter a 2nd account after the first one is completed.
  <appendAll name='user.accounts'>
  <list>
  <Object name='userroletable|2'/>
  </list>
  </appendAll>
  <appendAll name='user.waveset.accounts'>
  <list>
  <Object name='userroletable|2'/>
  </list>
  </appendAll>
  <set name='user.accountsuserroletable.randomid'>
  <concat>
  <invoke name='nextInt' class='com.waveset.util.RandomGen'>
  <i>9</i>
  </invoke>
  <invoke name='nextInt' class='com.waveset.util.RandomGen'>
  <i>9</i>
  </invoke>
  <invoke name='nextInt' class='com.waveset.util.RandomGen'>
  <i>9</i>
  </invoke>
  <invoke name='nextInt' class='com.waveset.util.RandomGen'>
  <i>9</i>
  </invoke>
  </concat>
  </set>
  <set name='user.accountsuserroletable.userid'>
  <ref>userid</ref>
  </set>
  <set name='user.accountsuserroletable.roleid'>
  <get>
  <ref>roleList</ref>
  <i>1</i>
  </get>
  </set>

• Why would you use a managed service account rather than a virtual account in SQL Server 2012?

  In SQL Server 2012, service accounts are created as
  virtual accounts (VAs), as described
  here, as opposed to
  managed service accounts (MSAs).
  The important differences I can see for these, based on the descriptions:
  MSAs are domain accounts, VAs are local accounts
  MSAs use automagic password management handled by AD, VAs have no passwords
  in a Kerberos context, MSAs register SPNs automatically, VAs do not
  Are there any other differences? If Kerberos is not in use, why would a DBA ever prefer an MSA?
  UPDATE:
  Another user has noted a
  possible contradiction in the MS docs concerning VAs:
  The virtual account is auto-managed, and the virtual account can access the network
  in a domain environment.
  versus
  Virtual accounts cannot be authenticated to a remote location. All virtual accounts
  use the permission of machine account. Provision the machine account in the format
  <domain_name>\<computer_name>$.
  What is the "machine account"? How/when/why does it get "provisioned"? What is the difference between "accessing the network in a domain environment" and "authenticating to a remote location [in a domain environment]"?

  Hi,
  “Virtual accounts cannot be authenticated to a remote location. All virtual accounts use the permission of machine account. Provision the machine account in the format <domain_name>\<computer_name>$.”
  “The virtual account is auto-managed, and the virtual account can access the network in a domain environment. If the default value is used for the service accounts during SQL Server setup on Windows Server 2008 R2 or Windows 7, a virtual account
  using the instance name as the service name is used, in the format NT SERVICE\<SERVICENAME>”
  Per the above description, they are two concepts and not conflict with each other.
  As you understand, virtual account access network resources by using the credentials of the computer account. Generally, computer account will not be granted permission unless giving the computer account permission on the shared folder manually.
  Thanks.
  Tracy Cai
  TechNet Community Support

• Error reconciliating solaris resource

  I have tried reconcilie a solaris resource from identity manager I get this error:
  Servlet.service() for servlet jsp threw exceptionjava.lang.StackOverflowError     at java.lang.Exception.<init>(Exception.java:41)     at java.io.IOException.<init>(IOException.java:40)     at java.net.UnknownHostException.<init>(UnknownHostException.java:28)     at java.net.Inet6AddressImpl.lookupAllHostAddr(Native Method)     at java.net.InetAddress$1.lookupAllHostAddr(InetAddress.java:838)     at java.net.InetAddress.getAddressFromNameService(InetAddress.java:1176)     at com.waveset.view.ReconcileViewer.getReconcilerId(ReconcileViewer.java:240)     at com.waveset.view.ReconcileViewer.getReconcilerId(ReconcileViewer.java:240)     at com.waveset.view.ReconcileViewer.getReconcilerId(ReconcileViewer.java:240)     
  Any idea about which one is the problem? .
  Thanks in advance

  I have tried reconcilie a solaris resource from identity manager I get this error:
  Servlet.service() for servlet jsp threw exceptionjava.lang.StackOverflowError     at java.lang.Exception.<init>(Exception.java:41)     at java.io.IOException.<init>(IOException.java:40)     at java.net.UnknownHostException.<init>(UnknownHostException.java:28)     at java.net.Inet6AddressImpl.lookupAllHostAddr(Native Method)     at java.net.InetAddress$1.lookupAllHostAddr(InetAddress.java:838)     at java.net.InetAddress.getAddressFromNameService(InetAddress.java:1176)     at com.waveset.view.ReconcileViewer.getReconcilerId(ReconcileViewer.java:240)     at com.waveset.view.ReconcileViewer.getReconcilerId(ReconcileViewer.java:240)     at com.waveset.view.ReconcileViewer.getReconcilerId(ReconcileViewer.java:240)     
  Any idea about which one is the problem? .
  Thanks in advance

• Error while creating a Solaris Resource

  I got the following error while creating the following solaris resource:
  Test connection failed for resource(s):
  Solaris: Script failed waiting for "ASSWORD:" in response "_,)#+(:" ==> com.waveset.util.WavesetException: Script processor timed out with nothing to read and the following unprocessed text: "_,)#+(:".\n
  I have the sudo permissions for the following commands:
  (ALL) NOPASSWD: /usr/bin/auths, /usr/sbin/groupadd, /usr/sbin/groupdel, /usr/sbin/groupmod, /usr/bin/last, /usr/bin/listusers, /usr/bin/logins, /usr/bin/passwd, /usr/bin/profiles, /usr/bin/roles, /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/usermod, /usr/bin/ypmatch, /usr/bin/ypcat, /usr/bin/ypasswd, /usr/bin/awk, /usr/bin/cat, /usr/bin/chmod, /usr/bin/chown, /usr/bin/cp, /usr/bin/cut, /usr/bin/diff, /usr/bin/echo, /usr/bin/grep, /usr/bin/ls, /usr/bin/mv, /usr/bin/rm, /usr/bin/sleep, /usr/bin/sort, /usr/bin/tail, /usr/bin/touch, /usr/bin/which
  Please let me know what could be the problem?

  This doesn't look like a Sun Directory Server issue. You may want to post this to another forum.
  Regards,
  Ludovic.

• How do you reset or find your security question answers? I dont have the option to send a rescue email in manage your account, and i cant find a fix! I have tried so many things.!! Help this is annoying because i cant get anything from the appstore

  I. Forgot the answers to my apple id security questions. I cant buy anything from the app store. I have tried manage your account and tried to send a rescue email but i dont have the option. This is so annoying and i have tried many things, help!

  Have you tried contacting the owner of the iPhone?

• I've used the same apple ID for years and it is now saying it cannot find it. It won't allow me to log in to manage my account

  So I am trying to get into manage my account on appleid.apple.com.  My ultimate goal is to edit my primary email address so that I can switch it over.  I no longer have access to the email address that is registerd as my apple ID.  However, when I log into manage my account, it is saying it cannot find my Apple ID, and when I try to the reset password, it tells me an e-mail has been sent and to open it to verify (it will not give me the "edit e-mail for verification" option.)  I am running into a load of problems.  Ultimately I just want to be able to have access to my Apple ID that I have had for years but now the password can't be reset, and the apple ID can't be found.  I am at a loss.

  Sometimes, sites divide their content and login logic over multiple servers. In that case, the sites may not recognize that you have logged in if you block third party cookies. Can you check your cookie settings, as described in this article: [[Websites say cookies are blocked - Unblock them]].
  During your earlier troubleshooting, did you try the site in Firefox's Safe Mode to rule out an extension as the potential culprit? More info: [[Troubleshoot Firefox issues using Safe Mode]].
  You can restart Firefox in Safe Mode using
  Help > Restart with Add-ons Disabled ''(Flash and other plugins still run)''
  In the dialog, click "Start in Safe Mode" (''not'' Reset)
  Any difference?

• HT2731 how can i sync my Apple ID to my iTunes sign-in?  I have an old ID showing up in my iTunes sign-in window and cannot get rid of it to show my current Apple ID.  I don't have the old password to the old ID in order to "manage" my account.

  how can I sync my Apple ID to my iTunes store sign-in window?  An old ID keeps showing in the iTunes sign-in window and I cannot get rid of it to show my current Apple ID. I don't have the password for the old ID in order to "manage" my account and make changes. Help.  Thanks.

  Did you create a new account or did you update your existing account with a new email address ? You can tap on the id in Settings > iTunes & App Stpre and sign out of it and you can then sign with the new/updated account.
  If you did create a new account then your existing content will remain tied to your old account, so only that old account will be able to redownload that content and/or download updates to its apps. If you can't remember the password for it then you can try getting it reset via this page : http://iforgot.apple.com

• Can anyone tell me if the apple ID area of the site is having issues?  I have tried most of the day to change my apple ID in "manage your account" and it will not accept or allow me to change it.  This is irritating since it now requires an email address

  Can anyone advise if apple is having issues with the APPLE ID portion of their site?  I have been trying all afternnon to update my apple id from "Manage your account".  It will not allow a revision with the instructions given.  THis is most irritating since with the new update your apple ID must now be your email address which is incredibly old and I would certainly like to change it to my current email address!
  You have the option to do that but THAT OPTION is also not working at this time.

  I am having the same problems.  Firstly found out that I had a duplicate email address on two apple ids so I fixed that but now it wont let me verify the email address.  When I click on "verify email address" nothing happens.  So frustrating cos cant set up Facetime or iMessage on my iPad.

• Manage multiple accounts on one lap top

  How do  manage multiple accounts on one lap top?
  y wife and me have separate Apple ID's and one lap top at home. We have synced our data on the lap top and now face a situation where in her contacts are on my contact list on the phone and vice versa.
  Can anyone please suggest how do we solve this issue?
  We use Outlook 2010 on our lap top.

  OS X Mavericks: Set up users on your Mac

• Help me Please.. I can log on to the Apple website to manage my account and all the information is correct, but I get "Your Apple ID has been disabled" when I try to get something from App Store on my iPad

  Help me Please.. I can log on to the Apple website to manage my account and all the information is correct, but I get “Your Apple ID has been disabled” when I try to get something from App Store on my iPad3
  I'm from poland.
  Thx
  Balbi

  Contact iTunes Customer Service and request assistance...
  Use this Link  >  Apple  Support  iTunes Store  Contact

• I can log on to the Apple website to manage my account and all the information is correct, but I get "Your Apple ID has been disabled" when I try to get something from App Store on my iPhone.

  I can log on to the Apple website to manage my account and all the information is correct, but I get “Your Apple ID has been disabled” when I try to get something from App Store on my iPhone.

  You need to contact Apple Support, particularly iTunes Store support team.  Cheers!