From alex at posixnap.net Sat Jan 3 14:38:37 2004 From: alex at posixnap.net (Alex J. Avriette) Date: Sat, 3 Jan 2004 14:38:37 -0500 Subject: SUMMARY: MacOS X (client), Solaris 9 (server) NFS issues In-Reply-To: <000201c3d22c$ed22f130$1401a8c0@glitch> References: <20040103190157.GV8524@posixnap.net> <000201c3d22c$ed22f130$1401a8c0@glitch> Message-ID: <20040103193836.GX8524@posixnap.net> Wow, right away, Thomas got the answer correct. Not sure why I didn't try that myself, but exporting it to fruit.posixnap.net fixed the problem. The original message is included (a third time, sigh) for the spiders. Thanks, alex On Sat, Jan 03, 2004 at 02:08:09PM -0500, Thomas Wardman wrote: > Alex, > > Try exporting /home to "fruit.posixnap.net" and "fruit". That should > cure your problem. From your snoop, it appears the Solaris 9 machine > sees "fruit" with it's FQDN, and not just it's hostname. > > --Thomas > > -----Original Message----- > From: sunmanagers-bounces at sunmanagers.org > [mailto:sunmanagers-bounces at sunmanagers.org] On Behalf Of Alex J. > Avriette > Sent: January 3, 2004 2:02 PM > To: sunmanagers at sunmanagers.org > Subject: MacOS X (client), Solaris 9 (server) NFS issues > > > NOTE: Sorry for the previous message, that should have had a > proper subject ("MacOS X (client), Solaris 9 (server) NFS issues") > as this messagee does. My mistake. > > Hi, Folks. I'm trying to mount a disksuite volume from a Solaris 9 > machine on a MacOS X (10.3.2) client. Here is the mount command: > > # sudo mount -t nfs minotaur:/home /mnt/minotaur > mount_nfs: can't access /home: Permission denied > # showmount -e minotaur > Exports list on minotaur: > /home fruit nectarine > /mnt/jumpstart Everyone > > > The snoop output is pretty simple: > > minotaur -> fruit.posixnap.net RPC R XID=4288148192 Success > minotaur -> fruit.posixnap.net RPC R XID=2817201406 Success > minotaur -> fruit.posixnap.net RPC R XID=4154090642 Success > fruit.posixnap.net -> minotaur PORTMAP C GETPORT prog=100003 (NFS) > vers=3 proto=UDP > fruit.posixnap.net -> minotaur PORTMAP C GETPORT prog=100005 (MOUNT) > vers=3 proto=UDP > fruit.posixnap.net -> minotaur MOUNT3 C Mount /home > > Afterwhich, I don't see any more packets from the client, and nothing > from the server telling it to go home. Being curious at this point, I > ran ktrace(1) on the client, and I see: > > 27988 mount_nfs CALL getgroups(0x10,0xbffff430) > 27988 mount_nfs RET getgroups 9 > 27988 mount_nfs CALL sendto(0x4,0x92c0,0x74,0,0x7008,0x10) > 27988 mount_nfs GIO fd 4 wrote 116 bytes > > "\M-w\M^Zd\M^R\0\0\0\0\0\0\0\^B\0\^A\M^F\M-%\0\0\0\^C\0\0\0\^A\0\0\0\^A\ > 0\0\0@?\M-w > v\0\0\0\^Efruit\0\0\0\0\0\0\0\0\0\0\0\0\0\0 > \0\0\0\0\0\0\0\^A\0\0\0\^B\0\0\0\^C\0\ > > \0\0\^D\0\0\0\^E\0\0\0\^T\0\0\0\^_\0\0\0P\0\0\0\0\0\0\0\0\0\0\0\^E/home\ > 0\0\0" > 27988 mount_nfs RET sendto 116/0x74 > 27988 mount_nfs CALL select(0x5,0xbffff2b0,0,0,0x701c) > 27988 mount_nfs RET select 1 > 27988 mount_nfs CALL > recvfrom(0x4,0x7060,0x2260,0,0xbffff3b0,0xbffff430) > 27988 mount_nfs GIO fd 4 wrote 28 bytes > "\M-w\M^Zd\M^R\0\0\0\^A\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\r" > 27988 mount_nfs RET recvfrom 28/0x1c > 27988 mount_nfs CALL close(0x4) > 27988 mount_nfs RET close 0 > 27988 mount_nfs CALL write(0x2,0xbfffebe0,0xb) > 27988 mount_nfs GIO fd 2 wrote 11 bytes > "mount_nfs: " > 27988 mount_nfs RET write 11/0xb > 27988 mount_nfs CALL write(0x2,0xbfffec30,0x25) > 27988 mount_nfs GIO fd 2 wrote 37 bytes > "can't access /home: Permission denied" > > Essentially, this looks to me like there's something malformed (at > least something that appears malformed to apple) in the response packet > that it feels is a permission denied error. Everybody else has no > problems with minotaur's exports. > > I know that Darwin seems to have a more broken than normal NFS > implementation. I was wondering if anyone had managed to get Solaris > and Darwin to play nice with NFS, without using netinfo. > > Thanks, > alex > > -- > alex at posixnap.net > Alex J. Avriette, Unix Systems Gladiator > "I favor the Civil Rights Act of 1965, and it must be enforced at > gunpoint if necessary." - Ronald Reagan > -- > alex at posixnap.net > Alex J. Avriette, Unix Systems Gladiator > Sep 25 12:52:39 buggle /bsd: wsdisplay0 at vga1: removing /dev/radio/* > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers > -- alex at posixnap.net Alex J. Avriette, Unix Systems Gladiator "As soon as your company starts using Outlook, you can see emergent, horrible, almost biological things start to happen." - Bill Joy _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From tiggsmom at comcast.net Thu Jan 1 19:07:48 2004 From: tiggsmom at comcast.net (Sharon Merritt) Date: Thu, 1 Jan 2004 19:07:48 -0500 Subject: SUMMARY:swap slice vs swapfile Message-ID: <000601c3d0c4$75417f60$dd7b2744@eatntn01.nj.comcast.net> Hello, I'm looking for a Paul Mangan that graduated from Monmouth Regional HS in 1968. Hope you can help. Thank you, Sharon Merritt From M.Lambrechts at pcmuitgevers.nl Wed Jan 7 04:53:14 2004 From: M.Lambrechts at pcmuitgevers.nl (M.Lambrechts at pcmuitgevers.nl) Date: Wed, 7 Jan 2004 10:53:14 +0100 Subject: SUN - ORACLE import performance problem Message-ID: Hi list, We have a couple of Sun Fire V880 machines installed with Solaris 8 (2/02) and we have installed Oracle 9i on those servers. The problem is that when we're importing a 3.5 GB database in Oracle, it takes up hours to import that database. - We have a V880 where there are 10 databases running on a Solstice Disksuite 4.2.1 RAID-5 volume, which is not recommended by Oracle and Sun. We are lucky if the imports end at all. - We have another V880 with a SDS RAID-5 volume just running 1 database on which it takes almost 11 hours to import the 3.5 GB database. - We have a V880 Sun Cluster 3 with T3 storage arrays (so no RAID-5 via SDS !) and also takes almost 11 hours on this cluster to import. I remounted the RAID-5 volume of the V880 with only 1 database with the forcedirectio option and that takes a lot of the import time off, but it still takes about 3.5 hours to import the database. We imported the same 3.5 GB database on a windows 2000 laptop with Oracle installed and there it is imported in just 50 minutes, so something is very wrong on our Sun systems. Looking at vmstat output, it seems that the processors aren't doing that much and there is not much/no "scan rate" so the servers aren't swapping. Does anyone have had the same problems we have with the Sun/Oracle 9i combination, or does anyone knows where to look. Any help will be highly appreciated. Thank in advance, Marcel Lambrechts From alex at fuzzycheese.com Sun Jan 11 18:05:57 2004 From: alex at fuzzycheese.com (Alex Theodore) Date: Sun, 11 Jan 2004 23:05:57 -0000 Subject: SUMMARY: Memory Errors on Ultra 10 Message-ID: <20040111180154.67704542.alex@fuzzycheese.com> Thanks to: Joe Fletcher Paul Gress hike1272-sunhelp Gregory Shaw Resoultion: The CPU most likely needs to be replaced. I'll be re-seating the cpu and memory modules then cleaning with some compressed air. If that doesn't work I'll replace the CPU. Original Question: Hello, I've been having a problem for about 6 months now regarding one of my Ultra 10 systems panicing. It appears that the issue is related to a memory error. I have tried the following: 1) Removed one piece of Memory at a time as to try to isolate the isssue as bad memory, no help. Behavior is exhibited irregardless of memory module or location of Memory. 2) Patched Operating environment (Solaris 9, latest as of Jan 4, 04) 3) Flashed OBP / Firmware This system is out of warranty, and my only other thought would be that it is a bad processor. Does the following output from /var/adm/messages agree with that theory? Sun Ultra 10 Workstation 440MHz UltraSparc-IIi 1024 MB Memory Solaris 9 OE OBP 3.31.0 2001/07/25 20:36 Jan 9 13:20:54 apollo SUNW,UltraSPARC-IIi: [ID 951081 kern.warning] WARNING: [A FT1] Uncorrectable Memory Error on CPU0 Data access at TL=0, errID 0x0000e5e5.e0 bacc69 Jan 9 13:20:54 apollo AFSR 0x00000000.80200000 AFAR 0x00000000.2fb 98008 Jan 9 13:20:54 apollo AFSR.PSYND 0x0000(Score 05) AFSR.ETS 0x00 Fault_PC 0x 1150998 Jan 9 13:20:54 apollo UDBH 0x022e UDBH.ESYND 0x2e UDBL 0x0000 UDBL.ESYN D 0x00 Jan 9 13:20:54 apollo UDBH Syndrome 0x2e Memory Module DIMM2 Jan 9 13:20:54 apollo SUNW,UltraSPARC-IIi: [ID 750085 kern.info] [AFT2] errID 0 x0000e5e5.e0bacc69 E$tag != PA from AFAR; E$line was victimized Jan 9 13:20:54 apollo dumping memory from PA 0x00000000.2fb98000 instead Jan 9 13:20:54 apollo SUNW,UltraSPARC-IIi: [ID 359263 kern.info] [AFT2] E$Data (0x00): 0xbaddcafe.baddcafe Jan 9 13:20:54 apollo SUNW,UltraSPARC-IIi: [ID 359263 kern.info] [AFT2] E$Data (0x08): 0xbadc02fe.baddcafe Jan 9 13:20:54 apollo SUNW,UltraSPARC-IIi: [ID 359263 kern.info] [AFT2] E$Data (0x10): 0xbaddcafe.baddcafe Jan 9 13:20:54 apollo SUNW,UltraSPARC-IIi: [ID 359263 kern.info] [AFT2] E$Data (0x18): 0xbaddcafe.baddcafe Jan 9 13:20:54 apollo SUNW,UltraSPARC-IIi: [ID 359263 kern.info] [AFT2] E$Data (0x20): 0xbaddcafe.baddcafe Jan 9 13:20:54 apollo SUNW,UltraSPARC-IIi: [ID 359263 kern.info] [AFT2] E$Data (0x28): 0x00000300.00d2aa60 Jan 9 13:20:54 apollo SUNW,UltraSPARC-IIi: [ID 359263 kern.info] [AFT2] E$Data (0x30): 0x00000300.00d2aa60 Jan 9 13:20:54 apollo SUNW,UltraSPARC-IIi: [ID 359263 kern.info] [AFT2] E$Data (0x38): 0x00000300.072b4028 Thanks in advanced, will summarize. Alex -- Alex Theodore alex at fuzzycheese.com Boca Raton, FL USA _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From ahoesch at smartsoft.de Tue Jan 13 11:39:39 2004 From: ahoesch at smartsoft.de (Andreas Hoeschler) Date: Tue, 13 Jan 2004 16:39:39 -0000 Subject: Summary: Killing process with a shell script In-Reply-To: Message-ID: <4E63AB27-45E6-11D8-B3F4-000393CA0072@smartsoft.de> Dear Manager, thanks to all (too many to list) that responded to my question. The following script seems to solve my problem: #!/bin/sh pid=`/usr/bin/ps -ef | /usr/bin/grep pop-before-smtp | grep -v grep| awk -F' ' '{print $2}'`; if test "$pid" = "" ; then echo "Process does not run yet!"; else echo "Killing process..." kill $pid; fi echo "Restarting pop-before-smtp..."; nohup /usr/local/bin/pop-before-smtp & Thanks a lot! Regards, Andrea > I am desparately trying to figure out how to kill a process (the > complete path is given) with a shell script. > > #!/bin/sh > a=`/usr/bin/ps -ef | /usr/bin/grep pop-before-smtp | grep -v grep`; > if test "$a" = "" ; then > echo "Does not run!"; > else > echo "Trying to kill, but how?" > fi > > I can determine whether the process runs. The above gives me > > root 27721 1 0 Dec 06 ? 0:00 > /usr/local/bin/pop-before-smtp > > in the variable a. But how can I isolate the pid of the process so > that I have something to pass to kill? > > Thanks a lot! > > Regards, > > Andreas > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From adam at 68e.com Tue Jan 13 12:05:35 2004 From: adam at 68e.com (Adam Mazza) Date: Tue, 13 Jan 2004 17:05:35 -0000 Subject: [SUMMARY] #2 problem installing flash image on v240 that doesn't contain DVD drive In-Reply-To: References: Message-ID: Turns out this is a bug. It is bug # 4827060 and fixed with patch 109318-34, released 4 days before my first summary ;). Regards, Adam Mazza > -----Original Message----- > From: Adam Mazza [mailto:adam at 68e.com] > Sent: Tuesday, November 18, 2003 12:37 PM > To: sunmanagers at sunmanagers.org > Subject: [SUMMARY] problem installing flash image on v240 that doesn't > contain DVD drive > > > I didn't get any suitable answers on this, and haven't had a chance to > troubleshoot it much further. > > Regards, > > Adam Mazza > > On Fri, 14 Nov 2003, Adam Mazza wrote: > > > Hello, > > > > I installed a v240 and patched it with the most recent patch cluster (as > > of about 3 weeks ago). I then created a flash archive and installed the > > image on some other v240s without an issue. I ran into a problem when I > > went to install the image onto a v240 that did not contain a DVD drive. > > It seems that if the machine has a DVD drive, it is on c0 and the internal > > disk(s) get put on c1 otherwise the disks are on c0. I thought that was > > odd, but it seemed workable, I went in, changed my profile to reflect c0 > > since these machines didn't have a DVD drive, and rejumped, The > > installation worked as expected, but upon the reboot, it couldn't fsck > > anything. I booted from a net image and looked at the installed vfstab > > and saw that the disk in there was set to c1. I've never had this problem > > before, the jumpstart process has always generated the correct vfstab > > for my installation when installing via an archive. It almost seems like > > the /etc/vfstab file is getting copied over from my image and not > regenerated. > > Anyone see this before? > > > > Thanks > > > > Adam Mazza > > PGP Key:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x382775D1 > > Key fingerprint = 5A82 FA7F 459C E805 6C00 3211 48AC 6069 3827 75D1 > > _______________________________________________ > > sunmanagers mailing list > > sunmanagers at sunmanagers.org > > http://www.sunmanagers.org/mailman/listinfo/sunmanagers > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers > > Adam Mazza PGP Key:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x382775D1 Key fingerprint = 5A82 FA7F 459C E805 6C00 3211 48AC 6069 3827 75D1 _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Andrew.Hardy at marks-and-spencer.com Thu Jan 15 11:24:33 2004 From: Andrew.Hardy at marks-and-spencer.com (Hardy, Andrew) Date: Thu, 15 Jan 2004 16:24:33 -0000 Subject: SUMMARY: unable to use tape drive as any other user than root Message-ID: <831C852D67213E46A5B25F233C7A779301D583@MSHVSMNSEXP8001.mnsexchange.adroot.marksandspencer.com> Thanks to everyone who replied: Jay Lessert Paul Greidanus Bertrand Hutin Dom Clermont Lewis Handy Steve Edberg Joe Fletcher Adrian Meier The answer was actually simple to fix....... I changed permissions to the block device & everything now works okay. I just wasn't sure that changing permissions to block devices, would not cause problems. I would however, be interested in knowing the possible cause of why these permissions should have changed since the original OS install. Netbackup is the only thing I can think of ! If anybody knows of any possible reason, then drop me a line & I'll provide another summary. Many Thanks Andy Hardy > -----Original Message----- > From: Hardy, Andrew > Sent: 15 January 2004 12:45 > To: 'sunmanagers' > Subject: unable to use tape drive as any other user than root > > > I recently uninstalled Veritas Netbackup from an E3500, which was also previously attached to a tape robot. > I have since attached a single DLT7000 tape drive onto the server, but am unable to write or get the status of the drive, by any user other than "root". > I need to be able to do backups to this device, as user "oracle". > > I have replaced the st.conf file, back to it's original state, from before the Netbackup installation. > Does anyone know if this is related to the previous Netbackup installation and / or know of any fixes ? > If I attach this device to a different server I can then run a status to this device as any user. > > Many Thanks > > Andy Hardy > > > > As root user: > > mt -f /dev/rmt/0 status > > Sun DLT7000 tape drive: > sense key(0x6)= Unit Attention residual= 0 retries= 0 > file no= 0 block no= 0 > > > As oracle user: > > mt -f /dev/rmt/0 status > > /dev/rmt/0: write protected or reserved > > > > > > > > > > ----------------------------------------------------------------------- Registered Office: Marks & Spencer p.l.c Michael House, Baker Street, London, W1U 8EP Registered No. 214436 in England and Wales. Telephone (020) 7935 4422 Facsimile (020) 7487 2670 www.marksandspencer.com Please note that electronic mail may be monitored. This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful. The registered office of Marks and Spencer Financial Services PLC, Marks and Spencer Unit Trust Management Limited, Marks and Spencer Life Assurance Limited and Marks and Spencer Savings and Investments Limited is Kings Meadow, Chester, CH99 9FB. These firms are authorised and regulated by the Financial Services Authority. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From adam at 68e.com Mon Jan 5 14:51:26 2004 From: adam at 68e.com (Adam Mazza) Date: Mon, 05 Jan 2004 19:51:26 -0000 Subject: SUMMARY: fatal error on 4500 In-Reply-To: References: Message-ID: Thanks for all the responses. Most people seemed to think it definately was an ecache error on the CPU (400MHz, 8Meg cache), and that the process running on it at the time could have been anything, it just happened to be the one mentioned. Since I have support and can't afford the machine to go down outside of a maintenance window I am going to swap out the CPU. Regards, Adam Mazza On Sun, 4 Jan 2004, Adam Mazza wrote: > Hi, > > I had an E4500 reboot itself recently, and on a first glance at the > logfile I assumed it was a CPU issue, either the cache on the CPU or the > CPU itself. Then I noticed that a the OS is reporting a java process > caused it to crash while in User mode. My understanding is that I user > process should never be able to do that, so I am wondering if the process > just tickled a a HW issue, or if it's something in Solaris or the JRE. I > am running Solaris 8 02/02 with the recommended patch cluster from ~6 > months ago. I am running JRE 1.4.1_01. Here is a snippet of the logfile: > > Jan 3 15:55:21 testbox SUNW,UltraSPARC-II: [ID 667935 kern.info] NOTICE: > [AFT2] errID 0x002018e3.40e4dc3a DBI event on C > PU5 > Jan 3 15:55:21 testbox SUNW,UltraSPARC-II: [ID 931584 kern.info] [AFT2] > errID 0x002018e3.40e4dc3a PA=0x00000000.85e5a0c0 > Jan 3 15:55:21 testbox E$tag 0x00000000.09c010bc E$State: Modified > E$parity 0x04 > Jan 3 15:55:21 testbox SUNW,UltraSPARC-II: [ID 359263 kern.info] [AFT2] > E$Data (0x00): 0x00000001.00000000 > Jan 3 15:55:21 testbox SUNW,UltraSPARC-II: [ID 359263 kern.info] [AFT2] > E$Data (0x08): 0x0011d2bc.00000000 > Jan 3 15:55:21 testbox SUNW,UltraSPARC-II: [ID 359263 kern.info] [AFT2] > E$Data (0x10): 0xfa40a0a0.fa441550 > Jan 3 15:55:21 testbox SUNW,UltraSPARC-II: [ID 359263 kern.info] [AFT2] > E$Data (0x18): 0x00000000.00000000 > Jan 3 15:55:21 testbox SUNW,UltraSPARC-II: [ID 989652 kern.info] [AFT2] > E$Data (0x20): 0xcd51cb00.01100660 *Bad* PSYND=0 > x4000 > Jan 3 15:55:21 testbox SUNW,UltraSPARC-II: [ID 359263 kern.info] [AFT2] > E$Data (0x28): 0xb500012b.b80004ad > Jan 3 15:55:21 testbox SUNW,UltraSPARC-II: [ID 359263 kern.info] [AFT2] > E$Data (0x30): 0xffc0e359.00000000 > Jan 3 15:55:21 testbox SUNW,UltraSPARC-II: [ID 359263 kern.info] [AFT2] > E$Data (0x38): 0x00000000.00150001 > Jan 3 15:55:22 testbox SUNW,UltraSPARC-II: [ID 672661 kern.warning] > WARNING: [AFT1] EDP event on CPU5 Data access at TL= > 0, errID 0x002018e3.8237619a > Jan 3 15:55:22 testbox AFSR 0x00000000.00404000 AFAR > 0x00000000.85e5a0e0 > Jan 3 15:55:22 testbox AFSR.PSYND 0x4000(Score 95) AFSR.ETS 0x00 > Fault_PC 0xfa40a2a4 > Jan 3 15:55:22 testbox UDBH 0x0000 UDBH.ESYND 0x00 UDBL 0x0000 > UDBL.ESYND 0x00 > Jan 3 15:55:22 testbox SUNW,UltraSPARC-II: [ID 731945 kern.info] [AFT2] > errID 0x002018e3.8237619a PA=0x00000000.85e5a0e0 > Jan 3 15:55:22 testbox E$tag 0x00000000.09c010bc E$State: Modified > E$parity 0x04 > Jan 3 15:55:22 testbox SUNW,UltraSPARC-II: [ID 359263 kern.info] [AFT2] > E$Data (0x00): 0x00000001.00000000 > Jan 3 15:55:22 testbox SUNW,UltraSPARC-II: [ID 359263 kern.info] [AFT2] > E$Data (0x08): 0x0011d2bd.00000000 > Jan 3 15:55:22 testbox SUNW,UltraSPARC-II: [ID 359263 kern.info] [AFT2] > E$Data (0x10): 0xfa40a0a0.fa441550 > Jan 3 15:55:22 testbox SUNW,UltraSPARC-II: [ID 359263 kern.info] [AFT2] > E$Data (0x18): 0x00000000.00000000 > Jan 3 15:55:22 testbox SUNW,UltraSPARC-II: [ID 989652 kern.info] [AFT2] > E$Data (0x20): 0xcd51cb00.01100660 *Bad* PSYND=0 > x4000 > Jan 3 15:55:22 testbox SUNW,UltraSPARC-II: [ID 359263 kern.info] [AFT2] > E$Data (0x28): 0xb500012b.b80004ad > Jan 3 15:55:22 testbox SUNW,UltraSPARC-II: [ID 359263 kern.info] [AFT2] > E$Data (0x30): 0xffc0e359.00000000 > Jan 3 15:55:22 testbox SUNW,UltraSPARC-II: [ID 359263 kern.info] [AFT2] > E$Data (0x38): 0x00000000.00150001 > Jan 3 15:55:22 testbox SUNW,UltraSPARC-II: [ID 734837 kern.info] [AFT2] > errID 0x002018e3.8237619a AFAR was derived from E$Tag > Jan 3 15:55:22 testbox unix: [ID 321153 kern.notice] NOTICE: Scheduling > clearing of error on page 0x00000000.85e5a000 > Jan 3 15:55:22 testbox SUNW,UltraSPARC-II: [ID 130088 kern.info] [AFT3] > errID 0x002018e3.8237619a Above Error is in User Mode > Jan 3 15:55:22 testbox and is fatal: will reboot > Jan 3 15:55:22 testbox unix: [ID 855177 kern.warning] WARNING: [AFT1] > initiating reboot due to above error in pid 25059 (java) > > > Regards, > > Adam Mazza > PGP Key:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x382775D1 > Key fingerprint = 5A82 FA7F 459C E805 6C00 3211 48AC 6069 3827 75D1 > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers > > Adam Mazza PGP Key:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x382775D1 Key fingerprint = 5A82 FA7F 459C E805 6C00 3211 48AC 6069 3827 75D1 _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From a.zibellini at ops.tin.it Fri Jan 9 05:49:59 2004 From: a.zibellini at ops.tin.it (Alessandro Zibellini) Date: Fri, 09 Jan 2004 10:49:59 -0000 Subject: SUMMARY: problem with sds 4.2 Message-ID: <000601c3d69d$8be9c9f0$360314ac@brega> The problem was fixed deleting the corrupted metadbs and recreating them afterwards. Some mirrors needed a metareplace command as well (a disk was corrupted too). Special thanks to: Parissis Pvlos Joe Fletcher Bernhard Sadlowski Jason Grove Darren Dunham Vani Bhat Eugene Schmidt -------------------------------------- Alessandro Zibellini Telecom Italia Media S.p.A. - TIN.IT Unix Systems and Network Administrator Mobile +39 335 140 3325 -------------------------------------- email: a.zibellini at ops.tin.it alessandro.zibellini at vtin.it -------------------------------------- _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Alan_G_Beardsley at raytheon.com Thu Jan 22 10:55:53 2004 From: Alan_G_Beardsley at raytheon.com (Alan G Beardsley) Date: Thu, 22 Jan 2004 15:55:53 -0000 Subject: SUMMARY: SUN Storedge D1000 Disk Upgrade Message-ID: Thanks to all that replied: Matthew Stier, Simon McCartney, Ronny Martin. While I have not yet had an opportunity to do the upgrade, the following two methods outlined below should work OK. The following two methods for upgrading 18 GB disks to 36 GB disks in a SUN Storedge D1000 RAID system using Disksuite are included here: Method 1) Assuming you have a mirror (d0) comprise of two components (d1) and (d2), and that you have backed up the data for disaster recovery purposes. 1) Unmount the affect filesystem 2) Metadetach one half of the mirror. [ metadetach d0 d2;] 3) Recursively metaclear the primary metadevice. [metaclear -r d0; # Note: Metaclears d0 and d1] 4) Remove and replace the drives comprising the cleared mirror. (Replace the drives which had comprised d1) 5) Use format to partition the new drives. (At minimum partition one drive using format, and then use 'prtvtoc' and 'fmthard', to clone the partitioning.) 6) Metainit the new mirror. [metainit d1; metainit d0;] 7) Newfs the new mirror. [newfs /dev/md/rdsk/d0;] 8) Mount the new mirror. [mount /dev/md/dsk/d0 /mnt;] 9) Change directory to the mount point [cd /mnt;] 10) Use ufsdump/ufsrestore to copy the data. [ufsdump 0f - /dev/md/rdsk/d2 | ufsrestore rf - ; # Remove the 'restoresymboltable' when done. ] 11) Once the data is copied, you repeat steps 3, 4 5, and 6 with metapartition d2. [metaclear d2; ; metainit d2;] 12) As long as you are using the same partitioning on all drives, metadevices d1 and d2 should have the same number of blocks, and metadevice d2 can be attached metadevice d0. [metattach d0 d2;] Method 2) You can do as suggested, assuming the following: d10: Mirror Submirror 0: d20 State: Okay Submirror 1: d30 State: Okay Pass: 1 Read option: roundrobin (default) Write option: parallel (default) Size: 412965 blocks d20: Submirror of d10 State: Okay Size: 412965 blocks Stripe 0: Device Start Block Dbase State Hot Spare c0t1d0s0 0 No Okay d30: Submirror of d10 State: Okay Size: 412965 blocks Stripe 0: Device Start Block Dbase State Hot Spare c0t0d0s0 0 No Okay We'll do d20 first. metadetach d10 d20 metaclear d20 [remove disks] [insert new disks] devfsadm [This is Solaris8, I understand this can be done with drvconfig and disks, it rescans the SCSI bus] [verify the news disks can be seen, fdisk] metainit d20 1 x disk1 disk2 disk3 [where x is number of disk, disk1 etc is s2 on each disk etc] metattach d10 d20 Use metatool to wait for sync to complete repeat for other half of mirror Then use "growfs /mnt/pt /dev/md/rdsk/d10" to grow the filesystem. I've done all of this live under S8, with no problems. You may have to use "metadb -d" to remove any meta databases held on disks you wish to remove, use "metadb" to verify the location of your meta databases. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Abeysekera at cl.uh.edu Fri Jan 23 09:59:18 2004 From: Abeysekera at cl.uh.edu (Abeysekera, Krishani) Date: Fri, 23 Jan 2004 14:59:18 -0000 Subject: SUMMARY: How to upgrade a NIS+ server from Solaris8 to Solaris 9 Message-ID: <3DD4696E17FF094B9F70EC9A40851A190377F4CD@b3308-32813.cl.uh.edu> Thank you to Daryl McKinnon, who had 2 suggestions. I plan to work on this next week. The suggestions are as follows: Option 1: Use the following steps to make a copy of the NIS+ files before the upgrade (I would suggest single user mode): # tar cf /nis_save.tar /var/nis /etc/.rootkey /etc/nsswitch.conf /etc/defaultdomain Then after the upgrade, again in single user mode, untar the files. You should be ok (I've done this a few times). Of course I'd make a backup of the entire system just in case anything else went wrong. Option 2: You could also make a standard NIS+ client, make it a replica server and promote it to a master. You would have to downgradee the original master to a normal client. Then upgrade the OS on the old master, and point to the new server for NIS+ services. Once the upgrade is done, you can promote it back to being a master server. Krishani Abeysekera. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From ahoesch at smartsoft.de Fri Jan 30 14:14:29 2004 From: ahoesch at smartsoft.de (=?ISO-8859-1?Q?Andreas_H=F6schler?=) Date: Fri, 30 Jan 2004 20:14:29 +0100 Subject: Summary: IPFilter with rdr entry on Solaris In-Reply-To: <36501.151.191.175.195.1075486356.squirrel@yomega.cs.utk.edu> Message-ID: <8731E6D4-5358-11D8-AFA5-003065CCA582@smartsoft.de> Hi all, I would like to summarize the results of my research. It turned out that my ipf and nat files were correctly configured. However, it seems to be pretty important that the target machine - the one the data is forwarded to - has the firewall set as its default gateway. After making a corresponding entry in /etc/defaultrouter on this machine it started working. Regards, Andreas >> I am referring to my earlier request with the subject "Forwarding with >> IPFilter on Solaris". I am trying to redirect requests to >> >> port = 8080 >> >> to a machine in the local subnet at port 80. From the FAQs and docs I >> learned that this is basic stuff and should only require the following >> additional lines: >> >> /etc/opt/ipf/ipf.conf: >> =============== >> pass in log quick on hme0 proto tcp from any to any port = 80 keep >> state >> >> /etc/opt/ipf/ipnat.conf: >> ================== >> rdr hme0 0.0.0.0/0 port 8080 -> 192.168.1.10 port 80 >> >> hme0 is the external interface with a static ISP address. hme1 is the >> interface connected to the local subnet 192.168.1.0. I expected this >> to >> simply work after doing >> >> ipf -Fa -f /etc/opt/ipf/ipf.conf >> ipnat -v -CF -f /etc/opt/ipf/ipnat.conf >> >> However, it does not. The connection simply times out. I did "tail -f >> /var/log/fw.log" while trying to connect, but nothing is logged when I >> do >> >> telnet 8080 >> >> I also upgraded from ip-fil3.4.27 to ip-fil3.4.33pre2 which made no >> difference. I am stuck. Has anybody got this working on Solaris 8 >> Sparc? Any hints would be greatly appreciated. >> >> Thanks a lot! >> >> Regards, >> >> Andreas _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From alex.galea at centrelink.gov.au Sun Jan 11 16:30:00 2004 From: alex.galea at centrelink.gov.au (alex.galea at centrelink.gov.au) Date: Sun, 11 Jan 2004 21:30:00 -0000 Subject: SUMMARY Migrating from a 280R to a V480 Message-ID: Managers, Unfortunately the migration i had in mind was not possible due to the fact that the V480 turned out to be way too different to the 280R. The boot died a painful death. It did not seem to matter what changes were made. However we are currently looking at SUN WebStart Flash as a possible alternative for the migration. Other then that a full migration may be in order. Thanks Alex Original Question I have been given the task of Migrating users off a SUN 280R running Solaris 8 02/02 to a Sun V480. The V480 has been setup with match in hardware except CPU and Memory Due to a small time constraint i have been given would it be possible to remove the disks from the 280R and install them in the V480 with out too much trouble keeping the operating system intact. Other wise a full migration will be in order, if that is the case management can deal with it. Please excuse the type of question but i was given very short notice. Alex Galea Unix & Linux Enterprise Services Team alex.galea at centrelink.gov.au Important: This e-mail is intended for the use of the addressee and may contain information that is confidential, commercially valuable or subject to legal or parliamentary privilege. If you are not the intended recipient you are notified that any review, re-transmission, disclosure, use or dissemination of this communication is strictly prohibited by several Commonwealth Acts of Parliament. If you have received this communication in error please notify the sender immediately and delete all copies of this transmission together with any attachments. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From bruce.truax at ge.com Mon Jan 5 09:42:44 2004 From: bruce.truax at ge.com (Truax, Bruce (COMFIN, VFS, Consultant)) Date: Mon, 05 Jan 2004 14:42:44 -0000 Subject: Summary: U5 running 2.6 with a 20GB hard drive issue. Message-ID: <352EBFE67A6D3543B12C37B2CB74A57F099DA6@CINMLVEM08.e2k.ad.ge.com> Thanks again to all for you input especially Peter Stokes. Summary 1 -> I loaded Solaris 2.6 normally do with 1 exception. I DID NOT CREATE the partition that would extend into the unseen area of the disk. 2 -> Logged in as root and (after installing the OS packages 105181-35, 105798-04, and 106407-08) installed the package named "fixdisks_Solaris26.tar" located at ftp://ftp.tadpole.com/pub/ that was sent to me by Peter Stokes. 3 -> Rebooted into single-user mode and ran the command fixIDEsizes as instructed at the end of the fixdisks installation. In the fixIDEsizes, I created and newfs'd the additional space and created the mount point. After finishing, I checked it with the format and df commands. I then exited single-user mode. Fixdisks was successful. The option to reformat from the installation did not work. I also learned that the 2.6 installation will re-label these drive incorrectly as 8 GB. If you do not run the script and choose to upgrade, the disks must be re-labeled first. This appears to be an issue more with the ATA version then the size. The 20 GB ATA 2 works fine without the patch, the ATA 4 needs it. Bruce More Info: I have a few other Ultra 5's that load and run 2.6 just fine with the Seagate ST320420A 20GB hard drive. The apparent difference is the type of ATA drive. The ST320011A is an ATA100 and the ST320420A is an ATA66. Thanks again to all those who have already answered. Hello Sunmanagers, I have an Ultra 5 - 400MHz, 256MB, 20GB Seagate ST320011A hard drive - and I am trying to load 2.6 5/98. I keep getting a bad label error. The label reports one amount (the correct one) of cylinders and the disk reports a smaller amount. 2.6 tries to install only to fail mounting the file system upon reboot. I believe that 2.6 cannot read the geometry of this particular disk. I have found a patch for the disk at Tadpole but it is an OS package. Is there any other workaround for this as a prepatch? I will summarize Thank you all in advance ... Btw, upgrading the OS is not an option at this time. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From BLucas at accela.com Mon Jan 5 10:03:41 2004 From: BLucas at accela.com (Brian Lucas) Date: Mon, 05 Jan 2004 15:03:41 -0000 Subject: SUMMARY: RE: Single-user mode metastat Message-ID: <0E519066D584B0468F496C29F8891651F32512@kiva-d6400.accela.com> Thanks to Paul Boven and Michael Schneider for the following information: Are you sure they are actually resynchronizing? In single-user mode, it will not have started /etc/rc2.d/S95svm.sync yet, for instance. So you need to start the synchronization yourself, e.g. with the metasync command or the aforementioned rc-script. -----Original Message----- From: Brian Lucas [mailto:BLucas at accela.com] Sent: Friday, January 02, 2004 1:44 PM To: 'sunmanagers at sunmanagers.org' Subject: Single-user mode metastat Gurus, I have a Sun E4500 with attached A5200. We have had terrible weather that has caused massive power outages leading to my system going down rather disgustingly. I am in single-user mode and a quick metastat shows the disks are resynching but it doesn't show the percentage along they are like the output normally displays when the system is up and running normally. Does anyone know how to tell how far along a synchronization is for the metadevices while in "boot -s" mode. Thanks, Brian Brian Lucas, MCSE, OCP IT Engineer _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From andrew at socallinuxsolutions.com Wed Jan 7 13:57:55 2004 From: andrew at socallinuxsolutions.com (Andrew Davis) Date: Wed, 07 Jan 2004 18:57:55 -0000 Subject: SUMMARY: SunFire V100 boot error & Trying to boot from previously failed disk on SunFire V100 Message-ID: <3FFC5560.5050308@socallinuxsolutions.com> Thank you all for you assistance. I received enough emails to at least determine there was nothing more I could do. Here's the short synopsis: I was able to boot from a CD and fsck slices 0,3,4,5, and 6 (1 was swap, 2 is the obvious overlap, and 7 was unused). The fsck was not enough. After rebooting I had the same error. I then booted from CD again and tried reinstalling the bootblk. This too did not work... rebooting generated the same error. On try #3 I tried mounting the various slices. The could all mount, but none had data in them. I had a new lost+found after the fsck's, but only had a few files relating to /usr and /etc... nothing of value to me. I was able to see the drive under format. I did a non-destructive analyze and it finished without error. One of the Sun guys on the list suggested that it was *possible* that if I had patchsets applied that were newer than my boot media, that I might not be able to see the data, but it might actually be there. So with nothing to lose, I re-installed and protected slice 6 (which had the date I needed). After the re-install, I mounted and checked slice 6, but it was still empty. So at this point, the disk is absolutely fine and let me do an fsck, but there's no data on it. I'm guessing that perhaps something related to the inode table was corrupted or lost. Not sure, but the system's data is a lost cause now. Thanks for all your help nonetheless. -- Andrew Davis, Founder SoCalLinuxSolutions andrew at socallinuxsolutions.com 760-525-4689 SoCalLinuxSolutions.com Linux Consultation & Integration Services _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Bill.Smith at jhuapl.edu Thu Jan 8 22:37:36 2004 From: Bill.Smith at jhuapl.edu (Smith, William E. (Bill), Jr.) Date: Fri, 09 Jan 2004 03:37:36 -0000 Subject: SUMMARY: Error Upon Logoff of Guest FTP User Post Message-ID: Thanks much to those who provided feedback. Problem was that I needed the library copied over into the chrooted environment. Once that was done, the error went away. I was on the right track but missed what turned out to be the obvious. - Bill -----Original Message----- From: Smith, William E. (Bill), Jr. To: ''sunmanagers at sunmanagers.org' ' Sent: 1/8/2004 7:18 PM Subject: Addon to Error Upon Logoff of Guest FTP User Post When making this post, I left out a couple pieces of info that I did not intend to. One, the library the error is citing does in fact exist on my system. It's not that it's missing. Two, I think the problem has something to do with the fact that I'm chrooting guest users but I haven't been able to figure out exactly what to this point. - Bill I have a Solaris 9 4/03 release server running the bundled WU-FTP server. The problem I'm seeing/having is that when a guest user logs off, the following errors are logged to the log files I have setup just for FTP. Jan 8 13:35:05 aplxftp ftpd[509]: [ID 776383 daemon.error] open_module: stat(/usr/lib/security/pam_unix_session.so.1) failed: No such file or directory Jan 8 13:35:05 aplxftp ftpd[509]: [ID 487707 daemon.error] load_modules: can not open module /usr/lib/security/pam_uni x_session.so.1 I've done some searching and the only relevant hit I found is a past message on the list. However, that doesn't seem to apply here since the file/directory permissions are correct. http://tinyurl.com/3h7ot Any other ideas as to what the problem may be? Thanks, Bill Smith ISS Systems Server Group Johns Hopkins University Applied Physics Laboratory 11100 Johns Hopkins Road Laurel, MD 20723 Phone: 443-778-5523 Web: http://www.jhuapl.edu _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From campbell at accelinc.com Tue Jan 20 12:40:38 2004 From: campbell at accelinc.com (Chuck Campbell) Date: Tue, 20 Jan 2004 17:40:38 -0000 Subject: SUMMARY: solaris 2.6 on an ultra 60 In-Reply-To: <20040112214916.GC10554@helium.inexs.com> References: <20040112214916.GC10554@helium.inexs.com> Message-ID: <20040120173431.GA32157@helium.inexs.com> On Mon, Jan 12, 2004 at 03:49:16PM -0600, Chuck Campbell wrote: > I've gotten an ultra 60 to replace an old ultra 170E. > > I've seen a bunch of articles on the sun pages that say I need to boot from the > Operating Environment CD first if I'm installing solaris 2.6 on 450Mhz cpu's > > Where do I find this CD? Is it in the standard solaris desktop media box? > I don't seem to see one here... :-( > > I can pick up a media box, but I don't see any sense in doing so, unless the > CD I'm already missing is there. > > If not, where can I get my hands on one? > > -chuck Many thanks to those who helped, offered suggestions etc. They include in the order I received their email replies): Scott Spencer, Darren Dunham, Rich Teer, Jason Santos, Peter Stokes, King Brooke, Casper Dik, Brian ? The solution I used was to install a 300Mhz cpu, run the solaris 2.6 installation, patch using the most recent recommended adn y2k patch sets, install the 450Mhz cpu's and reboot. Not necessarily elegant, but once I understood I just needed a patch to make the 450mhz cpu's work, it was straight forward to get there. Special thanks to Rich Teer who ftp'd the contents of the cd to me, and to Scott Spencer who actually sent me one of the CD's Thanks again, -chuck -- _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From andy.ford at telindus.co.uk Thu Jan 22 11:23:18 2004 From: andy.ford at telindus.co.uk (Andy Ford) Date: Thu, 22 Jan 2004 16:23:18 -0000 Subject: SUMMARY: Solaris root password recovery Message-ID: <1074762959.2061.32.camel@evo@telindus.co.uk> Thank you to Phil Grisedale for this comprehensive recovery method.... ------------------- start ---------------- follow these steps you will have to use a new password though. You need to have physical access to the machine's console. Note the root partition; Solaris 8 uses /dev/dsk/c0t0d0s0 on the Ultra5/10 and Blade 100, /dev/dsk/c0t1d0s0 for Blade 1000. Press the STOP and A keys simultaneously, or, on an ASCII terminal or emulator, send a ) to halt the operating system, if it's running. Boot single-user from CD-ROM (boot cdrom -s) or network install/jumpstart server (boot net -s). For Solaris 8 use the CD-ROM labeled "Installation". (If it asks you for a prom password, see below.) Mount the root partition on "/a". "/a" is an empty mount point that exists at this stage of the installation procedure. For example: #mount /dev/dsk/c0t0d0s0 /a If the mount command fails and since "/a" always exists, then you either typed in the wrong device, OR the system is seeing the root partition as something else. Do a "ls /tmp/dev/dsk" and see what is there. "c0t6" things are the CD-ROM, what is left is what one needs to try. On a Blade 1000/2000, choose /dev/dsk/c1t1d0s0, and execute: #mount /dev/dsk/c1t1d0s0 /a Set your terminal type so you can use a full-screen editor, such as vi. You can skip this step if you know how to use "ex" or "vi" from open mode. If you're on a sun console, type "TERM=sun; export TERM"; If you are using an ascii terminal or terminal emulator on a PC for your console, set TERM to the terminal type for example: TERM=vt100; export TERM. Edit the passwd file, /a/etc/shadow (or perhaps in older versions, /etc/passwd) and remove the encrypted password entry for root. Type: "cd /; then "umount /a" Reboot as normal in single-user mode ("boot -s"). The root account will not have a password. Give it a new one using the passwd command. PROM passwords: Naturally, you may not want anyone with physical access to the machine to be able to do the above to erase the root password. Suns have a security password mechanism in the PROM which can be set (this is turned off by default). The man page for the eeprom command describes this feature. If security-mode is set to "command", the machine only be booted without the prom password from the default device (i.e. booting from CD-ROM or install server will require the prom password). Changing the root password in this case requires moving the default device (e.g. the boot disk) to a different SCSI target (or equivalent), and replacing it with a similarly bootable device for which the root password is known. If security-mode is set to full, the machine cannot be booted without the prom password, even from the default device; defeating this requires replacing the NVRAM on the motherboard. "Full" security has its drawbacks -- if, during normal operations, the machine is power-cycled (e.g. by a power outage) or halted (e.g. by STOP-A), it cannot reboot without the intervention of someone who knows the prom password --------- end ----------------- Thank you to all that replied Regards Andy -----Original Message----- From: sunmanagers-bounces at sunmanagers.org [mailto:sunmanagers-bounces at sunmanagers.org]On Behalf Of Andy Ford Sent: 19 January 2004 07:02 To: sunmanagers at sunmanagers.org Subject: Solaris root password revovery I have a Solaris box where I have lost the root password. I have another account on the box so I can still log in. Can I recover the root password without a full rebuild?? Thanks Andy -- perl -e 'print qq^;@) [###]^^qq^z\.MY{eLQ9^' in:control developer, Telindus, RG27 9HY DDI: +44 1256 709211, GSM: +44 7810 636652 _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers -- perl -e 'print qq^;@) [###]^^qq^z\.MY{eLQ9^' in:control developer, Telindus, RG27 9HY DDI: +44 1256 709211, GSM: +44 7810 636652 _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From barbara.schelkle at undp.org Thu Jan 22 19:39:15 2004 From: barbara.schelkle at undp.org (Barbara Schelkle) Date: Fri, 23 Jan 2004 00:39:15 -0000 Subject: SUMMARY: tcsh behaviour (tab-completion) changes in version tcsh 6.11.00 In-Reply-To: Message-ID: dear sunmanagers, thanks to Vinh Cao and Russ LeBar for the quick answers: This is a known bug with patch 110943-02: http://sunsolve.sun.com/private-cgi/retrieve.pl?doc=bug%2Futility%2Ftc sh%2F4962802&zone_110=4962802%2A%20 So I backed out patch 110943-02. Since 110943-02 is actually recommended against a minor security vulnerability (see http://www.securitytracker.com/alerts/2003/Dec/1008547.html, I believe this is the reason why 110943-02 is still in the cluster) I decided to remove SUNWtcsh altogether and compiled the latest tcsh version 6.12.00 from sources and installed in /usr/local. This version doesn't have the problem anymore. Thanks again, Barbara p.s. btw, a reboot, as someone recommended, didn't help. > -----Original Message----- > From: sunmanagers-bounces at sunmanagers.org > [mailto:sunmanagers-bounces at sunmanagers.org]On Behalf Of Barbara > Schelkle > Sent: Thursday, January 22, 2004 6:52 PM > To: sunmanagers > Subject: tcsh behaviour (tab-completion) changes in version > tcsh 6.11.00 > > > all, > I am using /bin/tcsh as my login shell. I just installed the latest > recommended patch cluster for Solaris 8. Since then, my tcsh behaves > differently. The completion mechanism of the shell doesn't work > properly anymore. > For example before I applied the patch cluster, I got: > > > set autolist > > ls /etc/sys > sysdef@ sysevent/ sysidcfg syslog.conf syslog.pid@ > system > > ls /etc/sys > > meaning that I was showed the list of possible completions, since > "/etc/sys" is still ambiguos. > > Now, after I installed the latest patch cluster I get: > > > set autolist > > ls /etc/sys > 0c 0c 0c 0c 0c > > ls /etc/sys > > Actually it looks like the completion still works, but something is > wrong with displaying the choices. I only get long lists of "0c" > characters, wherever I type . > > The completion works fine with bash. > No userspecific .tcshrc or .cshrc files are involved. > Changing the TERM variable doesn't make a difference it seems. > tcsh version is now > tcsh 6.11.00 (Astron) 2001-09-02 (sparc-sun-solaris) options > 8b,nls,dl,al,rh,color > before the patch cluster install it was > tcsh 6.10.00 (Astron) 2000-11-19 (sparc-sun-solaris) options > 8b,nls,dl,al,rh,color > I believe. > > Any help? > > Thanks, > Barbara > -- > Barbara Schelkle +1 (212) 906-5070 > PGP Key fingerprint = F3D9 19D7 D75F 4810 8D7A 78D5 5158 095B D644 > 6CC9 > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From bpepin at emc.com Mon Jan 26 10:38:52 2004 From: bpepin at emc.com (Bryan Pepin) Date: Mon, 26 Jan 2004 15:38:52 -0000 Subject: SUMMARY: Deleting Millions of Files Message-ID: <4015332B.4030207@emc.com> Hello, Thanks to everyone who responded, really too many to mention.....but here are the results from most of the suggestions..... 1) cd /top-level-dir ; find . -type f -print | xargs /bin/rm -f ---> same results.....no gain in the rate at which files were deleted.....this was a popular suggestion..... 2) I was not in a position to backup any of the good data in the other directories, newfs the filesystem, and put the good stuff back....although in my opinion this may have been my quickest/safest option...but under my circumstances, it could not be done...... 3) One suggestion was to use WS FTP, and delete using that, but I did not get a chance to try that either.... 4) find . -type f -exec rm {} \; ---> no gain in the rate at which files were deleted..... 5) One suggestion was to enable noatime on the FS mount.....I did not test this....although I did have logging enabled, which did not seem to help much.... 6) cd /to-offending-dir ; ls | perl -ne 'chomp; unlink ;' ---> this still took a long time to do on each file....and also, the unlinking, come to find out, had another side effect...see below..... 7) Another interesting suggestion was to use fastfs.c..http://www.science.uva.nl/pub/solaris/fastfs.c.gz unfortunately I did not get a chance to use it as it does put the rest of the data on the FS at risk....some claims were that it could improve the removal rate by 500% or more!!!......I may run some tests w/ this in our lab for future problems like this.... 8) cd /up-one-dir ; unlink ./dir-with-files --> This worked instantaneously...but did not free up any inodes....so we stopped the application, unmounted the FS, and fsck'd....that took only a few minutes, and then remounted....but the inodes were still not free.....come to find out, fsck put all the files back in lost+found, so the inodes were still in use.......but for whatever reason, removing the "lost" files from lost+found was much quicker!!!.....it took less than 1 hour to clean out around 1 million files from lost+found???......I think I may do some testing w/ this method as well...... In Summary, it seems the unlink, unmount, fsck, and then remove from lost+found was the best option for us.....the newfs would have been a better solution if it were not for the rest of the good data on that filesystem..... fyi, this was a Solaris 8 environment....... Thanks again for all of the suggestions. -Bryan -------- Original Message -------- Subject: Deleting Millions of Files Date: Thu, 22 Jan 2004 14:14:29 -0500 From: Bryan Pepin Organization: EMC Corporation To: sunmanagers at sunmanagers.org Hello, We had an application "loose it's brain" and create millions of tiny files all in 1 directory on a UFS filesystem. We have since fixed the application, but now we are trying to clean up the directory because it used up all the available inodes on the ufs filesystem. So we have tried many different techniques for removing the files, but it is taking forever? Here is a sample of what we tried: 1) rm * -> the shell could not handle that expansion 2) cd to upper directory, and rm -rf dircectory_of_all_files --> this is taking forever...on one server, it has been running around 12 hours, and only half way done.... 3) create a for loop from the output of an ls, and remove each file individually --> same results as above.... 4) create a for loop from the output of an ls, and remove each file individually in the background --> this caused severe performance issues on the box and had to be killed because it spun off so many rm's so quickly, and they were all hanging around waiting..... We cannot just nuke the filesystem since the other directories on it have valuable information..... Has anyone out there came up with a better way to remove this many files?.....there is no disk/cpu/memory contention at all as well....except for when we did the for loop and sent all the rm's in the background..... Thanks in advance, and I will summarize. -Bryan Pepin _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers -- ************************************************ Bryan Pepin Unix Enterprise Systems EMC Corporation 171 South Street Hopkinton, MA 01748 508-249-3543 bpepin at emc.com _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From bshah at citadon.com Fri Jan 30 20:06:15 2004 From: bshah at citadon.com (Bhavesh Shah) Date: Fri, 30 Jan 2004 17:06:15 -0800 Subject: SUMMARY: File disappeared....in solaris 8 after mv twice Message-ID: <0FEA43415756E44AB368AC58C1A4F4F30112ECA4@a4mail2k01.citadoncorp.com> Thanks to everyone who replied especially Patrick O'Reilly, Jay Lessert and Larry Anta. Well the answer is No. The file has been removed and can't be retrieved. But there is a utility available which recovers deleted file under Unix. But is effective if your deleted file size is 20K -30K Thanks to Patrick for this valuable info. Here it is : - unrm, Lazarus; tools used to recover deleted unix files (part of TCT: the Coroner toolkit) http://www.fish.com/tct/ - surf to http://www.fish.com/tct/help-recovering-file for instructions Hope this helps. ------------------------------------------------------------------------ ------------------------------------------------------------------------ -------- My Original Question was : I had 200M file which I wanted to move to a different location. I ran the command "mv filename /test &" (in the background) By mistakenly I ran the same command again (bash shell - pressed up arrow key and instead of ^c pressed enter key) while the first was still running But when jobs were finished and I checked the file & it was disappeared. It wasn't there in source as well as destination folder. I don't have any backup of this file. Have any one has experienced this kind of situation? Can I retrieve this file?? _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Chaffend at msxi-euro.com Thu Jan 8 06:09:04 2004 From: Chaffend at msxi-euro.com (Colin Haffenden) Date: Thu, 08 Jan 2004 11:09:04 -0000 Subject: SUMMARY: syslog problem Message-ID: Firstly thanks to Casper Dik Lars Hecking Ronny Martin jordivi Joohyun Cha Julian Grunnell Jon Andrews Parissis Pavlos The problem was answered first by Casper Dik, here is what he said.... This line forwardds *all* messages to /var/adm/messages >*.debug /var/adm/messages You may want something like: *.debug;mail.none /var/adm/messages This sends all messages except the mail messages. Thanks for all the speedy responses, Colin. Original message.... Hi All, I am a running a postfix server and have setup the syslog.conf file so that it logs it's messages to separate files and not /var/adm/messages. The problem is I am still getting mail.info messages in the /var/adm/messages file? Here is an example of a message logged.... # tail -1 /var/adm/messages Jan 8 10:21:30 mailout mailout/smtp[29892]: [ID 197553 mail.info] C8C1012411: to=, relay=mailhost.somewhere.com[x.x.x.x], delay=346, status=sent (250 Message received: 7772C73A780.AAA3F00) Here is my syslog.conf.... ===========START========== # # Copyright (c) 2000-2002 by Sun Microsystems, Inc. # All rights reserved. # #ident "@(#)syslog.conf 2.3 02/02/21 SMI" # # This "syslog.conf" file was installed by JASS. This # file should be used to log information both locally as # well as to a centralized log server (or servers) so that # proactive log analysis can be done. *.err;kern.notice;auth.notice /dev/console *.alert root *.emerg * *.debug /var/adm/messages # *.debug @loghost1 # *.debug @loghost2 # added by MSX for standards *.err;kern.debug;daemon.notice;mail.crit;local0.crit /var/adm/messages mail.debug;local0.debug ifdef (`LOGHOST', /var/log/syslog, @loghost) mail.info /var/log/mail.log local0.info /var/log/mailin.log ===========END=============== As you can see the mail.info and local0.info are set to log messages in /var/log/mail.log and /var/log/mailin.log. Does anybody know why this is logging these messages into /var/adm/messages? I am running Solaris 8 on a Sparc 20 with Postfix version 2.0.9 Thanks & Regards, Colin. This Message has been Checked at MSXI for all known Viruses. You open this at your own risk. Please make sure all replies are also virus free. Also we do not accept or send Attachments of the type .exe, .vbs, scr, or .bat due to the virus risk they can contain. These types of attachments will be stripped from the message. MSXI _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From awk at carolina.rr.com Sat Jan 10 18:42:09 2004 From: awk at carolina.rr.com (Ben Green) Date: Sat, 10 Jan 2004 23:42:09 -0000 Subject: SUMMARY: Server Management Message-ID: <001a01c3d7d2$8897a750$347ba8c0@corp.twcable.com> Apologies for the late Summary. The vendor selection process went from September of '03 to mid-November of '03. I wanted to close the book on the whole issue prior to sending the summary.. A hearty thanks goes out to all who responded (Adam Ronthal, Hans Jacobsen, Larry McCann, Rich Teer, Jose Vicente Nunez Zuleta, Vince Merrell, Pam Eavenson, Neil Quiogue, and Rich Kulawiec). All answers were very useful, but pretty close to what I expected. I figured that most shops would roll their own tools, especially where there was no budget, as I have done in the past. There are a wide variety of solutions that cost nothing but time to put together. On the other hand, the server management/provisioning software is at the shallow end of the shrink-wrap market, so, few environments are using off-the-shelf solutions. Here is a list of the information that was shared with me. Commercial products: CiRBA (piggy-backs on Sun Management Center) Roll Your Own Tools: Perl, MySQL, CVS/RCS, rsync, ssh, tftp, & expect Open Source Tools for monitoring: Big Brother (http://www.bb4.com), Ganglia (http://ganglia.sourceforge.net), Orca (http://www.orcaware.com), Net-SNMP, OpenNMS (http://www.opennms.org), AIDE (http://sourceforge.net/projects/aide) Open Source Tools for Server Consistency: cfengine (http://www.cfengine.org) and cfengine (http://www.cfengine.org as much about philosophy as tools) As far as my situation goes, I had the following requirements: F-1. For each server, record configuration in a searchable form to a central database at some interval (including OS, applications, packages, disks, and low-level things like OBP and RTOS versions). F-2. Push out/Roll back packages, patches, configuration changes, and scripts remotely from the administrative interface. F-3. Administrative interface authentication needs to integrate into existing LDAP and RSA authentication facilities F-4. Administrative interface needs to have robust logging for security/auditing purposes. F-5. Solution needs to be flexible enough to monitor changes to TWC custom configuration files. F-6. Solution must support these environments (non-exhaustive list: Windows NT 4.0, Windows 2000, Windows 2003, Sun Solaris 2.6, 7, 8, & 9, as well as Red Hat Linux AS 2.1) F-7. Product must allow flexibility in grouping of servers. (i.e. - group by hardware type/platform, application, functional role, environment (DEV/QA/PILOT/CERT/PROD/etc), location, OS, etc.) F-8. Product must allow servers to belong to multiple groups, so if we need to patch/deploy/config/etc. a certain subset of servers, we can pinpoint that group only or a much larger group. I had a descent budget to work with and a project load for my team that made building this ourselves out of the question. The building and testing alone would have taken months and months and would have only worked on the *nix variants in my shop, not Windoze. Once I had buy-in from the Microsoft side of the house, we narrowed the field to Opsware and Bladelogic (only Tivoli and Sun Management Center were considered beyond Opsware and Bladelogic). Both fit our requirements, but Opsware was slow and clunky. The interface was difficult to navigate. Bladelogic, on the other hand, was clean, intuitive, and simple to use. For once in my career, the Windows team and the Unix team agreed on something more than where to have lunch -- Blade logic was the best choice. We then had them in for an onsite live demonstration a selection of our servers. Bladelogic lived up to its press and we bought it for all of our Solaris, Linux, and Windoze servers. We were not able to get the licensing through our legal department prior to end of year freeze, so we are kicking off the implementation next week (instead of the late-November target). Implementation is slated to take 4-6 weeks; although, since I have installed and configured the software twice during onsite visits, I will be completely productive within 2-3 days on 150 Solaris hosts and 10 Linux hosts. It pays to be hands on during vendor POCs, eh? Also, we are rolling out the application, database, and reporting servers on Red Hat AS 2.1. That's all folks. Thanks again, everyone. Ben Green Charlotte, NC > -----Original Message----- > From: Ben Green [mailto:awk at carolina.rr.com] > Sent: Monday, September 08, 2003 4:53 PM > To: 'sunmanagers at sunmanagers.org' > Subject: Server Management > > Greetings managers, > > I work in a data center that has about 150 Sun Servers consisting of at > least one of every server that Sun currently manufactures (except some of > the new small servers and the blade technologies). I inherited this data > center in December and completed its move from Denver, CO to Charlotte, NC > in late May. > > I am now working with my team to manage this collection of servers that > will grow to more than 200 over the next 6 months. These inherited > servers are mostly Solaris 8, but are at many different patch levels with > a multitude of configuration differences. > > What we want to do is this: > - manage all of the servers at a single console app or client and open > this up ina role-base management for Tier II support > - group servers by application, environment (DEV/QA/PROD/etc.), Operating > System (Solaris 7/8/9), or by type (www/oracle/sybase/weblogic/etc.) > - initiate an application/patch installation, script run, or > configuration change on a whole group at once > - track changes to files (sort of a host-based IDS in a way) > - complete application and hardware configuration (down to RTOS and OBP) > logged to a central database for reporting and DR purposes > > So far, we've found BladeLogic and Opsware. Both do these things. We've > also been looking at our own home-grown solutions utilizing open source > technologies. I would like to entertain more vendors than just two and > the home-grown solutions could cause more work in mainenance and fixes to > scripts and processes. > > Now, for my question... What tools/packages/applications have you used to > solve the above problems in the data centers in which you have worked and > about how many servers did you manage? > > Thanks for any information. I will summarize. > > Ben Green _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From brwms at etsu.edu Fri Jan 30 08:48:51 2004 From: brwms at etsu.edu (Bill R. Williams) Date: Fri, 30 Jan 2004 08:48:51 -0500 Subject: SUMMARY: IP Address Alias In-Reply-To: <20040129172923.A8697@brwms.etsu.edu>; from brwms@etsu.edu on Thu, Jan 29, 2004 at 05:29:23PM -0500 References: <20040129172923.A8697@brwms.etsu.edu> Message-ID: <20040130084851.A6679@brwms.etsu.edu> A big thanks to: Angelo Bonfieti Junior, Anna Lee, Bertus Bekker, Casper Dik, Dan Lowe, Darren Dunham, David Selders, Eric Noriega, James Noyes, JV, Kris Briscoe, Martin Schmitt, Nelson Arzola, Sandwich Maker, Simon Burr, SteinAxt, Steve Mickeler, Wesley W. Garland All of whom pretty much said, "Yes, it's that simple." And several who offered other tips, hints, etc. -- --------------------------------------------- Bill R. Williams ------------------------ ETSU Library Systems On Thu, Jan 29, 2004 at 05:29:23PM -0500, Bill R. Williams wrote: > I am experienced in the generic U*IX systems (Linux, AIX, etc.); > however, I am really a novice in the specifics of Sun/Solaris 9 > systems. > IOW: I have done no real configurational things to speak of on Solaris > -- our Suns were installed/configured by a vendor. > > Now I need to add an IP Address alias to one of the Ethernet devices, > and do so without messing things up. (Critical demand server.) > > I think I see how the 'ifconfig' (probably) works. > Here's how I think it should work: > > Presuming that I have these fakey IP addresses: > ----------------------------------- > # ifconfig OUTPUT > qfe0: flags=1000843 mtu 1500 index 3 > inet 111.222.33.101 netmask ffffff00 broadcast 111.222.33.255 > qfe0:1: flags=1000843 mtu 1500 index 3 > inet 111.222.33.102 netmask ffffff00 broadcast 111.222.33.255 > ----------------------------------- > There's already an alias as 111.222.33.102, > I want to add another alias as 111.222.33.103 > > I *think* I can define and bring online this alias with: > * ifconfig qfe0:2 111.222.33.103 netmask 255.255.255.0 up > (the 'ifconfig plumb' has already been done on base qfe0) > > More importantly, this interface needs to come up at BOOT TIME > From what I can gather this is what I need to see to: > > * The /etc/network, /etc/netmask, and /etc/defaultrouter files > already contain the proper settings for my fake '111.222.0.0' > network. > > * Add new, unique "IPAddress hostname" to /etc/hosts: > 111.222.33.103 bitbucket.localdomain bitbucket > > * Create: /etc/hostname.qfe0:2 which contains: > bitbucket > > ... Is that it? Just creating the hostname.DEV containing a name > matching an entry in /etc/hosts will bring the device online at boot > time? It can't be that simple. > > -- > --------------------------------------------- > Bill R. Williams > ------------------------ ETSU Library Systems _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From chris.cameron at netthruput.com Mon Jan 19 10:01:37 2004 From: chris.cameron at netthruput.com (Chris Cameron) Date: Mon, 19 Jan 2004 15:01:37 -0000 Subject: SUMMARY: Restored from tape - Now not booting Message-ID: <1074523588.19723.864.camel@localhost> The problem was that I was running DiskSuite, which I should have mentioned in my message. I restored like I was doing, but before rebooting removed some DiskSuite information from the restore (by following infodoc 707010). Thanks to all those who replied. Chris Original Message: Had to recreate all file systems from backup (same drives and partition layout). So I booted -s from the cdrom and newfs'd the partitions, and mounted each, ufsrestore'd and fsck'd for good measure. For the / partition I did the same except for the 'installboot /usr/platform/sun4u/lib/fs/ufs/bootblk /dev/rdsk/c0t0d0s0' I did (after unmounting. Which ran without error. Upon reboot, I get an almost immediate kernel panic with a number of errors: NOTICE: /: unexpected free inode 201253, run fsck(1M) NOTICE: /: unexpected free inode 201253, run fsck(1M) NOTICE: /: unexpected free inode 201253, run fsck(1M) ...etc. panic[cpu0]/thread=10404000: mod_hold_stub: Couldn't load stub module misc/strplumb When I reboot with the cdrom again, a fsck on the root file system gives "EXCESSIVE DUP BLKS I=201278" (an error which didn't exist before booting). Any hints on what I'm doing wrong? The machine is an Ultra 2, and both the OS I'm restoring and the boot CD I'm using is Solaris 8 5/03. Thanks, Chris _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From david.arroyo at corp.ya.com Wed Jan 21 09:18:25 2004 From: david.arroyo at corp.ya.com (David M. Arroyo Diaz) Date: Wed, 21 Jan 2004 14:18:25 -0000 Subject: [SUMMARY] Changing password via script References: <001e01c3e013$00ad6570$249010ac@darroyo1> Message-ID: <004b01c3e028$a44bca90$249010ac@darroyo1> Hello everyone, I've received a couple of answers. Thanks to everyone who gave a hint about this. The question was: How can I change via script or similar the password for hundred of users without having to type it manually? The general consensus was to use "expect" in order to feed the standard "passwd" program. Other suggested to play with awk, sed or other utilities in order to change "/etc/shadow" as needed. As an example, here is a little piece of expect code that Mike Mann sent to me: -------------------------------------------------------------- spawn passwd david expect "New Password: " send "secret\r" expect "Re-enter new Password: " send "secret\r" expect "passwd: password successfully changed for david" -------------------------------------------------------------- Thanks to everyone for your help. Regards, David Arroyo _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From daniel.teklu at thomson.com Thu Jan 8 17:33:23 2004 From: daniel.teklu at thomson.com (Teklu, Daniel) Date: Thu, 08 Jan 2004 22:33:23 -0000 Subject: FW: OS install on 440 (summary) Message-ID: <7DE01C7F78C4D711BB690090273F115E83EDD8@cs-mail.cust.ilx.com> Thanks to AP, Kevin B., Kevin J. , James Lester, John T., Darren Dunham for telling me I was using an older release. What I need is the the Solaris 7/03 release. Anything earlier than that wont work on this box. I'm waiting for that media kit from sun now. Thanks to all again. -Daniel -----Original Message----- From: Teklu, Daniel Sent: Wednesday, January 07, 2004 12:59 PM To: 'sunmanagers at sunmanagers.org' Subject: RE: OS install on 440 > Sunmanagers: > > I am trying to install Solaris 8 on Sunfire 440 and I get this > > Ok> boot cdrom > > Cannot open [kernel/sparcv9/unix] > Enter file name : /platform/sun4u/kernel/sparcv9/unix <=== I gave it > the 64 bit boot file > > And it comes back with this error and goes back to the ok prompt again > > krtld: load_exec: fail to expand cpu/$CPU > krtld: error during initial load/link phase > panic - boot: exitto64 returned from client program > Program terminated {0} ok > > Any ideas will be appreciated. Thanks in advance > > -Daniel _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From dominik_kowalczyk at poczta.fm Tue Jan 13 08:36:12 2004 From: dominik_kowalczyk at poczta.fm (dominik_kowalczyk at poczta.fm) Date: Tue, 13 Jan 2004 13:36:12 -0000 Subject: SUMMARY: SSH2 & forcing password problem Message-ID: <20040113133020.76E5B7F01@front.interia.pl> hey, in fact I didn't get the answer for my question, but I've found sth on the net... so: this is well known bug: SSH2 supports passwords aging but doesn't support password root forcing yet(!!!) (acording to Darren Tuckers' OpenSSH site) what I've done: I've written a script that force user to change the password during first login and second one to monitor passwords' aging (we cannot allow password to expire!!!) pozdr, DK ___________________________________________________________________________ > hey, > > I've installed ssh2 and since then I've got problem with forcing for a > new > password- does anyone had the same and have any solution for this??? > > I've tried SSH2 3.1.0 and OpenSSH 3.7.1p2 and the result was the same...In > the > past, when I had SSH1 installed, everything was ok; > > > does anyone has asny idea or any other solution to force user to change > his > default password during the first login? > > > > thanks in advance, > DK > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Dale.Hirchert-1 at ksc.nasa.gov Wed Jan 14 07:12:53 2004 From: Dale.Hirchert-1 at ksc.nasa.gov (Hirchert, Dale L) Date: Wed, 14 Jan 2004 12:12:53 -0000 Subject: SUMMARY: L25 causing system to hang Message-ID: <1FFCF939CEB47140898A1076C54AF2B12CD599@kscems004.ksc.nasa.gov> After installing all recommended patches, and upgrading the firmware on the V120 server, the culprit was a bad sd.conf file. This problem would have been solved a lot sooner had the workaround in bugID# 4895444 been correctly stated. Because of my problem and the recommendation of a Sun engineer, the workaround in the bugID has since been corrected. The workaround now correctly states that you can't have more than 8 LUNs per target. This problem is currently applicable to the L25 tape drive. Here is the recommended workaround copied from the bugID ( I only included the fix here) : Change the scsi target id of the L25 controller where we do not have any targets that have more than 8 luns. In this case we need to delete target 0 Lun 8,9,10 and 11. See Below for the changes that need to be made for the sd.conf file from the one above. In this example we have only 8 luns per target, 0-7. # # Copyright (c) 1992, by Sun Microsystems, Inc. # #ident "@(#)sd.conf 1.9 98/01/11 SMI" name="sd" class="scsi" class_prop="atapi" target=0 lun=0; name="sd" class="scsi" class_prop="atapi" target=0 lun=1; name="sd" class="scsi" class_prop="atapi" target=0 lun=2; name="sd" class="scsi" class_prop="atapi" target=0 lun=3; name="sd" class="scsi" class_prop="atapi" target=0 lun=4; name="sd" class="scsi" class_prop="atapi" target=0 lun=5; name="sd" class="scsi" class_prop="atapi" target=0 lun=6; name="sd" class="scsi" class_prop="atapi" target=0 lun=7; name="sd" class="scsi" class_prop="atapi" target=1 lun=0; name="sd" class="scsi" class_prop="atapi" target=2 lun=0; name="sd" class="scsi" class_prop="atapi" target=3 lun=0; name="sd" class="scsi" target=4 lun=0; name="sd" class="scsi" target=5 lun=0; name="sd" class="scsi" target=6 lun=0; name="sd" class="scsi" target=8 lun=0; name="sd" class="scsi" target=9 lun=0; name="sd" class="scsi" target=10 lun=0; name="sd" class="scsi" target=11 lun=0; name="sd" class="scsi" target=12 lun=0; name="sd" class="scsi" target=13 lun=0; name="sd" class="scsi" target=14 lun=0; name="sd" class="scsi" target=15 lun=0; Thanks to all those that offered suggestions. Dale ORIGINAL POSTING: Have recently purchased an L25 tape drive system, hooking it up to a V120, using a PCI SCSI-3 dual channel I/O card. The problem occurs when trying to reboot the V120. The L25 causes the V120 to hang during the boot process. Sunsolve reported a similar problem and suggested checking the sd.conf. I have checked the sd.conf file, and have had another admin check it as well, and we both agree the sd.conf file is correct. At the ok> prompt, probe-scsi-all reports correctly the library(robot) and the drive SCSI IDs that are set for the L25. The V120 is so badly hung that it fails to recognize a "stop-A", thus requiring a power cycle for a reboot. I have also loaded the recommended patch as suggested from the Sun system handbook for the L25, but this provided no success. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From dominik_kowalczyk at poczta.fm Wed Jan 14 09:05:13 2004 From: dominik_kowalczyk at poczta.fm (dominik_kowalczyk at poczta.fm) Date: Wed, 14 Jan 2004 14:05:13 -0000 Subject: SUMMARY(2): SSH2 &amp; forcing password problem Message-ID: <20040114135912.40EEA1EC8C0@front.interia.pl> there were some requests to say more about scripts... so in fact it's nothing big; 1. creating user: scipt creates user, set default (not blank!!!) start password and create stamp-file (e.g. $LOGNAME.pass) 2. first login in profile there is executed script to check if stamp-file exists, if yes, user is asked for a new password (standard passwd $LOGNAME command); after password has been changed stamp-file is deleted; 3. IMPORTANT: we cannot allow password to expire (SSH2 not support password forcing!) I've written script to check passwords' expire date, and if (lets say) 7 days left, a stamp-file is created again and user is forced to change password if use this idea, the passwords will never expire 4. change password the script deletes the user's password (not necessary in fact), set default one and create stamp-file to force user to change the default password during the first login; and it works fine for me:) is this answer ok? pozdr, DK __________________________________________________________________________ > hey, > > in fact I didn't get the answer for my question, but I've found sth on > the > net... > > so: > this is well known bug: SSH2 supports passwords aging but doesn't support > password root forcing yet(!!!) (acording to Darren Tuckers' OpenSSH site) > > what I've done: > I've written a script that force user to change the password during first > login and second one to monitor passwords' aging (we cannot allow password > to > expire!!!) > > > > pozdr, > DK > > ___________________________________________________________________________ > > hey, > > > > I've installed ssh2 and since then I've got problem with forcing for a > > new > > password- does anyone had the same and have any solution for this??? > > > > I've tried SSH2 3.1.0 and OpenSSH 3.7.1p2 and the result was the > same...In > > the > > past, when I had SSH1 installed, everything was ok; > > > > > > does anyone has asny idea or any other solution to force user to change > > his > > default password during the first login? > > > > > > > > thanks in advance, > > DK > > _______________________________________________ > > sunmanagers mailing list > > sunmanagers at sunmanagers.org > > http://www.sunmanagers.org/mailman/listinfo/sunmanagers > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Dave_Landsiedel at bobcat.com Wed Jan 14 16:18:12 2004 From: Dave_Landsiedel at bobcat.com (Dave Landsiedel) Date: Wed, 14 Jan 2004 21:18:12 -0000 Subject: SUMMARY: L25 tape drive error Message-ID: First, I would like to thanks those who replied. Jay Lessert Dale Hircher Matt Ungaro Wayne Walter This email list is outstanding for the wealth of knowledge it provides. But the error I had is not one that happens every day. My L25 jukebox was under SUN warranty so I opened a ticket. Sun replaced a SCSI controller card in my 280R server but still had the same problem. The ticket was escalated up to Quantum since it was a Quantum SDLT220 drive. They sent me a new SDLT220 to put into the jukebox and things are working once again. Thanks once again for the input, it's great to read other peoples posts. Dave ORIGINAL POST Hello, I have a SUN L25 jukebox with one SuperDLT drive installed. It is connected to a SUN 280R running Solaris 8. I use Legato 7 for my backup software. I have been using this setup since May of 2003, things have been working great. Now I am having an issue trying to mount a tape. I am trying to troubleshoot whether or not I have a hardware issue or software. Here is the error I get in /var/adm/messages and in the messages in Legato. Thu 14:17:50 media warning: /dev/rmt/0cbn opening: DRIVE_STATUS_CARTRIDGE_FAULT Thu 14:17:50 /dev/rmt/0cbn read open error: drive status is There is a tape cartridge fault I have rebooted the Sun server, powered off and then back on the jukebox. I still get the same error when I try to mount a tape via the software. I have tried using nsrjb -H and nsrjb -HE Also, tried mt -f /dev/rmt/0cbn status but it returns " No tape loaded or drive offline" doesn't matter if I have a cartridge in the drive or not. I can move a cartridge from one slot into the SDLT drive via the front control panel without any problem. It will inventory all the tapes via their barcodes, but I am unable to mount or even label a new tape. I am thinking about deleting the /dev/rmt/* files and trying to re-create. Just trying to find out if it is a hardware issue or a software issue. ____________________________ _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From ekholm at ekholm.org Thu Jan 22 13:17:05 2004 From: ekholm at ekholm.org (Mike Ekholm) Date: Thu, 22 Jan 2004 18:17:05 -0000 Subject: SUMMARY: Solaris thumbdrive support Message-ID: <20040122181115.GA10974@ekholm.org> I got several responses, some of which where useful. It looks like with Solaris 9, thumbdrives are supported, as well as with Solaris 10 according to Casper. Thanks to: "Eugene Schmidt" : Yes, definitely on SPARC mkdir /rmdisk make sure you have latest patches /etc/init.d/volmgt stop (ps -ef|grep vold to make sure it did die ) /etc/init.d/volmgt start insert device (wait a few seconds) df -k ;-) use eject Casper Dik They mostly work (varying degrees of success); they generally work better on SPARC because the SPARC ohci/ehci drivers are of better quality than the Intel uhci driver; but this is being addressed as part of the renewed Solaris/Intel effort. (Including the availability of ehci/ohci drivers on SPARC and USB 2.0 support) I've tested a variety of devices and it seems that they work fine, at least on the release currently under development. The vold/USB interaction, however, is fairly minimal, and vold needs to be signalled when a USB device is inserted. Evan gold at fsa.com (Evan, no need to cc the list on sun-managers!) i know the sun V100's come with them (???? Could he meen the config card?) Bertrand_Hutin at fr.ftsi.fujitsu.com Sun says they support USB Mass Storage, so it may works. -Mike Ekholm -- Mike Ekholm, UNIX Sys Admin - ekholm at ekholm.org web: http://www.ekholm.org ham: kc0mpu irc: Nalez ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ UNIX - The Swiss army knife of software. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From epaul at profitlogic.com Thu Jan 29 16:08:37 2004 From: epaul at profitlogic.com (Eric Paul) Date: Thu, 29 Jan 2004 16:08:37 -0500 Subject: SUMMARY: Garbage on the Serial Console Message-ID: Many thanks to all who replied. I never knew there were so many colorful ways to try to reset a screwed up console. A lot of folks blamed the terminal I was using, but since I've used a variety of terminals, I knew that wasn't to blame. Alex Galea hit it on the head: # stty -parity I didn't even think that the parity had been screwed up... Although I should have realized this from my old 1200 baud modem days... *sigh* Many thanks to all who replied! And many jeers to: Sharma, Pankaj [psharma at panynj.gov] Bablak, Steve [Steve.Bablak at Marconi.com] Ayed, Mohamed [IT] [mohamed.ayed at citigroup.com] ken at mail.condocerts.com Patni, Sandeep [Sandeep.Patni at gs.com] for not having auto-responders smart enough to NOT REPLY TO MAILING LISTS!!! Thanks again! Eric -----Original Message----- From: Eric Paul [mailto:epaul at profitlogic.com] Sent: Thursday, January 29, 2004 3:46 PM To: 'sunmanagers at sunmanagers.org' Subject: Garbage on the Serial Console We have a number of Suns that we administer either via the serial port or a RSC card. Sometimes, when logged in to the console on the serial port, the display will become corrupted (either by catting a binary file or generating an escape sequence somehow). I have tried everything I can think of to reset this, but no dice. I've tried: /usr/ucb/reset stty sane echo ^v esc c The only thing that does fix things is a reboot. If I'm on a RSC card, if I exit the console back to ALOM, the display is fine. Resetting the RSC doesn't help, as soon as I drop back to the console, the display is messed up again. I searched through the archives, and found one other person with the problem, but no solution. http://marc.theaimsgroup.com/?l=sun-managers&m=99548313924836&w=2 Is there any way to reset the console without rebooting the system? Thanks in advance. I will summarize. Eric _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From devconf at yahoo.com Mon Jan 5 20:20:08 2004 From: devconf at yahoo.com (Mt Dew) Date: Tue, 06 Jan 2004 01:20:08 -0000 Subject: Summary: edit files in Single user mode Message-ID: <20040106011314.64328.qmail@web11903.mail.yahoo.com> I used boot -sw to mount the filesystem at OK prompt. also can use mount -F ufs -o remount,rw /dev/dsk/c0t0d0s0 / and fsck and change vfstab Thanks ALL __________________________________ Do you Yahoo!? Find out what made the Top Yahoo! Searches of 2003 http://search.yahoo.com/top2003 _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From foster at ncmir.ucsd.edu Tue Jan 6 14:52:59 2004 From: foster at ncmir.ucsd.edu (David Foster) Date: Tue, 06 Jan 2004 19:52:59 -0000 Subject: [SUMMARY] NFS problems after 5.8 kernel patch 108528-27 Message-ID: <200401061947.i06JlHBn008936@dim.ucsd.edu> According to a Denmark Sunsolve document the kernel patch 108528-27 will result in network corruption problems if you are using Gibabit Ethernet (ge) network interface. Installing patch 108813-16 solved my problem. NOTE: This patch is not included in the recommended patch cluster. This problem only occurs with ge interface. Thanks to Frank Bertels for alerting me to this. Dave Foster And special thanks to the following folks who can't seem to properly configure their autoresponders. Isn't it list policy to remove people from the list for this? Shouldn't it be?? Brendan Doherty "Gilliland, Gil" "Patni, Sandeep" Jeff Barratt jbarratt at compsat.com "Teklu, Daniel" "Champagne, Robert" mattm at mail.citystamp.com Murray Robert-rmurra01 "Sirisena, Navi" Shawn Tagseth "Ryals, Joseph" Sebastian Bvker sebastian.boeker at hsh-nordbank.com "Eriksson (London), Christer" "Obst, Thomas" Paul Clayton Mvh Klas Erlandsson Klas.Erlandsson at vodafone.se "Ballesteros, Dave D" Raj Mendu rmendu at linkshare.com "Antti Toivonen" gwilliams at lic.co.nz > Platform: Solaris 8, E420R with recent recommended patch cluster > > After installing the latest 5.8 kernel patch 108528-27, my two > NFS servers experienced the following problems: > > 1. "Warning: add-spec: no major number for SUNW,socal" > > /etc/name_to_major was missing entry for "socal 112" > > 2. NFS timeouts for all clients attempting to access volumes > on the servers, with the error message: > > "NFS readdirplus failed for server cressida: error 5 > (RPC: Timed out)" > > These two servers each have a T3 attached. > > Backing out this patch resolved these problems. > > Anyone else have similar problems with this kernel patch? > > Dave > > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > David Foster National Center for Microscopy and Imaging Research > Programmer/Analyst University of California, San Diego > dfoster[at]ucsd[dot]edu Department of Neuroscience, Mail 0608 > (858) 534-7968 http://ncmir.ucsd.edu/ > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > "The reasonable man adapts himself to the world; the unreasonable one > persists in trying to adapt the world to himself. Therefore, all progress > depends on the unreasonable." -- George Bernard Shaw > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers << All opinions expressed are mine, not the University's >> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= David Foster National Center for Microscopy and Imaging Research Programmer/Analyst University of California, San Diego dfoster[at]ucsd[dot]edu Department of Neuroscience, Mail 0608 (858) 534-7968 http://ncmir.ucsd.edu/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable." -- George Bernard Shaw _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Colby_Johnston at cable.comcast.com Fri Jan 23 16:29:37 2004 From: Colby_Johnston at cable.comcast.com (Johnston, Colby) Date: Fri, 23 Jan 2004 21:29:37 -0000 Subject: Summary: sar incompatibility Message-ID: <0224526940E0444AB1D970FD35C50423023B49DF@entcoexch01.broadband.att.com> Thanks to those that responded: Kevin Buterbaugh Eugene Schmidt Andrew Hay The general consensus was that the solaris 9 sar binary will not read the solaris 8 sar data files. The work around is to copy the solaris 8 sar binary to the solaris 9 server and build in logic to the report generator script that will tell it to use one or the other based on the os version. -----Original Message----- From: Johnston, Colby [mailto:Colby_Johnston at cable.comcast.com ] Sent: Thursday, January 22, 2004 4:24 PM To: 'sunmanagers at sunmanagers.org' Subject: sar incompatibility All, we have a central admin server (recently upgraded to solaris 9) that collects all the sar files for all the sun boxes in our env. I noticed that the solaris 9 sar binary can not read a solaris 8 generated sar file. It gives the following error: sar -g -f sa01 SunOS lapso 5.9 Generic_112233-08 sun4u 01/01/2004 00:00:01 pgout/s ppgout/s pgfree/s pgscan/s %ufs_ipf sar: data file not in sar format As you might imagine this is causing problems with our automated reporting which uses the sar command to generate reports. Is there a way to get the solaris 9 sar binary to read the solaris 8 sar files? Will summarize, Thanks. Colby Johnston - SCSA/SCNA Sun System Support Senior Systems Engineer colby_johnston at cable.comcast.com 720.268.8265 _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From foster at ncmir.ucsd.edu Tue Jan 27 17:12:54 2004 From: foster at ncmir.ucsd.edu (David Foster) Date: Tue, 27 Jan 2004 14:12:54 -0800 (PST) Subject: [NON]SUMMARY Solaris Management Console (SMC) and Java version Message-ID: <200401272212.i0RMCshj000769@dim.ucsd.edu> Only received out-of-office replies from: "Ranbir Singh" "MA, Wallace, FM" Sharma, Pankaj" Still do not know why SMC bombs after updating to JavaSDK 1.4.2_03. Dave Foster > I have a V880z system running Solaris 9, and can run Solaris > Management Console 2.1 just fine with JDK 1.2 run time environment > that came with Solaris 9. > > But if I upgrade to JavaSDK 1.4.2_03 (creates a new /usr/j2se) > SMC then fails with > > com.sun.management.viper.CriticalStopException: javax/help/JHelp > at > com.sun.management.viperimpl.console.gui.SMCConsole.start(SMCConsole.java:276) > at > com.sun.management.viperimpl.console.BaseConsoleOptionsManager.openConsole(BaseC > onsoleOptionsManager.java:752) > at > com.sun.management.viperimpl.console.BaseConsoleOptionsManager.redirectToConsole > (BaseConsoleOptionsManager.java:621) > at > com.sun.management.viperimpl.console.BaseConsoleOptionsManager.launchConsole(Bas > eConsoleOptionsManager.java:167) > at > com.sun.management.viperimpl.console.BaseConsoleOptionsManager.main(BaseConsoleO > ptionsManager.java:834) > > Can someone help me with this? I don't want to have to freeze Java > just so SMC will work. It's my understanding that JRE is included > within SDK, is this not correct? > > Dave Foster > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= David Foster National Center for Microscopy and Imaging Research Programmer/Analyst University of California, San Diego dfoster[at]ucsd[dot]edu Department of Neuroscience, Mail 0608 (858) 534-7968 http://ncmir.ucsd.edu/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable." -- George Bernard Shaw _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From cmjohnson at uslec.com Thu Jan 29 13:56:45 2004 From: cmjohnson at uslec.com (Johnson, Chad) Date: Thu, 29 Jan 2004 13:56:45 -0500 Subject: Summary: Booting off of an a5200 Message-ID: <6057B0D26E4B6342908068CFF031F7074A61D2@msg4.domain_central.local> The problem ( I don't know why ) was that the installation was unable to update the OBP with the path to the A5200/disk. The solution was to not have the installation reboot at the end and then find the real path of my boot disk, c0t0d0s0, in /devices/.... Once I had that path I just put it in the OBP and voila, booted from the A5200. Thanks for the help from Wesley Garland. -----Original Message----- From: Johnson, Chad Sent: Thursday, January 29, 2004 12:26 PM To: 'sunmanagers at sunmanagers.org' Subject: Booting off of an a5200 Does anyone know if you can set up a disk in an A5200 to be a boot disk. If so, could you please explain or point me to some doc? TIA, Chad Johnson _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From gwc at ll.mit.edu Tue Jan 6 14:25:41 2004 From: gwc at ll.mit.edu (Gary Chambers) Date: Tue, 06 Jan 2004 19:25:41 -0000 Subject: SUMMARY: Sun Cluster 3.1 1000Base-T (bge) Install In-Reply-To: Message-ID: All... Many thanks to Val Popa for directing us to a core cluster patch about which we were unaware. Briefly, we installed 113713-11 (an updated pkgadd, etc.), then installed 113801-06 (for Solaris 9) and rebooted. We again executed scinstall and it correctly verified and configured our bge interfaces for our cluster. We encountered (and ignored) some [seemingly] trivial scinstall errors about unexpected package versions, and a few sccheck errors about a non-existent /opt/SUNWexplo/bin/explorer utility, and some missing XML documents. Furthermore, I'd like to thank the following list members for their "diligence" in keeping me apprised of their office absences: Steve OBrien mattm at mail.citystamp.com Klas.Erlandsson at vodafone.se "Eriksson (London), Christer" Paul Clayton Murray Robert-rmurra01 rmendu at linkshare.com AND FINALLY, here is the initial description of our problem: > We're encountering problems installing Sun Cluster 3.1 onto a couple > of our V240 servers. It appears that scinstall is unable to recognize > the bge interfaces to complete the install. Is anyone aware of a > problem with using the bge interface? A Google search revealed little > and Sun's documentation only generically states it's supported (i.e. > with 1000Base-T adapters). TIA Gary Chambers // ------------------------------------- // MIT Lincoln Laboratory / 781-981-0957 // Lexington, Massachusetts // Nothing fancy and nothing Microsoft // ------------------------------------- _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From ghenry at cmi.univ-mrs.fr Mon Jan 12 03:25:17 2004 From: ghenry at cmi.univ-mrs.fr (Gerard Henry) Date: Mon, 12 Jan 2004 08:25:17 -0000 Subject: SUMMARY: jetadmin and changing ip printer's In-Reply-To: <20040109143538.A9080@scr.cmi.univ-mrs.fr> References: <20040109143538.A9080@scr.cmi.univ-mrs.fr> Message-ID: <20040112091732.A28379@scr.cmi.univ-mrs.fr> sorry for this late summary, i need to do some tests and i finish to find the matter: IP adress was into my local DNS, and i forgot to change it, so even Ip adress is not hard coded into /etc/lp/interfaces/printerName, my print requests continued to try to access old IP and not the new one. Thanks to all people, here is their helps: joe_fletcher: ------------ Take a look in /etc/lp/printers/QUEUENAME/configuration If you add the printers without using webjetadmin (works for jetdirects anyway) you end up with a line in the file like Options: dest=10.xx.xx.189:9100,protocol=tcp,timeout=5 which you can then edit or modify using the lpadmin utility. Thomas Stoffa: ------------- In /etc/lp/interfaces/ there is a reference to PERIPH=###.###.###.### (IP of printer) Whereas I never really tried this (I've also deleted and recreated the queue), +it would be interesting to see if changing that entry and re-enabling the queue +would work. Cain, Allen: ----------- We have had the same issues. We change the IP address / hostname by modifying the PERIPH= line in the /etc/lp/interfaces file for the printer. For instance, for a printer called test with an IP address of 10.10.0.2, edit /etc/lp/interfaces/test, search for the "PERIPH=10.10.0.2" and change the address there. After you are finished, save the file, then run 'disable test' and 'enable test' at the command line, and that should solve your problem. If I'm not mistaken, some of the newer versions of hppi have the option to change the network device, but I'm not 100% sure. Jaehne, Richard S: ----------------- I'ts been a long time since I had to do this, but I know jetadmin has a move queue functionality. I would look fot that in the documentation. Jason.Shatzkamer: ---------------- All I do when I change a printer's IP is issue: /usr/ucb/lpc restart prntXX Sometimes, in rare circumstances, I have to cancel to first job in the queue.... At this point, the printer should have already resumed printing... Stan Pietkiewicz : ---------------- Have a look at /etc/lp/interfaces/queue-name and look for a line "PERIPH=aaa.bbb.ccc.ddd". You should be able to change this to match the new IP address of the printer. One other possibility is to change the IP address in the PERIPH= line to a printer name, and have the name resolved, either local in /etc/hosts, or via whichever naming service you use. Eugene Schmidt: -------------- Quite a while since I did this: cd /etc/lp/interfaces. grep * */* Edit results cd /etc/lp grep Systems (edit if required) grep /etc/hosts (edit if required) /usr/lib/lpshut ps -ef|grep hpnpf (?? ) kill if any /usr/lib/lpsched Should work Zaigui Wang: ----------- It is in /etc/lp/interfaces/printerName file. IPaddress/Hostname of the printer is hardcoded in that file. Just modify the file and,possibly, restart the lpsched. On Fri, Jan 09, 2004 at 02:35:39PM +0100, Gerard Henry wrote: > hello all, > we use hp jetadmin E.0.18 > When we change ip adress of a printer, we can't print on this printer until we remove and re-create queue. > i think there should be another possibility, i try to restart lpd without result. > I thought hppi was just an interface to lpadmin, anybody knows where i can change IP without removing queue? _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From gunia at calumet.purdue.edu Mon Jan 12 11:46:41 2004 From: gunia at calumet.purdue.edu (Anthony Gunia) Date: Mon, 12 Jan 2004 16:46:41 -0000 Subject: SUMMARY: Solaris vs. HP-UX Message-ID: Hi all, Thanks so much to all the following for their answers: Ed Kerekes John Timon John Sullivan Larye D. Parkins Neil Quiogue Jim Vandevegt Anatoliy Lisovskiy Reggie Beavers Joe Fletcher Steve Starer Tony Schloss Bertrand Hutin Here are some URLs that provide a lot of information on Solaris vs. HP-UX: http://bhami.com/rosetta.html (most popular) http://www.unixguide.net/unixguide.pdf http://www.anykeynow.com/services/unix/solaris_to_hp-ux_q-ref.html Here are some additional information regarding Solaris vs. HP-UX form some of the individuals above: "However, it has been my general observation that Solaris has better community support along with having a freeware repository (sunfreeware.com). Documentation (docs.sun.com) and patches (sunsolve.sun.com) are superb compared to other commercial *NIXes. Performance comparisons are hard to come by also as HP-UX uses the PA-RISC chips of HP which have different "speeds" which would make it a bit tough to match it with the appropriate SPARC chip in Sun." -------------------------- "11 Potpourri of useful commands. 11.1 Solaris psrinfo -v Processor Information /usr/platform/sun4u/sbin/prtdiag -v (Ultra's only) /usr/bin/showrev [-p] /usr/sbin/prtconf isainfo -kv (tells 32-bit or 64-bit kernel) iostat -E (lists disk errors) prex (tells more information about processes) truss -vlstat -tlstat ls -l (will give all three UNIX times) vxtask list (give status on VxVM background tasks like volume creation, etc.) > Is there any command/utilities, that can list all those files that are open ? > also can it count number of files open sar -v 1 5 will show total number of files open. You can use /usr/proc/bin/pfiles or lsof to get more information. 11.2 HPUX insf -e will re-create all block and character special files. insf -H hardware path Add special files for new hardware at or below the given path. stty +resetGSP < /dev/GSPdiag1 Reset the GSP from HPUX shell. echo itick_per_usec/D | adb -k /stand/vmunix /dev/mem Returns CPU speed in MHz. echo physmem/D | adb -k /stand/vmunix /dev/mem HPUX 10.20: Returns number of 4K pages of physical RAM. Divide by 256 for MB. echo phys_mem_pages/D | adb -k /stand/vmunix /dev/mem HPUX 11.x: Returns number of 4K pages of physical RAM. Divide by 256 for MB. http://unixadm.net Other stuff for the HP-UX trainee... --Solaris: /etc/init.d & /etc/rc?.d --HPUX: /sbin/init.d & /sbin/rc?.d --HPUX: uses three-digit numbers in the RC directories instead of two. --HPUX: integrated albiet stripped-down VxVM and VxFS under the guise Logical Volume Manager. Definitely use it. All file systems except /stand can be vxfs. Always seems to me your dollar goes a lot farther buying Sun equipment opposed to HP." There is some argument that the HP boxes are designed for higher backplane performance. For instance, a while back I read someone saying they greatly preferred the HP N4000 to the Sun 450, saying on the N4000 each PCI slot is its own PCI bus, as opposed to 3-4 slots sharing a bus on the Sun 450." --------------------------- "Merits to both. Where HP-UX might have an appeal is from the hardware side. Both the PA-RISC and IA64 systems are faster that the SPARC equivalents. In the case of the Itanium stuff there is quite a significant performance lead. I'd check application support though. Other than that they are "the same only different". Can't think of anything that one does significantly better than the other from an O/S management level. The SAM tools in HP-UX are pretty good. Must confess I've been almost exclusively Solaris for the last 18 months (with a little Tru64) so perhaps I'm a bit behind on the HP stuff." --------------------------- "What are you looking for? I've got about 5 years of HP-UX and more of Solaris/SunOS. Is there something in particular you're looking at? My HP-UX was 9 and 10. I can tell you a couple of things from those flavors: 1. No dynamic kernel modules in HP-UX 9 / 10. Patching frequently meant building a new kernel. 2. HP-UX has a nice scsi probe that works at OS. I think it was called , but I don't recall 3. HP-UX use to bundle a logical volume manager - it was Veritas with a different set of command names. I think they stopped doing that and now just sell Veritas 4. HP's high availability tool is MC-Service Guard. Shell script based, and took a fair amount of code to make work but was very good once you got it set up correctly. 5. HP had SAM, like AiX's SMIT. It wasn't bad actually. 6. HP also had a patch depot concept that made it reasonably easy to set up a common area for patches so you could get every server to a given patch level from a common set of patches. 7. HP via service guard had a way of doing IP address assignments on an interface that was different from virtual interfaces in Solaris. You never had the kind of routing issues you can get with a virtual interface on Solaris 8. Solaris' proc tools are great. I never found anything like them in HP-UX although they might be there If I had to deploy something today, I'd choose Solaris with Veritas VM and Cluster Server over HP-UX with MC-Service Guard and lvm. Reasons: I like the Solaris kernel structure, Cluster server and VM over MC service guard." _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From gwc at ll.mit.edu Wed Jan 14 13:53:31 2004 From: gwc at ll.mit.edu (Gary Chambers) Date: Wed, 14 Jan 2004 18:53:31 -0000 Subject: SUMMARY: Sun StorEdge PCI Dual Ultra3 SCSI HBA Message-ID: All... Thanks to Wes Garland and Dale Hirchert for their informative replies to my query. I'm hesitant to call it consensus, but it would appear that "manual termination" implies that the port on the HBA is terminated. Interestingly, the cards are shipped with different configurations (i.e. one port is set for auto-termination, the other manual termination) based upon their date of manufacture. Accordingly, it is important to double-check these settings to ensure they function as expected. AS ALWAYS, I'd like to "honorably" mention those individuals who felt I was important enough for them to keep me informed of their whereabouts during their office absences: "Ryals, Joseph" "Wood, Karl P" "Merrell, Vince [IT]" My initial request for assistance is as follows: Our environment consists of two Sun V240s running Solaris 9 HW 12/03 and two Arena Rackforce II RAID boxes. We're using the subject cards to inter-connect the RAID devices, all SUNWqus[ux] packages are installed (and applied 112706-03), and the SCSI initiator ID has been changed on one of the systems. According to the 05/02 documentation: "The jumper settings used for terminator enable and disable are: 1-2 : Auto termination enable 2-3 : Manual termination enable No Jumper: terminator disable" Can someone definitively say that termination is ON when jumpers 2-3 are shorted? The documentation is unclear, and the behavior the RAIDs are exhibiting appears to be indicative of a termination problem somewhere. Also, I'd greatly appreciate if anyone has any advice for operating in a multi-initiator environment. TIA Gary Chambers // ------------------------------------- // MIT Lincoln Laboratory / 781-981-0957 // Lexington, Massachusetts // Nothing fancy and nothing Microsoft // ------------------------------------- _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From gwc at ll.mit.edu Fri Jan 16 10:23:01 2004 From: gwc at ll.mit.edu (Gary Chambers) Date: Fri, 16 Jan 2004 15:23:01 -0000 Subject: SUMMARY: IP Multipathing, Sun Cluster 3.1 Message-ID: All... My IPMP problem is solved (and I retain what little sanity I have remaining)! First, I'd like to pass-along effusive (yes, effusive) thanks to the following list participants: Kevin Buterbaugh John Garner Ole Morten Oian JALLOGUI Justin Buhler Kris Haislip The problem lay somewhere in the switch to which our cluster is connected. Unfortunately, I haven't been allotted by our network administrators the time to discuss it with them to determine a cause. I moved bge1 to a separate network connection on the same subnet, and (using John Garner's configuration example) it immediately began working! I'd like to especially thank Ole Morten Oian for shifting my focus to the network. He mentioned a similar problem caused by the spanning-tree protocol on his switches. Thank you VERY much! Gary Chambers // ------------------------------------- // MIT Lincoln Laboratory / 781-981-0957 // Lexington, Massachusetts // Nothing fancy and nothing Microsoft // ------------------------------------- _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From hwang at haverford.edu Tue Jan 20 10:10:30 2004 From: hwang at haverford.edu (Hong Wang) Date: Tue, 20 Jan 2004 15:10:30 -0000 Subject: summary --- http crontab Message-ID: <5.1.0.14.0.20040120102042.00cc8988@pop.haverford.edu> Thanks for all! The reason to cause this problem is the permission for /usr/bin/crontab not right. The permission for /usr/bin/crontab should be: # ls -al /usr/bin/crontab -r-sr-xr-x 1 root bin 17224 Jun 18 2003 /usr/bin/crontab* This would set it correctly, run as root: # chmod 4555 /usr/bin/crontab Hong >Date: Fri, 16 Jan 2004 17:28:39 -0500 >To: sunmanagers at sunmanagers.org >From: Hong Wang >Subject: http crontab > >I like to make cron job running as http. > >When I become super user http and do crontab -l I get "crontab: can't open >your crontab file." > ># su - http >Sun Microsystems Inc. SunOS 5.8 Generic Patch December 2002 >nisc11% crontab -l >crontab: can't open your crontab file. > >I added http in cron.allow file. What else I need to set? > > >Thanks in advance! > > >Hong _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From harald.husemann at materna.de Tue Jan 20 11:25:36 2004 From: harald.husemann at materna.de (harald.husemann at materna.de) Date: Tue, 20 Jan 2004 16:25:36 -0000 Subject: [SUMMARY]: SUN ONE LDAP 5.2 and SUN Cluster 3.1 Message-ID: <3617A3C21370D045B75C0A40A7A6530D05966362@ntexc2buc.do-office.buc.materna.com> Hi again, and thanks to Gregory Shaw [shawga at unix.stortek.com] and especially to Pavlos Parissis [PParissi at athens2004.com] for their helpful hints! Finally we got it working, it seems that the old version of the LDAP cluster agent (SUNW.nsldap) does not work with LDAP 5.2 (thanks, Pavlos, for this tip!). The new agents (SUNW.asha for the admin- and SUNW.dsha for the directory server) are not part of the SUN cluster distribution, they can be found in the SUN ONE Directory Server package (NOT in the .tar.gz, only in the pkg-File). Unfortunately, we were also unable to install the LDAP Server using the packages due to some missing entries in a bundled lib... Finally we did the following to get it working: (Quite a long way, :-) ) - Downloaded the pkg-File for the LDAP, and installed the packages including SUNW.asha and SUNW.dsha according to SUN Docu - WITHOUT configuring the server using '/usr/sbin/directoryserver configure', installed the LDAP-server in the global share using the old-fashioned shell setup script out of the .tar.gz. - Created the resources and integrated the LDAP Directory- and Admin-server into the cluster using the SUNW.asha and SUNW.dsha resourcetypes Puh... That did the trick. I'm sure there MUST be an easier way to do it, but I'm not going to try it again, :-) Many thanks to the list, and to all other who replied, Harald ============================================ Harald Husemann Systems Engineer Teammanager Unix administration and Configuration Management Materna Gmbh - Vo_kuhle 37 - D-44141 Dortmund, Germany Phone: +49-231-5599-8684 > -----Urspr|ngliche Nachricht----- > Von: sunmanagers-bounces at sunmanagers.org > [mailto:sunmanagers-bounces at sunmanagers.org]Im Auftrag von > harald.husemann at materna.de > Gesendet: Freitag, 16. Januar 2004 19:34 > An: sunmanagers at sunmanagers.org > Betreff: SUN ONE LDAP 5.2 and SUN Cluster 3.1 > > > Hi folks, > > got a problem here on one of our clusters, just askin' if > someone saw this > before and can give me a hint. > I have two 280's, running SUN Cluster 3.1, OS Solaris 9.0 > (Release 12/03). > I have to run an LDAP Directory Server on the cluster, so I > downloaded SUN > ONE (or, as it is called now, SUN Java Systems) Directory > Server 5.2 (newest > version), installed it, and integrated it into the cluster > according to SUN > documentation. > Everything seemed to work, but when the cluster starts the > LDAP system, I > get messages reading "Start of resourcegroup failed, secure > connection to > port 389 refused" and then " > restarting to > often, sleeping for xx seconds". The cluster keeps trying to start the > resource, switches it to the other node, tries it there > without success, and > gives up with the well-known message "Rebalance: No primary > node could be > found". > I removed the ldap-resource itself, started the rest of the > rg, and tried to > start the LDAP server manually with start-slapd - that worked > fine, and the > ldap server bound itself to the logical host, port 389. I was > also able to > connect this port with telnet, etc. > > I tried to search for patches for the cluster or the OS at > sunsolve, but the > only patch I've found was 113800-06, which was "not applicable" on my > system. Of course, I have the latest OS-patchcluster installed. > I also searched docs.sun.com for the error message, found it > there, but the > solution was not very good for my problem (Just wait, the cluster will > restart or switch the rg, and everything should be fine). > > So, the question is: > > Could it be that Directory Server 5.2 does not work properly with SUN > Cluster 3.1? Anyone tried this before? > > Any ideas or hints are welcome... > > Have a nice weekend, > > keep on hackin', > > Harald > > ============================================ > Harald Husemann > Systems Engineer > Teammanager Unix administration and Configuration Management > Materna Gmbh - Vo_kuhle 37 - > D-44141 Dortmund, Germany > Phone: +49-231-5599-8684 > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From ghenry at cmi.univ-mrs.fr Tue Jan 20 17:36:03 2004 From: ghenry at cmi.univ-mrs.fr (Gerard Henry) Date: Tue, 20 Jan 2004 22:36:03 -0000 Subject: SUMMARY: questions about nfs and netgroup In-Reply-To: <20040120151922.A28328@scr.cmi.univ-mrs.fr> References: <20040120151922.A28328@scr.cmi.univ-mrs.fr> Message-ID: <20040120232816.A6462@scr.cmi.univ-mrs.fr> thanks to: Paul LaMadeleine Nicolas Figaro Dale Hirchert Jay Lessert in fact, there is no need to do something, expect update nis table and wait if we had a new machine in netgroup, client can moun t immediatly and if we remove a machine, it seems we have to wait 15mn before client is denied to mount so no need to restart nfs service! > i have a question about policy to update my nfs shares. > Machines are added/removed in netgroup (nis files) > to activate this changes, i have to do: > /etc/init.d/nfs.server stop > /etc/init.d/nfs.server start > > but i do this on my prod server, so i'm wondering if it is a bad thing to do it during users work? > sometimes kernel says: > Jan 19 23:13:45 serengheti nfs: [ID 626546 kern.notice] NFS write error on host scr: Stale NFS file handle. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From himanshu.khona at patni.com Thu Jan 22 01:15:17 2004 From: himanshu.khona at patni.com (himanshu khona) Date: Thu, 22 Jan 2004 06:15:17 -0000 Subject: Summary: update: X11 forwarding for SSH In-Reply-To: <003401c3e0aa$bf0e8d90$0263d103@pcp3396an1> Message-ID: <003701c3e0ad$607302e0$0263d103@pcp3396an1> Hi, The Server side configuration in sshd_config: AllowTcpForwarding yes GatewayPorts yes X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes The client side configuration: Host * ForwardAgent yes ForwardX11 yes ALso while compiling have xuth in PATH variable. Thanks to all who responded. Hope this helps, Himanshu -----Original Message----- From: sunmanagers-bounces at sunmanagers.org [mailto:sunmanagers-bounces at sunmanagers.org]On Behalf Of himanshu khona Sent: Thursday, January 22, 2004 11:14 AM To: sunmanagers at sunmanagers.org Subject: update: X11 forwarding for SSH HI all, Jut to update my problem with X11 forwarding in SSH. It seems to be a configuration parameter in sshd_config. When i tested it with secureCRT & enabling X11 fowarding it works & sets the DISPLAY aapropriately. But when i try to do ssh from one solaris 8 client to other solaris 8 ssh server it fails to set. I have made client side configuration for X11forward to yes. There is one more parameter LocalForward which specifies the port to be used but how do i decide which port to use? I have to get it working for solaris ssh client to solaris ssh server. Binaries are openssh3.7.1p2 from sunfreeware. Pls let me know more. TIA, will summarize Himanshu _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Ivan.Wong at fujitsu.com.au Mon Jan 5 03:49:29 2004 From: Ivan.Wong at fujitsu.com.au (Wong, Ivan) Date: Mon, 05 Jan 2004 08:49:29 -0000 Subject: Summary: rsh problem Message-ID: <6B1F306A6F659A4D9A60B808F851D5378F30DB@per0185.fujitsu.com.au> Hello, Thanks to all the replies. Special thanks go to Alan Pae for his suggestion. Alan's idea of checking /etc/pam.conf was correct. After comparing /etc/pam.conf on the 2 boxes, I discovered there were 2 missing rsh lines on the offending box. Once these 2 lines (shown below) were added, rsh worked. rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_auth.so.1 Original Post: G'day! I was wondering if anyone can help me with a rsh problem. Current situation: There are 2 hosts, X and Y. Host X can rsh to host Y and run a command. However, host Y can not do the same on host X. That is to say, when host Y runs a command like "rsh x date", the error message 'permission denied' comes up. Running "rsh localhost date" on Host Y produces same error. In /.rhosts on host Y, we added the FQDN, IP address, hostname and +, exactly the same as on host X. It made no difference. The rsh line in /etc/inetd.conf was also uncommented and inetd was restarted. Some previous posts said to set the permissions on /.rhosts to 600 and it also made no difference. We also tried editing nsswitch.conf so that hosts will just use files...no difference again. Both hosts are configured to use DNS and NIS hasn't been setup. Any ideas on what is missing on host Y to get rsh working? Thanks in advance. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From gunia at calumet.purdue.edu Mon Jan 5 15:58:45 2004 From: gunia at calumet.purdue.edu (Anthony Gunia) Date: Mon, 05 Jan 2004 20:58:45 -0000 Subject: SUMMARY: NFS Mount Problem Message-ID: Sorry about the delay in this summary...many fires to put out prior to the end of the semester. Thanks to the following for their suggestions: Tim Villa Jason Santos Lee Caldwell Jeff Barratt Kanellopoulos Angelos My original post was regarding a script that when run on a server could not mount an NFS volume from another: # Mount NFS patch directory from SUNTEST2 mount -F nfs -o ro,bg,soft suntest2:/opt/patchcheck_1.2 /opt/patchcheck_1.2 ; # # Run patch checking /usr/bin/perl /opt/patchcheck_1.2/patchk.pl -l -b ; When I execute the above, I get the following errors: NFS read failed for server suntest2: error 5 (RPC: Timed Out) NFS getattr failed for server suntest2: error 5 (RPC: Time Out) There was a name resolution problem found, but once corrected, it did not solve my problem. Also, nfs.server was starting before RPC. No collisions either. /etc/dfs/dfstab had the appropriate entries as well. I ended up contacting Sun Support, who suggested I run snoop on the box having trouble connecting and see what happens. When I ran snoop in one terminal window, I could then run the script in another and it connected fine. So, I put the following in the script before the mount command and it works fine: /usr/sbin/snoop -o /dev/null & I also put a pkill snoop at the end of the script. Really quirky...but the server is an older box (Ultra 5), and will be going away soon. Thanks for everyone's help, and HAPPY NEW YEAR! Anthony gunia at calumet.purdue.edu _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From gwc at ll.mit.edu Thu Jan 22 11:04:39 2004 From: gwc at ll.mit.edu (Gary Chambers) Date: Thu, 22 Jan 2004 16:04:39 -0000 Subject: SUMMARY: Solaris Volume Manager (SVM) Performance, Soft Partitions Message-ID: SUMMARY: NFS Sharing: Directories vs. Filesystems First, I'd like to thank the following list members for their time and effort in replying, and their insight and advice: Gregory Shaw Kevin Buterbaugh JV David Foster Anthony Talltree Bevan Broun Jeff van Eek Darren Dunham Tim Villa Wes Garland Sonny Baillargeon Chad Johnson As I suspected, these are/were questions to which there is no single (or easy) answer. There are advantages and disadvantages to all solutions, and what works in one place may not work in another. In other words, "Your mileage may vary." The general consensus is that SVM soft partition fragmentation is potentially detrimental to I/O performance. That degradation in performance can be somewhat mitigated by a hardware RAID device since it [presumably] will spread the load between spindles, minimizing head-thrashing on a single disk. As far as sharing directories vs. sharing filesystems is concerned, I discovered that I was incorrect in assuming that sharing directories was a result of poor design and/or implementation. It seems it's a pretty common occurrence, and there are some advantages to sharing at that level. My implementation: We had a last-minute change in requirements that caused us to modify our original plan. I created a single 447GB sub-mirror using each cluster RAID device (i.e. /dev/did/rdsk/d?s0) and mirrored it at that level. >From there, I created two soft partitions; one is 300GB for our NFS/Samba data, the second is 100GB for Clearcase VOBs. The remaining 47GB is available for growth of the VOBs partition. I had originally intended to make this a very comprehensive summary, but I don't have enough time to devote to it, and I apologize for that. I do hope, however, that someone can make use of the information. Gary Chambers // ------------------------------------- // MIT Lincoln Laboratory / 781-981-0957 // Lexington, Massachusetts // Nothing fancy and nothing Microsoft // ------------------------------------- _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From harald.husemann at materna.de Fri Jan 30 08:24:06 2004 From: harald.husemann at materna.de (Harald Husemann) Date: Fri, 30 Jan 2004 13:24:06 -0000 Subject: SUMMARY: Inherit ssh X-tunnel with su In-Reply-To: <1075454529.4041.29.camel@yellow> References: <20040130083055.GE25339@namodn.com> <1075454529.4041.29.camel@yellow> Message-ID: <1075468650.4041.79.camel@yellow> Hi, thanks to: Scott M. Sorrentino Pavic, Aleksander Perrier Kent Toens Bueker Kevin Enslow and especially to Casper Dik for their fast and good answers! The solution is basically simple, Casper explained it as follows (Very good explanation, so I include the message herein): =========================/snip/================================= Yes, you need to do one of two things: copy the X authentication cookie to the other user's $XAUTHORITY file set $XAUTHORITY to the orginal user's ~/.Xauthority note that the latter will only work if the other user can read the file; generally that is not the case; only for root and then only if the home directory is not on NFS ==========================/snap/================================== Some others suggested to use "sudo" or "su -c", which also works. I think I'll have to do a little scripting work to automate Casper's solution (Unfortunately, we're using NFS for the home-dirs - so, getting the .Xauthority file copied to the new users home-dir was a little bit complicated, :-)) But, finally I got it working, thanks to all on the list for reading, and for the good, fast and reliable answers! Have a nice hackin', Harald On Fri, 2004-01-30 at 10:22, Harald Husemann wrote: > Hi folks, > > I use ssh to connect our servers, 'cause it's more secure than telnet. I > can start X-applications on the server, with the output forwarded over > the ssh-tunnel to the X-server running on my client. > It works perfectly well, but unfortunately, when I use "su" to become > root or any other user, the tunnel gets broken. > The error-message is: > ==================/snip/==================================== > X11 connection rejected because of wrong authentication. > X connection to xxx:10.0 broken (explicit kill or server shutdown). > =====================/snap/================================= > > Hm... At the moment, I allow direct root-login via ssh, but first of > all, this is a bit insecure, and it does not solve the problem of > starting X-applications as other users, since often I don't know their > passwords (of course). > > So, the main question is: > > Is there a way to "inherit" the X11-tunnel to a subshell?? > > Thanks, > > will summarize, > > Harald -- ============================================ Harald Husemann Systems Engineer Teammanager Unix administration and Configuration Management Materna Gmbh - Vo_kuhle 37 - D-44141 Dortmund, Germany Phone: +49-231-5599-8684 _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From ray at biomed.queensu.ca Thu Jan 22 09:43:08 2004 From: ray at biomed.queensu.ca (Ray Pengelly) Date: Thu, 22 Jan 2004 14:43:08 -0000 Subject: SUMMARY: SCSI bus resets Message-ID: <001a01c3e0f5$160fcf10$be6a0f82@biomed.queensu.ca> I unhooked the L25 from the scsi chain and attached the array directly to the server. All appears fine now. I'm thinking of getting another HBA and attaching the L25 to it. That way if there are any problems with the tape library I can detach it without taking down the array. Thanks for all who replied. Ray > -----Original Message----- > From: sunmanagers-bounces at sunmanagers.org > [mailto:sunmanagers-bounces at sunmanagers.org]On Behalf Of Ray Pengelly > Sent: 21 January 2004 23:13 > To: sunmanagers at sunmanagers.org > Subject: SCSI bus resets > > > I have a server running solaris 9 x86. It uses the AIC 7902w ultra 320 > scsi controller. This controller is dual channel. It has a 36 GB > Seagate ST336607LW on the A channel (internal) and an external storage > array, and L25 with one sdlt320 drive on channel B. > > > > The internal drive is /dev/rdsk/c0t0d0 > > > > And has 3 partitions / s0 > > /usr s6 > > /opt s7 > > > > The external raid array has one array divided up into two 512GB LUNs > which are mounted as /DATA1 and /DATA2. They are /dev/rdsk/c2t0d0s6 > and /c2t0d1s6. > > > > > I successfully created filesystems on the external array and mounted > them. They have nfs mounts and have been in use for about a week. > Suddenly they stopped working today. I found the following errors in > /var/adm/messages > > > > n 21 15:36:53 dmstore SCSI transport failed: reason 'reset': retrying > command > > Jan 21 15:36:53 dmstore scsi: [ID 107833 kern.warning] WARNING: > /pci at 0,0/pci8086,2545 at 3/pci8086,1460 at 1d/pci9005,ffff at 2,1/sd at 0,0 > (sd16): > > Jan 21 15:36:53 dmstore SCSI transport failed: reason > 'unexpected_bus_free': retrying command > > Jan 21 15:37:28 dmstore adpu320: [ID 518805 kern.warning] WARNING: > Timeout on target 0 lun 0. Initiating recovery. Jan 21 15:37:30 > dmstore scsi: [ID 107833 kern.warning] WARNING: > /pci at 0,0/pci8086,2545 at 3/pci8086,1460 at 1d/pci9005,ffff at 2,1/sd at 0,0 > (sd16): > > Jan 21 15:37:30 dmstore SCSI transport failed: reason 'reset': > retrying command > > Jan 21 15:37:30 dmstore scsi: [ID 107833 kern.warning] WARNING: > /pci at 0,0/pci8086,2545 at 3/pci8086,1460 at 1d/pci9005,ffff at 2,1/sd at 0,0 > (sd16): > > Jan 21 15:37:30 dmstore SCSI transport failed: reason > 'unexpected_bus_free': retrying command > > > > Any idea what could be causing this? If I try to mount to mount the > drives I > get: > > > > mount:/ I/O error > > mount: cannot open /dev/dsk/c2t0d0s6 > > > > If I look at the disks under SMC both c2t0d0s6 and c2t0d1s6 show up > but their size is 0. Anyone have any clue what is going on? > > > > Ray > > > > Ray Pengelly > > Computing Support Technologist > > Centre for Neuroscience Studies/ > > CIHR Group in Sensory-Motor Systems > > Queen's University > > 613-533-6000 ext 74139 > > > > Give a person a fish and you feed them for a day; teach that person to > use the Internet and they won't bother you for weeks. > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From KGilliam at bcbsm.com Thu Jan 22 12:48:45 2004 From: KGilliam at bcbsm.com (Gilliam, Kirk R.) Date: Thu, 22 Jan 2004 17:48:45 -0000 Subject: SUMMARY Swap Configuration for New V440 Message-ID: <2952E1277901D311B9AF0008C75D293E126FE2F7@snt454.corp.bcbsm.com> Thanks for the replies from: sunsa_tx at yahoo.com David Booth Tim Chipman Chris Dantos Victor Karpovich Wesley W. Garland Stan Pietkiewicz Darren Dunham Special thanks to: Kevin L. Prigge Colby Johnston hike1272-sunhelp at yahoo.com Kevin Buterbaugh ---------------------------------------------------------- Kevin L. Prigge Sent me these links for Solaris 9 and Solaris 8 respectively and I summed it up below for Solaris 8:(Also keep in mind a large enough space for crash dumps) For Solaris 9: http://docs.sun.com/db/doc/817-2874/6migoiaao?a=view Solaris 8: http://docs.sun.com/db/doc/817-1658/6mhcgsu9m?a=view System Type Swap Space Size Dedicated Dump Device Size Workstation 4 Gbytes of physical memory 1 Gbyte 1 Gbyte Mid-range server 8 Gbytes of physical memory 2 Gbytes 2 Gbytes High-end server 16 to 128 Gbytes of physical memory 4 Gbytes 4 Gbytes ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------- Colby Johnston summed it up with following and a nice link: I would not allocate more that 4Gb of swap unless your applications have special swap requirements. The way sun virtualizes memory now, there is usually no need for the old 1 to 1 ratio of physical memory to swap space. Swap is now defined as disk backed physical memory plus a portion of real memory. With this in mind, even though you may allocate a 4Gb swap partition, your "swap -s" output may show you are potentially using more than that. The "swap space" used on the system is dynamic and may not always equal the space defined in the swap partition. See the following document on for a better explanation on planning the swap space on Solaris. There is a section called "Planning for Swap space" which should give you a good idea of how to initially configure swap. http://docs.sun.com/db/doc/817-2874/6migoiaaj?q=swap&a=view ---------------------------------------------------------------------------- -------------------------------------- hike1272-sunhelp at yahoo.com says: sun has changed its swap recommendations with the advent of large amount of real memory. under normal situations, you will never use all 16gbs of rams for processes. instead of swapping, your system will page (to unused portions of real memory). at this point, the major concern are core dumps. ideally you want enough swap for an entire core dump. we have 12gb of ram and setup a 12gb swap partition. since our internal disk are for os only and hold no data, this is not an issue. what sun recommended in the sysadm classes is to create a smaller swap partition. if more space is needed, a swap file can be created. also, sun now recommends only "/" and swap partitions. following this recommendation, a large amount of the "/" partition will be unused; there will be plenty of room for a swap file. ---------------------------------------------------------------------------- ------------ Kevin Buterbaugh has this to add: You're right, the old rules about swap no longer apply. As long as you have sufficient physical memory for your peak workload, you can actually run with no swap whatsoever configured. However, that's generally not recommended, mainly because in the (rare) event of a system panic, it will want to dump to the swap space. How much swap you should configure really depends on the application you're going to run on the server and its' requirements. We generally configure swap = RAM on our smaller ( < 16 GB RAM) boxes. For larger boxes, it's more like swap = RAM / 2. YMMV... ---------------------------------------------------------------------------- ----------------------------------------- thanks for all of the replies and here is my original POST: Kirk Gilliam ---------------------------------------------------------------------------- ---------------------------------------- Hello -- I have searched the archives and I still have not found an answer. I have three V440's with four 1.28GHZ processors and 16 GB of RAM and four 32 GB disks. The old Sun way for configuring the swap partition was to configure the partition for one to two times the physical memory. Since memory and disk are getting cheaper, what is the new rule of thumb? Should I give the swap partition a 1 to 1 relation which would be a 16 GB swap partition? That sure seems like a lot of wasted space. What problems would I run into if I made the swap partition 8 GB or 4 GB. What if I had one 36 GB disk and 32 GB of RAM, you would not make swap 32 GB, would you? Thanks, I will summarize, Kirk Gilliam _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From jeffrimj at telkom.co.za Sat Jan 24 10:08:56 2004 From: jeffrimj at telkom.co.za (Michael Jeffries (M)) Date: Sat, 24 Jan 2004 15:08:56 -0000 Subject: SUMMARY : Problem installing Solaris on Netra v100 Message-ID: Thanks to all that responded, I now got to install Solaris 9 perfectly on my Netra server >I have two questions >1) I noticed that certain versions of Solaris 8 cannot be installed on >the Netra Sever, is there a bug with the netra?? The Netra came out mid-way through the Solaris 8 period. Earlier versions of Solaris 8 have no idea what a Netra is. You'll find this standard with Solaris and Sun hardware. This is the same reason you can't install Solaris 7 on the Netra. Solaris has hooks in it to understand the hardware it is running on. Hooks not there, Solaris won't run. Generally speaking, you need a Solaris 8 release which is newer than the initial release date of the hardware. I think the Netra came out after Solaris 8's first release, so you need to get a late enough hardware revision. Just a burn the latest set from the ISOs on sun.com. >2) Anyway I decided to install Solaris 9 on the server after trying >endlessly to install Solaris 8. During the installation (after I put >the IP numbers in) of Solaris 9 on the server, the power went down, >and I lost connectivity. Now I cannot get into the server, it seems to >freeze up at the logging prompt. This means I cannot go on with the >installation, as I cannot get the server into single user mode, as I >cannot log onto the server. > >The problem is that I am connecting via a consol cable from another >Unix Server, so I cannot press Stop + A ,as it will try an put the >server I am connecting from into the go prompt. > >How can I recover from this? When using the tip command to send a break signal during boot you use ~# (Tilde Hash) If you don't know how to send a break properly with your terminal program, change to the lower baud rate you can (e.g. 50 bps) and press space. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From ray at biomed.queensu.ca Tue Jan 27 08:14:00 2004 From: ray at biomed.queensu.ca (Ray Pengelly) Date: Tue, 27 Jan 2004 13:14:00 -0000 Subject: SUMMARY: stale nfs mounts Message-ID: <003a01c3e4d6$97cec2b0$be6a0f82@biomed.queensu.ca> The problem was fixed in the end by a reboot. I tried to remove the entry from /etc/mnttab but to no avail. After the reboot it came back up. I was fortunate I could take this machine offline for a couple of minutes. >Hey, > >I have a stale nfs mount that I can't seem to get rid of. I've tried "fuser /file" and it comes back with no user. This was an autofs mount. I've tried stopping autofs and trying to unmount but nothing. >The folder the share is mounted on has changed to a file and anytime you try to open the file or look at its attributes it comes back with "stale nfs mount" >How can I delete this file? >Ray Ray Pengelly Computing Support Technologist Centre for Neuroscience Studies/ CIHR Group in Sensory-Motor Systems Queen's University _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Jeremy.Loukinas at evenflo.com Thu Jan 29 15:53:26 2004 From: Jeremy.Loukinas at evenflo.com (Loukinas, Jeremy) Date: Thu, 29 Jan 2004 20:53:26 -0000 Subject: Summary: SVM and Veritas on the same system. Message-ID: Brad Heck sent me this link which covers exactly what I was wondering. Can you have the best of both. Since VVM is notoriously complex for rootdisk tasks and SVM so easy... http://unixway.com/vm/veritasvm/rootdg.html#ssrootdg -----Original Message----- From: tagriffin at micron.com [mailto:tagriffin at micron.com] Sent: Thursday, January 29, 2004 3:33 PM To: Jeremy.Loukinas at evenflo.com Subject: RE: SVM and Veritas on the same system. Install Veritas. # ps -ef|grep vxconfig (Confirm that vxconfigd is running. If not, run "/usr/sbin/vxconfigd") # vxdctl init # vxdg init rootdg # vxdisk -f init c#t#d#s6 type=simple (This is the first one. We have a 4Mg partition set aside on slice 6 of our root disks for Veritas rootdg. We have slice 7 set aside for the metadbs for DiskSuite.) # vxdg adddisk c#t#d#s6 # vxdctl add disk c#t#d#s6 type=simple # vxdisk -f init c#t#d#s6 type=simple (This is the second one. We mirror our root disks and have slice 6 set aside on both disks for Veritas rootdg.) # vxdg adddisk c#t#d#s6 # vxdctl add disk c#t#d#s6 type=simple # vxdctl enable # rm /etc/vx/reconfig.d/state.d/install-db (if it exists) # rm /etc/vx/.dumpadm (if it exists) That's it. It works very well for us. This way, we have two and only two disks on our system that are for the OS and all other disks can be for data. Teressa -----Original Message----- From: sunmanagers-bounces at sunmanagers.org [mailto:sunmanagers-bounces at sunmanagers.org] On Behalf Of Loukinas, Jeremy Sent: Thursday, January 29, 2004 1:26 PM To: 'sunmanagers at sunmanagers.org' Subject: SVM and Veritas on the same system. Over the years I have seen a lot of debate about using Veritas and or SVM ( formerly disksuite ) on the same system. A lot of people including myself like to use SVM on the boot disks and VVM on everything else. Most of the time I have had the luxury of being able to stick something in rootdg that I really didn't care about extra disk or something. But as servers are getting thinner and you don't have extra disks laying around doing that becomes almost impossible. I read a bit ago somewhere you can take a slice from a rootdisk and use that for rootdg and continue using SVM for your rootdisks? Is this possible? If so how? Is to overly complicated to mess with? Jeremy S. Loukinas _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From mbruntel at att.com Fri Jan 30 16:24:25 2004 From: mbruntel at att.com (Bruntel, Mitchell L, ALABS) Date: Fri, 30 Jan 2004 21:24:25 -0000 Subject: SUMMARY WAS: OT? Philosophical Question on SA responsibilities Message-ID: <5C700C606D636745AC163DA0B670BA1B0456CE06@OCCLUST02EVS1.ugd.att.com> SUMMARY : I've left the original attached too. I am not sure if I will send the script to the list, or simply to the folks who requested, but it will follow! SUMMARY: OT: What would YOU DO? (A LENGTHY Analysis) 26 Responses today: Quick Summary: =========== LOOK before you leap. If you're an administrator, find out if your new boss is interested in someone who can take charge, and has a brain, or just wants a body to do exactly what they say, and no more! Also helpful for managers interested in hiring new administrators. Perhaps ask THEM the questions, and ask them to discuss. The general consensus is that politics unfortunately gets into everything these days! And remember, that you are part of a team, not a solo Unix jock! As a brand new employee anywhere, even if I was in charge, I would not presume to change things without first finding out why things are they way they are. As an admin, I always assume that my job includes "doing the right thing". I would work with whomever to get security as tight as it needs to be, but no tighter. Detailed Responses: ============= Note: I am not thanking by names those who helped out with answers. Amazing how many people (more than 2!) were scared that people they worked with might disapprove (of) (or recognize) the comments. I personally think that this discussion will actually go down as being an ON topic, or an ON TOPIC discussion for EVERYONE reading this list BEFORE going on an interview, OR offering a job to someone! RESULTS of the sunmanager's PROFESSIONAL'S POLL: ================================ NOTE: Please see original message (at end) for questions. Overall Comments: ============== * A great deal of the respondents essentially said: POLITICS rears its ugly head again. Furthermore, there are essentially two different schools of thought. Bosses either want an automaton (robot), or want someone who will be "proactive". * Most important point to note is this: The SA MUST either ASK, or find out what kind of a manager they are going to work for. * IF the boss wants a robot, be a robot. If the boss wants someone with a mind, also fine. But never shall the twain meet. * To me this is very very very sad. The fact that there ARE people who WANT someone who DOESN'T work at their fullest potential is a very sad commentary on today. * The quickest way to start a fight or create hard feelings is to dive in as though you are the owner of the systems and make them over in your own style. * Until your PS, I assumed the questions were sort of rhetorical. Then I wondered if perhaps you were the new but experienced SA being called on the carpet for doing these things. **** Guilty as charged**** and unfortunately, one of the 3 other administrators is my boss, who did actually ask me to log in and install the xyz software (and tell me rebooting/working as root was ok). * My answer to all would be to not make presumptions or overstep your authority or assignment, especially as a new SA working with others who were already there. You can certainly bring things to their attention, ask them about things you see, and/or ask permission to do things. But, the quickest way to start a fight or create hard feelings is to dive in as though you are the owner of the systems and make them over in your own style. *Show respect for others' work and take the time to develop a good working relationship. If the new SA in the shop is really good, best results for all come about if that new SA also works confidently but cautiously without trying to take over, "prove" himself, or show off. *In some shops "doesn't play well with others" qualifies an individual for being thrown out, regardless of how much they know. *Just as an example, I have some systems with telnet open. They need to be. You don't need to know why, but if you worked with me, you should ask why. They happen to also be secured with TCP/Wrappers and other things as well, but general policy would presume that SSH should be everywhere and telnet closed. In this instance there is an exception to the general policy for a particular reason. *My own take on this is that there is a massive hole in the company's management practices. Gray areas of responsibility and the degree to which individual SAs should be permitted to use their own discretion, should be spelled out as much as possible in advance, preferably in the form of a policy/procedure document. *That really sucks. Its sad because I continually have to put up with dorks that need to be told what to do constantly. I work with more people that don't move a finger to keep a system up to date, check logs, or anything. They wait for a ticket to come in or a phone call and then get bent out of shape when its a call and not a ticket. *I'd look through some of them to see if it's some kind of system error generating them then I'd delete them. I'd be sure to check back the next day to see if any more was there. Something must be generating all those emails and I would want to know what it is. Question 1: Would you go thru the 14,600 messages in root and admin mailboxes, and delete them? Further clarification: =============== (very important, sorry I didn't specify this in advance: ALL messages were caused by cron entries (running about 4 per hour, or 200/day.) ALL messages were checked (by size, # day before (spot checking, then deleting all. ALSO: This was a production system, with NO users, ONLY running scripts. NO regular output is expected from systems via mail. YES: 6 NO 2 Maybe 3 Comments: YES ============= I'd say yes to this, with the caveat that you don't delete important ones and that you also set these mail boxes to forward to someone live who can monitor them in a timely fashion. Also take steps to determine why there's 14K of them. I would truncate the entire message file, install XYZ software and then monitor the messages for applications using the syslog facility. I guess I would check the most recent mail, max. X week old. If the mail files are not filling disk, then I would be inclined to leave them until I can talk to the other admins as there might be some absurd company policy. Bearing in mind that mail jobs rarely report anything serious though they often report on failed backups or other processes. All of which, if important, should be in the last 5 days worth of mail (making sure you check mail for a Sunday as this is the most likely time for a FULL backup). I would be more interested in the messages file and any explorer output, etc. Comments NO: ============ Absolutely not -- we're a development house, and those messages are often pertaining to nightly build failures, and are very often used for POP and IMAP testing -- so if a new admin came in and took the initiative to do that, I'd have to point out to them they made an error in judgement. My further experience says: A) If it's a development machine it BETTER NOT have 14,000 UNREAD MESSAGES. B) They DAMN better be cleaning and or moving them somewhere else. C) Note: was production machine with NO users! A new admin should be "look but don't touch", ask first. Maybe so ======= The first thing I do when I get on a system I haven't seen before is to look around, check disk space, see what's new in crons, look for scripts I can borrow or copy, look in the /etc for anything amiss. Just snoop around. If I was a new SA I would if encountering a security hole, I would contact my immediate boss and inform them what I found and ask what are the policies for the site. My $.02 is that it would depend on the environment, applications, personalities, etc. So I'd ask first, get a feel for things before making changes. Question B: Would you presume your charge also includes "doing the right thing" to tighten the security on the box? YES 1 No 7 Maybe 6 Mitch's Comments: ============== See question on politics at start of message. Main point to take away (for others, please forgive the, "DUH, NO KIDDING" point coming up!) Main Point? There is a significant difference in administrating machines by yourself or sharing administrative responsibilities with a group. Life as a solo system administration is DIFFERENT. Not better, not worst.. BUT DIFFERENT. YES COMMENTS: =============== Yep. NO COMMENTS: =============== * new admin should be look but don't touch; ask first. * In that environment of shared responsibility, if that is all a new admin is told, then no, they should not do anything else without checking. * Who is to say that "doing the right thing" won't actually be "doing the wrong thing" when you tighten security a bit too much and break something. * All too often, I find that vendor apps require taking a few risks with permissions, locations, etc. Hardening a box too far can cause trouble , but there isn't much you can do because you are committed to those apps. until you can find better alternatives. * As for doing it all as part of a team without checking with the rest of the team. No way! If you are new, you don't have all the reasons the boxes might be set up the way they are. I have several here at work, behind firewall, that are wide open, not a lot I can do about it except to monitor them. * If I was a new SA I would if encountering a security hole, I would contact my immediate boss and inform them what I found and ask what are the policies for the site. * I would not change anything without a change request agreement. It is okay to identify but not to change functionality or configurations * d) I don't presume b but I would implement d if given the option. * I would not change anything without a change request agreement. It is okay to identify but not to change functionality or configurations * I don't presume b but I would implement d if given the option. * My own take: There is a massive hole in the company's management practices. Gray areas of responsibility and the degree to which individual SAs should be permitted to use their own discretion, should be spelled out as much as possible in advance, preferably in the form of a policy/procedure document. o Furthermore, I believe there should be controls on how each server is administered, so as to provide you with a head start on solving any problems that arise on a server that someone else may have been responsible for recently but is absent. o Imagine 15 different machines being administered willy-nilly. I think all these things can be accomplished without unduly curtailing creativity and a modicum of independence on the part of each SA. o o In the past young SA's with enthusiasm think that "trying to impress" is a good thing, but then I've noticed the sys user has gone due to the sys user never being logged in and they thought it best to just run a # "userdel -r sys", this in turn deleted a hell of a lot of the system and the SA in turn got a severe "data-entry" task to do for a week or so. Maybe SO = = = = = = o B, c, d ... Hmm, strong arguments on both side of this one. As the "new guy" you should avoid ruffling feathers. You definitely should look if you have the expertise to do so. You should report your findings and determine what the policy (or lack thereof) is. Reaction could vary from "we're ignorant on the topic and could use your help" to "mind your own business" to "there's a reason for that." o You may not consider any reason given to be a good one, but the reason might exist, and making the changes break something. o most certainly ask -- there are lots of reasons that people have chosen to accept security risks for different reasons -- again, as a development house we've made multiple decisions to allow security risks in our environment -- this is totally something that needs to be discussed with the existing systems administrators, as the new administrator might be unaware of requirements on the systems for what they would consider to be security vulnerabilities. o I wouldn't install patches or replace system software (eg., solaris bind with latest ISC), but I might add non-intrusive monitoring (Ie., not snort, or a dictionary checker to PAM). o For patching or replacing, I would check with my new supervisor: "Hey, I'm doing the work instructed on these systems and I noticed . May I do ?" o b)Depends on the environment. If this box is in a DMZ then yes. If it is a no nothing dev box, maybe/maybe not. Theoretically, every box should be locked down, and if you have jumpstart then that is easily done. In practice, different boxes need different applications and should be done on a categorical bases. IE web servers should look the same, DB servers should look the same, etc.. o If you do b, and find security vulnerabilities, would you shut them down, (fix them directly), or ask for permission to fix them. o most certainly ask -- there are lots of reasons that people have chosen to accept security risks for different reasons -- again, as a they would consider to be security vulnerabilities decisions to allow security risks o in our environment -- this is totally something that needs to be discussed with the existing systems administrators, as the new administrator might be unaware of requirements on the systems. o I've worked at places where the parameters included only my specific task and no more; check your brain at the door. o I've also worked for people who said "keep the users happy, the systems up, and corporate off of my back" I'll Summarize Question C: ======================== If you do b, and find security vulnerabilities, would you shut them down, (fix them directly), or ask for permission to fix them. Pretty much, everyone said, ask first. (and I did! And the vulnerabilities are STILL OPEN) Question D: ============ if you presume b( do right thing) includes Ensuring security on the boxes, would you do the following: Add a NON-INVASIVE (log only) Cron that does the following: for all id's on system: do 1) passwd -s userid # comment #< gets user password status # #(locked/nopassword,etc) 2) crontab -l userid #(check if user is in cron.allow, deny, etc.) 3) Log results to a file in /var/adm, automatically by day date/month/year (creating directories as necessary. Comment on D: I can see some use for the passwd -s part of the crontab script, but not for the crontab -l part. ANSWER: You'd be surprised how many times I found that my users LIED, and or installed their own "subversive" cron scripts in previous places, that I discovered by monitoring the differences in the crontab -l command. ALSO stuff run by people no longer there, etc. OR even simply UUCP(or its remains). (we've depreciated it at our company, but some systems still had logins ,and other unneeded stuff!) Question D: YES: 6 NO ? MAYBE SO: 4 Yes Comments: ============= Once you have permission for B&C, then add the scripted cron jobs As regards, putting any non-invasive security checks, etc. I would feel free to do whatever I thought would benefit the company and systems and over all argue the case for whatever changes I feel are required based on my experience, best practise, etc. even if it is against company policy but I would be more inclined to use freeware security utilities that are around rather than re-inventing the wheel. Yep! Sure, if you already have a script and there is no other monitoring. Its pretty non-evasive so it should be ok. Just make sure that you don't fill /var...rotate logs. Checking passwords and crons aren't that informative vs. a true tripwire type of config or cfengine. MAYBE SO: ========= I don't presume b but I would implement d if given the option Probably, but I'd also make sure the other folks in the group knew it was there, probably via an email. When the new admin started, was he or she given a briefing about the security stance and policies of the group? How about CM policies for the servers? It's on the boss' shoulders to orient the new guy appropriately and it's on new guy to make sure he understands what the group expects and wants. Really depends on the company. What you're describing sounds like good admin practice, but I would take the company culture in to account. Working for the government this action probably equals social suicide. Tightening up security means you think (and express openly ) the other 3 admins did a bad job at this. They will might never forgive you for such an open criticism. So sometimes I think it is smarter to form some friendships first. In a small company with an open culture I can see me doing something like this on the first day though. You may only not quote me except without my name. It's surprised me more than once how a remark like this can backfire on you at a point where you forgot you ever made it. Once you have permission for B&C, then add the scripted cron jobs. SUMMARIZING AGAIN: =================== Interesting. Majority would Delete the old, stale email messages. Majority would NOT presume that taking working on a system as root means you should try and make it as "bullet-proof" as possible. MAJORITY feel that as the jr. team member, need to work with colleagues. HOWEVER Majority seems to feel installing a NON Invasive, NON system affecting cron would NOT be offensive, and would help tighten security. As I always say, "go figure". -----Original Message----- From: Bruntel, Mitchell L, ALABS Sent: Friday, January 30, 2004 9:47 AM To: sunmanagers at sunmanagers.org Subject: OT? Philosophical Question on SA responsibilities Here's a question for other administrators: Question: Presume the following: 15 remotely located machines (all solaris) 3 people allowed to use root password. New admin joins group. Told to install XYZ software on machines. Told Reboot, if necessary is ok. Told install ok to install additional pre-requisites if needed... OH, and there are NO users on the box, just those administrators. Here are the questions: As a experienced SA logging into the machine for the first time: a) would you go thru the 14,600 messages in root and admin mailboxes, and delete them? b) Would you presume your charge also includes "doing the right thing" to tighten the security on the box? c) If you do b, and find security vulnerabilities, would you shut them down, (fix them directly), or ask for permission to fix them. d) if you presume b, is correct, would you install a cron job that does the following? for all id's on system: do 1) passwd -s userid (gets user password status (locked/nopassword,etc) 2) crontab -l userid (sees if user is in cron.allow, deny, etc.) 3) Log results to a file in /var/adm, automatically by day date/month/year (creating directories as necessary. Thanks: I'll summarize. PS: want the script? Email me. It's saved me a few times, and found a few unauthorized things in the past! _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From olivercj at telkom.co.za Fri Jan 9 02:51:24 2004 From: olivercj at telkom.co.za (Claude Oliver (CJ)) Date: Fri, 09 Jan 2004 07:51:24 -0000 Subject: SUMMARY: Ports on Solaris5.7 (E4500) Message-ID: <4D2337DE44E0E1478F62D4840FA92E88707EF9@CNTRRA20-XCS00.telkom.co.za> Thanks a lot all, Especially Balamurugan.T Jonathan Sims & J. Oquendo Your help was timely as ever. The winning answer is the freeware application lsof. Here is the output I got and needed. --------------------------- rbfxsnc1(/usr/local/bin)# ./lsof | grep 6767 bgsagent 867 root 3w VREG 32,83 4093 224128 /app/patrol/PATROL3.4/Solaris-2-7-sparc-64/best1/bgs/monitor/log/bgsag ent_6767.log bgsagent 867 root 5u inet 0x3000474dc58 0t0 TCP *:6767 (LISTEN) bgsagent 867 root 6u inet 0x300040182b0 0t0 TCP localhost:6767->localhost:45870 (ESTABLISHED) bgscollec 875 root 3w VREG 32,83 4093 224128 /app/patrol/PATROL3.4/Solaris-2-7-sparc-64/best1/bgs/monitor/log/bgsag ent_6767.log telnet 2560 root 3u inet 0x30005161ee0 0t0 TCP localhost:45870->localhost:6767 (ESTABLISHED) rbfxsnc1(/usr/local/bin)# -------------------------- I would also like to add that the people on holiday were helpful as ever in filling up my inbox. Regards, Claude Oliver IT Specialist Infrastructure Support Services Telkom SA (Tel) 012 6803102 (Fax) 012 6803299 (Cell) 083 2432956 -----Original Message----- From: Jonathan Sims [mailto:jsims at MusicNet.com] Sent: 09 January 2004 09:15 To: Claude Oliver (CJ) Subject: RE: Ports on Solaris5.7 (E4500) lsof is what you want (you can find it a sunfreeware)> Lists open files, ports, etc per process JLS -----Original Message----- From: Claude Oliver (CJ) [mailto:olivercj at telkom.co.za] Sent: Thu 1/8/2004 11:03 PM To: sunmanagers at sunmanagers.org Cc: Subject: Ports on Solaris5.7 (E4500) Hi Managers, My problem is that I must install an application on my Sun Machine but it need to communicate thru port 6767 to a master server, but the port is already open by another application. I would like to know is there is a command to find the process and/or application using that port on my machine. Extra info ------------- rbfxsnc1(/)# uname -a SunOS rbfxsnc1 5.7 Generic_106541-27 sun4u sparc SUNW,Ultra-Enterprise rbfxsnc1(/)# netstat -a | grep 6767 *.6767 *.* 0 0 0 0 LISTEN Thank you in advance. Regards, Claude Oliver IT Specialist Infrastructure Support Services Telkom SA (Tel) 012 6803102 (Fax) 012 6803299 (Cell) 083 2432956 _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From PhippsAC at telkom.co.za Thu Jan 22 04:31:32 2004 From: PhippsAC at telkom.co.za (Adrian Phipps (AC)) Date: Thu, 22 Jan 2004 09:31:32 -0000 Subject: SUMMARY: TOP help Message-ID: Hi all, Thanks to Bertrand and Jon Andrews for their quick replies. See mail below for good explanation and a more detailed explanation in the link below. http://www.cs.uleth.ca/~holzmann/C/system/memorylayout.pdf regards Adrian Phipps 90 Durban Road IT Building Bellville Work 021-949 4642 Cell 082 787 7321 Fax 021-945 4740 -----Original Message----- From: Bertrand_Hutin at fr.ftsi.fujitsu.com [mailto:Bertrand_Hutin at fr.ftsi.fujitsu.com] Sent: Thursday, January 22, 2004 11:28 AM To: Adrian Phipps (AC) Subject: Re: TOP help text: code of the program, read only data: where all the variables are stored, Read Write stack: where the temporary variables created by function calls and malloc are stored. "Adrian Phipps (AC)" To: Sent by: cc: sunmanagers-bounces at sunm Subject: TOP help anagers.org 22/01/2004 10:09 Hi all, I am trying to assist a user with performance stats on a SUN server, I was looking at the TOP display and man pages and don't quite understand the SIZE field. In the man pages it is quoted as "SIZE is the total size of the process (text, data, and stack)," I don't understand what the test, data and stack stands for. Can somebody be kind enough to explain to this me? Thanking you in advance Adrian Phipps 90 Durban Road IT Building Bellville Work 021-949 4642 Cell 082 787 7321 Fax 021-945 4740 <> [demime 1.01b removed an attachment of type image/bmp which had a name of ole0.bmp] _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Nick at Pettefar.com Thu Jan 22 08:45:56 2004 From: Nick at Pettefar.com (Nick Pettefar) Date: Thu, 22 Jan 2004 13:45:56 -0000 Subject: Summary: Sun Blade 1500s bge /etc/system settings In-Reply-To: Message-ID: Here are the answers I received. I haven't tried any out yet as the machines seem to work fine using autoneg. ======================================= Date: Thu, 11 Dec 2003 11:45:48 -0500 From: Clive McAdam To: "'Nick at Pettefar.com'" Subject: RE: Sun Blade 1500s bge /etc/system settings Create /platform/`uname -i`/kernel/drv/bge.conf and put the following into it speed=100; full duplex=1; ======================================= Date: Thu, 11 Dec 2003 11:49:52 -0500 From: "Harrington, David B. (Contractor) (DSCR)" To: "'Nick at Pettefar.com'" Subject: RE: Sun Blade 1500s bge /etc/system settings Parts/Attachments: 1 Shown 35 lines Text 2 OK 15 lines Text ---------------------------------------- Nick; I execute the attached file during bootup (soft link to /etc/rc2.d/S95nddsets). dbh ======================================= # /etc/init.d/nddsets a series of ndd commands to set parameters to other thandefault # values. # # added to set the bge interface to 100mps fullduplex mode - dbh May 29, 02 ndd -set /dev/bge0 adv_1000fdx_cap 0 ndd -set /dev/bge0 adv_1000hdx_cap 0 ndd -set /dev/bge0 adv_100fdx_cap 1 ndd -set /dev/bge0 adv_100hdx_cap 0 ndd -set /dev/bge0 adv_10fdx_cap 0 ndd -set /dev/bge0 adv_10hdx_cap 0 ndd -set /dev/bge0 adv_autoneg_cap 0 ======================================= Date: Thu, 11 Dec 2003 11:38:27 -0600 From: "Gowda, Sanjay" To: Nick at Pettefar.com Subject: RE: Sun Blade 1500s bge /etc/system settings Nick, Here is a copy of how to setup the bge interface on a V240.I am assuming it is the same on Sun Blade 1500s as well. ---------------------------------------------------------------------------- Thanks to Stella Kong for the below reply:- I used option 2 and it worked fine. ------------------------------------------------------------------------ Hi Brett: As per the document Sun has provided (ID70401) there are 2 solutions: 1. Create script in /etc/rc2.d to force it to set it to 100fdx everytime the system reboots. Create script /etc/rc2.d/S68net_tune #!/sbin/sh # /etc/rc2.d/S68net-tune PATH=/usr/bin:/usr/sbin echo "Implementing Solaris ndd Tuning Changes " # bge-Interfaces # Force bge0 to 100fdx autoneg off ndd -set /dev/bge0 adv_1000fdx_cap 0 ndd -set /dev/bge0 adv_1000hdx_cap 0 ndd -set /dev/bge0 adv_100fdx_cap 1 ndd -set /dev/bge0 adv_100hdx_cap 0 ndd -set /dev/bge0 adv_10fdx_cap 0 ndd -set /dev/bge0 adv_10hdx_cap 0 ndd -set /dev/bge0 adv_autoneg_cap 0 Make the script executable: # chmod 755 /etc/rc2.d/S68net_tune After the script is run, you will see that the NIC is set to 100fdx autoneg off. 2. BGE.CONF To force the bge interface to 100mbps full duplex, put the following entries in /platform/sun4u/kernel/drv/bge.conf A reboot is required for this method. adv_1000fdx_cap=0; adv_1000hdx_cap=0; adv_100fdx_cap=1; adv_100hdx_cap=0; adv_10fdx_cap=0; adv_10hdx_cap=0; adv_autoneg_cap=0; NOTE: Using bge.conf will force all instances of bge to the speed/duplex specified in the file. Use ndd to force individual instances if for example bge0 needs to be 10hdx and bge1 needs to be 100fdx. Regards, Stella ====================================================== Regards, Nick Nick Pettefar Nick at Pettefar.com DoD 1069 MAG 73516 Bros 650 ZZR1100D On Wed, 21 Jan 2004, Jim Luttinen wrote: > Hi, > > I was just browsing the sun manager archives, and came across your note > asking for help with setting the network interface parameters via > /etc/system. Did you ever get a response to your query? I'm in the same > boat, and would like to make something permanent like that. > > Thanks, > > Jim Luttinen > jluttine at d.umn.edu > > > Hi, we have some new Sun Blade 1500s with a bge gigabit network interface. > > > > Does anybody know how to set the bge interface to full 100 hard duplex > > in the /etc/system file? I've tried various combinations but none > > seem to work. The default seems to be autoneg which means I have to > > get the ports changed by the network team for each installation. > > > > Regards, > > > > Nick _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Mark.Barnes at FT.com Thu Jan 22 10:38:09 2004 From: Mark.Barnes at FT.com (Mark.Barnes at FT.com) Date: Thu, 22 Jan 2004 15:38:09 -0000 Subject: Summary - problems jumpstarting a new v240 Message-ID: Folks, Thanks to all that replied - It is, sadly, as I expected the new hardware will not accept and thing earlier than the 12/02 release of solaris 8. I had hoped there might be a PROM hack to get round it - But a couple of you warned me off attempting such nonsense. So I am updating my jumpstart images now, and the "urgent" new server build will have to wait. cheers ******************************************** Mark Barnes Unix System Administrator Financial Times 020 7873 3909 ******************************************** ----- Forwarded by Mark Barnes/LONDON/FINANCIAL TIMES on 22/01/2004 15:28 ----- Mark Barnes < To: sunmanagers at sunmanagers.org< 22/01/2004 13:06 cc: Subject: problems jumpstarting a new v240 Folks, I am getting this error when jumping a flashy new V240 Cannot find kernel file /kernel/sparcv9/unix I can jump any other type of box I have tried on the jumpstart image is 2.8, but it is a little old. Is there a prom setting that needs to be changed here ? I will summarise - I have found a similar problem posted before but no summary :( cheers ******************************************** Mark Barnes Unix System Administrator Financial Times 020 7873 3909 ******************************************** ********************************************************************************** This email may contain confidential material. If you were not an intended recipient, please notify the sender and delete all copies. We may monitor email to and from our network. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Olaf.Hopp at atis.uka.de Thu Jan 22 11:37:25 2004 From: Olaf.Hopp at atis.uka.de (Olaf Hopp) Date: Thu, 22 Jan 2004 16:37:25 -0000 Subject: [SUMMARY] RAM for E450 and E250 - are they compatible ? Message-ID: Answer is YES: > Yes, they are compatible for the 32MB, 64MB and 128MB > DIMMs, but only the E250 can use the 16MB DIMMs and > only the E450 can use the 256MB DIMMs. > Both use 200-pin 60ns Fast Page Mode ECC DIMM modules > installed 4 per bank. Thanks for all that answered, Olaf -- ============================================================================== __0 _-\<,_ Dipl.-Geophys. Olaf Hopp (_)/ (_) ATIS - Abteilung Technische Infrastruktur University of Karlsruhe EMail: Olaf.Hopp at atis.uka.de Faculty of Computer Science WWW : http://www.atis.uka.de Building 50.34 Room-No. 009 Am Fasanengarten 5 Fon : +49 (721) 608-3973 D-76131 Karlsruhe / Germany Fax : +49 (721) 608-6699 ============================================================================== _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From kristianto.setiawan at sun.co.id Thu Jan 29 20:11:47 2004 From: kristianto.setiawan at sun.co.id (kristianto.setiawan at sun.co.id) Date: Fri, 30 Jan 2004 01:11:47 -0000 Subject: SUMMARY : E4500 connection to Brocade Message-ID: <32ad531987.3198732ad5@sun.co.id> Thanks for the repsonse to : Jon Hudson Daniel Weigert Bertrand Hutin Gregory Shaw Steve Starer Adam Bracewell Mostly they suggest using Emulex 9002 that has been proven work for their SAN. Rgds Kristianto > -----Original Message----- > From: kristianto.setiawan at sun.co.id > [mailto:kristianto.setiawan at sun.co.id]Sent: Thu 1/29/2004 12:08 AM > To: sunmanagers > Cc: > Subject: E4500 connection to Brocade > > Hello, > I want to setup E4500 connect to SAN with Brocade 3800 switch. > Any know which HBA type supported other than JNI ? > > Rgds > Kristianto > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From jordivi at wtransnet.net Fri Jan 30 10:12:22 2004 From: jordivi at wtransnet.net (Jordi Vidal) Date: Fri, 30 Jan 2004 15:12:22 -0000 Subject: SUMMARY: Update: system vs user CPU usage Message-ID: Thanks to Jason.Santos Anthony Talltree Genovezos, George Rich Teer Jay Lessert Rich Teer Kevin Buterbaugh Randy Millis - Load Average less than 4 * number of cpus is ok. - sys% vs %usr ratio depends on how the aplications work. It may be ok for a web server (our web server is an apache). If always reads the same files, them may be cached an readed from memory so i/o% will be low and %sys apreciable. Same with NFS servers. - Some body asked me about the graphs. We use the orca grapher package and the free orcallator.se data collector from the SE-Toolkit. We cannot live without them :-) http://www.orcaware.com/orca http://www.setoolkit.com Jordi http://www.wtransnet.com Dpto. Ticnico _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From nebraska57 at yahoo.com Sat Jan 31 22:18:49 2004 From: nebraska57 at yahoo.com (Robert Geiger) Date: Sun, 01 Feb 2004 03:18:49 -0000 Subject: SUMMARY: Forcing Stronger Passwords Message-ID: <20040201031305.53789.qmail@web42002.mail.yahoo.com> All; Many thanks to all that responded -- though I have to say, I find myself not much further along. All but two of the respondents recommended periodic cracking of passwords and forcing people whose passwords are easily cracked to change them -- though this is what we already do and I'm trying to get something more proactive in place! One person recommended anlpasswd and another said to use npasswd. I'm familiar with these passwd wrappers but, I have to say, it seems extraordinary to me that Solaris provides nothing (native) other than the default PAM module, which allows for incredibly lame passwords. I did go to openwall.com (John the Ripper site) and downloaded the pam_passwdqc PAM module, which I got to work but is pretty draconian and may not be practical for most environments. Anyway, that's my summary -- such as it is. I will summarize again if anyone responds with something other than password cracking and open-source wrappers. Thanks again to all. --------------------------------- Original Message: Hello, All... OK, I think I'm so close to having an answer to this, but can't seem to make the final step. I'm cracking down on the lame passwords people have been selecting and I know I can achieve that through PAM and via /etc/pam.conf -- but for the life of me I can't figure out how to get it done. I know it has to have something to do with an extended Password Management module that forces something like a dictionary check, but I'm at a loss at this point. We're mostly Solaris 8 with a few 9 installations and a few legacy 2.6 systems. Right now, the default config forces a password of at least 6 characters and at least one numeric or special character... But that's not enough as someone could still get away with their first or last name and just add a number to it -- which John the Ripper gets in about 5 seconds! Can anyone help with some advice on how to further strengthen my systems' password checking? Many thanks in advance -- will summarize as this has been incredibly hard to get detailed information on! __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From mgreene at aci.on.ca Thu Jan 8 13:12:19 2004 From: mgreene at aci.on.ca (Marco Greene (Home)) Date: Thu, 08 Jan 2004 18:12:19 -0000 Subject: SUMMARY: (Late) Recovering Solaris/Intel with NetBackup 4.5 Message-ID: <000901c3d612$07c3e560$f6c8a8c0@pepstep> Well my approach was correct, but my SPARC experience got in the way It turns out there is a huge difference between how Intel and SPARC boots. In the SPARC world you have to install the boot block on the root slice of the boot disk. In the Intel World you have to install the boot block on slice 2 of the boot disk. Furthermore, the way I am trying to do it, I have two instanced of Solaris installed on the same physical disk. The idea is that if I need to restore, I can just boot to the second instance which is installed on slice 7 and then newfs the other file systems, mount them, and initiate the restore. I don't actually need to install the boot block because there is already a valid boot block on the disk. Original question: _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From mgreene at aci.on.ca Thu Jan 8 13:14:31 2004 From: mgreene at aci.on.ca (Marco Greene (Home)) Date: Thu, 08 Jan 2004 18:14:31 -0000 Subject: SUMMARY: (Late-OOPS) Recovering Solaris/Intel with NetBackup 4.5 Message-ID: <000a01c3d612$46243800$f6c8a8c0@pepstep> Well my approach was correct, but my SPARC experience got in the way It turns out there is a huge difference between how Intel and SPARC boots with Solaris. In the SPARC world you have to install the boot block on the root slice of the boot disk. In the Intel World you have to install the boot block on slice 2 of the boot disk. Furthermore, the way I am trying to do it, I have two instanced of Solaris installed on the same physical disk. The idea is that if I need to restore, I can just boot to the second instance which is installed on slice 7 and then newfs the other file systems, mount them, and initiate the restore. I don't actually need to install the boot block because there is already a valid boot block on the disk. Note: The Sun answerbook for Solaris 8 tells you that you need to install it on slice 0, like you do in SPARC; however, some further diging in sunsolve and I was able to find a bug report about that document. It is indeed slice 2. Original question: ********** Hi all, Here are the specifics. CPQ DL360 - RAID1 (36GB Drives) with Solaris 8 01/01. Using the same premise as Solaris on SPARC, you can not recover the operating system without an alternate path restore. On Solaris on SPARC I generally install the core OS and the NBU agent on an alternate disk...then do an Alternate Path restore..i.e. From / to /a/. This works. However on Solaris for Intel I have come into some issues. Basically I install the core OS with the NBU agent on slice 7 of the disk....and also install it as per normal on the other slices. Slices 0-6 are used for the production instance and my thoughts are...hey if we need to recover...we just change the boothpath and boot from slice 7 and then restore slices 0-6. I alluded to this in one of my previous postings about installing two instances of Solaris on a single drive. Darren Dunham mentioned that I would have some strange behaviour (he was right). Part of me wishes I could just roll this out on SPARC but as with most people I am on a budget crunch. I have a feeling it has something to do with the bootblk. I have tried setting this up with a specific x86boot partition and without that boot partition. I have used installboot to install the bootblk. When all said and done I always get the same result. Can't boot from /pci at 0,0/pcie11,4040 at 1/sd at 0,0:a - Slice not allocated. If I boot back to slice 7 I can confirm that these are the device names of the disk in question. I am hoping to have a recovery solution in place for this system in early Jan so I can roll out a production syslog server. Any suggestions you can provide would be greatly appreciated. Thanks and will summarize. Marco. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From mbw at u.washington.edu Thu Jan 8 17:51:25 2004 From: mbw at u.washington.edu (MattW) Date: Thu, 08 Jan 2004 22:51:25 -0000 Subject: SUMMARY: A1000 & Solaris 9, slow / long boot time In-Reply-To: <31a28a6c.0401070331.6a0306d6@posting.google.com> References: <3fefa2e4@news.zianet.com> <31a28a6c.0401070331.6a0306d6@posting.google.com> Message-ID: <3FFDDD8B.9000401@u.washington.edu> ok, I'll summarize what fixed this problem.... as it turns out, the /kernel/drv/rdnexus.conf file lists 64 different SCSI busses to search for when booting, looking for RAID devices... well, there are only 3 scsi busses in my machine, so I trimmed the file down to the first 4 scsi busses and my boot time was greatly improved.... host% cat /kernel/drv/rdnexus.conf name="rdnexus" parent="pseudo" instance=0; name="rdnexus" parent="pseudo" instance=1; name="rdnexus" parent="pseudo" instance=2; name="rdnexus" parent="pseudo" instance=3; #begin commenting.... #name="rdnexus" parent="pseudo" instance=4; #name="rdnexus" parent="pseudo" instance=5; #name="rdnexus" parent="pseudo" instance=6; #.... and so on up to instance=63 To debug what is hanging up your system at boot time, edit the /etc/system file and put in the following section: (*=comment) * Begin Matt's Kernel Module Debug (as directed by sun) * to solve the 5 minute timeout at boot problem set moddebug=0x80000000 * End Matts Kernel Module Debug Thanks for the replies, folks, this is a great list and I appreciate the feedback on such issues! Matt >>>>System is: >>>> Sun Fire V240 SunOS Release 5.9 >>>> Version Generic_112233-08 64-bit sparc >>>> >>>>What is wrong is that a reboot on this machine takes 5 minutes or more... >>>> >>>>it hangs right here in the boot process: >>>> >>>>Rebooting with command: boot >>>>Boot device: disk:a File and args: >>>>SunOS Release 5.9 Version Generic_112233-08 64-bit >>>>Copyright 1983-2003 Sun Microsystems, Inc. All rights reserved. >>>>Use is subject to license terms. >>>>\ >>>> >>>>.....and here it sits for 6-7 minutes before continuing. >>>> >>>>This machine is a Sun Fire V240 with a PCI dual-port differential scsi >>>>card in it. Attached to the scsi card is a tape array on one port >>>>and the A1000 sun disk array on the other. >>>> >>>>After 6-7 minutes of sitting without any progress, it *finally* continues >>>> >>>>Would like to get the cycle time on this machine improved. >>>>Does anyone know what can we do to fix this? >>>> >>>>thanks, >>>> >>>>Matt _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From PRoetman at CSXWT.com Thu Jan 8 22:16:00 2004 From: PRoetman at CSXWT.com (Roetman, Paul) Date: Fri, 09 Jan 2004 03:16:00 -0000 Subject: SUMMARY: Metadisk Mirror re-sync Message-ID: Original question about re-syncing Metadisks below... Thanks to Darren Dunham Julie Baumler David B. Harrington Ellen Davis and anyone else who spent time on this! Darren came up with the solution first!...and there were some close variants of that solution! Some interesting reading on booting from different mirrors http://www.sun.com/solutions/blueprints/1002/817-0407-10.pdf Here is the final method: Disk layout d0 = default boot disk (root partition) d10 = sub mirror one d20 = sub mirror two. 1. Confirm standard boot device d0, with sub-mirrors of d10 and d20 2. determine physical devices metastat d10 --> /dev/dsk/c0t1d0s0 metastat d20 --> /dev/dsk/c0t0d0s0 3. determine physical address of device ls -l /dev/rdsk/c0t1d0s0 --> /devices/sbus at 2,0/SUNW,socal at d,10000/sf at 0,0/ssd at w2100002037a86c65,0:a,raw ls -l /dev/rdsk/c0t0d0s0 --> /devices/sbus at 2,0/SUNW,socal at d,10000/sf at 0,0/ssd at w210000203796fb42,0:a,raw 4. setup boot names at "ok" prompt nvalias bootdisk /sbus at 2,0/SUNW,socal at d,10000/sf at 0,0/ssd at w2100002037a86c65,0:a nvalias mirrdisk /sbus at 2,0/SUNW,socal at d,10000/sf at 0,0/ssd at w210000203796fb42,0:a 5. Break mirror and setup each boot disk metadetach d0 d20 touch /d0.disk (create dummy file to verify disk name) mount /dev/md/dsk/d20 /usr/dummy (mount into a dummy directory) cd /usr/dummy metaroot -n /dev/md/dsk/d20 (obtain what changes are required) edit vfstab, set root disk to d20 (get all this info from metaroot command) edit system, modify to this rootdev:/pseudo/md at 0:0,20,blk touch /usr/dummy/d20.disk 6. Confirm boot off each disk, verify dummy file boot bootdisk verify /d0.disk exists boot mirrdisk verify /d20.disk exists At this point, can apply patches to d0 or make config changes to d0 - with a good backup of original system on d20. 7. If all goes well with patches the copy changes from d10 to d20 boot bootdisk confirm /d0.disk exists metattach d0 d20 metastat d0 (to confirm sync complete) confirm /d0.disk exists reboot 8. If patch application/config changes FAIL, copy d20 to d10 boot mirrdisk verify /d20.disk exists mount /dev/md/dsk/d0 /usr/dummy (not really necessary) verify /usr/dummy/d0.disk exists umount /usr/dummy metaclear d0 (remove old d0 .. d10 does not change) metainit -f d0 -m d20 (force creation of d0 to d20 mirror) metaroot -n /dev/md/dsk/d0 (print what todo without doing it) metaroot /dev/md/dsk/d0 (actually run the command) reboot (boots off default of d0) metattach d0 d10 watch re-sync! ========================= Another solution suggested was I haven't had a chance to test it, but in theory, it looks like you can (unsupported) edit /etc/lvm/md.cf to tell it that d0 is made up of d20 with d10 as a mirror. /etc/lvm/md.conf should initially have said something like: d0 -m d10 d20 1 d10 1 1 c0t0d0s0 d20 1 1 c1t0d0s0 But after the metadetatch says something like: d0 -m d10 1 d10 1 1 c0t0d0s0 d20 1 1 c1t0d0s0 Edit it to: d0 -m d20 d10 1 d20 1 1 c1t0d0s0 d10 1 1 c0t0d0s0 Reboot. There doesn't seem to be a real win in this process over the other though; the only place I could possibly see it as being useful is with live upgrade where you can't run meta* commands on your inactive boot environment but may wish to only do one reboot to change BE's and fix your disk setup - even in that case, I suspect you really should be using etc/lvm/md.tab which IS supported. ========================= ORIGINAL POST: Hello There may be a simple solution for this, but I cannot see it (or it's just been a long day!!).... If I have the metadisk setup for the root disk d0 mirror to d10 d0 mirror to d20 If I detach d20 metadetach d0 d20 I can then boot of either d0 or d20 (have tested this). There are great examples on this from BigAdmin in 817-0407-10.pdf - Configuring Boot Disks With Solaris(tm) Volume Manager Software If I boot of d0, then I can re-attach and sync d20 (i.e. d20 is a copy of d10), this is no problem...BUT, it I boot on d20 (and make changes to d20) is there a simple way to sync d0 (or d10) to d20, so d10 is then an exact copy of d20. The only way I can see so far is to completely destroy d0 and d10, then rebuild the whole mirror...this seems a bit over the top! Cheers Paul _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Kent.Perrier at HCAhealthcare.com Fri Jan 9 14:30:42 2004 From: Kent.Perrier at HCAhealthcare.com (Perrier Kent) Date: Fri, 09 Jan 2004 19:30:42 -0000 Subject: Summary RE: installing packages without pkgadd Message-ID: > I fell like a goof. I have built 5 Solaris 8 machines using > jumpstart. > These were minimal installs of the operating system. It > appears that I did > not specify that that package that contains pkgadd, et el, to > be installed. > > So, now that I know this, I will edit the profile to add that > package, but > how to I install the package that contains pkgadd without > pkgadd being their > in the first place? > As several people have said, this is not possible as the pkg* utilities are in SUNWcsu, which is a core Solaris package. Looking at the machines again, I see those files there so I will have to look at what I was doing yesterday and figure out what I was doing wrong. /me feels even more like a goof. Kent -- Kent Perrier HCA Healthcare UNIX Certification _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From pawos at excite.com Mon Jan 12 14:41:25 2004 From: pawos at excite.com (Paul) Date: Mon, 12 Jan 2004 19:41:25 -0000 Subject: (Summary) getting solaris 9 to use eri0 Message-ID: <20040112193553.793823E1E@xprdmailfe11.nwk.excite.com> Thanks all who responded. Sometimes it's a combination of replies that helps the best. Had a combination of things missconfigured including the netmask. And the plumb command and eri0 up worked to bring it up and all is good. so check: /etc/hostname.eri0 netmask /etc/hosts and ifconfig eri0 plumb ifconfig eri0 up Thanks all! --- On Mon 01/12, Paul < pawos at excite.com > wrote: From: Paul [mailto: pawos at excite.com] To: sunmanagers at sunmanagers.org Date: Mon, 12 Jan 2004 10:41:41 -0500 (EST) Subject: getting solaris 9 to use eri0 What file do I have to hakc to get a solaris 9 system to use eri0 or the hostname and IP to use it? I have the hostname and IP configured but is not putting that information on the ethernet interface. I do ifconfig -a and it show the eri0 but the info is not in there. The way we ended up there is restoring from a similar system then changing all the info. And this is what we have left to change is to point all that info to eri0. Also tried a touch /reconfigure and no worky. Thanks.
The most personalized portal on the Web!
_______________________________________________
sunmanagers mailing list
sunmanagers at sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
The most personalized portal on the Web! _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From oetiker at ee.ethz.ch Tue Jan 13 02:43:46 2004 From: oetiker at ee.ethz.ch (Tobias Oetiker) Date: Tue, 13 Jan 2004 07:43:46 -0000 Subject: [summary] What does my Kernel do? In-Reply-To: References: Message-ID: Summary: How to figure what my Solaris Kernel does Usual Suspects -------------- * It is serving NFS ... this can use a lot of CPU. Make sure you are running version 3. * A fast (Gigabit) interface can almost fill a cpu if it is busy * It is swapping. If the kernel runs out of memory it will spend most of its time moving pages back and forth between disk and ram. - run "vmstat 5" the sr (scan rate) column should be very low (<100) this means the system is not scanning for free memory pages - It may make sense to have a lot of swap space configured, as Solaris does conservative memory allocation. When a process forks it will immediately allocate all the memory necessary even though it does not use it. Solaris does "copy on write" so why not have this extra memory allocated in swap instead of real ram, assuming it is never going to be used anyway. (correct me if I am wrong here.) * It is forking ... this does not have to be a real fork bomb, but just some process quitting and being restarted immediately. Pidentd running non multi-threaded may be such a software. Some cgi process could also be it. This is detectable by looking at the 'last process id' with a tool like top. * It is running veritas volume manager and a disk has failed. Useful Tools ------------ * lockstat lockstat -gkIW sleep 60 gives a 60 second profile of the kernel * iftop http://www.ex-parrot.com/~pdw/iftop will show which box is sending how much traffic through your interface * se toolkit www.setoolkit.com virtual adrian may be able to give some hints onto where the performance issues lie * prstat prstat -m will show user vs system time for each process, so if it is a process causing the problem it should show here * truss truss -c -p PID can help to identify which system calls a problematic process is spending its time on. A summary is printerd on ctrl-c * iostat iostat -xnP 30 30 shows where the system is writing and reading data and how much * vmstat vmstat 5 shows paging activity (check the sr column) * kstat Displays kernel statistics. Did not get any useful hints on what could be discovered here ... but sure gives a lot of numbers * prex prex -k Part of the solaris tracing architecture. Note, that this will just open a shell where you are expected to enter commands to activate the tracing. I got the following example ... (reading the output is another issue) # prex -k 1) Type "help" for help ... prex> buffer alloc 10m 2) Buffer of size 10485760 bytes allocated prex> enable $all 3) prex> trace $all 4) prex> ktrace on 5) ... wait a bit ... prex> ktrace off prex> untrace $all prex> disable $all prex> quit # tnfxtract ./tnf.result 6) # prex -k Type "help" for help ... prex> buffer dealloc 7) prex> quit # tnfdump ./tnf.result 8) 1) Issue prex command with kernel trace mode 2) You should allocate kernel in-core buffer to trace kernel activity. 3) Enable trace set named $all. You can specify your own trace facility (tnf_name) set. (ie. all I/O operation) Refer prex man page. 4) Trace $all set. 5) Start kernel trace. Immediately kernel starts to collect tnf_probe and store it kernel in-core buffer. 6) Extract contents of kernel buffer to file system. 7) Deallocate kernel in-core buffer. You should extract contents of buffer before deallocate buffer. Contents of buffer will be erased immediately when you issue "deallocate" 8) Convert raw tnf data to readable ASCII format. Reading List ------------ Sun Performance and Tuning: Java and Internet, 2nd Edition (Adrian Cockcroft) http://www.booksmatter.com/b0130952494.htm Unlocking the kernel http://www.sun.com/sun-on-net/itworld/UIR980801perf.html Performance and Tuning on the Solaris 2.6, 7, and 8 http://developers.sun.com/solaris/articles/tuning_solaris.html Contributors ------------ Markus Kluge, Ramiro Santos, Allen Wooden, przemol, Casper Dik, Jon Andrews, Thomas 'Mike' Michlmayr, Amiel Lee Yee, William Hathaway, Jeff Vaneek, Frank Smith, Darren Dunham, Jon Andrews, Darren Dunham, Luc I. Suryo, Joe Fletcher, Mark Pfeiffer, Joohyun Cha, Karl Vogel, Todd M. Wilkinson. Yesterday Tobias Oetiker wrote: > Folks, > > We have this 4 Way Sun Enterprise 420R server. With 4GB Ram and > about 10GB swap. It runs a ton of services (Apache, Postfix, > Amavis, Spamassassin) and it also acts as a NFS server. > > Lately we are experiencing performance issues ... the box goes to > load 17 and responds rather sluggishly. > When looking at the load we often see the following picture: > > 50% User > 50% Kernel > 0% Idle > > The 50% User is easy to attribute by looking at the processes. But > what is the system doing in the 50% kernel time? > > Is there something like kernel-top? I played around with lockstat > a bit, but it did not really answer my questions ... > > We are running Solaris 8. > > cheers > tobi > -- ______ __ _ /_ __/_ / / (_) Oetiker @ ISG.EE, ETZ J97, ETH, CH-8092 Zurich / // _ \/ _ \/ / System Manager, Time Lord, Coder, Designer, Coach /_/ \.__/_.__/_/ http://people.ee.ethz.ch/~oetiker +41(0)1-632-5286 _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From PhippsAC at telkom.co.za Tue Jan 13 07:58:04 2004 From: PhippsAC at telkom.co.za (Adrian Phipps (AC)) Date: Tue, 13 Jan 2004 12:58:04 -0000 Subject: SUMMARY: Apache 2.0.** binary for Solaris 8 Message-ID: Hi all, Thank you all for the prompt responses, I was able to find a reliable binary here: http://www.apache.org/dist/httpd/binaries/solaris/. Just remember to rename the files when downloaded, I think that was my mistake. cheers Adrian Phipps 90 Durban Road IT Building Bellville Work 021-949 4642 Cell 082 787 7321 Fax 021-945 4740 <> > -----Original Message----- > From: Adrian Phipps (AC) > Sent: Tuesday, January 13, 2004 11:34 AM > To: 'sunmanagers at sunmanagers.org' > Subject: Apache 2.0.** binary for Solaris 8 > > Hi all, > > I know we should only resort to this mailing list when all else > fails but I just cannot seem to find a nice binary of Apache 2.0.** > for Solaris 8 to download. Any pointers or download locations would > be much appreciated. > > Regards > > > Adrian Phipps > 90 Durban Road > IT Building > Bellville > Work 021-949 4642 > Cell 082 787 7321 > Fax 021-945 4740 > > <> [demime 1.01b removed an attachment of type image/bmp which had a name of ole0.bmp] [demime 1.01b removed an attachment of type image/bmp which had a name of ole1.bmp] _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From john.dunn at sefas.co.uk Wed Jan 14 10:02:03 2004 From: john.dunn at sefas.co.uk (John Dunn) Date: Wed, 14 Jan 2004 15:02:03 -0000 Subject: [SUMMARY] How to install samba? Message-ID: Thanks for all the replies. The following about covers it. : You need to be root and execute the following commands: # gunzip samba-2.2.8a-1-sol8-suncc-32bit.pkg.gz # pkgadd -d samba-2.2.8a-1-sol8-suncc-32bit.pkg _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From peter at ashlyn.co.uk Wed Jan 14 12:08:58 2004 From: peter at ashlyn.co.uk (Peter Stokes) Date: Wed, 14 Jan 2004 17:08:58 -0000 Subject: [SUMMARY] Cups configuration on Sol 9 Sparc Message-ID: <1074099662.1082.44.camel@sunsys.localdomain> Hi Had a couple of replies from Rob De Langhe John Leadeham as well as a few Out of Office I forgot to mention I had downloaded the binary from Sun's website, the replies were welcome, but related to source download and install into different locations to the Sun binary. I decided to press on with the binary which I had installed. The binary installs into /opt by default and does not install anything into /etc/init.d etc. So I simply copied the /opt/sfw/cups/etc/init.d etc. entries into the relevent /etc places, rebooted and I was then able to login to the web based config program at http://localhost:631 and setup my networked HP laserjet printer. The next issue are the commands which are all in /etc/sfw/cups/bin and sbin. So you will need to add this to your PATH or provide symlinks from a more suitable directory. After that all worked fine. Below are the replies received for completeness Rob --- Here you go : 1. download from "http://www.cups.org" and extract it 2. go to the extracted directory, and run the self-configuration : ./configure --with-perl 3. install it as "root" : make install This installs the following directories/files : /usr/lib/cups, /etc/init.d/cups (plus links /etc/rc[235].d/S99cups and /etc/rc0.d/K00cups), /usr/share/cups, /usr/share/doc/cups, /var/log/cups, /var/spool/cups, /etc/cups 4. summarized to setup new printer: 1. run "lpadmin -p printer -E -v device -m ppd" where printer is the name of the printer (e.g. "ourprinter"), device is the path to reach the printer (e.g. "socket://11.22.33.44" for a networked printer), and ppd is the name of the PostScript Printer Description (PPD) file for an Epson-Stylus color printer (e.g. "stcolor.ppd") 2. set this printer as default printer with lpadmin -d printer 5. install the ESP GhostScript package to support printing to non-PostScript printers 6. for troubleshooting : 1. edit the file "/etc/cups/cupsd.conf" and set LogLevel debug (instead of "info" for normal operation) 2. restart the scheduler /etc/init.d/cups stop ; /etc/init.d/cups start 3. look in the file "/var/log/cups/access_log" and "/var/log/cups/error_log" Epson printer driver for Solaris: "xwdriver" John ---- This looks like a fairly straightforward description: http://tokyojim.com/cups.html Original Question ----------------- Hi I may have missed the obvious, but cannot find how to do this (tried Google, cups.org etc). I downloaded the printing sfw from the Sun website and installed it no problem, however I cannot see how to set it up for Solaris. Anyone have a link to this info or can give pointers what I need to do? Peter ---------------------------- Peter Stokes Ashlyn Computer Services Ltd Tel: +44 (0)1636-627900 Mbl: +44 (0)7977-532320 Fax: +44 (0)1636-627909 ---------------------------- _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From martini at mrpeabody.llnl.gov Thu Jan 15 14:09:17 2004 From: martini at mrpeabody.llnl.gov (Dave Martini 1) Date: Thu, 15 Jan 2004 19:09:17 -0000 Subject: SUMMARY:deleting a user from passwd table Message-ID: <200401151858.i0FIwQLv022663@raider.llnl.gov> My syntax was wrong. Here is what worked for me thanks to Daryl and Derek and Kevin. To delete a users NIS+ account from the command line # nistbladm -r name=paulac passwd.org_dir To delete their home directory # nistbladm -r key=paulac auto_home.org_dir My original question was: I'm trying to delete a users account from the NIS + passwd table and I'm doing this from the NIS+ server directly but get this error nistbladm -r '[key=paulac]' passwd.org_dir : NIS+ servers unreachable. The user who I'm trying to delete is paulac. I can delete using the gui but not command line. Is my syntax ok? What would cause this? David Martini LLNL _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From plemmons at math.msu.edu Thu Jan 15 14:20:23 2004 From: plemmons at math.msu.edu (Steve Plemmons) Date: Thu, 15 Jan 2004 19:20:23 -0000 Subject: SUMMARY: changing someone's home directory using nistbladm Message-ID: <200401151905.i0FJ59A16710@math.msu.edu> Back in July, Dave Martini posted the following syntax as the proper way to use nistbladm to edit the value of a table (why are the sun docs so off on this?). nistbladm -e value=hostname:/export/home2/user '[key=username]'auto_home.org_dir I translated that into the following command for my needs: nistbladm -e home=/home/faculty2/brenden '[name=brenden]'passwd.org_dir This works fine from the command line, but I wanted to script this to save some typing. Following is the text from a simple example of what I want to do: #!/bin/sh echo "Enter login name: " read USERID MAT=`nismatch name=$USERID passwd.org_dir` if [ -z "$MAT" ]; then echo no such user $USERID exit 1 fi nistbladm -e home=/home/faculty/${USERID} '[name=${USERID}]'passwd.org_dir Running this script gives me the following output. Enter login name: brenden can't modify entry: Not found. I know that this is a simple scripting problem with the variable usage or maybe something to do with the single quotes, but I can't find the answer in any docs that I have available to me or on the net. Can someone give me some advice about the proper syntax for that last line of my script? Thanks, Steve Plemmons _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From jordivi at wtransnet.net Fri Jan 16 13:11:58 2004 From: jordivi at wtransnet.net (Jordi Vidal) Date: Fri, 16 Jan 2004 18:11:58 -0000 Subject: SUMMARY: System booting after fatal error FATAL In-Reply-To: Message-ID: Thanks to many who answered, Everyone who dropped me a letter said the same: REPLACE CPU. So I did and now its solved. :-) I was instructed also to look at prtdiag -v output (nothing wrong), attach an ascii console (laptop with minicom / hyperterminal / Teraterm ...) and wait to the next crash to read the system panic. Thanks, Jordi http://www.wtransnet.com Dpto. Ticnico On Mon, 12 Jan 2004, Jordi Vidal wrote: > Hi > > What can cause this? I didnt find anything in the logs ... > > Jan 12 16:40:24 xxx genunix: [ID 540533 kern.notice] ^MSunOS Release > 5.8 Version Generic_108528-13 64-bit > Jan 12 16:40:24 xxx genunix: [ID 913631 kern.notice] Copyright > 1983-2001 Sun Microsystems, Inc. All rights reserved. > Jan 12 16:40:24 xxx genunix: [ID 678236 kern.info] Ethernet address = > 0:3:ba:8:b2:90 > Jan 12 16:40:24 xxx unix: [ID 389951 kern.info] mem = 2097152K > (0x80000000) > Jan 12 16:40:24 xxx unix: [ID 930857 kern.info] avail mem = 2048696320 > > Jan 12 16:40:24 xxx unix: [ID 796976 kern.notice] System booting > after fatal error FATAL > Jan 12 16:40:24 xxx rootnex: [ID 466748 kern.info] root nexus = Sun > Enterprise 450 (4 X UltraSPARC-II 400MHz) _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From PhippsAC at telkom.co.za Mon Jan 19 09:10:35 2004 From: PhippsAC at telkom.co.za (Adrian Phipps (AC)) Date: Mon, 19 Jan 2004 14:10:35 -0000 Subject: SUMMARY:CDE problems Message-ID: Hi all,, Thanks to John Warr for his quick response. I just closed the offending windows and saved my session so when I logged in again they stayed away. thanks Adrian Phipps 90 Durban Road IT Building Bellville Work 021-949 4642 Cell 082 787 7321 Fax 021-945 4740 -----Original Message----- From: Adrian Phipps (AC) Sent: Monday, January 19, 2004 3:53 PM To: sunmanagers at sunmanagers.org Subject: CDE problems HI all, I have recently installed solaris 8 onto my workstation, I would like to know if anybody knows how to disable the "Help Viewer" and "File Manager" windows from automatically starting up when I log in? Regards Adrian Phipps 90 Durban Road IT Building Bellville Work 021-949 4642 Cell 082 787 7321 Fax 021-945 4740 <> [demime 1.01b removed an attachment of type image/bmp which had a name of ole0.bmp] _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From mbialik at infinityhealthcare.com Mon Jan 19 16:50:54 2004 From: mbialik at infinityhealthcare.com (Mark A. Bialik) Date: Mon, 19 Jan 2004 21:50:54 -0000 Subject: SUMMARY: Volume Management (SVM) with SMC 3.5 Message-ID: <400C4FE8.6050702@infinityhealthcare.com> Managers, Normally I would say I feel stupid, but I have to chalk this one up to poor naming conventions on Sun's part. Apparently Sun Management Center is wildly different than the Solaris Management Console. Silly me. Thanks to Noelette Stout for clearing this up: "The SunMC 3.5 software available on Sun's web site is the Sun Management Center. It is a completely different piece of Software then the Solaris Management Console (SMC). I would advise that you re-install SMC 2.1 as SunMC is not designed to do what you are trying to do. SunMC could be compared to HP OpenView Network Node Manager. Whereas SMC is designed for system management (it basically replaces the admintool gui)." good luck, Noelette Stout Original Question: Hello Managers, I recently did a fresh install of Solaris 9 (Sparc) and played around with the new Java-based Solaris Management Console 2.1 to manage the volumes. Browsing Sun's web site, I saw that SMC 3.5 was out and decided to give it a try. So, I removed the SMC 2.1 packages (I did not perform a SMC upgrade) and installed SMC 3.5. After installing SMC 3.5, everything worked fine, except I do not see anything related to volume management. I can get host information, do some basic SNMP queries, etc. But unless you purchase some "Value Added" packages, I don't see any real functionality. I'm really only concerned with the GUI for volume management (yes, I am familiar with the command-line options, and know how to use them). Did I do something bad by removing SMC 2.1? Is there a trick to get volume management working in SMC 3.5? Thanks very much. Will Summarize. Mark ---------- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,is for the sole use of the intended recipient(s), even if addressed incorrectly, and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy or delete all copies of the original message and all attachments, including deletion from the trash or equivalent folder. Thank you. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From ml at kcore.org Tue Jan 20 11:42:43 2004 From: ml at kcore.org (Jan De Luyck) Date: Tue, 20 Jan 2004 16:42:43 -0000 Subject: Unsolved - SUMMARY : OpenSSH on Solaris slow In-Reply-To: <5D1219B98DCF4A4080B6D27B3B1FE0D40A3D59@E0-S2K-2.ads.tnetpro.de> References: <5D1219B98DCF4A4080B6D27B3B1FE0D40A3D59@E0-S2K-2.ads.tnetpro.de> Message-ID: <200401201737.06760.ml@kcore.org> Thanks all for your answers. Most people pointed to DNS problems. Since we don't use DNS, only the hostfiles, this problem is not present. I had pointers from Pavic, Aleksander to try with a different key (RSA instead of DSA) and shorter keylength, but this changed little. Casper Dik pointed out that it's probably an under-optimized OpenSSH implementation - I have no compilation station currently, so I can't compile my own. Jan _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From michael at desimone.net Tue Jan 20 20:09:22 2004 From: michael at desimone.net (Michael DeSimone) Date: Wed, 21 Jan 2004 01:09:22 -0000 Subject: Summary: 420 Memory Configuration In-Reply-To: <400DBFE8.7040509@desimone.net> References: <400DBFE8.7040509@desimone.net> Message-ID: <400DCFB3.6010603@desimone.net> General concencus is nope, I have to bust it open. One other suggestion from Shane is pasted below. It will work but if I have to reboot I might as well just pop it open and take a peek. I did have a vendor say it has to be 256s and offered me "a good deal" but honestly I don't trust how these boxes were set up. Thanks everyone, Michael you could change the diag-level in OBP from min to max causing POST to run and output to the console. It will give you a summary of the size of memory per slot per bank. Michael DeSimone wrote: > Hello Managers, > I have a 420 that I know has 2 GB of Ram. I need to upgrade it to 4 GB > of Ram. I do not know how the Ram is configured internally ( 8x56 or > 16x128). I'm the new guy and of course none of the people that have > been here a while know. I tried using memconf but it gives you a > waring that it isn't sure with a 420 and the comments in the code back > that up. Since memconf uses prtdiag I fugured it would be of little > use to me - and when I tried it was. > > My question to my fellow llist members is: > Does anyone know of another way to find this out other then to crack > the box open? > > > Thanks, > Michael > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From kristianto.setiawan at sun.co.id Wed Jan 21 03:05:09 2004 From: kristianto.setiawan at sun.co.id (kristianto.setiawan at sun.co.id) Date: Wed, 21 Jan 2004 08:05:09 -0000 Subject: SUMMARY : How To Setting Printer Server SUN V880 Message-ID: <12bc113c0c.13c0c12bc1@sun.co.id> Only one respond, Thanks to : Doug Cunningham He suggest to install samba at V880 as virtual Windows client. Samba command : /usr/local/samba/bin/smbclient //PCname/printername -N -c 'print -'>/dev/null Rgds Kristianto ----- Original Message ----- From: Doug Cunningham Date: Tuesday, January 20, 2004 9:38 pm Subject: How To Setting Printer Server SUN V880 > Kristianto- > Try using Samba. Share the printer at the Windows > client. Then use the smbclient print command on the > SUN box (with the smbd demon running) to send the > print job to the printer on the Windows machine. > We use it all the time - it works. > Here's a command you can use, > /usr/local/samba/bin/smbclient //PCname/printername -N > -c 'print -'>/dev/null. > You can leave the /dev/null part off if you choose, > but you will get unwanted info. messages. > I hope this answers your question. > -Doug Cunningham > Icas Systems inc. > > __________________________________ > Do you Yahoo!? > Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes > http://hotjobs.sweepstakes.yahoo.com/signingbonus _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From mikelist at sky.net Wed Jan 21 12:11:56 2004 From: mikelist at sky.net (Mike's List) Date: Wed, 21 Jan 2004 17:11:56 -0000 Subject: SUMMARY: short script to cat filename Message-ID: This script from Richard Lacroix works perfectly, exactly what I needed. -----begin----- #!/bin/sh # # Courtesy of Richard Lacroix # i="00001" while true do echo $i i=`expr $i + 1` if [ $i -lt "10" ] then i="0000"$i elif [ $i -lt "100" ] then i="000"$i elif [ $i -lt "1000" ] then i="00"$i elif [ $i -lt "10000" ] then i="0"$i fi cat somedire/file$i.txt > mydir/file$i.txt if [ $i = "25000" ] then exit fi done -----end----- Thanks for all the responses. There are three-four more scripts which follows the same pattern for which I have not tested. My situation is weird as a lot of people suggests ls/cd/cp commands into the script, which is not an option. - Mike [ In addition to www.sunfreeware.com more packages at ftp.patriots.net ] ---------- Forwarded message ---------- Date: Wed, 21 Jan 2004 10:03:17 -0600 (CST) From: Mike's List To: sunmanagers at sunmanagers.org Subject: UPDATE: short script to cat filename I apologized for any confusion of my post due to the late hours... but what I want to accomplish is as follows: (cat is the ONLY option, no cp/mv/ls/etc.) #!/bin/sh cat /somedir/file00000.txt > /mydir/file00000.txt ... cat /somedir/file25000.txt > /mydir/file25000.txt Yank/copy and search/replace 25k times within vi for a script is not an option and not too productive. I have the below in a script, but it's not working. I do not want to >> to one large file. #!/bin/sh # Somehow variable i needs to equal to 00000 to 25000 as the filenames # are file00000.txt through file25000.txt, note, $i needs to increment # by 00000 to 00001 to 00002 and so on, not 1, 2, 3...25000. for i in * do cat /somedir/file$i.txt > /mydir/file$i.txt done - Mike ---------- previous message ---------- I have over 25000 small text files that I can only displays on screen and cannot mv or cp. Could someone forward me a short script to do the following: cat file00000.txt - file25000.txt > file00000.txt - file25000.txt I'm thinking of the below, but I'm not a script expert. #!/bin/ksh for i = 0-25000 do cat file$i.txt > file$i.txt end Basically, cat 25000 small files and piping it into the same filename. Late project, hopefully someone is reading the list this late. Thanks. - Mike [ In addition to www.sunfreeware.com more packages at ftp.patriots.net ] _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From jordivi at wtransnet.net Wed Jan 21 13:37:46 2004 From: jordivi at wtransnet.net (Jordi Vidal) Date: Wed, 21 Jan 2004 18:37:46 -0000 Subject: SUMMARY: metareplace -e (scsi vs disk errors) Message-ID: Thanks to: Mike Salehi Harrington, David B Gary Chambers Dan Lorenzini I ran a format/analyze/read over the failed disk, it fails and errors now goes to messages file. I metadettached the failed submirror (d62) and asked my boss for a new disk. metadettach -f d60 d62 metadettach -f d62 ----------- Surface analysis && /var/adm/messages errors ---------- # format [...] 7. c3t10d0 /pci at 8,600000/pci at 1/scsi at 5/sd at a,0 Specify disk (enter its number): 7 selecting c3t10d0 [disk formatted] format> analyze analyze> read Ready to analyze (won't harm SunOS). This takes a long time, but is interruptable with CTRL-C. Continue? yes pass 0 Medium error during read: block 2153264 (0x20db30) (211/14/192) ASC: 0x11 ASCQ: 0x0 Medium error during read: block 2153264 (0x20db30) (211/14/192) ASC: 0x11 ASCQ: 0x0 C^C^C^C^C^C^C^C^C^C Medium error during read: block 2153264 (0x20db30) (211/14/192) ASC: 0x11 ASCQ: 0x0 quit quit # /var/adm/messages -> Jan 21 19:05:26 xxx Error for Command: read(10) Error Level: Retryable Jan 21 19:05:26 xxx scsi: [ID 107833 kern.notice] Requested Block: 2153264 Error Block: 2153264 Jan 21 19:05:26 xxx scsi: [ID 107833 kern.notice] Vendor: SEAGATE Serial Number: 0302B0MFC8 Jan 21 19:05:26 xxx scsi: [ID 107833 kern.notice] Sense Key: Media Error Jan 21 19:05:26 xxx scsi: [ID 107833 kern.notice] ASC: 0x11 (unrecovered read error), ASCQ: 0x0, FRU: 0xe4 Jan 21 19:05:30 xxx scsi: [ID 107833 kern.warning] WARNING: /pci at 8,600000/pci at 1/scsi at 5/sd at a,0 (sd25):/pci at 8,600000/pci at 1/scsi at 5/sd at a,0 (sd25): [.... many of these ...] ---------- Original post ---------- Hi SunOS xxx 5.9 Generic_112233-04 sun4u sparc SUNW,Sun-Fire-480R: Yesterday, one disk of an Solaris-9 SVM (SDS in previos releases) mirror failed: Jan 20 20:20:44 xxx scsi: [ID 107833 kern.warning] WARNING: /pci at 8,600000/pci at 1/scsi at 5/sd at a,0 (sd25): Jan 20 20:20:44 xxx SCSI transport failed: reason 'reset': retrying command Jan 20 20:31:13 xxx scsi: [ID 107833 kern.warning] WARNING: /pci at 8,600000/pci at 1/scsi at 5/sd at a,0 (sd25): Jan 20 20:31:13 xxx Unhandled Sense Key 'Vendor Unique' Jan 20 20:46:17 xxx md_stripe: [ID 641072 kern.warning] WARNING: md: d62: write error on /dev/dsk/c3t10d0s7 Jan 20 20:46:18 xxx md_mirror: [ID 104909 kern.warning] WARNING: md: d62: /dev/dsk/c3t10d0s7 needs maintenance I mounted the failed disk to /mnt, touch a file, umount. It seems ok. I invoked "metareplace -e d60 c3t10d0s7" to enable the submirror and resync it to see if it fails again, and after 5-10 minutes it failed: Jan 21 15:52:50 xxx md_stripe: [ID 641072 kern.warning] WARNING: md: d62: write error on /dev/dsk/c3t10d0s7 Jan 21 15:52:55 xxx md_mirror: [ID 104909 kern.warning] WARNING: md: d62: /dev/dsk/c3t10d0s7 needs maintenance No other errors in /var/adm/messages (bad-blocks or so). Other times that a disk failed, in an other server, there were errors about bad blocks in the messages file and "metareplace -e" worked for a while (some days) before the mirror failed again (I dont have spare disks, and in the mean time I prefer a bad mirror than no mirror) How can I check if is a disk problem or a SCSI bus problem? Jordi http://www.wtransnet.com Dpto. Tecnico _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From jbossert at unifiedsignal.com Wed Jan 21 23:36:46 2004 From: jbossert at unifiedsignal.com (John Bossert) Date: Thu, 22 Jan 2004 04:36:46 -0000 Subject: SUMMARY: DLT4700 on Solaris9 Message-ID: <400F51FC.1080600@unifiedsignal.com> A particularly kind reader pointed me to: http://www.quantum.com/NR/rdonlyres/B7E6E2E9-9D64-4C0A-BED3-5F88D3B45511/0/646415801.pdf which is a Nov-2003 guide to configuration of the 4700 with Solaris8/9. Connection was straight-forward to the Netra, probe-scsi-all indicated the device was playing nicely in the SCSI sandbox. There was some inconsistency as to whether Solaris9 requires modifications to the st.conf file (as in 2.6 and earlier) due to improvements in the st driver. One reader said the st.conf file will be fine as is - one said to use the same 2.5/2.6 instructions. One reader noted: "One thing you *can* do with Solaris 9 that would have been much harder back in the old days is control the robot. You *should* be able to get the robot on this guy going with sgen(7D) and mtx. Build and install mtx, from http://mtx.badtux.org." So, tomorrow I get jiggy with Amanda... Thanks, all. -----Original Message----- From: John Bossert [mailto:jbossert at unifiedsignal.com] Sent: Wednesday, January 21, 2004 4:03 PM To: sunmanagers at sunmanagers.org Subject: DLT4700 on Solaris9 I need to install an old DLT4700 on a Netra T1/105 running Solaris9. All the docs I've found refer to Solaris 2.5 or 2.6 - Does anyone have a cheatsheet or the like for setting this up? Alternatively, any pointers to "sufficiently current" documentation? Thx - will summarize. -- John Bossert jbossert at unifiedsignal.com _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From tcannon at noops.org Mon Jan 5 15:39:27 2004 From: tcannon at noops.org (Thomas Cannon) Date: Mon, 05 Jan 2004 20:39:27 -0000 Subject: SUMMARY: Console between two E450's In-Reply-To: <20040105195252.GA2296@noops.org> References: <20040105195252.GA2296@noops.org> Message-ID: <20040105203354.GB5487@noops.org> Thomas Cannon said: > Hi folks. > > I am trying to ssh into one E450, and go out of it's serial port, and into > the serial console of the other. I have a null modem cable running between the > machines (plugged into the A/B port on each). What happens, though, when I run > tip? Not much. From what I understand, running "tip hardwire" should make the > connection (and it does indeed say "connected") but I do not get a login prompt > on the second machine. > > What confuses me slightly is the dual-purpose A/B serial port. Am I supposed to > be using the port labeled "//" instead? > > I'm sure I'm missing some simple detail... getting console from a PC is pretty > simple. Why isn't this working, though? It turns out that I need a special cable to actually reach the "B" serial port (which is the outgoing one). A great write-up about it is here: http://www.idevelopment.info/data/Unix/Solaris/SOLARIS_UsingSerialConsoles.shtml And the cable is Sun part number X985A or 530-1869 which is going from $30-60+ depending on where you look. The pinout can be found here: http://www.stokely.com/unix.serial.port.resources/A-B-Ycablepinout.html#10.lx.link This is it, here: http://www.ultraspec.com/pcatalog.asp?pID=2588 Thanks to all who responded, especially Dave Gagliardi and Christopher Bernard. Cheers, Thomas > > Thanks in advance, > > Thomas > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Jeremy.Loukinas at evenflo.com Tue Jan 6 09:26:43 2004 From: Jeremy.Loukinas at evenflo.com (Loukinas, Jeremy) Date: Tue, 06 Jan 2004 14:26:43 -0000 Subject: SUMMARY: Netra T1 firmware password help Message-ID: I got a lot of responses talking about buying new firmware chips and a lot of other stuff. Turns out as long as you have root access to the OS Openboot does not prompt for a firmware password when issuing EEPROM commands. Sad part was I had neither the root or the LOM/Firmware password. I took the disks and installed them in an Ultra 30 booted of the cd changed the shadow file then stuck them back in the Netra. From there I changed security=none and was able to change my openboot settings. Jeremy -----Original Message----- From: Jeremy Loukinas [mailto:sunadmin at fuse.net] Sent: Wednesday, December 31, 2003 6:22 PM To: sunmanagers at sunmanagers.org Subject: Netra T1 firmware password help How do you reset a lost netra t1 105 password? Thanks jeremy _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From rangarita at telcel.net.ve Tue Jan 6 10:52:38 2004 From: rangarita at telcel.net.ve (Rafael Angarita) Date: Tue, 06 Jan 2004 15:52:38 -0000 Subject: SUMMARY: Keeping servers identical Message-ID: <3FFAD7ED.7020307@telcel.net.ve> Thanks everybody for your comments, The original post: > Does anybody knows a good freeware tool to keep a group of Solaris 9 servers identical? > We have an initial group of servers (about 15) running the same > application and we need to propagate each change made in one server (maybe a > master) over the rest of the servers (specifically config files) > It's possible for us to establish the directories to be replicated. > We don't want to use rdist and would like to not use rsync The answers: - rsync (over ssh) - rdist - cfengine - www.cfengine.org (this takes some learning and configuration to use) - radmind - www.radmind.org - synctree - systemimager - www.systemimager.org) - unison - http://nikola.ee.washington.edu/nikola/nikola2-info.html - scp - http://www.magnicomp.com/rdist/index.shtml Specially thanks to: P. Boven, P. Greidanus, M. Montague, R. Kulawiec, T. Schloss, S, Baillargeon, T Bueker, R. Bond, N Quiogue, -- Rafael Angarita Telcel Bellsouth (+58212)(2009765) _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From sunsa_tx at yahoo.com Tue Jan 6 12:50:15 2004 From: sunsa_tx at yahoo.com (sunsa_tx at yahoo.com) Date: Tue, 06 Jan 2004 17:50:15 -0000 Subject: SUMMARY: ifconfig: plumb: qfe0: Bad file number Message-ID: <20040106174435.25459.qmail@web20727.mail.yahoo.com> Thanks to all who replied. I reinstalled the qfe driver/pakcages and the problem went away. "sunsa_tx at yahoo.com" wrote: Gurus, I need an urgent help. I am getting this error while booting up the server. What should I do. Thanks. SunOS Release 5.8 Version Generic_108528-23 64-bit Copyright 1983-2003 Sun Microsystems, Inc. All rights reserved. ifconfig: plumb: qfe0: Bad file number configuring IPv4 interfaces: hme0. moving addresses from failed IPv4 interfaces: qfe0 (couldn't move, no alternativ e interface). Hostname: brian INIT: SINGLE USER MODE Type control-d to proceed with normal startup, (or give root password for system maintenance): single-user privilege assigned to /dev/console. Entering System Maintenance Mode Thanks Sunsa Free Pop-Up Blocker - Get it now Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From jbossert at unifiedsignal.com Tue Jan 6 13:35:28 2004 From: jbossert at unifiedsignal.com (John Bossert) Date: Tue, 06 Jan 2004 18:35:28 -0000 Subject: SUMMARY/Solution - Problems connecting A-1000 to Netra T1/105 Message-ID: <3FFAFEA5.8080803@unifiedsignal.com> Thanks for the many replies. The problem is that the A1000 has a Differential (HVD) SCSI port while the Netra has a built-in UltraSCSI (SCSI-3) port. Solution: I need to acquire/install a X6541A Differential SCSI controller in the PCI slot of the Netra and terminate the A1000 with a (Sun Part #) 150-1890 terminator. -- John Bossert jbossert at unifiedsignal.com _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From SmithBD at crane.navy.mil Tue Jan 6 14:36:46 2004 From: SmithBD at crane.navy.mil (SmithBD at crane.navy.mil) Date: Tue, 06 Jan 2004 19:36:46 -0000 Subject: SUMMARY: Swap space leak on Clustered E450's with Solaris 8 Message-ID: <1B1A66561ACCD61196BF00B0D0D1432602688F6D@cninnmciexch3.crane.navy.mil> Thank you to both Val Popa and Mr. Krenzischek for their help on this issue. I've setup a script to grab the output of the swap -l command on regular intervals to determine if we are actually seeing "shrinkage" or not. After I look at that data, I'll see if I need to go for some of the tools that Ryan speaks of. Thanks! Here is Val Popa's reply: To see the actual swap the correct command is : swap -l. If this command shows swap=0 then and only then you have run out of swap, else, read below If df -k shows that /tmp is getting full, does not mean that you're running out of swap, rather /tmp is beeing accessed by someone/something else and perhaps a log or some sort of file gets created, which will cause df -k to show /tmp at 100% or something allong these toughts. To verify do this: cd /tmp du -sk * See the sizes and you have found where the bottleneck is. Go there and trace it back to what caused it. V --------------- And the one from Mr. Krenzischek: Check out memtool at http://playground.sun.com/pub/memtool Also try running the BSD ps under /usr/ucb. Pay particular attention to the MEM and RSS columns. The RSS size is the resident size defined for a process in RAM. You should make sure that these numbers are within reasonable size. The other item you might want to take a look at is what programs access file systems mounted as type tmpfs. It might not be a memory leak. A program that might be writing to /tmp might be unlinking a file without first releasing a open read/write fd. Have you considered running sar? You can record events then play them back in realtime to exactly diagnose the time (e.g. if a certain batch process runs) for which the most swap pages are requested. Eventually, those pages should be returned after a process finishes up. And of course, those pesky developers always have a tendency to forget that they implemented a change. Have you verified with your development/applications group if anything has recently changed? For example, I manage certain boxes but the DBAs manage sybase/oracle. They can install a new version of ASE or Oracle RDBMS without my assistance. Check your crontabs. I have had instances where I wrote scripts to monitor a process and it just kept on re-spawning itself. Unfortunately, it took a 6-8 of hours for it to be noticable so it was not apparent at first that a small script was not properly exiting and releasing the memory. Over time, that does increase. I hope this helps. Good Luck. Ryan Brian D. Smith -----Original Message----- From: Smith Brian D CONT CNIN Sent: Tuesday, January 06, 2004 1:35 PM To: sunmanagers at sunmanagers.org Subject: Swap space leak on Clustered E450's with Solaris 8 We have noticed the following problem on nearly every one of our Sun Cluster 2.2 clusters. Each cluster is a three node cluster, with each node being an E450 running Solaris 8. They have been running in this configuration for several years. We have recently noticed that the swap space shrinks over time. By this, I mean that when you do a 'df -k', the total space for swap gets smaller and smaller. Eventhough Sun support doesn't believe us, we ARE NOT seeing a process USING all of the swap space, we are seeing the actual total amount of swap space shrinking. The swap space will eventually shrink to the point that no swapping or writing to /tmp can be done at all. I've looked through every FAQ, manual and website that I can find on the subject, but find nothing on the shrinking swap space. Thus far Sun support has been of no help. I will summarize after I have received replies. Thanks, Brian D. Smith _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From jwu at TULLIB.COM Thu Jan 29 18:37:30 2004 From: jwu at TULLIB.COM (jwu at TULLIB.COM) Date: Thu, 29 Jan 2004 23:37:30 -0000 Subject: SUMMARY: sendmail on solaris 9 woes Message-ID: Hi Chris, I have followed your very useful instruction for sendmail on sol9 with out start sendmail daemon. It worked when I give full e-mail address such as jwu at nyexchange (nyexchange is our mailhost, it's running on NT). It did not work if I only sent by jwu with out nyexchange. It seems to be it did not pick up the /etc/mail/aliases file. I have called sun for support, like you said: (Sun will tell you this cannot be done. They will say that you must run in daemon mode on every machine.) I was wondering if there is a way to go around with this. I most apprecite your help, and thanks for your time. Thanks, Judy Judy Wu Tullett Liberty Tel: 212-208-3908 Email: jwu at tullib.com From khuang at brownco.com Thu Jan 29 16:19:08 2004 From: khuang at brownco.com (Ken Huang) Date: Thu, 29 Jan 2004 21:19:08 -0000 Subject: (SUMMARY): How to do un-mirrored disk replacement without loss of data? Message-ID: Here is the summary: There are couple ways of achieving it, (1) Backup to the tape using ufsdump and ufsrestore to the new disk (2) tar up each file system and untar it on the new disk. (3) Using NFS to copy all the data to the another server. My case was much more complicated, I just had to try and error different methods before come to any of the methods shown above. Regards, Ken _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From sun at oryx.cc Mon Jan 5 22:22:57 2004 From: sun at oryx.cc (Sun List) Date: Tue, 06 Jan 2004 03:22:57 -0000 Subject: [SUMMARY] quota groups and Solaris 9 Message-ID: Hello all, I want to say thank you to everyone who replied to my question and I also want to send out an apology to the list as my question was apparently too vague for many and had some odd replies. Also, before I even got my own message back from the listserv, I received 14 vacation messages. Please don't enable vacation messages on accounts subscribed to a mailing list. the answer - no, Solaris 9 with the default file system (UFS) only provides for user quota's, not group quota's. Several people emailed to let me know that Veritas file system provides group quota's. My original question is posted below. Thanks again to everyone, this is a great list. Jerry K Begin forwarded message: > From: Sun List > Date: Sat Jan 3, 2004 7:54:55 PM US/Central > To: sunmanagers at sunmanagers.org > Subject: quota groups and Solaris 9 > > Is there a way to implement group quota's under solaris 9? > > I am putting together some Sun V100's w/Solaris 9 in a web hosting > environment to replace some aging Sun/Cobalt RaQ4i's. One of the > items that I am not sure how to duplicate is quota groups as provided > by the Linux on the RaQ4i's. It appears that Solaris 9, as shipped by > Sun anyway, does quotas only for users. > > Is there any way, either using the default software shipped with > Solaris, or by 3rd party, to match this capability? > > Also, I am planning to use only SVM (Solaris Volume Manager) to > implement a RAID 1 (mirror) and will not have Veritas VM/FS or > anything else like that. > > I have done some digging around on freshmeat ( > http://www.freshmeat.net/ ) but didn't turn anything up. Bigadmin > (Sun) also turned up nothing. I did find this: > > http://www.sunmanagers.org/archives/1998/1339.html > > during a search of the archives and I am hoping that the situation has > changed since July 1998. > > > Thanks, > > Jerry K _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From ray at biomed.queensu.ca Wed Jan 7 17:37:04 2004 From: ray at biomed.queensu.ca (Ray Pengelly) Date: Wed, 07 Jan 2004 22:37:04 -0000 Subject: SUMMARY: 1TB External RAID shows up as 512GB In-Reply-To: Message-ID: <011b01c3d56d$ef9448d0$be6a0f82@biomed.queensu.ca> Well it looks like its official. I guess I have to reinitialize array into smaller chunks. Tim Chipman added more info on multiple LUN support as well: Hi, an extra slice-of-cake for you on this topic, which I forgot to mention thisAM when I wrote the first time: IIRC, there is a second "known issue" for solaris8X86 default setup, such that multi-LUN SCSI-based devices fail to show LUNS beyond the first one. Absurd. The workaround was a matter of adding some text to the SD.CONF file, I'm putting (way below...) a copy of what we had to do. Clearly, this becomes an issue if you workaround the 512gb bug by creating multiple luns, then you are now in a situation where the extra 512gb luns cannot be seen by default. Just great :-) additionally - just had a quick dig, and I was able to locate the official sunsolve bug report text which I had gotten from the vendor WRT the max-lun-size. I'm putting that (immediately below) for reference. Of course, again, I'm not certain if this is all perfectly relevant for solaris9, but, IF you do build multiple luns, and DO have trouble seeing luns beyond the first .. then maybe this fix is appropriate for you, too. Hope this helps a bit, ---Tim ============================================================================ == SUNSOLVE REF: *Bug ID* *Synopsis* *Date* *4670211* *unable to create volumes greater than 509 gb with **disk arrays.* *17 May 2002* *Category* utility *Subcategory* diskformat_x86 *State* evaluated 4670211 unable to create volumes greater than 509 gb with disk arrays. 17 May 2002 Category utility Subcategory diskformat_x86 State evaluated Description Top Customer is using: 1. Compaq proliant arrays with 70 gb disks from compaq 2. The raid controller is Compaq smart array controller 5300 3. The driver for the raid controller is cpqary3. The driver has been developed by Compaq. 4. They are running solaris 8. A problem has been found when logical volumes are configured with the size of greater than 509 GB. The data holder for number of cylinders in OS SCSI framework is defined as a 32 bit variable all the places, except at one place (struct dk_geom). The OS SCSI framework gets the correct geometry from the HBA driver and the controller and updates internal data structures with that correct information. Also the format utility displays initial messages with correct capacity. However, when the geometry is labelled to the disk and/or partitions are created on the disk for the file system creation, different OS layers involved use the dk_geom structure and hence, it doesn't have place holder for greater than 65535, the cylinder count spills over. And this wrong data is written to the disk as 'label' and it is used later on until the partitions are deleted. So if we are creating a volume of 515gb we see an approx. volume size of 6gb only. ============================================================================ == SAMPLE OF MY SD.CONF TO SUPPORT MULTI SCSI LUNS: loki.ecopiabio.com# more /kernel/drv/sd.conf # #pragma ident "@(#)sd.conf 1.19 99/05/04 SMI" # # Copyright (c) 1998-1999 by Sun Microsystems, Inc. # All rights reserved. # name="sd" class="scsi" target=0 lun=0; name="sd" class="scsi" target=1 lun=0; name="sd" class="scsi" target=2 lun=0; name="sd" class="scsi" target=3 lun=0; name="sd" class="scsi" target=4 lun=0; name="sd" class="scsi" target=5 lun=0; name="sd" class="scsi" target=6 lun=0; name="sd" class="scsi" target=7 lun=0; name="sd" class="scsi" target=8 lun=0; name="sd" class="scsi" target=9 lun=0; name="sd" class="scsi" target=10 lun=0; name="sd" class="scsi" target=11 lun=0; name="sd" class="scsi" target=12 lun=0; name="sd" class="scsi" target=13 lun=0; name="sd" class="scsi" target=14 lun=0; name="sd" class="scsi" target=15 lun=0; name="sd" parent="flashpt" target=0 lun=0; name="sd" parent="flashpt" target=1 lun=0; name="sd" parent="flashpt" target=2 lun=0; name="sd" parent="flashpt" target=3 lun=0; name="sd" parent="flashpt" target=4 lun=0; name="sd" parent="flashpt" target=5 lun=0; name="sd" parent="flashpt" target=6 lun=0; ##JETSTOR III MULTI_LUN_SETTINGS TDC Feb-14-03 ## # BEGIN RAID additional lun entries # DO NOT EDIT from BEGIN above to END below... name="sd" class="scsi" target=0 lun=1; name="sd" class="scsi" target=0 lun=2; name="sd" class="scsi" target=0 lun=3; name="sd" class="scsi" target=0 lun=4; name="sd" class="scsi" target=0 lun=5; name="sd" class="scsi" target=0 lun=6; name="sd" class="scsi" target=0 lun=7; name="sd" class="scsi" target=1 lun=1; name="sd" class="scsi" target=1 lun=2; name="sd" class="scsi" target=1 lun=3; name="sd" class="scsi" target=1 lun=4; name="sd" class="scsi" target=1 lun=5; name="sd" class="scsi" target=1 lun=6; name="sd" class="scsi" target=1 lun=7; name="sd" class="scsi" target=2 lun=1; name="sd" class="scsi" target=2 lun=2; name="sd" class="scsi" target=2 lun=3; name="sd" class="scsi" target=2 lun=4; name="sd" class="scsi" target=2 lun=5; name="sd" class="scsi" target=2 lun=6; name="sd" class="scsi" target=2 lun=7; name="sd" class="scsi" target=3 lun=1; name="sd" class="scsi" target=3 lun=2; name="sd" class="scsi" target=3 lun=3; name="sd" class="scsi" target=3 lun=4; name="sd" class="scsi" target=3 lun=5; name="sd" class="scsi" target=3 lun=6; name="sd" class="scsi" target=3 lun=7; name="sd" class="scsi" target=4 lun=1; name="sd" class="scsi" target=4 lun=2; name="sd" class="scsi" target=4 lun=3; name="sd" class="scsi" target=4 lun=4; name="sd" class="scsi" target=4 lun=5; name="sd" class="scsi" target=4 lun=6; name="sd" class="scsi" target=4 lun=7; name="sd" class="scsi" target=5 lun=1; name="sd" class="scsi" target=5 lun=2; name="sd" class="scsi" target=5 lun=3; name="sd" class="scsi" target=5 lun=4; name="sd" class="scsi" target=5 lun=5; name="sd" class="scsi" target=5 lun=6; name="sd" class="scsi" target=5 lun=7; name="sd" class="scsi" target=6 lun=1; name="sd" class="scsi" target=6 lun=2; name="sd" class="scsi" target=6 lun=3; name="sd" class="scsi" target=6 lun=4; name="sd" class="scsi" target=6 lun=5; name="sd" class="scsi" target=6 lun=6; name="sd" class="scsi" target=6 lun=7; # END RAID additional lun entries ## Additional stuff may follow here, your config may vary. -----Original Message----- From: Peter.Ondruska at fajx.net [mailto:Peter.Ondruska at fajx.net] Sent: Wednesday, January 07, 2004 4:58 PM To: Ray Pengelly Subject: Re: UPDATE: 1TB External RAID shows up as 512GB x86 version of Solaris has certains limits (this has been discussed in Solaris x86 specialized list at http://groups.yahoo.com/group/solarisx86/) which prevent you from using 1TB or bigger. Split the array at hardware level into smaller pieces. "Ray Pengelly" Sent by: sunmanagers-bounces at sunmanagers.org 01/07/2004 08:22 PM To cc Subject UPDATE: 1TB External RAID shows up as 512GB I believe some more info is needed of my setup. I'm running Sol9x86 on a Tyan Tiger 2721-ugn motherboard. This has builtin Adaptec AIC-7902W Dual channel SCSI controller. On Channel A I have a 36GB hard drive running as the system drive. On Channel B (my external channel) I have an external Storcase DS560 RAID Array. This array uses an Accusys SCSI to IDE Raid Controller. I have it loaded with 5 X 250GB drives in a RAID 5 configuration. The controller shows the Array to be 1TB. When I boot into solaris and run SMC or format it shows up as 512GB. Tim Chipman gave some insight with the following: >We've got a Sol8X86 fileserver, it has an external 1.4 Tb disk array. >When I was setting it up, I observed the same problem. The vendor for >the array was prompt to let me know of a known issue in Solaris 8 X86, >which limits single LUN size for this platform to 512gb. [it is >documented in sunsolve, and if you really need it I can probably dig up >the case-ID/reference ##]. >Only workaround if you must have larger lun would be maybe to use >disksuite and then create a metavolume spanning multiple luns physically >sized @ the 512gb limit, and then mount this metadisk... >I suspect the same limitation is present in sol9X86 but cannot confirm >for certain :-) >hope this is of slight help, >Tim Does anyone know if this is true for Solaris 9 x86 before I break my array and reinitialize it with 2 LUNs? I also got some info about installing the SUNWqus and SUNWqusu drivers but isn't that just the driver for the Sun dual channel ultra-3 SCSI card or does it just add support for larger LUNs? Thanks Ray Ray Pengelly Computing Support Technologist Centre for Neuroscience Studies/ CIHR Group in Sensory-Motor Systems Queen's University Give a person a fish and you feed them for a day; teach that person to use the Internet and they won't bother you for weeks. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From watson2046 at 163.com Thu Jan 8 02:53:39 2004 From: watson2046 at 163.com (watson) Date: Thu, 08 Jan 2004 07:53:39 -0000 Subject: SUMMARY: error when mount-- is not this fstype Message-ID: <014e01c3d5bc$6506fab0$0700a8c0@watson> Thanks to everyon who replies, especially Joohyun Cha for the following information: Did you make file system on /dev/md/dsk/d52? # newfs /dev/md/dsk/d52 I make it with this problem. ----- Original Message ----- Hi all, When I type the following command: # mount /dev/md/dsk/d52 /volume (The volume d52 and directory /volume has been created. d52 was created bye the command #metainit d52 1 1 c1t1d0s3) It will prompt as the following: mount: /dev/md/dsk/d52 is not this fstype How can I solve this problem? the os is solaris 9 04/03, and the system is netra t1 ac200. I can mount /dev/dsk/c1t1d0s3 /volume without any problems. Thanks! _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From luandea at paynet.co.ke Thu Jan 8 05:48:55 2004 From: luandea at paynet.co.ke (Andrew Luande) Date: Thu, 08 Jan 2004 10:48:55 -0000 Subject: SUMMARY: Create additional superuser Message-ID: I got very good responses from all the kind people below. A simple way (but not recommended for lack of audit) of doing it is by creating a normal user, and editing the entry in /etc/passwd. Set the UID and GID in the file to 0. admin:x:0:0::/:/bin/ksh Problem with this is files created will be owned by root still, not the new name, because there's a 1 to 1 mapping between UIDs and usernames and for audit purposes will be difficult to tell which user did what. There are two other utilities that you can use for this - sudo -> http://www.courtesan.com/sudo/ - RBAC -> integrated with Solaris 8,9. See: www.sun.com/solutions/blueprints/0603/817-3062.pdf and below are comparisons from Ximo Domenech [ximo_d at yahoo.com] on the differences ---------------------------------- RBAC doesnt work if you want to assign special authorizations that are not included in the auth_attr database. Sudo helps you assign any authorizations you might think of , or need to assign. But if you dont have any special authorizations you need to implement, rbac is much better, controlable. I currently have a sudoers file that is 19k long, and is quite difficult to figure out to move to differrent enviroment. Plus rbac is fully supported by sun when sudo is not. Unfortunately both of them dont have a way to centralize all the data. ---------------- RBAC Advantages: Built in to Solaris 9 Easy to configure in S9 with WBEM/SMC interface Very flexible RBAC Cons: Roles and rights not clearly defined Found I needed to test quite a bit Not as granular as sudo Sudo Advantages: Small, lightweight No massive GUI needed to configure Very very granular Superior logging Sudo Disadvantages: No ability to 'become' a role as with RBAC Have to define each and every command so setup takes longer Need to compile and install Not integrated with BSM ----------- Sudo allows more customized control over homemade scripts in my opinion. Rbac I would say controls more system level controls, printing, ufsdumps, useradds.... No expert but that is what I think the diffs are. -------------- RBAC and sudo do roughly the same thing, as I'm sure you know. There are a few key differences though. 1) RBAC is more difficult and complex to set up than sudo 2) RBAC is integrated into the Solaris authentication mechanism, whereas sudo acts like a 'shell' on top of the services. 3) RBAC is designed for a network. sudo is generally set up on single machines. 4) RBAC is supported by Sun. If you have a broad environment and want one central privilege granting system, you will definitely want to use RBAC. If you just have a few machines that you want to set up pseudo-root access to, then sudo is probably easier (especially since you're familiar with it) Looked at another way, RBAC is more difficult, but more powerful and it scales much better than sudo. The size of your environment and your requirements will determine which is the better tool. -------------------- Sudo is easier to configure, RBAC has gui tools to help you configure it, rbac is part of the operating system and will probably remain so. The more people that switch to native tools, the less the need for other tools. Ole-Morten Duesund [oduesund at bergen.oilfield.slb.com], ed.rolison at itc.alstom.com, hatter at pzat.meep.org, Ximo Domenech [ximo_d at yahoo.com], dom clermont [domclermont at yahoo.com], Bradley Alan [ABradley at omam.com], Joohyun Cha [zoo11 at hst.co.kr], Ole-Morten Duesund [oduesund at bergen.oilfield.slb.com], Meier Adrian [ADRIAN.MEIER at T-SYSTEMS.CH], Parissis Pavlos [PParissi at athens2004.com], Ronny Martin [rmartin at be.tiscali.com], Hi, Good day all. I would like to know if it is possible for me to create another user, with superuser rights. Say a mirror of superuser for additional administrators. Thanks _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From u4009155 at anu.edu.au Thu Jan 22 18:29:14 2004 From: u4009155 at anu.edu.au (u4009155 at anu.edu.au) Date: Thu, 22 Jan 2004 23:29:14 -0000 Subject: Summary: Sunray licensing + another Q (dtlp) Message-ID: <200401222314.i0MNDRL7024864@anumail.anu.edu.au> ) helped with a "CreateClient:/opt/SUNWut/lib/utdtsession add :child error: openAdmin() failed: Internal system error" we kept getting. I've got a simple question here about dtlp settings. How do we remove the header/footer printing either on a user basis or globally. I've tried reading the manuals but am not getting very far I'm afraid. All feedback is very much appreciated! cheers, Kat _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From u4009155 at anu.edu.au Thu Jan 22 18:38:09 2004 From: u4009155 at anu.edu.au (u4009155 at anu.edu.au) Date: Thu, 22 Jan 2004 23:38:09 -0000 Subject: Summary: Sunray licensing + another Q (dtlp) Message-ID: <200401222330.i0MNDRL8024864@anumail.anu.edu.au> ) helped with a "CreateClient:/opt/SUNWut/lib/utdtsession add :child error: openAdmin() failed: Internal system error" we kept getting. (completed, sorry about earlier msg) _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From murugan.bala at kla-tencor.com Fri Jan 23 03:05:05 2004 From: murugan.bala at kla-tencor.com (Balamurugan.T) Date: Fri, 23 Jan 2004 08:05:05 -0000 Subject: SUMMARY: start inetd daemon Message-ID: Thanks very much for your valuable quick replies. Chuck Norem [cnorem at thinkshells.com] Dan Penrod [dan at nortom.com] Laurent Larquhre [llarquere at aacom.fr] Tim Villa [sunmanagers at timvilla.com] Neil Hunt [grover at huntcorp.com.au] Most of the manager answered the same. by sending HUP signal it will not actually shutdown the daemon. #ps -ef |grep inetd root 219 1 0 15:19:41 ? 0:17 /usr/sbin/inetd -s #kill -HUP 219 Thanks Bala _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From lbetten at ziplink.net Fri Jan 23 09:28:14 2004 From: lbetten at ziplink.net (Lauri Bettencourt) Date: Fri, 23 Jan 2004 14:28:14 -0000 Subject: SUMMARY: Disk Suite Issue In-Reply-To: <200401221026.AA115802278@mail.page.ca> References: <200401221026.AA115802278@mail.page.ca> Message-ID: <6.0.1.1.2.20040123091143.05077ec0@pop3.ziplink.net> ALL: Thanks to those that responded. I managed to restore the system disk and not lose any data.:-) Since the data on the external multipack was not affected I simply had to delete the metadb's and recreate the mirror. Regards, Lauri- >---------- Original Message ---------------------------------- >From: Lauri Bettencourt >Date: Wed, 21 Jan 2004 22:50:51 -0500 > > >Hello: > > > >I have a server that has a mirror on an external disk pack. The system disk > >needs to be replaced and I am trying to save the mirrored data. However, > >the metadb's only exist on the external pack and are only mountable as a > >mirror. I cannot unmount the partitions as they are busy. No matter what I > >try. The setup is thus: > > > >Solaris 7 > >DiskSuite 4.2 > > > >bash# metadb > > flags first blk block count > > a m pc luo 16 1034 /dev/dsk/c1t1d0s7 > > a pc luo 1050 1034 /dev/dsk/c1t1d0s7 > > a pc luo 16 1034 /dev/dsk/c1t2d0s7 > > a pc luo 1050 1034 /dev/dsk/c1t2d0s7 > > a pc luo 16 1034 /dev/dsk/c1t2d0s6 > > a pc luo 16 1034 /dev/dsk/c1t1d0s6 > > > >bash# metastat -p > >d0 -m d10 d11 1 > >d10 1 1 c1t1d0s0 > >d11 1 1 c1t2d0s0 > >d1 -m d12 d13 1 > >d12 1 1 c1t1d0s1 > >d13 1 1 c1t2d0s1 > > > > > >System disk is completely separate from his mirror. > > > >I have replaced the system disk. The old one is still available, just on > >it's last legs. How can I get this mirror available on the new system disk. > >Been at it for most of the day and am very bleary eyed. Any help is > >appreciated. > > > >Regards, > > > >Lauri- > > > > > > > > > > > > > > > >~~~~~~~~~~~~~~~~~~~~~~~ > >Lauri Bettencourt > >UNIX System Administrator > >lbetten at wn.net > >~~~~~~~~~~~~~~~~~~~~~~~ > >_______________________________________________ > >sunmanagers mailing list > >sunmanagers at sunmanagers.org > >http://www.sunmanagers.org/mailman/listinfo/sunmanagers > > > >-- >Wesley W. Garland >Director, Product Development >PageMail, Inc. >+1 613 542 2787 x 102 >-- _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From mikelist at sky.net Fri Jan 23 17:45:43 2004 From: mikelist at sky.net (Mike's List) Date: Fri, 23 Jan 2004 22:45:43 -0000 Subject: SUMMARY: Weird log after Recommended patch Message-ID: A couple of replies suggest it could be either. It's kinda interesting that SUNWcsr and sulogin is affected. Since this is a home machine, I decided to re-install and re-download the Recommended patch. No errors the second time around. - Mike [ In addition to www.sunfreeware.com more packages at ftp.patriots.net ] ---------- original message ---------- I have the following file (/var/tmp/115828-01.log.24140) after installing the Solaris 8 x86 Recommended patch... bash-2.05# more /var/tmp/115828-01.log.24140 Dryrun complete. No changes were made to the system. This appears to be an attempt to install the same architecture and version of a package which is already installed. This installation will attempt to overwrite this package. pkgadd: ERROR: source path is corrupt file size <279692> expected <279688> actual file cksum <63818> expected <64655> actual Installation of partially failed. Does the above indicates some tampering with SUNWcsr especially sulogin? The above file size and checksum is incorrect, a security issue or just a corrupt file download? - Mike [ In addition to www.sunfreeware.com more packages at ftp.patriots.net ] _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From nteknikk at monet.no Sun Jan 25 18:04:54 2004 From: nteknikk at monet.no (Terje J. Hanssen) Date: Sun, 25 Jan 2004 23:04:54 -0000 Subject: SUMMARY: Solaris 7 Trim for a diskless SS1 client to boot as X Terminal Message-ID: <40144A41.4000007@monet.no> Thanks to Darren Dunham who responded (see below). I also collect two previous replies, when I nearly 4 years ago posted a similar subject on this list. As a comment first, I will mentione that I have experienced various remote dtlogin problems with Solaris 2.5 - 9 using the suggested, "normal method" to modify /etc/dt/config/Xservers. Because of that I have had to put the entry "Xsun -query" in a rc script to be able to do a remote login on the client. The tip to simply put this entry in edit /etc/inittab instead, worked fine immediately now on Solaris 7. This tip is found at: http://www.unixguide.net/sun/manager/11.2.shtml I have disabled some daemons in /etc/export/root/client/etc/rc2.d/ by simply renaming them (adding a underscore as prefix). This works, and I will try some more later. Terje J. Hanssen ------------------------------------------ My original post: After several similar questions about this subject over the years, I should really wish that Sun had created an official How-to about this, but sorry no, they didn't as long as know. Scenario: On a Sparc Solaris 7 server I have re-installed Solaris 7 Enduser OS service for a good old SS1 (sun4c) diskless (52 Mb memory) client, using the Adminsuite 2.3/Solstice Hostmanager tool. In addition to work in 'pure X terminal mode' with remote dtlogin to the Solaris/app-server, the SS1 client is only requiered to handle a tablet (digitizer) input connected to its local serial port. On the clients filesystem I have already disabled the local CDE startup. Next I have replaced the 'ttymon' entry in the clients /etc/inittab with '/usr/openwin/bin/Xsun -query', so that a remote CDE login from a networked server is displayed directly after the client booting. Problem: What I now need is practical guidelines how to further trim the Solaris setup for the client, to speed up its boot process and dedicate most of its limited resources for the X terminal work. That is, which of and how to disable unecessary startup scripts, services and daemons (fx printer, volum manager, sendmail and more)? Some years ago I got a reply that most of if not all of the rc scripts, except that for the network, really were unnecessary, and that booting to run level 1 (singleuser) could be sufficient for a pure X terminal mode. But I'm not sure regarding the serial port (tablet) support. If this is really possible, how to do it? TIA/Terje ----------------------------------------------------- Darren Dunham replied: >On the clients filesystem I have already disabled the local CDE startup. >> Next I have replaced the 'ttymon' entry in the clients /etc/inittab with >> '/usr/openwin/bin/Xsun -query', so that a remote CDE login from a >> networked server is displayed directly after the client booting. Rather than that, you could just modify /etc/dt/config/Xservers on the client's root filesystem and modify the final line to include the -query option. That's the normal place to do that. I don't think the 'dtlogin' binary is very heavyweight... Modify /etc/dt/config/Xaccess to restrict X service to the local machine. >> Problem: >> >> What I now need is practical guidelines how to further trim the Solaris >> setup for the client, to speed up its boot process and dedicate most of >> its limited resources for the X terminal work. >> >> That is, which of and how to disable unecessary startup scripts, >> services and daemons (fx printer, volum manager, sendmail and more)? >> >> Some years ago I got a reply that most of if not all of the rc scripts, >> except that for the network, really were unnecessary, and that booting >> to run level 1 (singleuser) could be sufficient for a pure X terminal >> mode. But I'm not sure regarding the serial port (tablet) support. >> If this is really possible, how to do it? I would take one of the security lists and follow those for disabling. Certainly anything unneeded should be on it. You probably could run most X stuff in single-user mode unless your network connections had anything strange, but I don't see that worth most anything. Much of the stuff in early rc isn't really damons, it's configuration. Removing them won't necessarily save you any resources later. Most daemons are started by scripts in /etc/rc2.d, /etc/rc3.d, or very rarely rcS.d If those scripts are removed, renamed (so that they do not begin with a capital S), or modified, then the daemon won't start at boot. Since the box itself doesn't need to allow logins, you can disable rpc inetd snmpd automount nfs client nscd syslog (depending on if you're logging or not... might be handy) cron (depending on your needs) printing support volume management mailers -- Darren Dunham ddunham at taos.com Unix System Administrator Taos - The SysAdmin Company Got some Dr Pepper? San Francisco, CA bay area < This line left intentionally blank to confuse you. > -------------------------------------------------------- Subject: Re: Diskless SparcStation 1 as X Terminal From: blymn at baea.com.au (Brett Lymn) Date: Fri, 18 Feb 2000 08:39:41 +1030 (CST) To: terje at nordland-teknikk.no (Terje J. Hanssen) According to Terje J. Hanssen: >> >>1. Have someone experiences with and/or suggestions how to strip and set >>up a smaller/minimum OS software support and faster load for SS1 type >>"XTerminals"? >> Yes, you need to be patient and expect to reboot the SS1 often before you get it right but it can be done. I recommend removing almost all the start up scripts. If you are running purely X and nothing else then you can probably remove just about all of them except for the one that configures the network - and that can be heavily edited. Another thing, you do not have to have the machine come up multi-user to make it an Xterminal - I suggest you edit the inittab and make run level 1 the default level and make the executable for the run level be a shell script that invokes the X server and xdm. The process does take a while to get things set up and some binaries can fail mysteriously if you remove the wrong service but it can be done. The other alternative, if you can afford to lose display postscript and the other Solaris2 Xserver extensions is to grab a copy of Xkernel which is based on SunOS 4.1.x - this will make the SS1 into a basic Xterminal without the headaches of doing it yourself =============================================================================== Brett Lymn, Computer Systems Administrator, BAE SYSTEMS =============================================================================== -------------------------------------------------------- Subject: Re: Diskless SparcStation 1 as X Terminal From: Anthony Worrall Date: Fri, 18 Feb 2000 09:59:46 +0000 (GMT) To: terje at nordland-teknikk.no Hi Here are the packages I use to run our diskless SLCs as Xterminals under Solaris 2.6. SUNWcsr SUNWcsd SUNWcar SUNWxwmod SUNWadmr SUNWcg6 SUNWdfb SUNWsolnm You could choose not to install SUNWsolnm and SUNWadmr if you do not want to do remote admin. Anthony Worrall The University of Reading, Department of Computer Science, Whiteknights, PO Box 225 Reading, Berkshire, UK RG6 6AY Tel: +44 (0)1189 318610 Fax: +44 (0)1189 751994 Email: Anthony.Worrall at Reading.ac.uk _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From newbie at easynet.fr Mon Jan 26 06:11:20 2004 From: newbie at easynet.fr (NewB!e) Date: Mon, 26 Jan 2004 11:11:20 -0000 Subject: Summary: Get SUN S/N on Solaris In-Reply-To: <4014E9F8.3020104@easynet.fr> References: <4014E9F8.3020104@easynet.fr> Message-ID: <4014F493.4090009@easynet.fr> NewB!e wrote: > Hi admins, > > I'm serching for a simple way to get the Serial Number of ours Sun > Servers. > > I searched and all i found is that : > > eeporm |grep serial > > That gave me a serial number, but not the same written on the back of > my server (E220R) > > Does anyone have a magic tool ? > > Newbie > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers > > It's simply not possible. You can get the hostid, the system-board-serial# but not the serial number (on the back, with the bar code) Thx for those who reply Newbie PS : I will take a cab and follow the advice of Steve Elliott :) : "drop to knees in front of system, read number" _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Matthias.Wanke at itellium.com Mon Jan 26 07:16:39 2004 From: Matthias.Wanke at itellium.com (Wanke Matthias) Date: Mon, 26 Jan 2004 12:16:39 -0000 Subject: [Summary] Legato Networker "inquire" command does not work on qlo gic(SUN) fc-hba's Message-ID: <9F984E1366F3D411988100508BF3A64201D1FA58@exmailn01.itellium.com> Hi, problem was solved by looking through the installed legato scripts; there is one "/sbin/lus_add_fp_devs" script which does EXACTLY what i need by adding the entries into lus.conf for the qlogic-attached devices. thanks to Robert Milkowski Eugene Schmidt for them replying and trying to help me. Cheers, Mat -- Von: Wanke Matthias [mailto:Matthias.Wanke at itellium.com] Gesendet: Freitag, 23. Januar 2004 17:31 An: sunmanagers Betreff: Legato Networker "inquire" command does not work on qlogic(SUN) f c-hba's Hi Managers, anyone has a pointer to the above problem? We're trying to run Legato Networker 7.1 on V480/Sol9 with QLogic HBA's mand SUN's SAN Foundation Suite but Networkers s own SCSI-Library won't find the attached LTO's + media changer, although they are seen by cfgadm or luxadm? As we are bound to Legato we can't use SUN's version (SBU 7). TiA, Mat _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From thesunlover2002 at yahoo.com Mon Jan 26 13:37:59 2004 From: thesunlover2002 at yahoo.com (Melissa Young) Date: Mon, 26 Jan 2004 18:37:59 -0000 Subject: SUMMARY: Is Sendmail needed? How to configure mailx? MUA & MTA Message-ID: <20040126183153.67753.qmail@web14902.mail.yahoo.com> Thank you so much for your replies: "Erwin Fritz" "Lars Hecking" "Andy Malato" "Bill R. Williams" "Steven Haywood" "Darren Dunham" "Rich Bishop" "Anthony Talltree" Please allow me to use Bill Williams?s excellent explanation as the summary of this question. I will supplement the summary if more constructive info is received. (I haven?t written a summary yet for the question of ?sendmail ignores DNS MX record? because the problem is not solved yet). Bill?s answer: Whether you need sendmail daemon running to send email depends upon the version of sendmail. You are running Solaris 2.6, and mailx works fine. With the version of sendmail you have installed, you don't need the daemon running. However, should you go to a new Solaris and/or sendmail version you will see a change to this behavior. For your future consideration... We have Solaris 5.9 and $Id: sendmail.h,v 8.919.2.17 On this version (and newer Linux distributions) the security additions and enhancements change the way the sendmail service works with the mail[x] client. There is a "client" daemon running in addition to the server daemon. On Solaris 5.9, the 'ps' shows this: root 15030 1 0 Jan 13 ? 0:00 /usr/lib/sendmail -bd -q15m smmsp 15028 1 0 Jan 13 ? 0:00 /usr/lib/sendmail -Ac -q15m The one running with '-Ac' is the client-level daemon. Without it the 'mailx' will not work, because the outbound mail (from mailx) gets staged/queued into a client queue instead of being delivered immediately by the mailx command. A complete description of the newer sendmail is beyond my ability to explain; however, you can set the sendmail configuration so that it accepts ONLY from the 'localhost' which means "only this machine" -- which is pretty much the behavior you have now. ('localhost' only may be the default.) You can also setup to RELAY only for systems based upon some criteria you specify: domain.name, IP Address, etc. You get quite a bit of flexibility and control with the new version, but you will have to run the client daemon to send mail. ///////////////////// Original Question: I have some questions about Solaris mail here. Here are our system policies: 1) All SUN systems are mail clients. The mail server is MS Exchange. 2) All SUN systems are disallowed to receive emails. 3) All SUN systems need to send emails out among our LANs (not to the Internet). On a test system running Solaris 2.6, after I stopped sendmail daemon, I can still send mail out by using mailx. I understand some MUA can conduct basic MTA functions. My questions: 1) Is sendmail needed to run in such a environment?(It seems not) 2) As a MUA, how does mailx conduct the MTA functions? For example, how does mailx recognize DNS without using MX? Its configuration file /etc/mail/mailx.rc does not contain much information. __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From nfigaro at cdcixis-cm.com Tue Jan 27 02:44:56 2004 From: nfigaro at cdcixis-cm.com (Figaro, Nicolas) Date: Tue, 27 Jan 2004 07:44:56 -0000 Subject: SUMMARY : Antispam server : any advice ?? Message-ID: <3E44E5AEE949DF4FA8E736AF13A8B31D100C85@mspereire.cm.net> Hi, Here is the list of solutions proposed : Postfix + spamassassin ( + amavis/clamav) Qmail + spamassassin + dcc + razor (with rbl on qmail) Pure message (commercial product from sophos) Ciphertrust (commercial product) Communigate (commercial product from stalker) Someone sent me a link to an ancien post : http://www.sunmanagers.org/pipermail/sunmanagers/2003-August/024169.html (SUMMARY: Simple anti-spam system using open-source software and freely-available data) Thanks to those people for their responses : Tim chipman Matt ungaro Henry yiin Brian Michael grice Michael maxwell Kevin raber William smith Rich kulawiec Roy erickson Andrea Nicolas Figaro -----Original Message----- From: Figaro, Nicolas Sent: Monday, January 26, 2004 4:06 PM To: sunmanagers at sunmanagers.org Subject: Antispam server : any advice ?? Hi, We plan to add anti-spam features to our mail architecture. For the moment, only software solutions were used. As "appliances" appears on the mail/antispam market, we'd like to evaluate those solutions too. Has anyone soon evaluated the different solutions (appliance/software) ??? Thanks Nicolas Figaro _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From R.vanHouten at math.uu.nl Tue Jan 27 04:39:24 2004 From: R.vanHouten at math.uu.nl (Rudi van Houten) Date: Tue, 27 Jan 2004 09:39:24 -0000 Subject: SUMMARY SunRay and CAM (or kiosk) Message-ID: <20040127103343.C18436@klappers.math.uu.nl> To all people who helped me, thank you very much. I got the advise to read more documentation and found that at http://docs.sun.com. Some interesting documents that were not on the software CD. And it was pointed out to me that we were on the wrong track. The Controlled Access Mode (Kiosk mode) does not offer users a passwordless login but gives access to a standard interface for everyone who is sitting at the screen, that is not what we want. And the smartcard does not offer authentication with the SunRay software but only a means to identify a session so that it can be moved to an other appliance. So now we use normal logins, but have restricted the access to registered cards only (utpolicy -a -g -r card -t clear). I am now looking at the command smartcard(5) if that can enable easy logins. Regards -- Rudi van Houten - Department of Mathematics Utrecht University Automatiseringsteam / System Management :-) Fantasy is given mankind to make amends for what he is not, and a sense of humour as consolation for what he is. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From rskjels at pogostick.net Tue Jan 27 09:07:40 2004 From: rskjels at pogostick.net (Rikard Skjelsvik) Date: Tue, 27 Jan 2004 14:07:40 -0000 Subject: Summary: Keylogger timetracker etc Message-ID: <40166F1F.3020501@pogostick.net> Sorry for the late summary. In the original post i asked for suggestions for an old commandline application (that i know exist) which will record date/time/and activity(keybordinput and replies) for each telnet/ssh connection to spesific machines. A friend of mine (who is dead now) used it when he was working as a consultant/sysadmin to help ease documentation and make a papertrail of his work. Note! this is not spyware program. I tried to find this program on freshmeat.net by searching for timetracker, keylogger etc. But could not find anything that fit. Therefore i turned to this list. I got one reply tellling me about a keylogger and two replies reccomending the use of the script-command. Since i have not found the program i was looking for, i will use the script-command. Unfortunalty i seem to have lost my saved-mail when upgrading MUA and can not give credit to those who replied. Still, thanks to those who replied (and to those 30+ that was kind enough to tell me about your vacationplans) -- Rikard Skjelsvik _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From tobias.koch at postbank.de Wed Jan 28 05:15:51 2004 From: tobias.koch at postbank.de (Tobias Koch) Date: Wed, 28 Jan 2004 10:15:51 -0000 Subject: SUMMARY: SDS metadb parse_ctd(): partial_ctd_str = malloc(-2) Message-ID: Hello together, the problem is solved, but i don't know how, because the system had many other problems. But if you want to delete all metadbs and it doesen't work with metadb -f -d /dev/dsk/c0t0d0s7 then look into /etc/lvm/mddb.cf and delete the uncomment entries. After that a metadb should say, that there are no existing metadbs. Greets Tobias Koch Original Message: > Dear Managers, > > i've installed a sun netra with solaris 8 7/03 and patched it with the latest > recommend patchcluster, > i create metadevies to mirror the system on two 18 GB HDDs. > all works, but then i detach the second submirror to use the HHD for another > Netra. > > The system comes up, and i wanted to create the mirror for the second Netra, > but a metastat exit with: parse_ctd(): partial_ctd_str = malloc(-2) > > metadb -f -a -c 3 c0t0d0s7 exit with the same > > i boot the system without sds, an wanted to delete all metadbs > but there is one entry i can't delete: > > # metadb > flags first blk block count > a c luo 2084 1034 /dev/dsk/ > > behind /dev/dsk/ comes nothing !!! > > i never saw this befor. > > can anyone help me? > > i will sumarize > > greets tobias koch > __________________ _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From praveen at proactivenet.com Wed Jan 28 07:33:01 2004 From: praveen at proactivenet.com (Praven P Nair) Date: Wed, 28 Jan 2004 12:33:01 -0000 Subject: SUMMARY : Please Help for Solaris VPN Message-ID: <004d01c3e60b$28b42830$a103a8c0@proactivenet.co.in> Hi Gurus, I am too happy to summarize the excellent support you provided for me to find the best VPN solution. Here are the feedbacks Jeremy Loukinas : Provided the solution on Solaris 9.0 as Sun Screen is FREE Marcelino Mata : For the OpenVPN Link : http://www.osnews.com/story.php?news_id=5803 Marco Breedeveld : For suggesting Net4801 and VPN 1411 Doug Winter : To run OpenBSD with IPSEC VPNs Michael Lance : For suggesting NetGear and Fortinet Firewalls. All other guys who are Out of office info. Sad to bother you in your vacation / tarvel Thanks so much Gurus Praveen P Nair ProactiveNet Inc _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From psalazar at hotmail.com Wed Jan 28 19:25:26 2004 From: psalazar at hotmail.com (Pablo Salazar) Date: Thu, 29 Jan 2004 00:25:26 -0000 Subject: SUMMARY: Starting Xserver without monitor Message-ID: Thanks to all responses. This is very easy usgin X Server Virtual Frame Buffer: Xvfb David Foster send to me this link: XVFB : Virtual Frame Buffer (and man page) http://tmap.pmel.noaa.gov/home/ferret/FAQ/#xvfb Regards Pablo Salazar ------------------------------------------------------------------------ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From SMOKOCH at usmc-mccs.org Thu Jan 29 11:14:50 2004 From: SMOKOCH at usmc-mccs.org (Smoko Mr Charles) Date: Thu, 29 Jan 2004 16:14:50 -0000 Subject: SUMMARY: Solaris 8 maximum process id number Message-ID: <06C8AF86654436439B7D120D63AB7BE908F295D8@hqntsvr06.usmc-mccs.org> Dan O'Callaghan [OcallD at cogent-dsn.com] and Richard.Skelton at infineon.com referred me to the sun document that says I can set the pidmax in /etc/system. Several folks said that I should just set my max users higher or maxpid in /etc/system. My goal is to change the maximum value a pid may have; not the maximum number of them. In add- ition this doc says setting maxpid is of no use. So this doc below is exactly what I am looking for. In addition a user sent a code snippet that show's that pid_t (from the manpage of getpid(2)) is 4 bytes via the c sizeof directive. Thanks all, chuck smoko Below is a portion of that document pidmax Description This parameter specifies value of largest possible process ID. Valid for Solaris 8 and later releases. pidmax sets the value for the maxpid variable. Once maxpid is set, pidmax is ignored. maxpid is used elsewhere in the kernel to determine the maximum process ID and for constraint checking. Attempts to set maxpid by adding an entry to the /etc/system file have no effect. Data Type Signed integer Default 30,000 Range 266 to 999,999 Units Processes Dynamic? No. Used only at boot time to set the value of pidmax. Validation Value is compared to that of reserved_procs and 999,999. If less than reserved_procs or greater than 999,999, the value is set to 999,999. Implicit max_nprocs range checking ensures that max_nprocs is always less than or equal to this value. When to Change Changing this parameter is one of the steps necessary to enable support for more than 30,000 processes on a system. Commitment Level Unstable Original Question: > I was wondering if the maximum process id number (maxpid) for > Solaris 8 could be changed. It appears that that processes > numbers cycle at 29999. Not that it matters; I think Linux uses > somewhere around 64k for the max process id number. We have an > application that uses the pid when generating temporary files and > recompiling is not an easy option. Setting a maxpid of 64k or > more would help. I found this doc at sun's documentation site > that mentions maxpid, but I cannot find any that mention changing > it. > > http://docs.sun.com/db/doc/806-7009/6jftnqsk5?q=maxpid&a=view > > It does seem silly that the pid's are restricted to such a narrow > range. I speculate may be a backwards compatibility issue so > that apps that used a signed short int for the pid will not have > to be recompiled. > > Thanks in advance and I will summarize, > chuck _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From trk at cray.com Thu Jan 29 13:13:13 2004 From: trk at cray.com (Tim Kirby) Date: Thu, 29 Jan 2004 18:13:13 -0000 Subject: SUMMARY: Solaris, sd.conf and LUNs Message-ID: Two or three weeks ago I posted the following query; Life and work have intruded on doing the summary, but here it is. I wrote: > We're in the process of setting up some SAN equipment with switches, > FC and arrays behind Veritas, connected to some Solaris servers... > and the question of needing to reboot to add LUNs has raised it's head. > Some time back it was fairly well documented and/or understood that to > avoid rebooting one should max out the sd.conf file and eat the extra > time taken during the boot searching for non-responding LUNs. This > seemed to be true regardless of the SAN software vendor (Hitachi, > IBM and so forth). > > I haven't found any recent documentation or notes to the effect that > life is any better now and I thought to avoid many hours of digging > through pages of documentation and web pages by asking if there is > anyone on list who has recently been dealing with such issues and > has a definitive answer. Solaris 9 is probably the OS involved at > this point... The answer is, as always, many fold. >From a purely Sun perspective, the answer is "yes, that's the way it is with the sd driver". Assuming you are using Sun cards out of the box with third party storage that uses sd, you have to define what you want before the boot. The time taken to boot searching the non-existent LUNs is a pain but generally considered worth it; the scan time is allegedly less on Sparc III than Sparc II processors. Estimated additional time for an E4xxx series system with 4 targets maxed out to 255 LUNs was maybe 5 to 10 minutes on the boot (though there was also a quote of a site where the boot, import and mounting taking 2 hours with a -r... but there was no configuration size to qualify that so it could just be a "big rig"). Having said that, if you are using more recent Sun equipment and get to use the ssd driver instead of sd, then things are far more dynamic; sd.conf doesn't enter into the equation. The third aspect is what about those who are not using Sun cards, have third party equipment and have to use the sd driver? JNI cards are quite popular (now JNI-AMCC, I guess). As it happens, we are using JNI 6460's - and it turns out that since mid-October, 2003, they offer a "no reboot driver" that works with FCX2-6562 & FCX-6562, FCC2-6562 & FCC-6562, FCE2-1473 & FCE-1473, FCE2-6560, FCC-6560, FCE-6460 and FCC-6460. See http://www.amcc.com/NoRebootDriver/index.cfm for more information. I was hoping to have personal experience with the new JNI driver but testing time has been non-existent... I received a dozen or so responses; thanks to Darren Dunham, Greg Shaw, "", Jon Hudson, Rich Bonfoey, Bobby Ramirez, Ryan Krenzischek, Reggie Beavers, Wes Garland, Kun Li and Rob De Langhe (those being the responses I can find to hand at the time of writing) for taking the time to answer. If I missed anyone else, thank you too. My apologies for the delay in summarizing. Tim -- _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From thesunlover2002 at yahoo.com Fri Jan 9 10:28:20 2004 From: thesunlover2002 at yahoo.com (Melissa Young) Date: Fri, 09 Jan 2004 15:28:20 -0000 Subject: SUMMARY: /opt/chroot has NOT been ufsdumped In-Reply-To: <20031230214136.77722.qmail@web14902.mail.yahoo.com> Message-ID: <20040109152234.22106.qmail@web14911.mail.yahoo.com> Hello, All replies doubted that /opt and /opt/chroot are not on the same filesystem, but the fact is they are. The backup run by a bi-weekly cron job was working fine in 01/01/2004. All directories under /opt including chroot were backed up without any problem. I re-checked the last tape and found it did miss the chroot directory under /opt. How did the mistery happen? I still don't know. Thanks everyone for your valuable time. Melissa Young --- Melissa Young wrote: > Hi, > I have found that the /opt/chroot directory has not > been ufsdumped by the command "ufsdump 0ucf > /dev/rmt/0n /opt". > The permission of /opt/chroot is "drwx------ 2 root > root ". > Anyone knows why? > Thank you in advance. Happy new year! > Melissa Young __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Schaper at media-saturn.com Tue Jan 13 10:04:34 2004 From: Schaper at media-saturn.com (Schaper, Soeren) Date: Tue, 13 Jan 2004 15:04:34 -0000 Subject: [SUMMARY]:Exceed configuration Message-ID: <9E86F3E9F5C5D6119A5D00508BE1286B0CE729FE@exchange.media-saturn.com> Thanks to Ed Rolison, Joe Fletcher and Steve Starer for there help. As Ed and Joe pointed out, CDE needs forward and reverse DNS to work out, where to send the data. After updating the DNS with my workstations name and IP it worked like a charm. Thanks to all Soeren _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From SMOKOCH at usmc-mccs.org Tue Jan 13 18:50:48 2004 From: SMOKOCH at usmc-mccs.org (Smoko Mr Charles) Date: Tue, 13 Jan 2004 23:50:48 -0000 Subject: SUMMARY solstice disk suite volume access from CD boot Message-ID: <06C8AF86654436439B7D120D63AB7BE908F29599@hqntsvr06.usmc-mccs.org> Original question: > I was wondering if it is possible to use a Solaris 9 install CD > to boot up and access Disk Suite volumes on a Solaris 8 > system. Someone recently posted on the sun-mangers lists > saying that the Solaris 9 install CD has disk suite on it. But > I can not seem to locate that message. It would make life > nice when doing an full recover from backups. It "seems" > that it is just a matter of the CD booted OS knowing where > the meta databases are. If anyone has tried this and would > like to share their results? Thanks to Remy Zandwijk who was the person who originally said this could be done. So, I tried again. What I found was that you need to boot without the -s (single user option) and let suninstall start. You can say the system is not net- worked and pick any old timezone. The install program will then find all the meta databases. After the databases are found, it will start disk suite. The install program will then give the option of upgrade, install or exit. At that point, I just exit. If a metastat is issued, it will produce the configuration and status of the volumes and soft par- titions. And of course, I can the mount the volumes and/or soft partitions. The reason that I had problems with this was that I usually boot with a -s to get into single user mode and not have to deal with appeasing the suninstall program with meaningless answers just to exit. I did some checking by looking through the rc scripts and ^C'ing out of suninstall early. But the volumes not ready until the suninstall asks if you want to upgrade, install or exit. Thanks to all, Chuck Smoko _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From wes at page.ca Wed Jan 14 14:12:11 2004 From: wes at page.ca (Wesley W. Garland) Date: Wed, 14 Jan 2004 19:12:11 -0000 Subject: Summary: A5x00 Failure; cannot bring loop A online Message-ID: <200401141406.AA639828160@mail.page.ca> Hi, Sun Managers! The problem has been solved. It turns out that the replacement IB (Interface Board) was either defective, or the wrong revision. Here's where it gets interesting; it turns out it was the A5200 I was having problems with, not the A5000. Whoops. :) But the time I'd gotten to the data center, it was no longer flickering the lightnight bolt, but reporting a failed IB. The replacement IB, which the vendor said would work with either the A5000 or the A5200 (but invoiced as "A5000 IB") is stamped with Sun Part Number 340-4069-04, and stickered "-06 REV 52.) To fix it, I used an IB from my lab A5200, marked with the same part number but stickered "-07 REV 50". Ironically enough, the one from the lab is date coded 98/51 while the replacement is date coded 99/47. I also found that one of the IBM GBICs connected to the hub for that channel (going to an HBA) had failed. I wonder if the flickering lightning-bolt-state is hard on the equipment, or if there are Gremlins in the system? I received some excellent advise when trying to fix this problem: Octave Orgeron: - Double-check firmware revisions in HBA, A5000, IB. - Double-check GBIC with a loopback cable. - Patch matrix for A5x00, HBAs, etc. here: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=finfodoc%2F43212&zone_110=43212 Scott Mickey: - Try the A5200 IB from your lab. (Good advice!) - Note that while the Sun part number for A5000 and A5200 IB's are the same, I think the revision levels are different, so IB's from A5000's should not be deployed in A5200's (I think we have a winner!) - Did you know that many datacenters replace their fibre once a year? (No, I didn't, I think mine will.. we only rolled out FCAL in Sep/03) - A5000 Configuration Guide: http://docs-pdf.sun.com/805-0264-15/805-0264-15.pdf - Sun X6732A hub is actually a Vixel 1000 (they even say "Vixel" on the bottom) The Vixel manual is here: http://www.sms.com/support/Vixel/Rapport%201000/InstallGuide_00041017-001_D.pdf - You should power up the Vixel hub before the rest of the equipment (I didn't know that, but I had been doing it that way "by luck" -- as the hubs have no power switches) - Check your logs for messages (wow, it filled up /var/adm..): Jan 11 09:51:18 zaphod scsi: [ID 243001 kern.info] /pci at 1f,4000/SUNW,ifp at 2 (ifp0): Jan 11 09:51:18 zaphod Loop reconfigure in progress Jan 11 09:51:18 zaphod scsi: [ID 243001 kern.info] /pci at 1f,4000/SUNW,ifp at 2 (ifp0): Jan 11 09:51:18 zaphod LIP reset occured; cause f801 Jan 11 09:51:18 zaphod scsi: [ID 243001 kern.info] /pci at 1f,4000/SUNW,ifp at 2 (ifp0): Jan 11 09:51:18 zaphod Loop reconfigure done Jan 11 09:51:18 zaphod scsi: [ID 243001 kern.info] /pci at 1f,4000/SUNW,ifp at 2 (ifp0): Jan 11 09:51:18 zaphod LIP occured; cause f801 Jan 11 09:51:18 zaphod scsi: [ID 243001 kern.info] /pci at 1f,4000/SUNW,ifp at 2 (ifp0): Also, I learned one more tidbit from the A5000 troubleshooting PDF; you're supposed to use the GBICs in a particular order in the Vixel hubs to prevent signal degredation. I didn't change any of my running hubs (which are using ports 1, 5, and 6) but I clustered the hub connected to the broken IB such that it was using ports 3, 4, and 5, just in case. Thanks a million, guys! Wes -- Wesley W. Garland Director, Product Development PageMail, Inc. +1 613 542 2787 x 102 -- _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From sunadmin at norsar.no Thu Jan 15 02:35:36 2004 From: sunadmin at norsar.no (SysAdm) Date: Thu, 15 Jan 2004 07:35:36 -0000 Subject: SUMMARY: Copy files to DMZ web-server Message-ID: <200401150729.i0F7TT414273@svane.norsar.no> Dear all, Original post: > We've been copying files from a intranet host to our DMZ > web-servers using SSH 1.2.27; scp in batch mode (scp -B) > and .shosts file on web-server. SSH on web-server is only > allowed from intranet; public access is blocked in firewall. > > After having upgraded to OpenSSH2 / F-Secure SSH2 we have > not managed to run SSH host-based authentication without > beeing prompted for password... > > Which method(s) do you suggest for copying files from a > host on our intranet to a DMZ web-server (Sun Solaris 8/9). > Both networks is directly attached to our firewall, No need > for encryption. > > ftp & .netrc? rsync? rcp & .rhosts? This web-page is a good summary for what I found: http://huizen.dto.tudelft.nl/devries/security/ssh2_pubkey_auth_config.html Thanks to all!! Best regards, Nils _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From sunsa_tx at yahoo.com Thu Jan 15 13:50:37 2004 From: sunsa_tx at yahoo.com (sunsa_tx at yahoo.com) Date: Thu, 15 Jan 2004 18:50:37 -0000 Subject: SUMMARY: problem with displaying back GUI Message-ID: <20040115184444.69899.qmail@web20724.mail.yahoo.com> Thanks for all those who replied. The recommendations are to allow X11, enable port 6000-6010 or 6000-6035. Some replied to use ssh instead of telnet. "sunsa_tx at yahoo.com" wrote:Gurus, I need your help. On my workstation (caramel), I telneted to a server (candy). Candy is in dmz area and direct telnet from my workstation caramel was not allowed. I asked our Firewall SA to allow me to telnet directly to candy. He allowed me to and I was able to telnet directly to candy from caramel. I telneted to candy from caramel, set the DISPLAY on candy, ran xhost + on caramel but I'm still getting "Error can't display: caramel:0.0". I tried to set the DISPLAYusing caramel's IP but I'm still getting the same error. What should I do. Thanks, Sunsa Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From suganm at absa.co.za Sat Jan 17 22:56:05 2004 From: suganm at absa.co.za (Sugan Moodley) Date: Sun, 18 Jan 2004 03:56:05 -0000 Subject: SUMMARY: preventing users from setting 777 permissions In-Reply-To: <1074218609.24531.19.camel@alfa.absa.co.za> References: <20040116000006.2E75A1EE22@sunportal.sunmanagers.org> <1074218609.24531.19.camel@alfa.absa.co.za> Message-ID: <1074397834.18518.42.camel@alfa.absa.co.za> On Fri, 2004-01-16 at 04:03, I wrote: > Greetings, > > I have a terrible problem with users who "chmod 777" their files > because... well they're lusers! > > Is it possible on Solaris (anything from 2.6 to 9) to deny the "OTHER" > unix group from being set to full RWX permissions. > > This includes files and directories in the user's home directories. > > I have a umask 027 in /etc/default/login but that does not help. > > Thank you, Thanks to: Tim Villa, Rich Teer, GertJan Hagenaars, Kevin Buterbaugh, Reggie Beavers, Thomas M. Payerle, Lewis, Orville M Unix Guy @ a yahoo address Johnson, Chad Michael Jeffries (M) Kugendran "Ted" Naidoo Woogie Mahlangu III The majority of the responses where about changing the chmod binary itself by either changing the permissions on the file itself or creating a wrapper. Since it is my policy to keep the system as standard as possible this was not an option. Nevertheless sooner or later someone is gonna get "smart" and find a way around it. In any case most of the users need to use chmod for legitimate reasons. The option of enforcing a company policy to discourage this implies "policeing" the users with the threat of disciplinary action (not my style - better to gas the buggers - J.K. ) The option of using Role Based Access Control lists intrigued me and I've decided to go this way. Combined with a Java Enterprise System controlling the show... life just got a whole lot more interesting. Thank you all for your assistance. Sugan Moodley Sysadmin ABSA Bank ______________________________________________ E-mail Disclaimer and Company Information http://www.absa.co.za/ABSA/EMail_Disclaimer _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From SDaubigne at bordeaux-bersol.sema.slb.com Mon Jan 19 09:16:24 2004 From: SDaubigne at bordeaux-bersol.sema.slb.com (DAUBIGNE Sebastien - BOR) Date: Mon, 19 Jan 2004 14:16:24 -0000 Subject: SUMMARY: Solaris 8 on sun4u/sun4u1 : 32 or 64 bits Message-ID: <0F406437D3C4D6119010009027D0897C8EBF8E@bordeaux-mess.bordeaux.eur.slb.com> Thanks to Roland Rebstock and Russell Page. Answer is : "There is no performance gain or loss when booting Solaris to 32 bit or 64bit when running Oracle. The Solaris 64bit O/S will run without any performance issues with 32 bit applications". --- Sebastien DAUBIGNE sdaubigne at bordeaux-bersol.sema.slb.com - (+33)5.57.26.56.36 SchlumbergerSema - SGS/DWH/Pessac -----Message d'origine----- De: sunmanagers-bounces at sunmanagers.org [SMTP:sunmanagers-bounces at sunmanagers.org] @ la place de DAUBIGNE Sebastien - BOR Date: mercredi 14 janvier 2004 11:56 @: sunmanagers at sunmanagers.org Objet: Solaris 8 on sun4u/sun4u1 : 32 or 64 bits As you know, Solaris 8 boots with 64 bits kernel as default when running on E6500/E10K. I would like to hear your opinion on booting 32 bits kernel with theses architectures. An Oracle tech recommended to boot with 32 bits kernel for Oracle 8i (8.1.7.4) 32 bits to perform better. Here is his statement : "Solaris 8 OS 32bits with Oracle 8i 32bits will perform well for you application. There is no reason to run Solaris 8 64bits with Oracle 8i 64 bits, except when you have to exceed 32 bits limits". I could easily understand that Oracle 32bits is sufficient and Oracle 64 bits only necessary when you need very large SGA or such 64 bits-related things. But for Solaris 8, I though that 64 bits kernel was recommended and performed better for all UltraSparc2/UltraSparc3 servers. If not the case, why would Solaris boots the 64 bits kernel as default ? Is this necessary/better to boot 32 bits kernel when no 64 bits apps are running ? Any opinion appreciated. --- Sebastien DAUBIGNE sdaubigne at bordeaux-bersol.sema.slb.com - (+33)5.57.26.56.36 SchlumbergerSema - SGS/DWH/Pessac _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From tony.vanlingen at epa.qld.gov.au Wed Jan 21 09:23:42 2004 From: tony.vanlingen at epa.qld.gov.au (Tony van Lingen) Date: Wed, 21 Jan 2004 14:23:42 -0000 Subject: SUMMARY: Multiple /opt's Message-ID: <400DC31F.9000800@epa.qld.gov.au> OK sorry about this guys, this was a stupid question..it was indeed as many (too many to mention) had pointed out....the directory had trailing spaces, which I had guessed later in the day yesterday before I had a chance to check my e-mail again. However, some of you pointed out that using ls -F will put a slash at the end of the directory name and will therefore show trailing spaces and take the guesswork out of the equation. Thanks, Marco _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From lrw at tel.bnsf.com Thu Jan 22 16:51:32 2004 From: lrw at tel.bnsf.com (Lonnie Randall Webb) Date: Thu, 22 Jan 2004 21:51:32 -0000 Subject: SUMMARY: Obtaining WWN information Message-ID: <1074807844.3401.82.camel@linux.local> Thanks to all the quick answers: Reggie Beavers,Sherman Butler, Charlotte Ratliff, Wesley Garland, Sudhakar Peram, Darren Dunham, John England, and especially Cyril Plisko It seems most drivers are more forthcoming with information in the messages log or via luxadm, cfgadm but in this case no wwn for the HBA cards were displayed. From my conversation with Sun support they indicated this was normal and was because no disk devices were present. It is possible to obtain the wwn for the x6767a HBA without having disk devices established by grepping the information out of the output of prtconf -vp. prtconf -vp | grep wwn I am still not sure that some other problem is not present but at least I can take the next step and configure the storage space. -- Lonnie Randall Webb _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From vadsys at hotmail.com Wed Jan 7 11:20:33 2004 From: vadsys at hotmail.com (V AS) Date: Wed, 07 Jan 2004 16:20:33 -0000 Subject: Summary: Tape Library Problem (L20) Message-ID: Thank you all for the replies. The answer was unanimous- Use nsrjb -HE to reset the jukebox to it initial state and thats what did the trick. Some also mentioned updating the firmware. I am pretty new to the whole thing, can anyone help me in that respect? I managed to get the firmware version using the L20 front panel. It reads--> Firmware Revisions --> Library --> 1.05.S and Tape DLT7000 --> Code Rev: 100 Is this the information required to determine the firmware? I noticed that there is a menu on the front panel of the L20 for "Upgrading the Firmware". However, it needs the update on one of the Tapes? Is this possible? Thanks a bunch, VS _________________________________________________________________ Worried about inbox overload? Get MSN Extra Storage now! http://join.msn.com/?PAGE=features/es _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From rmillisl at gdcanada.com Wed Jan 7 16:27:24 2004 From: rmillisl at gdcanada.com (Randy Millis) Date: Wed, 07 Jan 2004 21:27:24 -0000 Subject: SUMMARY: Solaris 9 DHCP client hostname / DNS Update References: <005401c3b9d3$d721cb20$67fc1eac@gdcan.com> Message-ID: <040701c3d564$257d2430$67fc1eac@gdcan.com> Sorry for the delay writing this Summary: This *is* in the list archives but I found I had to really dig and piece it together. maybe its just me. :-) Here is what worked for me in hopes that it benifits others - your mileage may vary. Create or edit the files outlined and reboot: /etc/nodename yourhostname /etc/hostname.elxl0 inet yourhostname edit /etc/default/dhcpagent and set REQUEST_HOSTNAME=yes Create this script: -cut- /etc/init.d/set_hostname #!/sbin/sh HOSTNAME=`cat /etc/nodename` echo "Setting hostname to $HOSTNAME... \c" uname -S $HOSTNAME echo "Done." -cut- Symlink /etc/init.d/set_hostname to /etc/rc2.d/S70set_hostname Thanks to Hichael Morton, Alan Pae, Paul Boven, Sid Wilroy, Gerard Henry, Dave Miner and Mitchell Bruntel and others who replied and provided suggestions to me. Worthy of note: Dave Miner wrote: The Solaris DHCP client will not directly send updates to a DNS server; it's designed to send a requested hostname to the DHCP server (see the dhcpagent man page for how that's configured), which should update the DNS on its behalf. This allows a much more secure DNS configuration, as the DNS server can be configured to accept updates only from the DHCP server, rather than any client that happens to connect to the network. If the network admin can't configure things this way, then your best fallback right now is to take a look at http://www.rite-group.com/consulting/solaris_dhcp.html for a popular workaround to the hostname being set to "unknown". Paul Boven Wrote: I use an 'inproper' way to do it, because Solaris attempts to get its hostname from the DHCP server, and most DHCP servers won't provide it. In /etc/init.d/network, line 837, replace the word 'unknown' with whatever you want your hostname to be. Same goes for /etc/init.d/inetsvc, line 160. Warning: Sometimes these files might get replaced by installing patches, and your changes will be lost. Furthermore, in /etc/default/dhcpagent, you should change the final line to: PARAM_REQUEST_LIST=1,3,12,43,15,6,28 This adds parameters 15,6 and 28 because otherwise the dhcpagent won't even request those values from the dhcp-server, even though other startup-scripts do try to get them from dhcp. 15 = domain-name 6 = DNS-servers 28 = broadcast-address (See RFC-2132) Another option would be to set the hostname you want in /etc/hostname.hme0 (or whatever your interface is called) and then add 'REQUEST_HOSTNAME' to the /etc/default/dhcpagent file, as described in dhcpagent(1m). I haven't tried this myself though, and I don't know if this works via dhcp or via dyn-dns. ----- Original Message ----- From: "Randy Millis" To: Sent: Wednesday, December 03, 2003 12:29 PM Subject: Solaris 9 DHCP client hostname / DNS Update > I've Googled and looked over doc.sun.com and so far have not found an answer > to this, any help would be appreciated: > > I have a Solaris 9 x86 client requesting an IP via DHCP and it comes up with > the hostname "unknown". As well the Network Admin here tells me I also need > to configure Solaris 9 so it can update the Windows 2000 DNS as they are no > longer using static DNS entries here. > > What is the proper way to set the hostname of my client? > > Has anyone been successful in getting Windows DNS to update from a Solaris 9 > client and how is this done? > > Thank you > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From tkevans at tkevans.com Fri Jan 9 10:00:41 2004 From: tkevans at tkevans.com (Tim Evans) Date: Fri, 09 Jan 2004 15:00:41 -0000 Subject: SUMMARY: T3 Unresponsive Under Heavy Load Message-ID: <200401091455.i09Et8n9005702@osprey.tkevans.com> I wrote: >I have a T3 array, set up for RAID5, attached via FC-AL to a Sun 4500, with >several filesystems under VxVM control (UFS filesystems, VxVM control). > >When heavy MySQL database loads (to a filesystem on the array) are going on, >the rest of the fileystems on the array become pretty much inaccessible. Even >simple directory listing hang indefinitely. > >Are there tunable parameters for the T3 that might address this issue? Only one reply on this one, from Alex Theodore , who suggested the T3 cache is being overrun, and that T3's are "notorious for doing this sort of thing." Thanks, Alex. A Sunsolve search turned up the availability of a firmware upgrade for the T3, in the form of Patch 109115 (current rev is -15). This is a flash upgrade that'll have to be performed with the array inactive. -- Tim Evans, TKEvans.com, Inc. | 5 Chestnut Court tkevans at tkevans.com | Owings Mills, MD 21117 http://www.tkevans.com/ | 443-394-3864 http://www.come-here.com/News/ | _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers