From scottd at HanoverDirect.com Wed Apr 2 12:00:39 2008 From: scottd at HanoverDirect.com (Deiter, Scott) Date: Wed, 2 Apr 2008 13:00:39 -0400 Subject: Summary Samba permissions In-Reply-To: References: <47F379E0.5040306@uni-paderborn.de> Message-ID: Thanks to all that replied. This was very easy by creating a new share for this group of users and using "create mask = 0664" in the smb.conf file. Scott Deiter System Administrator Hanover Direct, Inc. Hanover, PA Voice: 717-633-3298 _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From dreyerja at uni-paderborn.de Thu Apr 3 09:10:26 2008 From: dreyerja at uni-paderborn.de (Jan Dreyer) Date: Thu, 03 Apr 2008 16:10:26 +0200 Subject: SUMMARY: Performance question In-Reply-To: <47F379E0.5040306@uni-paderborn.de> References: <47F379E0.5040306@uni-paderborn.de> Message-ID: <47F4E552.6090006@uni-paderborn.de> Hi @ll, thanks for answers to Bill Voight przemol Darren Dunham Roberto Fratelli They mostly pointed to the very usefull scripts included in the dtrace toolkit, available at http://opensolaris.org/os/community/dtrace/dtracetoolkit/ Brendan Gregg published some scripts on http://www.brendangregg.com/k9toolkit.html Also very good is the guide on http://www.sun.com/software/solaris/howtoguides/dtracehowto.jsp I did'nt have had a lot process creation or forking. After running 'topsyscall' and 'topsysproc' I identified some processes that made a lot of reads and writes. But these applications didn't change in the past months, so they were not likely the cause. A look at the syslog showed that the automounter tried to mount something on /net every minute. I disabled /net as we don't use it anyway. But the performance issue still stayed. Last (ugly) resort was to reboot the machine. Till now (~2h) that did it. But as the behaviour wasn't persistent but occured casually, I can't say, if we really got it. Maybe tomorrow or so ... Greetings Jan Dreyer Jan Dreyer wrote: > Hi managers, > > we have a E3500 (5.10 Generic_127111-06) with some trouble completing > it's job(s). The problem is, I can't identify the source of the dilemma. > > sar shows: > 13:55:17 %usr %sys %wio %idle > 13:55:19 11 89 0 0 > 13:55:20 10 88 0 2 > 13:55:24 10 89 0 1 > 13:55:26 10 89 0 1 > 13:55:27 9 91 0 0 > 13:55:29 6 94 0 0 > 13:55:31 4 96 0 0 > > so the processes are in system mode about 85-99%! That's way too much. > But I can't see, why this occurs. Obviously there is few IO, so this > doesn't block. > > Dtrace seems the answer, but I have no idea which of the millions of > screws I shall turn there ... > > Any hints here, where and how to look? > > Greetings and thanks in advance > Jan Dreyer > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From sunhux at gmail.com Thu Apr 3 10:46:15 2008 From: sunhux at gmail.com (sunhux G) Date: Thu, 3 Apr 2008 23:46:15 +0800 Subject: Summary: NIC teaming/bonding (IPMP?) clarifications in Solaris Message-ID: <60f08e700804030846q78617f9cm1283e57dfc75f6a7@mail.gmail.com> Thanks to Darren & Dean. Their replies are appended below. Haven't got to try it out yet ========================================== > Question: > So in IPMP, do the client PCs access the Sun server using one > common IP address or there's a couple of IP address as what Buck > said above. I'm aiming for one IP address so as not to complicate > firewall rules. Is an active/active pair of ports still feasible? IPMP does not create any type of 802.3ad compatible aggregation. Since the switch or networking gear has no knowledge of what's going on, it can't balance things. You can have one public IP address, but with only one port active at a time (failover). For better performance, you'd want two active addresses. You'd need other IP addresses for link test, but those probably wouldn't have to traverse a firewall to work. Other solutions would include SunTrunking and Solaris 10 Link aggregation, both of which implement 802.3ad. > b)is IPMP equivalent to Windows network teaming or Linux bonding? > I'm under the impression Windows teaming is active-active & only > one IP address is used by clients to access Windows server Linux bonding has something like 6 modes. One of the modes is equivalent to IPMP. Other modes are not (several of which are 802.3ad compatible). > c) Must the IP addresses of the interface be in the same subnet > as the floating/cluster/teaming address (this is the address > which client PCs use to access this Sun server)? I thought > of using "private" addresses (say 10.1.1.1/.2) on the interfaces > so that in case IP addresses are "leaked" into the network by > accident, it won't cause any IP address conflict Shouldn't be a problem. ============================== Hi- some quick notes. IPMP isn't the same as bonding or aggregation- do a man on the solaris 10 "dladm" command for that kind of magic (it's less restrictive than ipmp) IPMP has one common ip for both interfaces- however the "load balancing" works only on tcp/ip traffic and only one way (I think it's outward bound traffic). IPMP implementation has changed a bit in newer versions of solaris- requirements/setup are less restrictive in the newer versions compared to solaris 8/early solaris 9. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From christian.masopust at siemens.com Fri Apr 4 15:05:52 2008 From: christian.masopust at siemens.com (Masopust, Christian) Date: Fri, 4 Apr 2008 22:05:52 +0200 Subject: Summary: HBA for SUN StorEdge D1000 Message-ID: <60721B67EAF0994EAFFB561767B700140256576D@nets13ha.ww300.siemens.net> Thanks to all who answered, too many to mention personally :-)) Altough I searched the SUN docs, sunsolve and used google to find an answer, you were, as usual, the correct source that helped. In the docs of the D1000 there is a special scsi-card mentioned (X6541A), but there is no hint that this card is a HVD (High Voltage Differential)! So, I thought I could use my new X4422A (SE/LVD) which is also a differetial scsi-controler but "Low Voltage"... Anyway... the only card that's working with the D1000 (in my PCI system) would be the X6541A. Thanks for your help, Christian P.S.: best wishes to "hike" (hides behind this nick) who pretents to be some kind of guard of the sunmanagers-list, flaming me badly... _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From sunhux at gmail.com Mon Apr 7 00:29:44 2008 From: sunhux at gmail.com (sunhux G) Date: Mon, 7 Apr 2008 12:29:44 +0800 Subject: Summary: Lost access to server after running CIS hardening script Message-ID: <60f08e700804062129g5a4f9e33q283bd43cb9a2df60@mail.gmail.com> Thanks to Francisco for chipping in & thanks to Musa for spotting the right answer problem is the following 2 lines in /etc/pam.conf must not be removed/commented out : rlogin auth sufficient pam_rhosts_auth.so.1 rsh auth sufficient pam_rhosts_auth.so.1 Looks like we can't follow wholesale what's given by the CIS (Centre for Internet Security) : cd /etc grep -v rhosts_auth pam.conf > pam.conf.new mv pam.conf.new pam.conf pkgchk -f -n -p /etc/pam.conf Rgds Goh _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From sunhux at gmail.com Tue Apr 8 05:46:29 2008 From: sunhux at gmail.com (sunhux G) Date: Tue, 8 Apr 2008 17:46:29 +0800 Subject: Summary: Other forums/lists Unix & tools/storage Message-ID: <60f08e700804080246o776a4c3al7ed17858b7347f04@mail.gmail.com> I was requested to summarize, otherwise I'll be violating the rules of this list & there are many requests. Here they are : a) http://www.experts-exchange.com/ Users are awarded with points for answering questions asked by other users. This results in a competition for obtaining more points. Experts who obtain a certain level of points each month are given free access to all features of the site. Subscription is : US$13/month, US$100/year b) http://itknowledgeexchange.techtarget.com Free version of the above (probably less responsive as it's not incentive-driven). Probably not a mailing list - go to site to view replies c)http://www.tek-tips.com/ Covers various IT topics but does not appear to be a mailing list d) hpux-admin at DutchWorks.nl or http://www.dutchworks.nl/htbin/hpsysadmin Bob Smart & Dale contributed this forum. I've used this : it adopts a requirement to summarize like this list so won't clog your mailbox but is less than half as active as this list e) www.backupcentral.com, for Veritas topics, contributed by Pedro f) nothing specific came up for Linux but the first 3 forums above should have some relevance U On 4/3/08, sunhux G wrote: > > Firstly, my apologies as this is off-topic. > > Besides Solaris, I have to deal with HP-UX, Redhat > Linux, Veritas, NetApp SAN & central backup solutions > (HP DataProtector, NetBackup) > > Appreciate any recommendations on any other forums/ > mailing lists that are active with good searchable > archives/solutions. Looking for forums/lists with a > good number of respondents with quality replies > coming in within hours/less than 2 days. > > I'm contemplating "Experts Exchange", a paid forum. > There's one which award points to good answers but > can't recall which one. > > Tek-tips is free & sometimes good solutions can be > found. > > Won't summarize but if you would like the replies, > can email me directly & will forward the replies over > > > U _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From dave.markham at fjserv.net Tue Apr 8 10:56:35 2008 From: dave.markham at fjserv.net (Dave Markham) Date: Tue, 08 Apr 2008 15:56:35 +0100 Subject: SUMMARY: syslog Message-ID: <47FB87A3.8090704@fjserv.net> Apologies and thanks to many people who all responded saying you can log to multiple hosts with the same facility and level e.g *.err @loghost1 *.err @loghost2 *.err @loghost3 From what i was recalling from some time ago looking was that syslog.conf had an order about it ( which is correct ) but doesnt stop you from logging to more than one host, and more relates to having *.debug captures every facility.level above debug and not ONLY debug. Thanks _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Ryan.Anderson at baesystems.com Wed Apr 9 11:27:55 2008 From: Ryan.Anderson at baesystems.com (Anderson, Ryan C (US SSA)) Date: Wed, 9 Apr 2008 10:27:55 -0500 Subject: [SUMMARY] Convert NIS --> Java Directory Server 6.2 (LDAP)? References: <9A9F358293FF2641A70B4A0AC7D082F303725F10@MAILFS2.uta.edu> <04799F26A23174449975FB1913E3A02F01C1095B@gldms20030.goldlnk.rootlnka.net> Message-ID: <04799F26A23174449975FB1913E3A02F01C10D0C@gldms20030.goldlnk.rootlnka.net> The correct answer comes from Mr. Karl Rossing: The N2L service is the Sun-provided way to convert NIS maps to LDAP. It's a service that makes your NIS master receive info from an LDAP directory, but part of what it does is to the actual conversion of the NIS maps. Its somewhat convoluted, but one can find the official doc here: http://docs.sun.com/app/docs/doc/819-3194/nis2ldap-34?a=view A Sun Blueprint on the subject is here: http://www.sun.com/blueprints/0306/819-4326.pdf I got some other responses to use the LDAP migration tools from Padl Ltd: http://www.padl.com/OSS/MigrationTools.html. Not exactly the answer I was looking for, but very useful nonetheless. Regards, RCA -- UNIX Administrator, BAE Systems EIT desk 763-572-6684 mobile 612-419-9362 -----Original Message----- From: sunmanagers-bounces at sunmanagers.org [mailto:sunmanagers-bounces at sunmanagers.org] On Behalf Of Anderson, Ryan C (US SSA) Sent: Tuesday, April 08, 2008 2:38 PM To: sunmanagers at sunmanagers.org Subject: Convert NIS --> Java Directory Server 6.2 (LDAP)? I'm trying to replace NIS with Sun Java Directory server 6.2 and am installing it following http://docs.sun.com/app/docs/doc/820-2489 and I have the base LDAP server up. However, instructions on converting NIS maps to LDAP are eerily absent. The Solaris 10 collection has a blurb about using ldapaddent to populate the directory, but it only works if your system is a client, which is like putting the cart before the horse... Is there any help on converting a NIS domain and all its NIS maps to LDAP? I'm interested in the conversion of data into an LDAP server, the documentation on adding clients looks pretty straightforward. Documentation for the older iPlanet LDAP server mention using 'dsimport' to convert maps, but this is missing from the current release. RCA -- UNIX Administrator, BAE Systems EIT desk 763-572-6684 mobile 612-419-9362 _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From sunhux at gmail.com Fri Apr 11 05:36:48 2008 From: sunhux at gmail.com (sunhux G) Date: Fri, 11 Apr 2008 17:36:48 +0800 Subject: Partial summary: How to harden : BSM auditing & inetd's connection logging is not active Message-ID: <60f08e700804110236m428bb8acuab05c6342bc2422d@mail.gmail.com> Found something from Google (partial summaries preceded by * on the lines below) : a) * I've run /etc/security/bsmconv & it appeared to have completed * successfully but after rerunning the scan, it still flag the alerts * below : Negative: 5.8 BSM should at least be auditing all "old administrative (meta-class)" (ad) events on flags line. Negative: 5.8 BSM should at least be auditing all "exec" (ex) events on flags line. Negative: 5.8 BSM should at least be auditing all "file attribute modify" (fm) events on flags line. Negative: 5.8 BSM should at least be auditing all "login or logout" (lo) events on flags line. Negative: 5.8 BSM should at least be auditing all "process (meta-class)" (pc) events on flags line. Negative: 5.8 BSM should at least be auditing all "old administrative (meta-class)" (ad) events on naflags line. Negative: 5.8 BSM should at least be auditing all "exec" (ex) events on naflags line. b) * in /etc/default/inetd, ENABLE_CONNECTION_LOGGING=YES * but the scan still flag the alert below Negative: 5.1 inetd's connection logging is not active. c) * fixed. Uncomment the last line in /var/spool/cron/crontabs/sys * which has "sa2" in it Negative: 5.7 No sa2 line in /var/spool/cron/crontabs/sys -- no system accounting. d) * still no idea Negative: 6.8 Fix-modes has not been run here. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From mom at ngs.ru Mon Apr 14 05:37:57 2008 From: mom at ngs.ru (Vladimir) Date: Mon, 14 Apr 2008 16:37:57 +0700 Subject: SUMMARY: tcpdrop utility Message-ID: <021e01c89e13$38d01f70$c4ac360a@Megafonsib.local> I got a source code of utility from list's member. I successfully built it on SPARC Solaris 9 and it worked exactly as I expected and needed. Original message: > Hello, Managers! > > Does anybody have a copy of 'tcpdrop' utility described here - > http://www.sun.com/bigadmin/content/submitted/tcpdrop.jsp. Seems > source location http://typo.submonkey.net/pages/tcpdrop-solaris doesn't work. > > Could you please share that utility with me? Thanks in advance! _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From sbedberg at ucdavis.edu Tue Apr 15 15:14:25 2008 From: sbedberg at ucdavis.edu (Steve Edberg) Date: Tue, 15 Apr 2008 12:14:25 -0700 Subject: SUMMARY: Two A1000 questions Message-ID: ================================================== ORIGINAL MESSAGE (Wed, 9 Apr 2008 02:37:23 -0700): ================================================== I have a limited budget, and two A1000 storage arrays that I'd like to keep using as long as possible. Question 1: I know that the Raid Manager software is no longer supported under Solaris 10, but I was wondering if anyone had ever downgraded an A1000 to a D1000 via a controller swap. As these arrays would probably be dedicated to databases, I would run UFS on them rather than ZFS. I know some people have copied the Raid Manager from a Solaris 9 install, and then disabled the unneeded RDAC and amdaemon to get an A1000 to work under Sol10, but I'd rather go the simpler route of turning them into D1000's. D1000 controllers look to be inexpensive from dmgi.net. Question 2: Has anyone tried 300GB drives in the A1000? I know Sun officially supports 147GB drives (eg, the Fujitsu MAW3147NC they resell); I'd like to try the 300GB equivalent MAW3300NC if possible. ================================================== SUMMARY: ================================================== The consensus is that downgrading the A1000's to D1000's via a controller swap should work. As far as using 300GB drives, there might be an excessive heat issue, although one respondent was using them in a D1000 with no problems. If I could afford to refill the A1000s with 300GB drives, though, I'd probably have enough of a budget to replace the arrays entirely. So I'm still hoping to scrounge enough money for a new array. In the meantime I'll probably do the D1000 controller swap and get a few 147GB drives to hold me until I can replace the arrays. And to respond to a few other comments from below: I had thought about using the Raid Manager tools under Solaris 9 then moving the array to Solaris 10, but it looks like I would have to do any array management/diagnostics under Solaris 9 (eg, healthck), so I don't think that's feasible for me. I was intending to use UFS instead of ZFS for maximum performance for databases (MySQL & Postgres), but after reading this article - http://dimitrik.free.fr/db_STRESS_BMK_Part2_ZFS.html - it appears that recent versions of ZFS can be tuned to meet/exceed UFS performance. And I was also a bit hesitant initially to delve into the 'xml rat hole' of the services management framework of Solaris 10 , but so far it's been a plus for me; it makes managing dependencies much easier. Plus Sol10 has ZFS and Zones, which I'm starting to rely on. ================================================== THANKS TO: ================================================== Markus Mayer Ric Anderson Rich Teer Dean Ross-Smith Willi Burmeister Graeme Burke ================================================== RESPONSES: ================================================== What I can tell you ist that we have one such array. I was able to make one raid5 from all drives in the array under solaris 9 and use that in solaris10 without any problems. As for the 300 gb drives, I have no expierence there. -------------------------------------------------- Check the heat output for the 300s vs the 147s before jumping there. Also, IIRC, the A1000 required a thinner drive than some other applications, making the drives for that beast more expensive. The folks at dmgi.net may be able to tell you about using the 300GB drives as well. Don't forget UFS has a 2T limit, so 7x300GB will put you over the top. If I had a choice, I'd stick with Solaris 9. The tools work and the startup isn't buried in that xml rat hole that Sun calls a "framework". -------------------------------------------------- > Question 1: I know that the Raid Manager software is no longer > supported under Solaris 10, but I was wondering if anyone had ever > downgraded an A1000 to a D1000 via a controller swap. As these arrays No probs there; the controller is the only difference between the A1000 and the D1000. > would probably be dedicated to databases, I would run UFS on them > rather than ZFS. I know some people have copied the Raid Manager from WHy's that? WHy not ZFS or raw partitions? (Unless, of course, we're not talking about Oracle here!) > Question 2: Has anyone tried 300GB drives in the A1000? I know Sun > officially supports 147GB drives (eg, the Fujitsu MAW3147NC they > resell); I'd like to try the 300GB equivalent MAW3300NC if possible. It's SCSI so if the power and cooling requirements are met, the disks will work. -------------------------------------------------- Hi Steve- budget wise, I've been in the same boat as you. Have you considered dumping the a1000's and going to something new? I'm guessing you have about a $10k budget. that's two a1000's populated w/12 300gb drives @$400 each and two d1000 controllers. That totals about $10k before tax and about 7.2TB raw storage. What about buying a sata-based array? Partnersdata.com is a company in San Diego that has 16 disk sata scsi arrays for your budget. 16x500GB gives 8TB raw. The arrays have dual power, dual controllers w/scsi out and 1 GB cache on the controllers. I have three of the 8 disk arrays (2 fibre and 1 scsi) here and they work fine under solaris. I'm an existing customer of partners so I'm going off my discounted rate ($9k includes the array and two scsi controllers and cables) before tax/shipping so you may be able to work out a deal. I don't get a kickback from partners but an array like this may get you out of those old a1000s. -------------------------------------------------- > Question 1: I know that the Raid Manager software is no longer > supported under Solaris 10, but I was wondering if anyone had ever > downgraded an A1000 to a D1000 via a controller swap. Yep, we have done that with two of our A1000. Worked without any problems. > Question 2: Has anyone tried 300GB drives in the A1000? We didn't try that, but I don't see why these should make any problems. -------------------------------------------------- Steve Edberg wrote: >Hi - > >I have a limited budget, and two A1000 storage arrays that I'd like >to keep using as long as possible. > >Question 1: I know that the Raid Manager software is no longer >supported under Solaris 10, but I was wondering if anyone had ever >downgraded an A1000 to a D1000 via a controller swap. As these >arrays would probably be dedicated to databases, I would run UFS on >them rather than ZFS. I know some people have copied the Raid >Manager from a Solaris 9 install, and then disabled the unneeded >RDAC and amdaemon to get an A1000 to work under Sol10, but I'd >rather go the simpler route of turning them into D1000's. D1000 >controllers look to be inexpensive from dmgi.net. This is exactly what we did as far as the controller swap. Things work fine. I was glad to get rid of the A1000 controller, I was not a fan. >Question 2: Has anyone tried 300GB drives in the A1000? I know Sun >officially supports 147GB drives (eg, the Fujitsu MAW3147NC they >resell); I'd like to try the 300GB equivalent MAW3300NC if possible. We are using seagate drives: SEAGATE-ST3300007LC in the D1000, not A1000. No problems here. -- +--------------- my people are the people of the dessert, ---------------+ | Steve Edberg http://pgfsun.ucdavis.edu/ | | UC Davis Genome Center sbedberg at ucdavis.edu | | Bioinformatics programming/database/sysadmin (530)754-9127 | +---------------- said t e lawrence, picking up his fork ----------------+ _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From aleks.feltin at sunsetwireless.fi Thu Apr 17 03:39:21 2008 From: aleks.feltin at sunsetwireless.fi (Aleks Feltin) Date: Thu, 17 Apr 2008 10:39:21 +0300 Subject: SUMMARY: passwordless su Message-ID: <20080417073920.GA16001@dev.scms.fi> Hello, I got many answers. Special thanks to Charles Morris, Ryan A. Krenzis, Brad Morrison. There was an idea to use profile shell to execute user shell with UID and GID of the user by passing uid, gid parameters to exec_attr. Profile shell doesn't require for user to provide a password. I faced some difficulties while implementing it - I didn't find how to execute a certain shell with pfexec, if you have 2 similar commands only differing by uid,gid. Another solution was to use kerberized su (ksu). Again, Kerberos is too powerful, to use it to achieve my goal. In addition, whenever a user principal assumes an identity of other user principal, he/she can add unwanted entries to .k5login. There could be an option to write or port PAM module from Linux which, allows doing su to superuser to a certain group, defined in pam config. In fact I didn't find a similar module for Solaris. OpenSolaris RBAC project raised an excellent objective to implement arguments for RBAC, however it may take a quite long time for it to appear in Solaris. At the moment there is no complete alternative for sudo, because of its ability to take command arguments, so I have to keep using it. On 14/04/08 12:34 +0300, aleks.feltin at sunsetwireless.fi wrote: >Hi Managers, > >I am implementing RBAC on Solaris 10. I wonder what the possibilities to run >passwordless su to assume indetities of certain users without providing the >password are. RBAC has to replace sudo in future, however at the moment, the >only possibility to use su without password is doing it throught sudo. That is >the biggest obstacle to completely swith to RBAC from sudo. > >-- >A > >[demime 1.01b removed an attachment of type application/pgp-signature which had a name of signature.asc] >_______________________________________________ >sunmanagers mailing list >sunmanagers at sunmanagers.org >http://www.sunmanagers.org/mailman/listinfo/sunmanagers -- A [demime 1.01b removed an attachment of type application/pgp-signature which had a name of signature.asc] _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Bill.Voight at fcc.gov Thu Apr 17 07:01:37 2008 From: Bill.Voight at fcc.gov (Bill Voight) Date: Thu, 17 Apr 2008 07:01:37 -0400 Subject: SUMMARY: Multiple remote logging destinations with Sun syslog Message-ID: <495842C725E7F8459B0460FC3A1060B104235AA8@P2PXMB01S1.fccnet.win.fcc.gov> The short answer is yes, you can. My post was not as communicative as it should have been. I was looking for someone who had actually done it in a live environment. Rich Kulawiec supplied such and answer and suggested syslog-ng as did numerous others. While that would be an option if we had time, our deadline is too short to install syslog-ng on all the boxes we need to log from. Many pointed out that I missed a recent posting (mea culpa, mea culpa). An example syslog.conf entry is: *.err @loghost1 *.err @loghost2 *.err @loghost3 Thanks, Bill Voight UNIX Engineer 202-418-0021 (w) 703-517-2463 (c) bill.voight at fcc.gov _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Szabadkai.Eva at malev.hu Fri Apr 18 04:57:30 2008 From: Szabadkai.Eva at malev.hu (=?iso-8859-1?Q?Szil=E1gyin=E9_Szabadkai_=C9va?=) Date: Fri, 18 Apr 2008 10:57:30 +0200 Subject: SUMMARY: RPC: Program not registered Message-ID: Thanks to Peter van Gemert who was the only one who responded to me. Peter wrote: > The RPC:Program not registered normally tells you that the serverside is not running. > Find what server daemon should run for clear_locks and then start it. Finally I found lockd and restarted it on the nfs server with: # /etc/init.d/nfs.client stop # /etc/init.d/nfs.client start That solved the clear_locks issue, locks beeing held for NFS client are deleted by # clear_locks -s Original question ============= > Hi Gurus, > > I try to clear locks held on behalf of an NFS client and getting the error below: > > # clear_locks -s fhbsap01 > Clearing locks held for NFS client fhcdbs01 on server fhbsap01 > RPC: Program not registered > > I can mount and umount nfs file systems on the NFS client , but can't clear_locks . > Restarting nfs.server on NFS server doesn't help. > > Any ideas or suggestions is appreciated. > > Best Regards, Eva _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From scottd at HanoverDirect.com Fri Apr 18 11:30:45 2008 From: scottd at HanoverDirect.com (Deiter, Scott) Date: Fri, 18 Apr 2008 11:30:45 -0400 Subject: Summary Samba in reverse In-Reply-To: References: Message-ID: Thanks for all the replies. We will be using the smbclient command. Scott Deiter System Administrator Hanover Direct, Inc. Hanover, PA Voice: 717-633-3298 -----Original Message----- From: sunmanagers-bounces at sunmanagers.org [mailto:sunmanagers-bounces at sunmanagers.org] On Behalf Of Deiter, Scott Sent: Friday, April 18, 2008 8:09 AM To: sunmanagers at sunmanagers.org Subject: Samba in reverse We have just received a request to have a windows share made available on our solaris 10 machine. We have seen a product called sharity. I'm wondering if there are any solaris native solutions. Scott Deiter System Administrator Hanover Direct, Inc. Hanover, PA Voice: 717-633-3298 _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From bigadmin at unixplanet.biz Mon Apr 21 02:40:49 2008 From: bigadmin at unixplanet.biz (Bigadmin) Date: Mon, 21 Apr 2008 03:40:49 -0300 Subject: Summary : resizing or adding slice with format command In-Reply-To: <000001c89f58$71ea5460$55befd20$@biz> References: <000001c89f58$71ea5460$55befd20$@biz> Message-ID: <011701c8a37a$a33e0ef0$e9ba2cd0$@biz> Special Thanks to "Matthew Stier" , "Darren Dunham" and "JESSE CARROLL" Solaris 10 supports mirroring hard drives at installation time, and here is the sample profile: install_type initial_install system_type standalone partitioning explicit cluster SUNWCall filesys mirror:d10 c0t0d0s0 c0t1d0s0 8000 / filesys mirror:d20 c0t0d0s1 c0t1d0s1 1000 swap metadb c0t0d0s3 size 8192 count 3 metadb c0t1d0s3 size 8192 count 3 filesys mirror:d30 c0t0d0s5 c0t1d0s5 10000 /export/home if solaris is already installed with no slice considered for solstice and metadb, you need to add a 10 to 50 MB slice for solstice metadb. So run format --> Partition --> choose an unassigned partition --> then choose start cylinder and size of the new slice To increase a file system that can be un-mounted and it is already part of meta device, for example /export/home: 1- grep -i home /etc/vfstab /dev/md/dsk/d30 /dev/md/rdsk/d30 /export/home ufs 2 yes - 2- metastat d30: Mirror d31: Submirror of d30 d32: Submirror of d30 3- add slice on both disks through format -- partition -- choose number 4 -- start cylinder -- size 4- umount /export/home 5- metattach d31 /dev/rdsk/c0t0d0s4 d31: component is attached 6- metattach d32 /dev/rdsk/c0t1d0s4 d32: component is attached 7- mount /export/home 8- growfs -M /export/home /dev/md/rdsk/d30 /dev/md/rdsk/d30: 6248112 sectors in 1326 cylinders of 19 tracks, 248 sectors 3050.8MB in 83 cyl groups (16 c/g, 36.81MB/g, 17664 i/g) super-block backups (for fsck -F ufs -o b=#) at: 32, 75680, 151328, 226976, 302624, 378272, 453920, 529568, 605216, 680864, 5505952, 5581600, 5657248, 5732896, 5808544, 5884192, 5959840, 6035488, 6111136, 6186784, The only thing that I couldn't accomplish , was increasing the root partition. Here is solution That Mathew provided and I found it very useful: The only way to increase the size of the root partition is to dump-reparttion-restore. With Logical Volume Management (LVM), it can only be mirrored. It cannot be concatenated to, nor stripped across multiple physical partitions. The only times I've done this, is when replacing the root drives with larger ones, but you could use this technique to use the unallocated boot disk space. 1) Remove the boot disk from LVM. This includes metadb's. 2) Repartition the secondary drive. Newfs the slices that will have filesystems. 3) For each filesystems to be copied, mount the filesystem on /mnt, change directory to /mnt, and use ufsdump/ufsrestore to copy the old filesystem to the new partition. When copying the root filesystem, follow the manpage, and run 'installboot' to make the disk bootable. Once completed change directory out of /mnt and unmount it. 4) Once all partitions are copied, you should be able to shut the system down, swap drives, and boot on the newly repartitioned "primary" drive. 5) Now all that's left is to repartition the new "secondary" drive, and recreate all the metadevices. When creating the metadevices, encapsulate all the partitions in their own metadevice, and initiate the mirrors with their primary halves, but wait on attaching secondaries until everything else is finished, or you going to be waiting extended periods of time, for syncing. With all the metadevices ready, you can metaroot the root filesystem, and then edit /etc/vfstab to switch swap and the other boot disk partitions to to their mirrors, and reboot the system. 6) With a successful reboot, and everything mounting as expected, you can now attach the mirror secondaries, and wait for them to sync. -----Original Message----- From: sunmanagers-bounces at sunmanagers.org [mailto:sunmanagers-bounces at sunmanagers.org] On Behalf Of Bigadmin Sent: Tuesday, April 15, 2008 9:26 PM To: sunmanagers at sunmanagers.org Subject: resizing or adding slice with format command Hello Sun Managers, We are trying to install Solaris 10 through jump start and then mirror 2 * 30 GB hard drives with solstice. 1- If we install solaris 10 with following profile, which swap is in second partition install_type initial_install system_type standalone # or it can be server partitioning explicit filesys rootdisk.s0 8000 / filesys rootdisk.s1 1000 swap filesys rootdisk.s4 1000 /tmp filesys rootdisk.s5 10000 /export/home cluster SUNWCall then later when run format to add 50 MB slice for solstice, we receive the following error: Select partitioning base: 0. Current partition table (unnamed) 1. All Free Hog Choose base (enter number) [0]? 0 Warning: Non-contiguous partition (0) in table. Warning: Overlapping partition (1) in table. Warning: Fix, or select a different partition table. 2- we changed the profile and put swap in first slice ,but When tried to add slice , we got error that there is no free hog to add a partition. What is the best way of partitioning Solaris so in future we can add slice Or increase the file system size. Any time we tried to change the slice size with format command , System become unbootable. Thanks for help _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Zahid.Naqvi at acxiom.com Mon Apr 21 09:51:48 2008 From: Zahid.Naqvi at acxiom.com (Naqvi Zahid - znaqvi) Date: Mon, 21 Apr 2008 08:51:48 -0500 Subject: SUMMARY: problems with df In-Reply-To: <6969396F8B05C24DB8DBA8B2A10F559E082210A7@CWYMSX02.Corp.Acxiom.net> References: <6969396F8B05C24DB8DBA8B2A10F559E082210A7@CWYMSX02.Corp.Acxiom.net> Message-ID: <6969396F8B05C24DB8DBA8B2A10F559E0822136F@CWYMSX02.Corp.Acxiom.net> Several individuals replied to this request, but the problem turned out to be internal. The server had sharity light (equivalent to smbfs in Linux) installed on it (that's what you get in a shared support environment). Sharity changes the mount options of /etc/mnttab, as in it get changed into a regular text file as opposed to a mntfs. Some Solaris commands, including df, can't work with the /etc/mnttab being a simple text file. Thanks to all who replied. Zahid *************************************************************************** The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please resend this communication to the sender and delete the original message or any copy of it from your computer system. Thank You. **************************************************************************** _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From sunhux at gmail.com Tue Apr 22 23:18:02 2008 From: sunhux at gmail.com (sunhux G) Date: Wed, 23 Apr 2008 11:18:02 +0800 Subject: Summary: cant boot up from Raid 1 disk Message-ID: <60f08e700804222018t3cefb7f4id57e61ed8ef02f32@mail.gmail.com> Thanks Hike, Sunmanagers.comverse & Tobias 1) it was suggested perhaps the CDROM alias is missing & we should try to boot up from the full path but it's not the issue here with our server. Anyway, the method is: ok *show-disks* . . . . . . . /pci at 1e,600000/ide at d/cdrom . . . . . . . q) NO SELECTION Enter Selection, q to quit: *q *{1} ok *boot **/pci at 1e,600000/ide at d/cdrom at 0,0:f* 2) Tried poweroff, wait a while & poweron/boot up from CDrom & still no joy 3) login as admin at ILOM & at Service Processor prompt, tried the following : -> showfaults -v ...(& note down UUID of the disabled memory channels)... -> enablecomponents (repeat for each channel) -> showfaults -v (this time all enabled) -> start /SP/console ok boot cdrom -s The server boots up but intermittently still 'hangs' & crashes to OBP (ok) but this time the memory channels are not disabled anymore (indicated by 'showfaults -v'). Called Sun & motherboard plus 2x1Gb DIMMS replaced. So far stable but we're running Sunvts diagnostics continuously for 2 days Tks U On 4/19/08, Tobias Nutt wrote: > > sunhux G wrote: > > Tried the following : > > As "boot" will attempt to boot from disk0, > we tried "boot disk1" at ok prompt & it failed > to boot too. > > Then at ok prompt, did "reset-all" & tried boot > from the disks (with both disks inserted) again > without any success. > > Then did "boot cdrom -s" & "raidctl -l c0t0d0" > showed "Sync" status. Then out of the blue, > the system crashed to a 0:0:0> prompt with > some messages (the last message was > "Init MMU"). > > After that we can't boot up from CDROM anymore. > > -> show /SYS/faultmgmt > showed all four memory channels were disabled > & probably this is the reason it can't boot from > CD anymore. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Harald.Husemann at materna.de Wed Apr 23 09:00:04 2008 From: Harald.Husemann at materna.de (Husemann, Harald) Date: Wed, 23 Apr 2008 15:00:04 +0200 Subject: SUMMARY: Library path corrupt after crle In-Reply-To: <480F158E.4040805@materna.de> References: <480F158E.4040805@materna.de> Message-ID: <480F32D4.1030801@materna.de> Hi agn, and thanks to all who answered! We tried several suggestions, and after some investigation we finally made it: It's enough to delete /var/ld/ld.config, as we supposed - but, since the machine was running SVM with a mirrored root, you have to do this on both submirrors. Hm, I'd supposed if I change something on one of the disks, SVM should detect this and update the mirror, but... Nevertheless, the machine is up & running without a new installation. Keep on hackin', Harald Husemann, Harald schrieb: > Hi gurus, > > one of my colleagues issued a wrong crle command (he forgot the -u) and > corrupted one of our systems. > The system crashed, and I can only boot Solaris failsafe now, the normal > OS starts without any problem, but login is impossible because of the > corrupted library path (system libraries are missing, and therefor, > login cannot run). > I was able to mount the system partition while in failsafe mode, and I > created both /var/ld/ld.config and /var/Ld/64/ld.config with crle and > default values. > But, it seems these are not read, the system is still unable to start > the login process... > Any clues? I'm running out of ideas, the last option is to install the > system again from scratch, and recover the data from tape, but I hope > there's a faster and easier way to fix it. > > System is a X2100 (AMD64) with Solaris 10 x86 Release 11/06. > > Thanks, > > and have a nice hackin', > > Harald -- Harald Husemann Netzwerk- und Systemadministrator Operation Management Center (OMC) MATERNA GmbH Information & Communications Westfalendamm 98 44141 Dortmund Geschdftsf|hrer: Dr. Winfried Materna, Helmut an de Meulen, Ralph Hartwig Amtsgericht Dortmund HRB 5839 Tel: +49 231 9505 222 Fax: +49 231 9505 100 www.annyway.com www.materna.com _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From aleks.feltin at sunsetwireless.fi Thu Apr 24 10:24:12 2008 From: aleks.feltin at sunsetwireless.fi (Aleks Feltin) Date: Thu, 24 Apr 2008 17:24:12 +0300 Subject: SUMMARY: Sun Cluster: metaclear: metadevice is open Message-ID: <20080424142412.GA7679@dev.scms.fi> Many thanks to those, who sent me replies. I was able to get the answer on opensolaris #ohac IRC channel. That was the fix: ======================= # metaset -s qfsset -w # metaset -q qfsset -j ======================= # metaclear -s qffset -a ... fuser and lsof didn't report that metadevice files were held by the processes. In fact I didn't try to reboot, but I believe after reboot I would be able to get rid of metadevices without help of these 2 additional commands. original message: >Hi, > >I had QFS on my cluster (3.2u1 SPARC). I wanted to remove it after testing. > >1. unmounted samfs type filesystems >2. deleted entries from vfstab >3. deleted NFS resource group, containing QFS resource >4. Removed SUNW qfs pakcages > >Now I want to remove multi-owner SVM diskset from a cluster. > >[root at callisto:~]# metaset > >Multi-owner Set name = qfsset, Set number = 1, Master = callisto > >Host Owner Member > callisto multi-owner Yes > leda multi-owner Yes > >Drive Dbase > >d18 Yes > >d41 Yes > >[root at callisto:~]# cldg show > >=== Device Groups === > >Device Group Name: qfsset > Type: Multi-owner_SVM > failback: false > Node List: callisto, leda > preferenced: false > numsecondaries: 0 > diskset name: qfsset > >When trying to remove all diskset metadevices: > >[root at callisto:~]# metaclear -s qfsset -a >Proxy command to: leda >metaclear: leda: qfsset/d411: metadevice is open > >This fails for every metadevice while trying do delete one by one. I checked >with lsof and found no references for metadevices. >I want to get rid of this SVM multi-master diskset without rebooting the node. >Please advise, what should I do. > >-- >A > >[demime 1.01b removed an attachment of type application/pgp-signature which had a name of signature.asc] >_______________________________________________ >sunmanagers mailing list >sunmanagers at sunmanagers.org >http://www.sunmanagers.org/mailman/listinfo/sunmanagers -- A [demime 1.01b removed an attachment of type application/pgp-signature which had a name of signature.asc] _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From rumbiles at yahoo.com Fri Apr 25 03:38:29 2008 From: rumbiles at yahoo.com (rumbidzayi gadhula) Date: Fri, 25 Apr 2008 00:38:29 -0700 (PDT) Subject: SUMMARY: moving users to another system on solaris 8 Message-ID: <709847.9085.qm@web54401.mail.yahoo.com> Thank you to all who responded. The consensus was that it is possible. I ddi cop the three files , passwd, shadow and group. I also took the precaution of removing the passwords in the shadow file since the servers I am copying to will only be used by a few users. Thanks once again. rumbieg rumbi rumbiles at my site --------------------------------- Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From plaws at ou.edu Fri Apr 25 10:56:58 2008 From: plaws at ou.edu (Peter Laws) Date: Fri, 25 Apr 2008 09:56:58 -0500 Subject: SUMMARY: Netmask issue on SunOS ... 4.1.1! Message-ID: <4811F13A.6070407@ou.edu> Fixed! Best answer was from Matthew Stier (below) right out of the sunhelp.org FAQ I should have consulted in the first place. Several others had the goods, too, including a fellow admin here. THANKS TO ALL of you for your rapid replies! Many folks believed that SunOS 4.x can not deal with VLSM. Not true! And it *can* be set in /etc/netmasks (some suggested hardwiring in rc.local). The trick is that you list the Class B network number (no trailing zeros) and then the netmask. Don't try to out-think it like I did and put in the full network number. I deleted the 3rd octet from /etc/netmasks, rebooted, and all was well. One caveat for 4.1.1, at least without patches: ifconfig will show the Olde Style broadcast address, i.e. the all-zeroes version, not the all-ones version. Yep, looks just like the network number. Works OK though and I'm now sharing data from the massive 1000 MB external disk to the net. :-) Many thanks, all! Peter From: Matthew Stier To: Laws, Peter C. www.sunhelp.org/faq/routing.html 3.8: How to Set a Netmask under SunOS In order to include a permanent netmask on your SunOS machine, you must make an entry in the /etc/netmasks file, in the following format: network-address-without-zeroes netmask For example: %%%% cat /etc/netmasks 150.101 255.255.255.0 The above would subnet the class B network, 150.101.0.0, into 254 subnets, from 150.101.1.0 to 150.101.254.0. It is important to note that the entry in the left hand column must be the original base network number (ie # for a Class A, #.# for a Class B and #.#.# for a Class C), not the subnet. Peter Laws wrote: > First, I can't believe I'm back here after all these years. Is Casper D > still lurking? :-) > > Anyway, I'm helping out (read: one of the few that's ever seen an SS2) with > a SPARCstation 2 connected to an Acoustic Scanning Microscope. It runs > 4.1.1 (unpatched, AFAIK) and the folks that own it have a burning desire to > share out its disk on the network. > > Yes, I warned them. > Yes, I commented out most stuff in inetd.conf. > Yes, we found a transceiver. :-) > > Anyway, address is on a /21 network. I think I have the right stuff in > /etc/netmasks, but when it reboots, I get a /16 (our address block really > is an old Class B). > > Ideas? > > I'll summarize (like anyone would care! :-) > > Thanks! > > -- Peter Laws / N5UWY National Weather Center / Network Operations Center University of Oklahoma Information Technology plaws at ou.edu ----------------------------------------------------------------------- Feedback? Contact my director, Craig Cochell, craigc at ou.edu. Thank you! [demime 1.01b removed an attachment of type text/x-vcard which had a name of plaws.vcf] _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From whittemo at flash.ast.lmco.com Fri Apr 25 13:10:41 2008 From: whittemo at flash.ast.lmco.com (Dale Whittemore) Date: Fri, 25 Apr 2008 11:10:41 -0600 Subject: SUMMARY:Remote System Control s/w for Sun Fire V215's ? In-Reply-To: <48120207.2020705@mailhost.ast.lmco.com> References: <48120207.2020705@mailhost.ast.lmco.com> Message-ID: <48121091.5030503@mailhost.ast.lmco.com> Problem is fixed. Jeff Marble pointed me to /usr/platform/SUNW,Sun-Fire-V215/sbin/scadm which is a link to /usr/platform/SUNW,Sun-Fire-V240/sbin/scadm. Used the 'resetrsc' command and after a minute was able to ping the NET MGT port and login to the remote console. If this were the forums, he would get 10 points out of 10. Dale Dale Whittemore wrote: > Is there software that you can install on a V215 similar to the Sun > Remote System Console software you can install on V480R's to control the > rsc from the command line? Currently, on our V215's, if we have a > network outage, it locks the NET MGT port and we either have to power > off the box or find a laptop with a DB9 serial port to do the resetsc > command to get it working again. We would like to be able to reset from > a login session on the V215. These systems are rack mounted and not > easy to get to. > > Thanks > > Dale Whittemore > Lockheed Martin Enterprise Services > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From kburtch+sunm at gmail.com Fri Apr 25 17:12:31 2008 From: kburtch+sunm at gmail.com (Kevin Burtch) Date: Fri, 25 Apr 2008 17:12:31 -0400 Subject: SUMMARY: Is using stdin to read a passphrase into ssh-add possible? Message-ID: I tried it on a command line and in a shell script with no luck before posting. What I _didn't_ try is running it via "cron" or "at"... that did the trick by disassociating it from the tty. In case anyone is curious, the script is essentially as follows (fetchpw is pseudocode that grabs the pw from the appliance): #!/bin/sh SSH_AGENT_PID=30447 SSH_AUTH_SOCK=/tmp/ssh-muimL30446/agent.30446 export SSH_AGENT_PID SSH_AUTH_SOCK fetchpw | ssh-add .ssh/id_rsa Many thanks to Crist Clark for the clue (email omitted out of respect for privacy): > Ssh-add will read the passphrase from stdin if there is no > terminal associated with the process. > > The most simple way I manually start a process with no tty > is to just run the command within a "batch" command. That's > not as easy when you want to be automated. > > The trick is for a program to make itself a new session, i.e. > do the setsid(2) call. This will lose the terminal. I'm not > aware of a convenient way to so this from within a shell. You > could make a simple wrapper program to do this. Regards, Kevin On Fri, Apr 25, 2008 at 11:14 AM, Kevin Burtch wrote: > Since the Solaris version of ssh-add does not support the -p > parameter, it does not appear it is possible to have ssh-add read the > key passphrase from stdin. > > I would like to be able to do this for reasons beyond the scope of > this request, but suffice it to say the passphrase will be provided by > a hardened appliance and that this is for the automatic startup of a > service that requires repeated authentications (hence, the desired use > of ssh-agent). > > Of course I tried the obvious, but stdin is completely ignored as the > program attaches to the terminal directly. > > I know I've seen a way around this before, but cannot remember the solution. > Does anyone know a way around this? > > Thanks to anyone who might be able to help. > > > Regards, > Kevin _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From mnjwestover at gmail.com Sun Apr 27 21:31:36 2008 From: mnjwestover at gmail.com (Matthew Westover) Date: Sun, 27 Apr 2008 19:31:36 -0600 Subject: SUMMARY: Cannot register VxVM 4.1 disk group with Sun Cluster 3.1 Message-ID: <3bb293dd0804271831x3167bf44kc1a2c542c52252a0@mail.gmail.com> Well, as in most things, the trick to getting the answer is knowing the right question to ask. I assumed that since the volume created and it wouldn't register the disk groups that it was a Cluster issue. As it turns out, it's more of an interfacing problem between Cluster and VxVM similar to the ones with EMC storage. I installed the maintenance pack 2 for VxVM 4.1 plus Cluster 3.1 VxVM patchand I was able to register the disk group. The only remaining trick was for any disk group with layered volumes; the disk group had to be registered before volumes were layered and then synced after the layered volume creation. The two patches that I installed were: 117080-07 124358-05 Thanks to Simon for responding on the issue. On Sat, Apr 26, 2008 at 9:54 AM, Matthew Westover wrote: > Gurus, > > I have a two-node cluster running Solaris 8 02/04 with Sun Cluster 3.1 > and Veritas Storage Foundation 4.1 on SunFire V240s with 2 SCSI cards > and a SysKonnect dual-port fiber ethernet card. Attached storage is 2 > dual-hosted 3320 raid controller with 2 attached JBODs. (1 each) I've > installed all Cluster 3.1 (for Solaris 8) patches at this point and > I'm still seeing the issues. > > In the interest of full disclosure, I was unable to get sccheck to run > successfully. When running on verbosity level 2, I see that it starts > the single-node checks and hangs. The big issue I have, however is > that when I attempt to register a VxVM disk group, I get the > following: > > # scconf -a -D type=vxvm,name=orahaC1dgA,nodelist=node1:node2,preferenced=true,failback=disabled > > I get two messages on the "primary" node (First node booted since last > shutdown) and one on the node I'm running the command on: (sometimes > the same) > > The message on the executing node is: > > scconf: Failed to perform an add operation on a device group > (orahaC1dgA) - unexpected error > > The two messages on the "primary" node are: > > ==> WARNING: Apr 26 08:25:36 node1 cl_runtime: DCS: Error writing > elements to service table > ==> WARNING: Apr 26 08:25:36 node1 cl_runtime: Error writing out > service 36 to CCR. > > Tried deporting from one system to another, attempted to access > outside of cluster, but unable to see the disk groups. vxio is the > same major number as well as the rest of Vx modules in > /etc/name_to_major. Out of ideas and places to look. Although I do > have Veritas Storage Foundation, I've uninstalled in the VCS and VVR > products since I didn't plan on using them. I've heard mention of > direct sharing of volume manager from the "cluster feature" in Veritas > Storage Foundation, I'm not sure if this is done through VCS or a > different product. > > Can't find any messages under /var/cluster/logs, and the same messages > above appear in /var/adm/messages. Please help! Will post summary when > resolved since I've seen the issue elsewhere on web/groups without > resolution. > > Matthew Westover _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From lhecking at users.sourceforge.net Mon Apr 28 08:13:51 2008 From: lhecking at users.sourceforge.net (Lars Hecking) Date: Mon, 28 Apr 2008 13:13:51 +0100 (IST) Subject: SUMMARY: Gfx card and resolution In-Reply-To: <20080426155721.3A8DCC3A6@cork.irdesign.cypress.com> References: <20080426155721.3A8DCC3A6@cork.irdesign.cypress.com> Message-ID: <20080428121351.A0D4EC348@cork.irdesign.cypress.com> Thanks to Matthew Stier who reminded me that a reconfiguration boot is needed. The required packages TSIpgx/TSIpgxw were installed already. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From bgbeaird at sbcglobal.net Mon Apr 28 09:40:45 2008 From: bgbeaird at sbcglobal.net (Gene Beaird) Date: Mon, 28 Apr 2008 08:40:45 -0500 Subject: SUMMARY: OT: Looking for old documentation In-Reply-To: References: Message-ID: Even though off-topic, I thought I'd summarize, since this list just ROCKS!! Thanks to: J. Oquendo, who directed me to the Wayback machine: http:// www.archives.org. I did find some stuff, and need to re-visit to dive deeper, but it is a nice source when looking for old material. Matt Stier - Who pointed out that some google skills can ferret out web info from the deep, dark recesses of the internet: google +site:funk.com steel-belted radius This returned numerous Windows TechNotes. While I was looking specifically for Unix-based info, this source could help in a pinch, and was added to my support documentation. Rich Kulawiec - Who had documentation _and_ CDs laying around his office for ver. 2 of SBR. While not the version the customer is running, it is certainly closer to what the customer has than what we're finding on the web. Since they didn't use SBR where he was, Rich mailed the documentation to me and it now resides in our library should the system fail in the future. Thank you all! Regards, Gene Beaird Pearland, Texas > 5. OT: Looking for old documentation (Gene Beaird) > > ------------------------------ > > Message: 5 > Date: Thu, 10 Apr 2008 14:14:35 -0500 > From: Gene Beaird > Subject: OT: Looking for old documentation > To: sunmanagers at sunmanagers.org > Message-ID: <0C12DC17-8A2A-4B65-B510-2BDB781DA68C at sbcglobal.net> > Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed > > I apologize for the off topic listing, but this is a request for > information for software on a Sun server running Solaris 8. In our > environment, we have an old system that is running Funk Steel-Belted > Radius. I think it is version 1.5. Funk Software was sold many > years ago to Juniper Networks. They do list documentation for Steel- > Belted Radius, but only go back to version 5.3. While I can probably > pick through that documentation, it would be much better if I can get > the administration documentation for that correct version. > Additionally, others may need the documentation when they are on call. > > Might anyone on this list have an electronic copy of the older > version I could acquire? Failing that, is anyone familiar enough > with Steel-Belted Radius that then can verify little or no > differences between versions, at least from the support/ > troubleshooting end? Thank you, all for the help and patience. > > Regards, > > Gene Beaird, CISSP, > Unix Support Engineer, > Houston, Texas _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From mike at last.fm Mon Apr 28 12:25:42 2008 From: mike at last.fm (Mike Brodbelt) Date: Mon, 28 Apr 2008 17:25:42 +0100 Subject: SUMMARY: X2100 problems In-Reply-To: <4811DF1A.9030102@last.fm> References: <4811DF1A.9030102@last.fm> Message-ID: <4815FA86.7030204@last.fm> Thanks to the people who responded on this one. I still haven't solved the problem, however I have found some more info. The best suggestion was a firmware update, and I have now updated one of the systems in question to the latest firmware version, which updates the SP and BIOS. Sun's product notes for the X2100 M2[1] identify as a problem a service processor reset when issuing a remote power-on command. Their suggested fix is to upgrade to version 1.3 or later. Having upgraded to 1.4, I'm still seeing the issue, so I'm less than convinced, and I have an open service call with Sun to try and get this resolved. My particular machines are all configured with the optional LSI logic SAS RAID card, and 2 10k rpm 146Gb SAS disks - it's possible that the problem may only be visible with certain hardware configurations. If there's anyone else out there with an X2100, please test, and see if yours exhibits the same problem..... Mike [1]http://dlc-cdn-rd.sun.com/c1/pdf/819-6594-16/819-6594-16.pdf?e=1209140918&h=b5443ce4fa4b09d221025a78ece635db _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Richard.Wooden at ssa.gov Mon Apr 28 13:41:29 2008 From: Richard.Wooden at ssa.gov (Wooden, Richard) Date: Mon, 28 Apr 2008 13:41:29 -0400 Subject: SUMMARY: HBA Replacement in S10 on V880 attached to 3910 array In-Reply-To: References: Message-ID: Well I only got one response that said the procedures should work. But I decided to see what happens when you just shut the server down and replace the card without any administration whatsoever. Nothing happened other than the system came up without problems. I even pulled the fiber cable out of one of the remaining original cards and everything was fine. One less procedure I have to re-write. Later Allen Wooden Solaris System Administrator Lockheed Martin DMA Production Support NCC: 410-966-0919 #include > -----Original Message----- > From: sunmanagers-bounces at sunmanagers.org > [mailto:sunmanagers-bounces at sunmanagers.org] On Behalf Of > Wooden, Richard > Sent: Thursday, April 17, 2008 1:04 PM > To: sunmanagers at sunmanagers.org > Subject: HBA Replacement in S10 on V880 attached to 3910 array > > I'm looking for some guidance on procedures to replace an HBA > under S10. > > I have an old procedure for S8 but apparently with S10 things seem to > be more dynamically configured. > > V880 - s10s_u3wos_10 SPARC > 3910 - Storage Array. > 2 ISP 2200 Cards. > VxVM 4.1 > mpxio disabled (using vx dmp) > > I'm thinking of... > > in single-user: > 1. dismount, stop and deport the vx diskgroups. > 2. cfgadm unconfigure > 3. devfsadm -C > 4. power off and replace card. > 5. boot -r > 6. cfgadm configure > 7. devfsadm -v > 8. vxdctl enable > 9. import and start the volumes. > 10. mountall > > > Does that make sense or should I be doing something completely > different? > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From William.Sirinek at alltel.com Mon Apr 28 16:22:30 2008 From: William.Sirinek at alltel.com (William.Sirinek at alltel.com) Date: Mon, 28 Apr 2008 15:22:30 -0500 Subject: SUMMARY: unable to install flash archive via network-based jumpstart References: Message-ID: I configured name-service=DNS in my sysidcfg file and sudden;y the install worked. I was using ip addresses only before, but apparently setting name_service=NONE "disables networking" according the the manual. The install client has filesystems mounted from the install server, so I'm still not sure why the flash archive wouldnt mount, but I'm fine with setting up DNS in the sysidcfg. Bill -----Original Message----- From: Sirinek, William Sent: Monday, April 28, 2008 3:26 PM To: 'sunmanagers at sunmanagers.org' Subject: unable to install flash archive via network-based jumpstart I'm having a difficult time loading a flash archive image onto a system via jumpstart. I built a box and then created a flash archive of it immediately. Now I am trying to load it onto the same physical piece of hardware via custom jumpstart. OS initial installs via the network from this jumpstart setup work great though. Anyone seen this before? I have scoured google and docs.sun.com as usual, but not really come up with anything useful. Thanks Bill Here's my profile: -------------------------- install_type flash_install archive_location nfs 10.153.75.137:/flash_archive/billsbox-test.flar partitioning explicit filesys rootdisk.s0 15120 / filesys rootdisk.s1 1:2849 swap filesys rootdisk.s2 all overlap filesys rootdisk.s3 10240 /opt filesys rootdisk.s4 10240 /var filesys rootdisk.s5 free metadb c0t0d0s7 -------------------------- If I try and specify a retry value in the archive_location, as the Documentation says you can, I get an error, so I leave it out: Error in file "Profiles/ACI_flash_restore.profile", line 2 archive_location nfs 10.153.75.137:/flash_archive/billsbox-test.flar retry 5 ERROR: Too many arguments for this keyword Here's my sysidcfg: ------------------------- system_locale=en_US timezone=US/Central network_interface=primary {netmask=255.255.252.0 protocol_ipv6=no default_route=10.153.69.1} terminal=vt100 security_policy=NONE name_service=NONE timeserver=localhost root_passwd='blahblahblah' ------------------------- Here's what happens when jumpstart tries to load the image: Please wait while the system is configured with your settings... Generating software table of contents [this may take a few minutes...] Table of contents complete. Starting Solaris installation program... Searching for JumpStart directory... Using rules.ok from 10.153.69.98:/export/install/jass. Checking rules.ok file... Using profile: Profiles/ACI_flash_restore.profile Executing JumpStart preinstall phase... Searching for SolStart directory... Checking rules.ok file... Using begin script: install_begin Using finish script: patch_finish Executing SolStart preinstall phase... Executing begin script "install_begin"... Begin script install_begin execution completed. Processing default locales - Specifying default locale (en_US.ISO8859-1) Processing profile - Opening Flash archive ERROR: Could not mount 10.153.75.137:/flash_archive/billsbox-test.flar ERROR: Flash installation failed # ---------------------------- So I'm dropped to a root prompt. I poke around and here's some info. My server is on the 10.153.69 network and the NAS which has the flar images is on 10.153.75 and sharing the flash_archive directory ro,anon=0. I'm able to mount the filesystem via nfs manually, so I dont think the problem is network-related. The jumpstart server is running Solaris 10 08/07. I am booting a Solaris 9 09/04 kernel to try and do this flash_install. The flar file is of a Solaris 9 09/04 system patched with a R&S bundle no more than a few months old. # ifconfig fjgi1 fjgi1: flags=1000863 mtu 1500 index 1 inet 10.153.69.158 netmask fffffc00 broadcast 10.153.72.255 ether 0:b:5d:fa:69:13 # netstat -nr Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- 10.153.69.0 10.153.69.158 U 1 2 fjgi1 224.0.0.0 10.153.69.158 U 1 0 fjgi1 default 10.153.69.1 UG 1 2 127.0.0.1 127.0.0.1 UH 1 0 lo0 # mount 10.153.75.137:/flash_archive /mnt # df -k /mnt Filesystem kbytes used avail capacity Mounted on 10.153.75.137:/flash_archive 302511984 57759832 244752152 20% /mnt # ls -l /mnt/billsbox-test.flar -rw-r--r-- 1 root root 2293177526 Apr 9 12:21 /mnt/billsbox-test.flar # flar info /mnt/billsbox-test.flar archive_id=92ebb0a6e54809bce9f1c596007cb568 files_archived_method=cpio creation_date=20080409191600 creation_master=billsbox content_name=billsbox-test creation_node=billsbox creation_hardware_class=sun4us creation_platform=FJSV,GPUZC-M creation_processor=sparc creation_release=5.9 creation_os_name=SunOS creation_os_version=Generic_122300-11 files_compressed_method=none files_archived_size=2293172397 content_architectures=sun4us type=FULL # ***************************************************************************** ************* The information contained in this message, including attachments, may contain privileged or confidential information that is intended to be delivered only to the person identified above. If you are not the intended recipient, or the person responsible for delivering this message to the intended recipient, Alltel requests that you immediately notify the sender and asks that you do not read the message or its attachments, and that you delete them without copying or sending them to anyone else. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From sunhux at gmail.com Sat Apr 26 00:33:33 2008 From: sunhux at gmail.com (sunhux G) Date: Sat, 26 Apr 2008 12:33:33 +0800 Subject: Summary: How to verify if a Tcp port/service is in use Message-ID: <60f08e700804252133j2bc35d33h7df8e2312e8bf47f@mail.gmail.com> Thanks a lot. I'll use a combination of A & B. "netstat -an" will show all the ports including those "listening", "established" but it's the "established" ones that indicate the port is being used : These have answered my question of how to differentiate between a telnet & an ssh access to the server. A) Lsof shows list of open files , but with lsof -i:80 you will see if port 80 is in use or not - not only tell you if it's in use, but it'll tell you what's using it B) 'netstat -f inet' will show you all IPv4 ports in use; 'netstat -P tcp' shows you all TCP sockets in use, regardless of address family. You could probably cron it to run every few minutes, dump the output to a file, and with a little grepping get a list of all ports used over the next few days C) >From another machine use nmap and nmapfe D) netstat -an | awk '$1~ /\*\./ { print $0 }' Tks U On 4/25/08, sunhux G wrote: > > Hi > > > On a production server, how could I find out if a Tcp port/service > is in use? > > I plan to disable the service for audit purpose but do not want > to disrupt a needed service & there's no historical document > on the servers that I took over. > > > Will tcpwrappers help? Probably not in time for me to install > tcpwrappers as it needs to run for a week or two to get the > results but the audit issues need to close in a week's time. > > "last" command can't differentiate between a telnet & ssh > login, or can it? > > I've got some replies from Ric & Chris earlier for ftp & telnet > & Apache (which I'll summarize on Monday). Now there's > more services like : > > 100146/1 tli rpc/ticotsord /usr/lib/security/amiserv > 100147/1 tli rpc/ticotsord /usr/lib/security/amiserv > 100235/1 tli rpc/ticotsord /usr/lib/fs/cachefs/cachefsd > ufsd/1 tli rpc/* wait root /usr/lib/fs/ufs/ufsd > > > Thanks vm > U _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From scottd at HanoverDirect.com Tue Apr 29 08:58:02 2008 From: scottd at HanoverDirect.com (Deiter, Scott) Date: Tue, 29 Apr 2008 08:58:02 -0400 Subject: SUMMARY: Lost th gigabit nic In-Reply-To: References: Message-ID: Thanks for all the responses. Sure enough the ce1 interface is now active. We looked at the path_to_inst file and then plumbed the ce1 interface. Zero must have gotten tired over the years. Scott Deiter System Administrator Hanover Direct, Inc. Hanover, PA Voice: 717-633-3298 _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From cbarnar1 at earthlink.net Wed Apr 30 19:22:15 2008 From: cbarnar1 at earthlink.net (Christopher L. Barnard) Date: Wed, 30 Apr 2008 18:22:15 -0500 Subject: SUMMARY: Getting NFSv4 query to not interrupt a jumpstart In-Reply-To: <54C2DEC0-AF45-4D8D-ACC5-C09B8A5D8C5D@earthlink.net> References: <54C2DEC0-AF45-4D8D-ACC5-C09B8A5D8C5D@earthlink.net> Message-ID: I asked: > I recently downloaded the 05/08 image of Solaris 10 from Sun. I can > jumpstart servers from that image, however the automatic installation > is disturbed by the interactive question > > NFSv4 Domain Name > ------------------------------------------------------------------------------- > > NFS version 4 uses a domain name that is automatically derived from > the > system's naming services. The derived domain name is sufficient for > most > configurations. In a few cases, mounts that cross domain boundaries > might > cause files to appear to be owned by "nobody" due to the lack of a > common > domain name. > > The current NFSv4 default domain is: "test.rpslmc.edu" > > > NFSv4 Domain Configuration > > --------------------------------------------------------------------------------------------- > [X] Use the NFSv4 domain derived by the system > [ ] Specify a different NFSv4 domain > > I see in the archives how to define this in Finish so that it is not > asked upon the first boot, but I don't see how to set it in the > sysidcfg (or anywhere else for that matter) on my jumpstart server. > Has anyone successfully configured their jumpstart server to > automatically answer this question? The answer: very simple. i added nfs4_domain= dynamic to my sysidcfg file. Jumpstart no longer queries me for the NFSv4 Domain Configuration. Thanks To: Ryan Anderson, Eric Ham, Paul Henson, Matthew Stier, Tom Schmidt, Richard Lacroix, Nick Bone, Greg Marsh, Gerard Henry, Richard Skelton, and Jeff Marble > Christopher L. Barnard > cbarnar1 at earthlink.net > ----------------------------------------------------------------------- > When I was a boy, I was told that anyone could be president. Now I > am > beginning to believe it. -- Clarence > Darrow _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers