Archive for the ‘Solaris’ Category.
November 14, 2008, 11:59 am
I never remember how to make Solaris ping show the time of each ping, like GNU Ping does, without any arguments the output is like:
% ping foo
foo is alive
%
If you want to see the time of each ping, use -s which makes it more like the GNU Ping you find on linux:
% ping -s foo
PING foo: 56 data bytes
64 bytes from foo.somedomain.com (10.44.101.16): icmp_seq=0. time=0. ms
64 bytes from foo.somedomain.com (10.44.101.16): icmp_seq=1. time=0. ms
^C
----foo PING Statistics----
2 packets transmitted, 2 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/0
%
That is all.
August 21, 2007, 8:59 pm
To restart things run:
# svcadm restart ssh
To list the currently known svcs use:
# svcs
Sun have a nice guide here on their BigAdmin site.
August 21, 2007, 8:56 pm
I’ve recently been caught out whilst trying to change the IP on a Solaris 10 machine. It used to be the /etc/hostname.pcn0 (or whatever type of interface it was) had o match the entry in /etc/hosts. Now it seems this isn’t the only place you need to make the change, you also need to change the IP in /etc/inet/ipnodes as-well, which is the same format as /etc/hosts
September 1, 2006, 6:36 am
I’ve just been setting up a Solaris 10 machine to authenticate from a OpenLdap directory, this is the command I used to make it work, note that the IP on the end is the IP of the directory server
# ldapclient manual -v \\
-a defaultsearchbase=dc=riviera,dc=org.uk \\
-a domainname=riviera.org.uk \\
192.168.254.100
The output produced is shown below
Parsing defaultsearchbase=dc=riviera,dc=org.uk
Parsing domainname=riviera.org.uk
Arguments parsed:
defaultSearchBase: dc=riviera,dc=org.uk
domainName: riviera.org.uk
defaultServerList: 192.168.254.100
Handling manual option
Proxy DN: NULL
Proxy password: NULL
Authentication method: 0
Authentication method: 0
No proxyDN/proxyPassword required
About to modify this machines configuration by writing the files
Stopping network services
Stopping sendmail
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: sleep 400000 microseconds
stop: network/smtp:sendmail... success
Stopping nscd
stop: sleep 100000 microseconds
stop: system/name-service-cache:default... success
Stopping autofs
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: sleep 400000 microseconds
stop: sleep 800000 microseconds
stop: sleep 1600000 microseconds
stop: sleep 3200000 microseconds
stop: system/filesystem/autofs:default... success
Stopping ldap
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: network/ldap/client:default... success
nisd not running
nis(yp) not running
Removing existing restore directory
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: stat(/var/nis/NIS_COLD_START)=-1
file_backup: No /var/nis/NIS_COLD_START file.
file_backup: nis domain is "riviera.org.uk"
file_backup: stat(/var/yp/binding/riviera.org.uk)=-1
file_backup: No /var/yp/binding/riviera.org.uk directory.
file_backup: stat(/var/ldap/ldap_client_file)=0
file_backup: (/var/ldap/ldap_client_file -> /var/ldap/restore/ldap_client_file)
file_backup: (/var/ldap/ldap_client_cred -> /var/ldap/restore/ldap_client_cred)
Starting network services
start: /usr/bin/domainname riviera.org.uk... success
start: sleep 100000 microseconds
start: sleep 200000 microseconds
start: sleep 400000 microseconds
start: sleep 800000 microseconds
start: sleep 1600000 microseconds
start: sleep 3200000 microseconds
start: sleep 6400000 microseconds
start: sleep 12800000 microseconds
start: sleep 25600000 microseconds
start: sleep 51200000 microseconds
start: network/ldap/client:default... success
start: sleep 100000 microseconds
start: sleep 200000 microseconds
start: sleep 400000 microseconds
start: system/filesystem/autofs:default... success
start: sleep 100000 microseconds
start: system/name-service-cache:default... success
start: sleep 100000 microseconds
start: sleep 200000 microseconds
start: sleep 400000 microseconds
start: network/smtp:sendmail... success
restart: sleep 100000 microseconds
restart: sleep 200000 microseconds
restart: milestone/name-services:default... success
System successfully configured
#
Then test that this is indeed working:
# grep rk295 /etc/passwd
# getent passwd | grep rk295
rk295:x:512:512::/home/rk295:/bin/bash
#
I found that after this had finished, hostname resolution no longer worked. Looking inside /etc/nsswitch.conf I found that the hosts entry had been changed to:
hosts: ldap [NOTFOUND=return] files
I do not use LDAP for hostname resolution so I had to change this back to:
hosts: files dns
And similarly the networks line was the same so I had to change that to use files dns as well.
At this point you can query LDAP using getent but you still need to configure PAM to use it for authentication etc. To do this you need to make some changes to /etc/pam.conf. Principally these changes involved telling it should fall back to LDAP if it doesnt match your credentials against the local files. My edited pam.conf is shown below, the lines which I have edited or added are shown in red.
#
#ident "@(#)pam.conf 1.28 04/04/21 SMI"
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# PAM configuration
#
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
#
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth sufficient pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
login auth required pam_ldap.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth sufficient pam_unix_auth.so.1
rlogin auth required pam_ldap.so.1
#
# Kerberized rlogin service
#
krlogin auth required pam_unix_cred.so.1
krlogin auth binding pam_krb5.so.1
krlogin auth required pam_unix_auth.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_cred.so.1
#
# Kerberized rsh service
#
krsh auth required pam_unix_cred.so.1
krsh auth binding pam_krb5.so.1
krsh auth required pam_unix_auth.so.1
#
# Kerberized telnet service
#
ktelnet auth required pam_unix_cred.so.1
ktelnet auth binding pam_krb5.so.1
ktelnet auth required pam_unix_auth.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_unix_cred.so.1
ppp auth sufficient pam_unix_auth.so.1
ppp auth required pam_dial_auth.so.1
ppp auth required pam_ldap.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth sufficient pam_unix_auth.so.1
other auth required pam_ldap.so.1
#
# passwd command (explicit because of a different authentication module)
#
passwd auth sufficient pam_passwd_auth.so.1
passwd auth required pam_ldap.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account sufficient pam_ldap.so.1
other account requisite pam_roles.so.1
other account required pam_unix_account.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
#
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#
Now you should be able to su to a user whose credentials are stored only in ldap.
October 26, 2005, 12:16 pm
On solaris mounting a .iso via loopback is a little different to linux, first you need to use lofiadm to add a file as a loopback device, then you can mount it in the normal way. An example is below:
# lofiadm -a /u01/tmp/java_es_05Q1-ga1-solaris-x86-1.iso /dev/lofi/1
# mount -F hsfs -o ro /dev/lofi/1 /mnt/jes/1/
December 2, 2004, 1:48 am
If you need to find the slot that a disk is in from a given logical name (c3t3d0) you can follow this document from sun. I’ve mirrored the important bits below incase it disapears
-
Determine the UNIX physical device name from the SCSI error message.
SCSI error messages are typically displayed in the system console
and logged in the /usr/adm/messages file.
WARNING: /pci@6,4000/scsi@4,1/sd@3,0 (sd228)
Error for Command: read(10) Error level: Retryable
Requested Block: 3991014 Error Block: 3991269
Vendor: FUJITSU Serial Number: 9606005441
Sense Key: Media Error
ASC: 0x11 (unrecovered read error), ASCQ: 0x0, FRU: 0x0
In the example SCSI error message above, the UNIX physical device name is /pci@6,4000/scsi@4,1/sd@3.
-
Determine the UNIX logical device name by listing the contents of
the /dev/rdsk directory.
Use the grep command to filter the output for any occurrence of
the UNIX physical device name determined in Step 1:
% ls -l /dev/rdsk | grep /pci@6,4000/scsi@4,1/sd@3
lrwxrwxrwx 1 root root 45 Jan 30 09:07 c12t3d0s0 ->
../../devices/pci@6,4000/scsi@4,1/sd@3,0:a,raw
lrwxrwxrwx 1 root root 45 Jan 30 09:07 c12t3d0s1 ->
../../devices/pci@6,4000/scsi@4,1/sd@3,0:b,raw
lrwxrwxrwx 1 root root 45 Jan 30 09:07 c12t3d0s2 ->
../../devices/pci@6,4000/scsi@4,1/sd@3,0:c,raw
lrwxrwxrwx1 root root 45 Jan 30 09:07 c12t3d0s3 ->
../../devices/pci@6,4000/scsi@4,1/sd@3,0:d,raw
lrwxrwxrwx 1 root root 45 Jan 30 09:07 c12t3d0s4 ->
../../devices/pci@6,4000/scsi@4,1/sd@3,0:e,raw
lrwxrwxrwx 1 root root 45 Jan 30 09:07 c12t3d0s5 ->
../../devices/pci@6,4000/scsi@4,1/sd@3,0:f,raw
lrwxrwxrwx 1 root root 45 Jan 30 09:07 c12t3d0s6 ->
../../devices/pci@6,4000/scsi@4,1/sd@3,0:g,raw
lrwxrwxrwx 1 root root 45 Jan 30 09:07 c12t3d0s7 ->
../../devices/pci@6,4000/scsi@4,1/sd@3,0:h,raw
The resulting output indicates the associated UNIX logical device name.
In this example, the logical device name is c12t3d0
-
Determine the disk slot number using the prtconf command.
Substitute the string disk@ for sd@ in the physical device name determined in Step 1. The result in this example is
/pci@6,4000/scsi@4,1/disk@3.
Use the grep command to find this name in the output of the
prtconf command:
% prtconf -vp | grep /pci@6,4000/scsi@4,1/disk@3
slot#11: '/pci@6,4000/scsi@4,1/disk@3'
September 28, 2004, 6:58 am
I was recently setting up a Jumpstart server and when I ran the setup_install_server script in Solaris_9/Tools I was getting:
ERROR: /cdrom/sol_9_sparc/s0/Solaris_9/Tools/Boot is not a valid install boot image
Check that boot image is valid, or use [-t]
to specify a valid boot image.
The solution is to restart the vold service which can be done with a simple:
# /etc/init.d/volmgt stop
# /etc/init.d/volmgt start
Thanks to Nicholas for pointing this out to me.
August 6, 2003, 3:11 am
just because i can never remember them
- 5 is reboot
- 6 is power-off
April 16, 2003, 1:12 am
Sun machines with solaris have a nasty tendancy to halt when you remove the keyboard or the serial cable while they are running.
This behaviour can be stopped by editing /etc/default/kbd and changing the value of KEYBOARD_ABORT to disable.