Solaris 11 enable_passwd_compat
I recently experienced an event onsite whereby we had lost connectivity to Solaris 11 system; Under close inspection the system was in sulogin
mode, failing to boot due to an LDAP/svc.configd locking issue.
I've not come across this particular scenario before. Strange that the system failed to boot when ldap
was set before files
for the passwd entry in /etc/nsswitch.conf
# grep passwd /etc/nsswich.conf passwd_compat: ldap files passwd: ldap files
According to Oracle support the passwd
entry is incorrect, and we need to change the order. so changing the order for files ldap
I performed a reboot on the system. On doing so we lost LDAP connectivity and the server failed to come online.
Upon inspection I noticed that the /etc/nsswitch.conf
no longer contains the passwd_compat entry which was strange so understandably LDAP fails.
I tried setting it with...
# svccfg -s name-service/switch setprop config/passwd_compat=astring \"files ldap\"
Dont do it -- it simply won't work .... You have to set it using:
# svccfg -s name-service/switch setprop config/enable_passwd_compat=true
I've played since with putting the passwd
entry back to how it was and it still works.... Not asking the reason why, just happy it's all working