Questions and Answers

Jim McKinstry and Amy Rich

Q Does AIX have support for IP aliasing through SMIT?

A Prior to AIX 4.3, the answer was no and you had to use ifconfig commands in /etc/rc.net:

ifconfig <iface> <ipaddr> netmask <mask> [alias|delete]

smitty mkinet4al

chdev -l <iface> -a alias4=<ipaddr>[,<netmask>]

smitty rminet4al

chdev -l <iface> -a delalias4=<ipaddr>[,<netmask>]

A All of the package installation information is stored in /var/sadm/install/contents. If you want to find a particular file, you can do:

grep FILE /var/sadm/install/contents

Q I heard there was a program called hid that changes the MAC address of a Solaris 2.6 machine. This doesn't appear to work on a 2.7 machine. Do you know of any utility that will perform the same function for 2.7?

A If you look at the Web page where change-sun-hostid (aka hid) is maintained, you'll find a 64-bit Solaris 7-compatible version called hid2.

http://www.squirrel.com/squirrel/sun-stuff.html

A In newer releases of FreeBSD, /usr/sbin/sendmail is now a wrapper program that looks at /etc/mail/mailer.conf. Even if you have "NO_SENDMAIL= yes" in /etc/make.conf, it still upgrades the wrapper, and thereby wipes out your real, hand-installed binary at /usr/sbin/sendmail.

To get around this, you can either copy the binary back after every installworld, or you can modify Sendmail when you install it, leaving the wrapper in place. To modify Sendmail, you can edit devtools/OS/FreeBSD and add the following line at the bottom:

define(`confMBINDIR', `/usr/libexec/sendmail')

Q On one of our enterprise servers running Solaris 2.6, the last command is only showing data up to November 19th. Today is August 8th, and I want to see current data. The file /var/adm/wtmpx is current, and I split the file and copied it backed to wtmpx, but to no avail.

AYour wtmpx database may have become corrupted. You can use the following command to dump the wtmpx file into ASCII format and then edit any bad records:

/usr/lib/acct/fwtmp < /var/adm/wtmpx > file

You can also use the following command to correct time/date stamps and make sure the entries are consistent:

/usr/lib/acct/wtmpfix /var/adm/wtmpx > file

A There's a series of articles on Sun's Blueprints site that compare and contrast NIS and LDAP and discuss the tools that can help ease the transition. The author begins with a short comparison of NIS and LDAP:

http://www.sun.com/software/solutions/blueprints/1099/solaris.pdf

http://www.sun.com/software/solutions/blueprints/0200/ldap.pdf

http://www.sun.com/software/solutions/blueprints/0800/iplanet.pdf

Q I have a SPARC 20 with a parity error. I keep getting the following message:

WARNING: Uncorrected SIMM at: J0203

A The identifier (in this case "J0203") will be silk-screened onto the board next to the bad SIMM. You can put different-sized SIMMs in the SPARC 20, but make sure you put the larger SIMMs in first. You want to fill your SIMM banks in the following order:

J0201, J0303, J0202, J0301, J0305, J0203, J0302, J0304.

A The onboard frame buffer on the SPARC 20 is the SX. You actually have a 24-bit frame buffer already, but to use it, you need to install an 8-Mb VSIMM (video SIMM) in one of your memory slots (unless you already have the SS20/SSX). You can get away with a 4-Mb VSIMM, but you'll only be able to do 1152x900 resolution. You can tell which size VSIMM you have via software by doing:

prtconf -vp

You can alter the default depth and class by adding options to your "openwindows" server:

openwin -dev /dev/fb0 defdepth 24
openwin -dev /dev/fb0 defclass TrueColor

/usr/sbin/eeprom output-device=screen:r1280x1024x76m

A Since you're getting "host unreachable" instead of "host unknown", this sounds like you have the target machine in DNS, too, but not as the right IP address. Even if you have nsswitch.conf listed with files first (which would make ping and other services work), Budtool will ignore this and go straight to DNS. Try checking your zone files to see whether you have the IP for the target machine listed correctly.

Q Each time I invoke Solaris admintool, I'm able to input all the fields to add a user, but as I click ok, I receive an error -- segmentation fault core dump. I recently downloaded Sun Solaris 2.6 recommended cluster hoping it would fix the problem, but it didn't.

A There's only one 2.6 patch that deals specifically with admintool, 105800-06, the Y2K patch (which also fixes a number of buffer overflows). You may be experiencing a problem with a shared library, but this should also show up when running other programs. Make sure that you have all the Y2K patches and the latest patch set from Sun installed, and make sure you reboot the machine after patch installation so that there are no library/binary inconsistencies. If you're still having problems, you can use a debugger and utilities, like truss and strace to determine which system calls are causing your problem.

Q Upon bootup on x86 Solaris 2.8 PC, I get the error message:

metainit: no database exists

A metainit is part of Solstice Disksuite, the Sun software RAID management package. It sounds like you were once using Disksuite but have somehow managed to erase the areas in which it keeps its databases. If you're not using Disksuite, then you want to remove the startup files for it in /etc/rc?.d/. If you are using Disksuite, then you need to rebuild your database. See the man page for metainit for more information.

Q Under Solaris 2.6, how do I add new disks without rebooting the machine?

A If you have hot pluggable disks and can add them on the fly, you can run the following commands to have them recognized by the system:

/usr/sbin/drvconfig
/usr/sbin/devlinks
/usr/sbin/disks (or /usr/sbin/tapes for tapes)
/usr/ucb/ucblinks

Q Under Solaris, how do I increase the maximum number of pseudoterminals?

A In Solaris 2.7 or earlier, add the following line to /etc/system:

set pt_cnt = <num>

Q I was trying to remove Veritas lines from /etc/system on my Solaris box so I could boot off the encapsulated disk normally, but I appear to have badly munged /etc/system, and now the machine won't boot. I don't have a copy of the installation CDs at this site, so is there any way to fix this?

A If you boot with -as, the system should ask you a number of questions, including the name of the system file, and then boot into single-user mode. Use the old copy of /etc/system if you made a backup, or use /dev/null. After you get into single-user mode, you can fix /etc/system and reboot.

Q I need to install a bunch of HP systems in our DMZ and secure them as much as possible from outside attack. How do I go about doing this?

A There's a good security cookbook for HP/UX 10.20 located at: http://secinf.net/info/unix/secureHP-UX.html. It covers installation, stripping things out after installation, access controls, and number of items from the Defense Intelligence Agency DII COE Security Checklist.

Q I want to do remote administration on a number of Solaris boxes we have at a POP in another state. What should I look into buying to make my life easier? Can remote administration be done with PC UNIX variants, too?

A One thing that really helps with remote administration is a console server. Depending on the amount of time you have and what your budget is, you may want to look into something like an old annex, an old Livingston PM2E/30 box, a Cisco 3620/3640, a PC running some UNIX flavor that has a whole lot of serial ports that you can do PPP over, or a dedicated console server like the ConsoleServer 3200 from Lightwave. One big plus to the 3200 is that Lightwave claims they will be adding SSH support later this year. For PCs, you may want to take a look at Real Weasel: http://www.realweasel.com/intro.html.

The other thing that can be a life saver for doing remote administration is IP-addressable power strips, for those times when the machine is hard hung and can only be fixed by a power cycle.

Q How do I find out the cache sizes of the CPUs on my Ultra AXi running Solaris 2.7?

A The cache size and other information about the CPUs and boards can be found using the prtdiag command:

/usr/platform/sun4u/sbin/prtdiag -v

A To run a virtual X display, you want to take a look at the X Virtual Frame Buffer (xvfb). It's an X server that doesn't need to bind to a physical device. It comes with the X11R6 distribution under programs/Xserver.

Q We have a need to unplug the keyboard from a running Solaris 2.5.1 machine without having it drop to the ok prompt. A serial console is not an option at this point. Is there any way around the hardware interrupt?

A To change it from the command line before you pull the keyboard, type the following as root:

kbd -a disable

kbd -a enable

KEYBOARD_ABORT=disable

Q I have AIX systems running 4.2.1 that I want to upgrade to 4.3.3. How can I can make my migration as painless as possible?

A Follow the instructions in the Redbook and boot from the 4.3.3 CD, choosing Migration installation. Make sure you run lppchk -v to see whether there are any problems. Clear your smit log file and run smit update_all with "preview only" and get detailed output. Viewing the smit log should give you a decent idea of any problems that might occur during the update. Once you have fixed any issues that cropped up in the preview run, run update_all normally.

Q I need to write a script that pings all our servers every 10 minutes. If one of the servers is down it should send an email to the systems administrators.

A Check out: http://bb4.com. This tool also does a lot more and allows you to page yourself or watch the status of multiple machines in real-time with color-coded status ("Green is Good, Red is Bad"). Or you should be able to write a script that pings each server and greps the output for "alive" (assuming a ping command that returns something like "host is alive"). You could also do something like:

#!/bin/sh
SERVER_LIST="server1 server2 server3"
TIMEOUT=5

for SERVER in $SERVER_LIST
do
  ping $SERVER $TIMEOUT > /dev/null 2>&1
  if [ $? -ne 0 ]; then
     mail -s "Ping Report" you@yourmail.com <<EOM
$SERVER not responding
EOM
  fi
done

Q I have a DSL connection to the Internet. This connection is provided by PacBell, who requires you to login after boot-up. PacBell states that they do not support Linux. Is there a way for me to go online with Linux using DSL? If so how?

A There is a Linux DSL "Howto" at: http://www.linuxdoc.org/HOWTO/ \
mini/Bridge%2BFirewall%2BDSL.html. http://www.linuxdoc.org is a great place to find all sorts of good Linux tips and "howtos". If this doesn't help, check out: http://www.roaringpenguin.com/pppoe/. PacBell may be using PPP over Ethernet. If they are, this Web site may help you out.

Q I need to create 1800 user accounts on a Red Hat 6.2 system preferably with assigned passwords. We used useradd -c "John Doe,8193" -p catfur89 jdoe, then ran this as a script. We tried the -p option, and we tried just writing a plain text password file and converting it to shadow with pwconv. (This just moved the plain text into the shadow file.) Users cannot log in until we individually change their passwords.

A In Red Hat 6.2, there is a command called /usr/sbin/newusers. This is the command for batch user creation. Start by creating a file with one line per user. Each line is the same format as /etc/passwd (except the password will be in clear-text). Once the file is ready, just type "newusers <filename>". Note that if the group in the file does not exist, it will be created. If the home directory does not exist, then it will be created.

Jim McKinstry is a Senior Sales Engineer for MTI Technology Corporation (www.mti.com). MTI is a leading international provider of data storage management products and services. He can be reached at: jrmckins@yahoo.com.

Amy Rich, president of the Boston-based Oceanwave Consulting, Inc. (http://www.oceanwave.com), has been a UNIX systems administrator for more than five years. She received a BSCS at Worcester Polytechnic Institute, and can be reached at: arr@oceanwave.com.