Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Creating Required Users and Groups

All Steel-Belted Radius Carrier servers and all nodes in a Session State Register cluster require a hadm user account that is part of the hadmg group.

Note: Make sure the hadm user id and hadmg group id are the same on all machines in the cluster.

  • Ensure the home directory for the hadm user is /opt/JNPRhadm
  • Ensure the shell is /bin/bash.

To determine whether a hadm user account and hadmg group already exist on the server:

  1. As root, execute getent group hadmg and look for a hadmg listing.

    Execute:
    getent group hadmg

    If the group exists, a message similar to this example is displayed:

    root@crispix:/opt> getent group hadmg
    hadmg::65536:

    If the group exists, and was used for a purpose other than SBR Carrier, or if the group ID number is not the one you intend to use, then you need to terminate all references to the group (which is beyond the scope of this document), and delete the group so that it can be re-created and reassigned to SBR Carrier. If the group ID number is correct, then you do not need to delete the group.

    Execute:
    groupdel hadmg

  2. As root, execute getent passwd hadm and look for a hadm listing.

    Execute:
    getent passwd hadm

    If the hadm user exists, a message similar to this example is displayed:

    root@crispix:/opt> getent passwd hadm
    hadm:x:16761:65536:SBR software:/opt/JNPRhadm:/bin/bash

    If the hadm user exists and was used for a purpose other than SBR Carrier, or if the user ID number is not the one you intend to use, then you need to terminate all references to the user (which is beyond the scope of this document), and delete the user so that it can be re-created and reassigned to SBR Carrier. If the user ID number is correct, then you do not need to delete the user. In any case, be sure to back up the existing home directory first, for example, by renaming it.

    Execute:
    mv /opt/hadm /opt/hadm.old
    and
    userdel hadm

  3. Verify that hadm and hadmg have read and write permissions to the /tmp directory.

If the hadm user account and hadmg group do not already exist on the server:

  1. Create the hadm account and hadmg group.
    1. As root, create the hadmg group account with the intended group ID number. According to Solaris convention, specify a group ID number in the range 100–65535 inclusive; for example, 7772.

      Execute:
      groupadd -g 7772 hadmg

    2. Create the hadm user account with the intended user ID number and hadmg as the primary group account. According to Solaris convention, specify a user ID number in the range 100–65535 inclusive; for example, 9969.

      Execute (all on one line):
      useradd -u 9969 -g 7772 -c "SBR Software" -d /opt/JNPRhadm -s /bin/bash hadm

    3. Confirm that the group and user were created.

      Execute:
      getent passwd hadm
      getent group hadmg

    4. Set the hadm user account password.

      Execute:
      passwd hadm

    The hadm home directory is created by the configure script in a later task.

  2. Verify that hadm and hadmg have read and write permissions to the /tmp directory.

Modified: 2017-03-07