wiki

User Tools

Site Tools

Trace: marc
aix:marc

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
aix:marc [2022/03/29 11:50]
manu 		aix:marc [2025/08/23 23:37] (current)
Line 3: Line 3:
 ===== Register a new AD user ===== ===== Register a new AD user =====
  
-If the user **-it** still exist, check the UID on a <fc #ff0000>linux server</​fc> ​connected to Active Directory (sssd process will convert Windows SID to an UNIX UID; Else create it first into active directory+If the user **-it** still exist, check the UID on a linux server connected to Active Directory (sssd process will convert Windows SID to an UNIX UID; Else create it first into active directory
 <cli prompt='#'>​ <cli prompt='#'>​
 [root@LINUX ~]# id user01 [root@LINUX ~]# id user01
Line 11: Line 11:
 We need uid=1200123421(user01@test.lu) and 1200123456(aix-users@test.lu) We need uid=1200123421(user01@test.lu) and 1200123456(aix-users@test.lu)
  
-<fc #800080>For AIX users the following field must be fulfill into Active Directory</fc>+**For AIX users the following field must be fulfill into Active Directory** 
 ^Parameter^Value^comment^ ^Parameter^Value^comment^
 |uid|user01|lowercase| |uid|user01|lowercase|
Line 19: Line 20:
 |uidNumber|1200123421|userID| |uidNumber|1200123421|userID|
  
-<fc #800080>For AIX groups the following field must be fulfill into Active Directory (For group aix-users)</fc>+**For AIX groups the following field must be fulfill into Active Directory (For group aix-users)** 
 ^Parameter^Value^ ^Parameter^Value^
 |gidNumber|1200123456| |gidNumber|1200123456|
Line 114: Line 116:
  
 PAM is more flexible to control access protocols compared to AIX standard authentifications PAM is more flexible to control access protocols compared to AIX standard authentifications
 +
 +You can comment unused services
  
 To use PAM with access control for user and groups To use PAM with access control for user and groups
Line 274: Line 278:
 [root@aixsrv]/​etc # chsec -f /​etc/​security/​login.cfg -s usw -a auth_type=PAM_AUTH [root@aixsrv]/​etc # chsec -f /​etc/​security/​login.cfg -s usw -a auth_type=PAM_AUTH
 </​cli>​ </​cli>​
 +
 +<​code>​
 +check_nimclient.sh
 +#​!/​usr/​bin/​ksh
 +#set -x
 +##################################################​
 +#@(#) Check NIM CPUID
 +##################################################​
 +# version: 1.0 2023-02 emmiff4
 +##################################################​
 +
 +dir=`dirname $0`
 +. $dir/.env
 +
 +
 +###########################################################################​
 +# usage ()
 +#
 +# Display usage message and exit
 +#
 +# Parameters:
 +#   - none
 +###########################################################################​
 +usage()
 +{
 +echo "​Usage:"​
 +echo "no parameter, will check CPUID on master and client, and change if not OK"
 +echo "-c reset -l <​client_name>​ : will delete the nim client and recreate"​
 +exit 0
 +}
 +
 +#​------------------------------------------------
 +reset_cpuid () {
 +
 +MASTERCPUID=$(uname -m)
 +for lpar in $(lsnim -t standalone | awk '​{print $1}' | grep -v vio)
 +do
 +  CPUID=$(ssh -o ConnectTimeout=10 $lpar 'uname -m' 2>/​dev/​null)
 +  lenght=${#​CPUID}
 +  if [ "​$lenght"​ -ne "​12"​ ]
 +  then
 +    echo "​$lpar:​ no CPUID $CPUID $lenght"​
 +  else
 +    NIMCPUID=$(lsnim -l $lpar | grep cpuid | rev | awk '​{print $1}' | rev)
 +    CLIENTCPUID=$(ssh $lpar "grep NIM_MASTERID /​etc/​niminfo"​ | sed 's/=/\ /g' | rev | awk '​{print $1}' | rev)
 +    cmd=$(echo sed "'​s/"​${CLIENTCPUID}"/"​${MASTERCPUID}"/'"​)
 +    if [ "​$NIMCPUID"​ == "​$CPUID"​ ]
 +    then
 +#echo "​$CPUID $CLIENTCPUID $NIMCPUID"​ | tr ' ' '​\n'​ | sort -u
 +      if [ "​$MASTERCPUID"​ == "​$CLIENTCPUID"​ ]
 +      then
 +        echo "​$lpar:​ MASTERCPUID OK"
 +      else
 +        echo "​$lpar:​ client $CPUID /​etc/​niminfo ERROR"
 +        echo "​$lpar:​ changed"​
 +        ssh $lpar "cp /​etc/​niminfo /​etc/​niminfo.old ; cat /​etc/​niminfo | $cmd > /​etc/​niminfo.new ; mv /​etc/​niminfo.new /​etc/​niminfo ; stopsrc -s nimsh ; startsrc -s nimsh"
 +      fi
 +    else
 +      echo "​$lpar:​ nimserver $CPUID $NIMCPUID ERROR"
 +      nim -o change -a cpuid=${CPUID} $lpar
 +      if [ "​$MASTERCPUID"​ != "​$CLIENTCPUID"​ ]
 +      then
 +        echo "​$lpar:​ client $CPUID /​etc/​niminfo ERROR"
 +        echo "​$lpar:​ changed"​
 +        ssh $lpar "cp /​etc/​niminfo /​etc/​niminfo.old ; cat /​etc/​niminfo | $cmd > /​etc/​niminfo.new ; mv /​etc/​niminfo.new /​etc/​niminfo ; stopsrc -s nimsh ; startsrc -s nimsh"
 +      fi
 +    fi
 +  fi
 +done
 +
 +}
 +
 +#​------------------------------------------------
 +recreate_client () {
 +echo $lpar $COMMAND
 +echo "nim -o remove $lpar"
 +echo "ssh $lpar ""'"​rm /​etc/​niminfo"'"​
 +echo "ssh $lpar ""'"​stopsrc -s nimsh"'"​
 +echo "ssh $lpar ""'"​niminit -a name=$lpar -a pif_name=en0 -a master=$master -a platform=chrp -a connect=nimsh -a cable_type='"'​N/​A'"'"'"​
 +}
 +
 +
 +
 +#############################################​
 +# main
 +#############################################​
 +main()
 +{
 +master=$(hostname -s)
 +
 +if [ -z "​$1"​ ]
 +then
 +echo "​OK"​
 +  reset_cpuid
 +else
 +  while (( "​$#"​ )); do
 +    case $1 in
 +      help|-h|-help) usage ;;
 +      -c) shift && COMMAND="​$1"​ ;;
 +      -l) shift && lpar="​$1"​
 +          recreate_client ;;
 +    esac
 +    shift
 +  done
 +fi
 +}
 +
 +main $* | tee $logname 2>&1
 +</​code>​
 +
aix/marc.1648547403.txt.gz · Last modified: 2022/03/29 11:50 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki