Sol 10 TX Home Directories LDAP AUTOFS
I currently have a small network that is comprised of Solaris 10 08/07 machines with Trusted Extensions enable on all machines. The network does have a Trusted Extensions LDAP server that serves the network. The LDAP server is Directory Server 5.2 P4. I have not loaded any patch clusters on any of the systems.
When I create a user I have to perform a lengthy process to ensure the user can log in at multiple levels simultaneously. After the user is created, the process is as follows:
On the LDAP/Home Directory Server (My LDAP Server also serves the Home Directories)
1. Log into the system as the newly created user
2. Ensure the session is Trusted JDS.
3. Ensure �Restrict to Single level� is selected.
4. Select the Lowest Level Label available to the user. For example if your label encodings file contain the labels FU and BAR, with FU being dominated by BAR you would select FU.
5. Continue the login process. A single level desktop would be displayed and the user can open terminal windows, etc..
6. Logout of the system. Do not logout until a desktop is displayed.
7. Repeat steps 1-6 for all possible labels for the user, selecting 1 at a time.
8. Once the user has a desktop at all levels, log in to the system.
9. Make sure �Restrict to Single Label� is NOT checked.
10. Select the Highest possible label for the user. This will enable the user to select workspaces at all levels.
11. The desktop is loaded for the highest label available.
12. In the workspace selector, select each workspace and change the label on the workspace to another security label.
13. Repeat step 12 until all labels are represented. (The only desktop the will be available is the highest level desktop, the other desktops WILL NOT be loaded)
14. Log out and log back in again ensuring that the �Restrict to Single Label� is NOT checked and select the highest possible label for the user. At this point all desktops will appear.
15. Repeat the entire process for every client machine that the user will need access to.
This process only needs to be executed once for each user on each system for all labels. Currently this is a small network, and although time consuming this process is Ok. However, as the network increases and users increase the process will to cumbersome.
I have read in the TX install guide explains this process for the Home Directory server. But I have to do this on the clients as well. Once the process is complete I can log in as the user and verify that autofs is mounting the home directory properly. I have not tried the script that is in the install guide either. I will need to modify the script to ensure only new users are given home dirs.
Has anyone else experienced this behavior or found a fix? Again I am running DS 5.2 P4 and no additional patch clusters.