The UNIX Remote Agent has been enhanced to support installation on Solaris Zones where the /usr file system is inherited from the Global Zone.
Note: In previous versions of CA Identity Manager, only full root zones were supported.
Installing the UNIX Remote Agent on a zone with an inherited /usr file system creates a symbolic link in the /usr/bin directory of the Global Zone, named uxsautil. This link must point to the uxsautil binary installed with the Remote Agent. We recommend that you install the Agent in the Global Zone before installing in the non-Global Zone, using identical installation paths.
You can also create the Global Zone symbolic link manually. Verify that it points to the install location used in the non-Global Zone. For example, using the default install location, you would run the following commend:
ln -s /opt/CA/IdentityManager/ProvisioningUnixAgent/bin/uxsautil /usr/bin/uxsautil
If you use the UNIX Remote Agent in a sparse zone and run with the CAM service as a non-root user, manual configuration is required. As with the /usr/bin/uxsautil, which is inherited from the global zone, the file ownership permissions are also inherited. You must manually configure the permissions to match within the sparse zone, and then verify that the "cam" user and group match on both zones.
To configure the permissions to match within the sparse zone
- groupadd -g <gid> cam
- useradd -u <uid> -g <gid> cam
Note: If the remote agent is uninstalled and the "cam" user and group have been created manually, delete the "cam" user and group manually. The Remote Agent can remove accounts it added, but cannot distinguish between manually created service accounts and a user account named "cam".
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |