Solaris 11 enable_passwd_compat
I recently experienced an event onsite whereby we had lost connectivity to Solaris 11 system; Under close inspection the system was in
sulogin mode, failing to boot due to an LDAP/svc.configd locking issue.
I've not come across this particular scenario before. Strange that the system failed to boot when
ldap was set before
files for the passwd entry in
# grep passwd /etc/nsswich.conf passwd_compat: ldap files passwd: ldap files
According to Oracle support the
passwd entry is incorrect, and we need to change the order. so changing the order for
files ldap I performed a reboot on the system. On doing so we lost LDAP connectivity and the server failed to come online.
Upon inspection I noticed that the
/etc/nsswitch.conf no longer contains the passwd_compat entry which was strange so understandably LDAP fails.
I tried setting it with...
# svccfg -s name-service/switch setprop config/passwd_compat=astring \"files ldap\"
Dont do it -- it simply won't work .... You have to set it using:
# svccfg -s name-service/switch setprop config/enable_passwd_compat=true
I've played since with putting the
passwd entry back to how it was and it still works.... Not asking the reason why, just happy it's all working