Choose one of the methods to enable Linux User Management (LUM) for CIS user (cisuser) and CIS group (cisgroup), followed by assigning rights to the volume:
If the CIS configuration is core and located in the cluster volume, delete the cisgroup and cisuser accounts on the workstations at each cluster node assigned to the CIS server resource before creating the LUM-enabled cisgroup and cisuser.
NOTE:Beginning with OES 24.4.1, you can LUM enable cisuser and cisgroup using UMC.
Delete the local CIS user.
userdel cisuser
Verify if the CIS user is deleted.
cat /etc/passwd | grep "cisuser"
Delete the local CIS group.
groupdel cisgroup
Verify if the CIS group is deleted.
cat /etc/group | grep "cisgroup"
Create cisuser using Identity Console (IC). See, Creating a User in Identity Console.
Create and LUM-enable cisgroup only once, on any one cluster node. See, How to create and enable LUM for groups? in Unified Management Console.
Enable cisuser using UMC. See, How to add and enable a user for LUM? in Unified Management Console.
Assign the following rights to the NSS volume that stores the CIS configuration:
Read
Write
Create
Erase
Modify
File scan
See, How to add trustee(s) for a volume, file, or folder? in Unified Management Console.
(Conditional) If the CIS configuration is core and configured in the cluster volume, enable cisgroup and cisuser on the workstation at each cluster node assigned to the CIS server resource. See, How to enable existing groups or users for LUM? in Unified Management Console.
If the CIS configuration is core and configured in the cluster volume, enable cisgroup and cisuser on the workstation at each cluster node assigned to the CIS server resource.
Delete the local CIS user.
userdel cisuser
Verify if the CIS user is deleted.
cat /etc/passwd | grep "cisuser"
Delete the local CIS group.
groupdel cisgroup
Verify if the CIS group is deleted.
cat /etc/group | grep "cisgroup"
Create a LUM-enabled cisgroup object for all cluster nodes assigned to the CIS server resource.
namgroupadd [-a adminFDN] - x group_context -W workstation_name group_name
Example for single UNIX workstation:
namgroupadd -a cn=admin,o=microfocus -x o=microfocus cisgroup -W server1
Example for multiple UNIX workstation:
namgroupadd -a cn=admin,o=microfocus -x o=microfocus cisgroup -W server1,server2,server3
Create a Linux user object.
namuseradd [-a adminFDN] -x user_context [-c comment] -g primary_groupFDN [-s shell] login_name
namuseradd -a cn=admin,o=microfocus -x o=microfocus -c cisuser -g cn=cisgroup,o=microfocus -s /sbin/nologin cisuser
Refresh the namcd cache immediately or restart the namcd service on all cluster nodes assigned to the CIS server resource.
namconfig cache_refresh
or
systemctl restart namcd.service
Verify if cisgroup and cisuser have been successfully LUM-enabled at each cluster node.
namuserlist cisuser
namgrouplist cisgroup
Provide rights to the configuration and log folder.
rights -f /media/nss/CISVOLUME -r rwfcem trustee cisuser.microfocus.oes_tree
(Conditional) If the CIS configuration is core and configured in the cluster volume, enable cisgroup and cisuser on the workstation at each cluster node assigned to the CIS server resource.
You can do this by running the following commands on one of the cluster nodes. These commands will automatically run on all other nodes or servers:
cluster exec "/usr/sbin/userdel cisuser"
cluster exec "/usr/sbin/groupdel cisgroup"
cluster exec "/usr/bin/namgroupadd -a cn=admin,o=microfocus -x o=microfocus cisgroup -W server1,server2,server3"
cluster exec "/usr/bin/namconfig cache_refresh"
cluster exec "/usr/bin/systemctl restart nscd"
Beginning with OES 25.2, you can run cis_enable_lum_user.sh script to enable LUM for CIS user (cisuser) and CIS group (cisgroup), then assign rights to the volume.
Run this script where CIS cluster resource is running.
sh /opt/novell/cis/bin/cis_enable_lum_user.sh -a adminFDN -x user_context -v CIS_volume_name -t TREENAME
(Conditional) If the CIS configuration is core and configured in the cluster volume, run the following script on the other nodes where you migrate the cluster volume.
sh /opt/novell/cis/bin/cis_enable_lum_user.sh -a adminFDN -x user_context -t TREENAME