Creating Required Users and Groups
All Steel-Belted Radius Carrier servers and all nodes in a Session State Register cluster require a hadm user account that is part of the hadmg group.
Make sure the hadm user id and hadmg group id are the same on all machines in the cluster.
Ensure the home directory for the hadm user is /opt/JNPRhadm
Ensure the shell is /bin/bash.
To determine whether a hadm user account and hadmg group already exist on the server:
As root, execute getent group hadmg and look for a hadmg listing.
Execute:
getent group hadmgIf the group exists, a message similar to this example is displayed:
root@crispix:/opt> getent group hadmg
hadmg::65536:
If the group exists, and was used for a purpose other than SBR Carrier, or if the group ID number is not the one you intend to use, then you need to terminate all references to the group (which is beyond the scope of this document), and delete the group so that it can be re-created and reassigned to SBR Carrier. If the group ID number is correct, then you do not need to delete the group.
Execute:
groupdel hadmgAs root, execute getent passwd hadm and look for a hadm listing.
Execute:
getent passwd hadmIf the hadm user exists, a message similar to this example is displayed:
root@crispix:/opt> getent passwd hadm
hadm:x:16761:65536:SBR software:/opt/JNPRhadm:/bin/bash
If the hadm user exists and was used for a purpose other than SBR Carrier, or if the user ID number is not the one you intend to use, then you need to terminate all references to the user (which is beyond the scope of this document), and delete the user so that it can be re-created and reassigned to SBR Carrier. If the user ID number is correct, then you do not need to delete the user. In any case, be sure to back up the existing home directory first, for example, by renaming it.
Execute:
mv /opt/hadm /opt/hadm.old
and
userdel hadmVerify that hadm and hadmg have read and write permissions to the /tmp directory.
If the hadm user account and hadmg group do not already exist on the server:
Create the hadm account and hadmg group.
As root, create the hadmg group account with the intended group ID number. According to Solaris convention, specify a group ID number in the range 100–65535 inclusive; for example, 7772.
Execute:
groupadd -g 7772 hadmgCreate the hadm user account with the intended user ID number and hadmg as the primary group account. According to Solaris convention, specify a user ID number in the range 100–65535 inclusive; for example, 9969.
Execute (all on one line):
useradd -u 9969 -g 7772 -c "SBR Software" -d /opt/JNPRhadm -s /bin/bash hadmConfirm that the group and user were created.
Execute:
getent passwd hadm
getent group hadmgSet the hadm user account password.
Execute:
passwd hadm
The hadm home directory is created by the configure script in a later task.
Verify that hadm and hadmg have read and write permissions to the /tmp directory.