access: Managers
Enables a directory service (either NIS or ADS) to the Service Processor NSS lookup system:
access enable service nis{-d | --domain} DOMAIN NAME
{-s | --server } SERVER
access enable service ads {-d | --domain} DOMAIN NAME
{-s | --server } SERVER {-k | --keytab} KEYTAB FILENAME {-o | --ou} ORGANIZATIONAL UNIT {-l|--logon} LOGON
| Arguments | Description |
|---|---|
| {-d | --domain} | Specifies the domain name. |
| {-s | --server} |
Specifies the server. |
| {-k | --keytab} | For ADS only: Specifies the ADS keytab file name. |
| {-o | --ou} | For ADS only: Specifies the organizational unit under which the name service library looks for group data. |
| {-l | --logon} | For ADS only: Specifies the active directory account's logon ID. |
To use ADS as a directory service on the Service Processor, you must create an active directory account. The name service library on the Service Processor uses this account to authenticate itself to the LDAP interface of the active directory server. A Windows administrator can create the keytab for this account using the following command:
ktpass -princ <logon>@<domain> -pass <password> -mapuser <logon>
-out <output filename>
The keytab file must then be securely transferred to the Service Processor using an encrypted file transfer mechanism.
The clock on the Service Processor must be accurate, and DNS must be set up (the Service Processor must have a DNS record).
If a directory service has been previously enabled, you can specify the following command and options and the saved settings are used to re-enable the service.
access enable service -t <nis | ads>
Return Codes
Following are the return values for this command:
| Code | Numeric Code | Description |
|---|---|---|
| NWSE_Success | 0 | Command successfully completed. |
| NWSE_InvalidUsage | 1 | Invalid usage: bad parameter usage, conflicting options specified. |
| NWSE_RPCTimeout | 2 | Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server. |
| NWSE_RPCNotConnected | 3 | Unable to connect to the RPC server. |
| NWSE_InvalidArgument | 4 | One or more arguments were incorrect or invalid. The service specified with -t does not exist. |
| NWSE_NotFound | 5 | The specified keytab file was not found. |
| NWSE_NoPermission | 6 | Not authorized to perform this operation. |
| NWSE_FileError | 18 | File open, missing, or read or write error occurred. The specified keytab file is invalid. |
| NWSE_InvalidOpForState | 22 | Invalid operation for current state. Specifying a service that is already enabled. |