Previous Topic: How You Can Set Up a HierarchyNext Topic: Create and Configure Subscriber PMDBs


Create and Configure the Master PMDB

To let you manage policies from a central location, you first create and configure a master PMDB. On a local host, you can use the sepmdadm command.

Note: The following procedure shows the interactive form of the sepmdadm command. For information about using the command‑line parameters for all input, see the Reference Guide.

Follow these steps:

  1. In a command line, enter the following command:
    sepmdadm ‑i
    

    CA ControlMinder starts the Policy Model database administration script (sepmdadm) and displays a menu with options for you to choose from.

  2. Enter 1, to select the first option (create a master PMDB and define its subscribers).

    The script is configured to ask you the relevant questions.

  3. Press Enter to continue.

    The script continues to ask you the first question.

    Note: If CA ControlMinder is not running, the script issues a warning and lets you start CA ControlMinder before the script is rerun.

  4. Enter a name for the Policy Model you want to create.

    The script registers the Policy Model name and continues.

    Note: The first character for a PMDB name should consist of the alphanumeric characters '-' and '_'.

  5. Enter the name of the first subscriber computer you want to specify.

    The script registers the name of the first subscriber and then asks you to enter the name of the next subscriber.

  6. Continue to enter subscriber names as necessary, then press Enter without entering a subscriber name.

    The script registers all subscriber names and continues.

    Note: You still must point each subscriber computer to its parent PMDB.

  7. If you are running NIS, NIS+, or DNS, choose whether you want to update the NIS/DNS tables with PMDB changes.

    Updates are made to users and groups in the PMDB. The tables provide information on users and their characteristics. If you choose yes, a UNIX user or UNIX group that is updated through the Policy Model is also updated in the NIS passwd and group files.

    1. Enter y if you want to update the NIS/DNS tables.

      The script now asks you for the location of the NIS passwd and group files.

      1. Enter the full path of the NIS password file.

        The script registers the full path and continues.

      2. Enter the full path of the NIS group file.

        The script registers the full path and continues.

    2. Enter n or press Enter if you want to update the NIS/DNS tables.

      The script registers your answer and continues.

  8. Enter the users that you want to give special attributes for the PMDB:
    1. Enter CA ControlMinder administrator names as necessary, then press Enter without entering an administrator name.

      Administrators are authorized to change the properties of the PMDB.

      Note: At least one administrator must be defined in a PMDB (root is the default).

    2. Enter enterprise user administrator names as necessary, then press Enter without entering an administrator name.
    3. Enter CA ControlMinder auditor names as necessary, then press Enter without entering an auditor name.

      Auditors are authorized to view the PMDB audit log files.

    4. Enter enterprise user auditor names as necessary, then press Enter without entering an auditor name.
    5. Enter CA ControlMinder password manager names as necessary, then press Enter without entering a password manager name.
    6. Enter enterprise user password manager names as necessary, then press Enter without entering a password manager name.

      Password managers are authorized to change passwords in the PMDB.

    The script registers your answer and continues.

  9. Enter administration terminals as necessary, then press Enter without entering an administration terminal.

    The script registers all administration terminals and then reports the selections that you have made and asks you to confirm them.

  10. Press Enter to confirm the selections you have made, or enter n to rerun the script with new inputs.

    If you confirm your selections, a new PMDB is created using the answers that you supplied.

More information:

Define Parent PMDBs for Subscribing Computers