Cover V10, I01
Article

jan2001.tar


Questions and Answers

Jim McKinstry and Amy Rich

Q Does AIX have support for IP aliasing through SMIT?

A Prior to AIX 4.3, the answer was no and you had to use ifconfig commands in /etc/rc.net:

ifconfig <iface> <ipaddr> netmask <mask> [alias|delete]
With 4.3, though, you can use the following fastpath:

smitty mkinet4al
which executes the command:

chdev -l <iface> -a alias4=<ipaddr>[,<netmask>]
Removal can also be done through smit with:

smitty rminet4al
which does:

chdev -l <iface> -a delalias4=<ipaddr>[,<netmask>]
Q How do I find out which package is associated with a particular file on a Solaris machine?

A All of the package installation information is stored in /var/sadm/install/contents. If you want to find a particular file, you can do:

grep FILE /var/sadm/install/contents
The last field will tell you what package FILE belongs to.

Q I heard there was a program called hid that changes the MAC address of a Solaris 2.6 machine. This doesn't appear to work on a 2.7 machine. Do you know of any utility that will perform the same function for 2.7?

A If you look at the Web page where change-sun-hostid (aka hid) is maintained, you'll find a 64-bit Solaris 7-compatible version called hid2.

http://www.squirrel.com/squirrel/sun-stuff.html
Q I just upgraded my machine from FreeBSD 4.0 to 4.1.1. I was running a custom-installed Sendmail, version 8.11.1. I had "NO_SENDMAIL= yes" in /etc/make.conf. After the upgrade, Sendmail wouldn't start because it said my cf file version was too new for my binary version, 8.9.3! I took a look in /usr/src/contrib and Sendmail 8.11.0 is what's there. I reinstalled Sendmail from the source again, but I want to know where this 8.9.3 binary came from, and how can I prevent my binary from being overwritten in the future?

A In newer releases of FreeBSD, /usr/sbin/sendmail is now a wrapper program that looks at /etc/mail/mailer.conf. Even if you have "NO_SENDMAIL= yes" in /etc/make.conf, it still upgrades the wrapper, and thereby wipes out your real, hand-installed binary at /usr/sbin/sendmail.

To get around this, you can either copy the binary back after every installworld, or you can modify Sendmail when you install it, leaving the wrapper in place. To modify Sendmail, you can edit devtools/OS/FreeBSD and add the following line at the bottom:

define(`confMBINDIR', `/usr/libexec/sendmail')
Now when you run ./Build, it will install the binary in /usr/libexec/sendmail/sendmail. This is the default location of the Sendmail binary in /etc/mail/mailer.conf. When you next do an installworld, it should upgrade the wrapper but leave your binary in /usr/libexec/sendmail/ alone.

Q On one of our enterprise servers running Solaris 2.6, the last command is only showing data up to November 19th. Today is August 8th, and I want to see current data. The file /var/adm/wtmpx is current, and I split the file and copied it backed to wtmpx, but to no avail.

AYour wtmpx database may have become corrupted. You can use the following command to dump the wtmpx file into ASCII format and then edit any bad records:

/usr/lib/acct/fwtmp < /var/adm/wtmpx > file
You can put the records back into binary format by specifying the -ic switch to fwtmp.

You can also use the following command to correct time/date stamps and make sure the entries are consistent:

/usr/lib/acct/wtmpfix /var/adm/wtmpx > file
Q We're a long-time SUN/NIS shop, but we're trying to migrate away from that to LDAP. Are there any pointers to make this transition easier for both the users and the systems administrators?

A There's a series of articles on Sun's Blueprints site that compare and contrast NIS and LDAP and discuss the tools that can help ease the transition. The author begins with a short comparison of NIS and LDAP:

http://www.sun.com/software/solutions/blueprints/1099/solaris.pdf
In the next article

http://www.sun.com/software/solutions/blueprints/0200/ldap.pdf
the author discusses a tool called ypldapd, an NIS to LDAP gateway developed by PADL Software. In another:

http://www.sun.com/software/solutions/blueprints/0800/iplanet.pdf
he discusses Solaris extensions for the iPlanet (nee Netscape) directory server.

Q I have a SPARC 20 with a parity error. I keep getting the following message:

WARNING: Uncorrected SIMM at: J0203
First, how do I tell which SIMM this is? Second, can I replace it with a bigger SIMM so I can increase my overall memory without replacing all of the SIMMs?

A The identifier (in this case "J0203") will be silk-screened onto the board next to the bad SIMM. You can put different-sized SIMMs in the SPARC 20, but make sure you put the larger SIMMs in first. You want to fill your SIMM banks in the following order:

J0201, J0303, J0202, J0301, J0305, J0203, J0302, J0304.
Q I'd like to have 24-bit color on my SPARC 20. What do I need to do?

A The onboard frame buffer on the SPARC 20 is the SX. You actually have a 24-bit frame buffer already, but to use it, you need to install an 8-Mb VSIMM (video SIMM) in one of your memory slots (unless you already have the SS20/SSX). You can get away with a 4-Mb VSIMM, but you'll only be able to do 1152x900 resolution. You can tell which size VSIMM you have via software by doing:

prtconf -vp
The important value is the last value on the "reg" line. If you have a 4-Mb VSIMM, it will say 00400000. AN 8-Mb VSIMM will say 00800000.

You can alter the default depth and class by adding options to your "openwindows" server:

openwin -dev /dev/fb0 defdepth 24
openwin -dev /dev/fb0 defclass TrueColor
If your screen appears too dark or too washed out after switching to 24-bit mode, you can try changing the gamma correction. You'll also want to take a look at the command sxconfig for reserving system memory to improve performance. Depending on your OS revision, you will also want to set the resolution using cg14config or in the eeprom by doing the following:

/usr/sbin/eeprom output-device=screen:r1280x1024x76m
Q I'm using Budtool to back up our systems from an HP machine. We have a host listed in /etc/hosts that it's trying to back up. It says that the machine is down (returning ICMP 3, destination unreachable), but I can clearly ping the machine. Why would it be giving me this error, and what can I do to correct it?

A Since you're getting "host unreachable" instead of "host unknown", this sounds like you have the target machine in DNS, too, but not as the right IP address. Even if you have nsswitch.conf listed with files first (which would make ping and other services work), Budtool will ignore this and go straight to DNS. Try checking your zone files to see whether you have the IP for the target machine listed correctly.

Q Each time I invoke Solaris admintool, I'm able to input all the fields to add a user, but as I click ok, I receive an error -- segmentation fault core dump. I recently downloaded Sun Solaris 2.6 recommended cluster hoping it would fix the problem, but it didn't.

A There's only one 2.6 patch that deals specifically with admintool, 105800-06, the Y2K patch (which also fixes a number of buffer overflows). You may be experiencing a problem with a shared library, but this should also show up when running other programs. Make sure that you have all the Y2K patches and the latest patch set from Sun installed, and make sure you reboot the machine after patch installation so that there are no library/binary inconsistencies. If you're still having problems, you can use a debugger and utilities, like truss and strace to determine which system calls are causing your problem.

Q Upon bootup on x86 Solaris 2.8 PC, I get the error message:

metainit: no database exists
Any suggestions?

A metainit is part of Solstice Disksuite, the Sun software RAID management package. It sounds like you were once using Disksuite but have somehow managed to erase the areas in which it keeps its databases. If you're not using Disksuite, then you want to remove the startup files for it in /etc/rc?.d/. If you are using Disksuite, then you need to rebuild your database. See the man page for metainit for more information.

Q Under Solaris 2.6, how do I add new disks without rebooting the machine?

A If you have hot pluggable disks and can add them on the fly, you can run the following commands to have them recognized by the system:

/usr/sbin/drvconfig
/usr/sbin/devlinks
/usr/sbin/disks (or /usr/sbin/tapes for tapes)
/usr/ucb/ucblinks
If you're rebooting the machine to have the disks recognized, you must reboot with the -r flag.

Q Under Solaris, how do I increase the maximum number of pseudoterminals?

A In Solaris 2.7 or earlier, add the following line to /etc/system:

set pt_cnt = <num>
In Solaris 2.8, you no longer need to set pt_cnt, because the number of pseudoterminals grows on demand.

Q I was trying to remove Veritas lines from /etc/system on my Solaris box so I could boot off the encapsulated disk normally, but I appear to have badly munged /etc/system, and now the machine won't boot. I don't have a copy of the installation CDs at this site, so is there any way to fix this?

A If you boot with -as, the system should ask you a number of questions, including the name of the system file, and then boot into single-user mode. Use the old copy of /etc/system if you made a backup, or use /dev/null. After you get into single-user mode, you can fix /etc/system and reboot.

Q I need to install a bunch of HP systems in our DMZ and secure them as much as possible from outside attack. How do I go about doing this?

A There's a good security cookbook for HP/UX 10.20 located at: http://secinf.net/info/unix/secureHP-UX.html. It covers installation, stripping things out after installation, access controls, and number of items from the Defense Intelligence Agency DII COE Security Checklist.

Q I want to do remote administration on a number of Solaris boxes we have at a POP in another state. What should I look into buying to make my life easier? Can remote administration be done with PC UNIX variants, too?

A One thing that really helps with remote administration is a console server. Depending on the amount of time you have and what your budget is, you may want to look into something like an old annex, an old Livingston PM2E/30 box, a Cisco 3620/3640, a PC running some UNIX flavor that has a whole lot of serial ports that you can do PPP over, or a dedicated console server like the ConsoleServer 3200 from Lightwave. One big plus to the 3200 is that Lightwave claims they will be adding SSH support later this year. For PCs, you may want to take a look at Real Weasel: http://www.realweasel.com/intro.html.

The other thing that can be a life saver for doing remote administration is IP-addressable power strips, for those times when the machine is hard hung and can only be fixed by a power cycle.

Q How do I find out the cache sizes of the CPUs on my Ultra AXi running Solaris 2.7?

A The cache size and other information about the CPUs and boards can be found using the prtdiag command:

/usr/platform/sun4u/sbin/prtdiag -v
Q All of our compute servers are headless boxes connected to a console server. Unfortunately, we need to render some graphics in memory (never to be seen on the actual screen on this machine). But, since there is no graphical device to bind to, we can't seem to make the rendering work. Any clues?

A To run a virtual X display, you want to take a look at the X Virtual Frame Buffer (xvfb). It's an X server that doesn't need to bind to a physical device. It comes with the X11R6 distribution under programs/Xserver.

Q We have a need to unplug the keyboard from a running Solaris 2.5.1 machine without having it drop to the ok prompt. A serial console is not an option at this point. Is there any way around the hardware interrupt?

A To change it from the command line before you pull the keyboard, type the following as root:

kbd -a disable
When you've reconnected the keyboard, you can type:

kbd -a enable
To make the change permanent so that the disabled BREAK sequence persists after a reboot, edit /etc/default/kbd and add the line:

KEYBOARD_ABORT=disable
The man page for kbd offers more keyboard options.

Q I have AIX systems running 4.2.1 that I want to upgrade to 4.3.3. How can I can make my migration as painless as possible?

A Follow the instructions in the Redbook and boot from the 4.3.3 CD, choosing Migration installation. Make sure you run lppchk -v to see whether there are any problems. Clear your smit log file and run smit update_all with "preview only" and get detailed output. Viewing the smit log should give you a decent idea of any problems that might occur during the update. Once you have fixed any issues that cropped up in the preview run, run update_all normally.

Q I need to write a script that pings all our servers every 10 minutes. If one of the servers is down it should send an email to the systems administrators.

A Check out: http://bb4.com. This tool also does a lot more and allows you to page yourself or watch the status of multiple machines in real-time with color-coded status ("Green is Good, Red is Bad"). Or you should be able to write a script that pings each server and greps the output for "alive" (assuming a ping command that returns something like "host is alive"). You could also do something like:

#!/bin/sh
SERVER_LIST="server1 server2 server3"
TIMEOUT=5

for SERVER in $SERVER_LIST
do
  ping $SERVER $TIMEOUT > /dev/null 2>&1
  if [ $? -ne 0 ]; then
     mail -s "Ping Report" you@yourmail.com <<EOM
$SERVER not responding
EOM
  fi
done
Run this from cron every 10 minutes.

Q I have a DSL connection to the Internet. This connection is provided by PacBell, who requires you to login after boot-up. PacBell states that they do not support Linux. Is there a way for me to go online with Linux using DSL? If so how?

A There is a Linux DSL "Howto" at: http://www.linuxdoc.org/HOWTO/ \
mini/Bridge%2BFirewall%2BDSL.html
. http://www.linuxdoc.org is a great place to find all sorts of good Linux tips and "howtos". If this doesn't help, check out: http://www.roaringpenguin.com/pppoe/. PacBell may be using PPP over Ethernet. If they are, this Web site may help you out.

Q I need to create 1800 user accounts on a Red Hat 6.2 system preferably with assigned passwords. We used useradd -c "John Doe,8193" -p catfur89 jdoe, then ran this as a script. We tried the -p option, and we tried just writing a plain text password file and converting it to shadow with pwconv. (This just moved the plain text into the shadow file.) Users cannot log in until we individually change their passwords.

A In Red Hat 6.2, there is a command called /usr/sbin/newusers. This is the command for batch user creation. Start by creating a file with one line per user. Each line is the same format as /etc/passwd (except the password will be in clear-text). Once the file is ready, just type "newusers <filename>". Note that if the group in the file does not exist, it will be created. If the home directory does not exist, then it will be created.

Jim McKinstry is a Senior Sales Engineer for MTI Technology Corporation (www.mti.com). MTI is a leading international provider of data storage management products and services. He can be reached at: jrmckins@yahoo.com.

Amy Rich, president of the Boston-based Oceanwave Consulting, Inc. (http://www.oceanwave.com), has been a UNIX systems administrator for more than five years. She received a BSCS at Worcester Polytechnic Institute, and can be reached at: arr@oceanwave.com.