Solaris 11 enable_passwd_compat

Published 19 Mar 2016 Read time 1 min 2 sec(s) (2632 views). Solaris

I recently experienced an event onsite whereby we had lost connectivity to Solaris 11 system; Under close inspection the system was in sulogin mode, failing to boot due to an LDAP/svc.configd locking issue.

I've not come across this particular scenario before. Strange that the system failed to boot when ldap was set before files for the passwd entry in /etc/nsswitch.conf

# grep passwd /etc/nsswich.conf
passwd_compat: ldap files
passwd: ldap files

According to Oracle support the passwd entry is incorrect, and we need to change the order. so changing the order for files ldap I performed a reboot on the system. On doing so we lost LDAP connectivity and the server failed to come online.

Upon inspection I noticed that the /etc/nsswitch.conf no longer contains the passwd_compat entry which was strange so understandably LDAP fails.

I tried setting it with...

# svccfg -s name-service/switch setprop config/passwd_compat=astring \"files ldap\"

Dont do it -- it simply won't work .... You have to set it using:

# svccfg -s name-service/switch setprop config/enable_passwd_compat=true

I've played since with putting the passwd entry back to how it was and it still works.... Not asking the reason why, just happy it's all working