Tag Archives: RBAC

Multiple pconsole processes spawning indefinetly

March 22, 2013 Bartle Doo Leave a comment

Good night everyone, I’ve been trying to make AD authentication work with RBAC and I think I messed my test LPAR up.

I’ve manually modified the /etc/security/user.roles file, adding a role to one of my AD users (who is not defined locally) and then runned setkst. It worked fine, but now I found that there is an issue with pconsole (IBM Systems Director Console). It keeps spawning processes until it fills up the memory, the only solution I’ve found so far is to disable the pconsole services. A ps -ef looks like this, any ideas on what to do or where to look? I’ve already tried manually editing the /etc/security/user.roles file and running setkst again, but it doesn’t fix the problem :confused:.

Code:

     UID      PID     PPID   C    STIME    TTY  TIME CMD

    root        1        0   0 15:25:27      -  0:00 /etc/init

    root  1966284        1   0 15:25:47      -  0:00 /usr/sbin/syncd 60

    root  2097370  4194460   0 15:25:59      -  0:00 /usr/sbin/syslogd -R

    root  2162832        1   0 15:26:03      -  0:00 [cimserve]

    root  2228402  4194460   0 15:25:55      -  0:00 /opt/freeware/cimom/pegasus/bin/cimssys platform_agent

    root  2293998  4194460   0 15:26:46      -  0:00 /usr/sbin/rsct/bin/rmcd -a IBM.LPCommands -r

    root  2359428        1   0 15:25:55      -  0:00 ./slp_srvreg -D

    root  2424966        1   0 15:25:59      -  0:00 /usr/sbin/secldapclntd

    root  2490448        1   0 15:25:36      -  0:00 /usr/ccs/bin/shlap64

    root  2621578        1   0 15:25:48      -  0:00 /usr/lib/errdemon

pconsole  2818228  4587562   0 15:39:30      -  0:00 /bin/ksh /pconsole/lwi/bin/lwistart_src.sh

pconsole  2949254 51577914   0 15:39:34      -  0:00 /bin/ksh /pconsole/lwi/bin/lwistart_src.sh

pconsole  3014836  3277016   0 15:39:28      -  0:00 /bin/ksh /pconsole/lwi/bin/lwistart_src.sh

pconsole  3080256  7012436   0 15:26:57  ...read more 
Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

RBAC and LDAP users (AD)

March 20, 2013 Bartle Doo Leave a comment

By Janpol

Hello everyone, I am having trouble with something, and I can’t find the right answer online. On our company, we are using LDAP Authentication with Active Directory (Windows 2008 Servers) to have a centralized management of AIX 7.1 users.

So far so good, but now, we want to implement RBAC on AIX so we can grant privileged access to certain users (like DBAs or Sysadmins) without using su or having everyone using the root account. The problem that I have, is that when I want to assing a role to a user on a server the chuser command fails, since it cannot find the user (it’s on AD, and not defined locally). I use the following command to assign the role:

Code:

chuser roles=test_role test_user

Is there a way for me to tell the chuser command to get the user information from AD? Or can I define manually the roles for each user? (maybe in the /etc/security/user.roles file?).

If that doesn’t work I’m going to try defining groups in AD with the same GID as local groups, and handling everything via the sudoers file, but I would like to hear from your experiences.

Best Regards,

Juan

Linux

Role not executing command

March 4, 2013 Bartle Doo Leave a comment

By cjashu

Hello Guys,
I am studying RBAC. So I create a role called sysadm and gave it the “shutdown” profile.

Now when I switch to that role, and execute the shutdown command

$ shutdown -y -g0 -i5

The system responds with :

shutdown: not found

Can anyone help me with this please?

Thanks

Bartle Doo Article Archives

Tag Archives: RBAC

Multiple pconsole processes spawning indefinetly

RBAC and LDAP users (AD)

Role not executing command

Articles Archive