return to Solaris

Administering Solaris 10
on a Sun Enterprise 250

The Sun Enterprise 250 is a SPARC machine
This particular Enterprise 250 has 2x 250MHz processors, 1GB ram, and 6x 9GB drives

download Solaris 10 from www.sun.com

notes:
users and groups
networking
NFS - Network File System
DNS
NIS
NTP - Network Time Protocol
FTP - File Transfer Protocol


Files and File Systems

Solaris 10 Security

Apache 1.3.x?

SAN - Storage Area Network

Sendmail 8.13.3

System Information
   iostat - report I/O statistics
   vmstat - report Virtual Memory statistics

Fun stuff
   apropos
   cal
   factor


Users and Groups

# groupadd -g 501 admin
# groupadd -g 502 users
#
# grpck
#
# cat /etc/group
root::0:
other::1:root
bin::2:root,daemon
sys::3:root,bin,adm
adm::4:root,daemon
uucp::5:root
mail::6:root
tty::7:root,adm
lp::8:root,adm
nuucp::9:root
staff::10:
daemon::12:root
sysadmin::14:
smmsp::25:
gdm::50:
webservd::80:
nobody::60001:
noaccess::60002:
nogroup::65534:
admin::501:
users::502:
#



#



#



# passwd -as








#

PS
LK
NL


Networking with Solaris 10


During installation, the name service section was not configured.
(the message "couldn't set locale correctly" was seen repeatedly)

For network connectivity, additional steps were required...

Create /etc/resolv.conf with the appropriate entries:

# cat /etc/resolv.conf
domain billhance.com
nameserver 192.168.0.8
nameserver 192.168.0.14
#


Edit /etc/nsswitch.conf to use DNS:

# cat /etc/nsswitch.conf

# ifconfig hme0
hme0:   flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
              inet 192.168.0.4 netmask ffff0000 broadcast 192.168.255.255
              ether
#



Adding a secondary IP address to a network interface:

1. Add a line in /etc/hosts with the new IP address, and a new name for the host at this IP address

#
# Hosts file
#
127.0.0.1         localhost
192.168.0.4     baba        baba.billhance.com         loghost

#
# Secondary IP address for DNS external zone transfers
#
192.168.0.5     baba2      baba2.billhance.com

 

2. Create a file to configure the secondary interface

For a system with an Ethernet interface hme0:

the existing file is:
# cat /etc/hostname.hme0
baba
#

create a second file like this:
# cat /etc/hostname.hme0:1
baba2
#

when the system reboots, hme0 and hme0:1 will be configured

3. To activate hme0:1 without rebooting the system

# ifconfig hme0:1 plumb
# ifconfig hme0:1 192.168.0.5
# ifconfig hme0:1 netmask 255.255.0.0
# ifconfig hme0:1 up
#

check the status of hme0 and hme0:1
# ifconfig hme0


#
#
# ifconfig hme0:1


DNS on Solaris 10
Domain Name System

Solaris 10 comes with BIND 9.2.4

A DNS server can be a
    Zone Primary Master Server          
    Zone Secondary master Server      obtains DNS from the Zone Primary Master Server

•  The files:

/etc/named.conf           default configuration file
/var/run/named.pid       default process-ID file

 /etc/rndc.key               the rndc key file

 

•  The directories:

/var/named                 default directory for zone files

 

•  The software:

# pkginfo SUNWbind
system          SUNWbind BIND DNS Name Server and tools
#
# pkginfo SUNWbindr
system          SUNWbindr BIND Name Server Mainfest
#




Configuring a Solaris 10 system as a
Secondary DNS Server running BIND 9.2.4

1.  copy /etc/named.conf from another slave name server, or create it
     copy /var/named/named.ca from another name server, or create it
     copy /var/named/localhost.zone from another name server, or create it
     copy /var/named/localhost.rev from another name server, or create it

2. edit /etc/named.conf
     Use the command "rndc-confgen -a" to generate the rndc key and the associated file /etc/rndc.key

3. check named.conf:                       named will refuse to start if it detects an error in named.conf
     # named-checkconf
     /etc/named.conf:6:   change directory to "/var/named" failed: file not found
     /etc/named.conf:6:   parsing failed
     #

4. create directory /var/named:
     # cd /var
     # mkdir named
     #
     # named-checkconf
     #                                                no output = no errors found

5. create subdirectories under /var/named/ if needed
     # cd /var/named
     # mkdir billhance
     # mkdir melissahance
     # mkdir audreyhance
     # mkdir jeffreyhance
     # mkdir ssnix
     # mkdir audubonrentals
     # mkdir CindiFarr
     # mkdir iRun4Fun
     #

6. start the DNS Server
    # svcadm enable /network/dns/server
    #

7.  check the log file for messages for a successful BIND startup
   # tail -10 /var/adm/messages

   May 2 11:55:29 baba named [2827]: [ID 873579 daemon.notice] starting BIND 9.2.4
   May 2 11:55:29 baba named [2827]: [ID 873579 daemon.notice] command channel listening on 127.0.0.1#953
   
    #





8. make sure BIND starts automatically after a system reboot
ln -s /etc/init.d/dns /etc/rc2.d/S50dns
ln -s /etc/init.d/dns /etc/rc2.d/K50dns




Restarting BIND:

# kill -HUP `cat /dns/var/run/named.pid`
#

or

# rndc restart

or

# svcadm disable /network/dns/server
#
# svcadm enable /network/dns/server
#



Creating or Updating the Root Hints file /var/named/named.ca

named.ca is referred to as the "Root Hints" file

First, look at another host system's root hints file, and pick a random IP address of one of the Root-Servers

In this example, we'll use 192.36.148.17, which is currently the address of the host I.ROOT-SERVERS.NET

# cd /var/named
# dig @192.36.148.17 . ns >root_hints.new
#

Look at the file /var/named/root_hints.new that you've just created.
If it looks right, rename it or copy it to /var/named/named.ca.

If one of the ROOT-SERVERs' IP addresses ever gets changed, the DNS Administrator would need to update
the named.ca file, using this same method.  The IP addresses of the ROOT-SERVERs don't change very often.



Finding a File

Use the find command to find a file

# pwd
/home
#
# find / -name shadow
/var/sadm/pkg/SUNWcsr/save/pspool/SUNWcsr/reloc/etc/shadow
/export/zones/ftp-zone/root/etc/shadow
find: cannot read dir /export/zones/ftp-zone/root/home: Not owner
find: cannot read dir /export/zones/ftp-zone/root/net: Not owner
/etc/shadow
#

several files named "shadow" were found on the system

specifying the directory narrows the search...

# find /etc -name shadow
/etc/shadow
#



 

Troubleshooting DNS on Solaris 10

• Check the associated files

Check /etc/resolv.conf
#


Check /etc/nsswitch.conf
#


#

• Checking the status

Use svcs or rndc to check the status of the server:

# svcs /network/dns/server
STATE            STIME        FMRI
disabled         Apr_23       svc:/network/dns/client:default
disabled         Apr_23       svc:/network/dns/server:default
#

# rndc status
number of zones: 25
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
server is up and running
#



• Checking /etc/named.conf

# named-checkconf
#                                                no news is good news -- only errors are reported



• Checking the zone files in /var/named/

# named-checkzone billhance.com billhance.com.zone


# named-checkzone local /var/named/localhost.zone
# named-checkzone local /var/named/localhost.rev







FMRI - Fault Managed Resource Identifier for the BIND 9 DNS Server is:
svc:/network/dns/server

FMRI - Fault Managed Resource Identifier for the BIND 9 DNS Client is:
svc:/network/dns/client



# svccfg
svc:> select /network/dns/server
svc:/network/dns/server> exit
#



# svcadm enable svc:/network/dns/server
#


TTL is in seconds by default.    w,d,h,m,s
chown root:named named.conf
chmod 640 named.conf

# dig +trace ibm.com
$ dnswalk





DNS on Solaris 8

making changes to DNS with Solaris 8

1.verify w/ NSLOOKUP
2.edit 3 files on the master DNS server:
         /etc/named.conf
        ../zones/forward_zone_file
        ../zones/reverse_zone_file
3.restart in.named daemon on master DNS server
      # kill -s SIGHUP pid
4.slave DNS servers will receive update at next scheduled update time




NIS on Solaris 10
Network Information Service


A NIS server can be a
    Zone Primary Master Server          
    Zone Secondary master Server      obtains DNS from the Zone Primary Master Server

•  The files:

/var/yp/Makefile          builds the NIS ndbm databases
/var/yp/nicknames
 /var/yp/securenets        read at startup by ypserv and ypxfrd
/var/yp/aliases

 

•  The directories:

/var/yp                       directory containing NIS configuration files
/var/yp/ypdomain      directory containing the ndbm databases

 

•  The software:

# pkginfo SUNWbind
system          SUNWbind BIND DNS Name Server and tools
#
# pkginfo SUNWbindr
system          SUNWbindr BIND Name Server Mainfest
#

ypserv     NIS server process
ypxfrd     NIS binder process

ypstart    start NIS services
ypstop    stop NIS services

ypinit      set up NIS - run ypinit for initial configuration, or if any NIS server(s) change
    ypinit -c          to configure an NIS client
    ypinit -m         to configure an NIS master server
    ypinit -s master_servername    to configure an NIS slave server


Configuring a Solaris 10 computer as an NIS client
   In this example, there is one NIS server on the LAN = grasshopper.billhance.com (running Red Hat Linux)
   The DNS domain is billhance.com         The NIS domain is RIDLEY
   The Solaris 10 system we are configuring as an NIS client = baba.billhance.com

1. Set the NIS domainname

# domainname
                                                       the NIS domainname has not been set
# domainname ridley                     set the NIS domainname to "ridley"
#
# domainname
ridley                                               the NIS domainname has been set to "ridley"
#
#

2. Add entries for each NIS server into the /etc/hosts file

# cat /etc/hosts
...
<snip>
192.168.0.14          grasshopper    grasshopper.billhance.com
<snip>
...
#
#

3. Run ypinit -c to configure the host as an NIS client

# ypinit -c

In order for NIS to operate successfully, we have to construct a list of the
NIS servers.  Please continue to add the names of YP servers in order of
preference, one per line.  When you are done with the list, type a <control D>
or a return on a line by itself.
           next host to add:  grasshopper
           next host to add:

The current list of yp servers looks like this:

grasshopper

Is this correct?  [y/n: y]                                   press <return> to accept
#
#

4.  Start the NIS service

# svcadm enable /network/nis/client:default
#
ypwhich
grasshopper
#







 

Troubleshooting

During a reboot, a Solaris 10 Sun E250 produced this message, on the console:

CAPTURE_UPTIME ERROR    /var/opt/SUNWsrsrp   missing



A search on GOOGLE yields this information:

That's a bug in Suns Net Connect product, which can be found on the extra value cd. I don't remember exactly why the bug happens, but a way of getting rid of it is to deactivate or uninstall the Net Connect program, i doubt you are using it anyway (its a software which allows a system to send some system information to Sun, which can be useful if you have a support contract with them).

Thanks for the reply
I deactivated NetConnect related scripts from rc scripts and problem went away



and...




mkdir -p /var/opt/SUNWsrsrp
and 2 reboots may resolve this issue.

Comment from the script:

# Project: NetConnect 3.0
# Capture Uptime Script
The purpose of this script is to copy the last known system up time before a reboot (contained in the file /var/opt/SUNWsrsrp/latest into a new file /var/opt/SUNWsrsrp/last_known_up_time which will be reported by the reboot provider.

On my fresh Sol 10 GA install today I got this error as well. I followed the mkdir -p and 2 reboots suggestion but was getting another message:
"Jun 21 15:18:09 jonte root: [ID 702911 daemon.error] CAPTURE_UPTIME ERROR: /var/opt/SUNWsrsrp/latest missing"

So I ran the following which seems to have cleared up the error:

/opt/SUNWsrsrp/bin/gmt_time > /var/opt/SUNWsrsrp/latest


Fun Stuff


Use apropos to find a command
#
# apropos password
/usr/share/man/windex: No such file or directory
#
If you get this message, you need to run catman before you can use apropos

# catman
Can't find referent of .so in /usr/share/man/sman1/srcore.1
Can't find referent of .so in /usr/share/man/sman1/srcore.1
#
#

Try again...
#
# apropos password
crypt_bsdbf crypt_bsdbf (5) - password hashing module using Blowfish cryptographic algorithm
crypt_bsdmd5 crypt_bsdmd5 (5) - password hashing module using MD5 message hash algorithm
crypt_genhash_impl crypt_genhash_impl (3c) - generate encrypted password
crypt_gensalt_impl crypt_gensalt_impl (3c) - generate salt for password encryption
crypt_sunmd5 crypt_sunmd5 (5) - password hashing module using MD5 message hash algorithm
d_passwd d_passwd (4) - dial-up password file
dialups dialups (4) - list of terminal devices requiring a dial-up password
endpwent getpwnam (3c) - get password entry
endspent getspnam (3c) - get password entry
fgetpwent getpwnam (3c) - get password entry
fgetpwent_r getpwnam (3c) - get password entry
fgetspent getspnam (3c) - get password entry
fgetspent_r getspnam (3c) - get password entry
getpwent getpwnam (3c) - get password entry
getpwent_r getpwnam (3c) - get password entry
getpwnam getpwnam (3c) - get password entry
getpwnam_r getpwnam (3c) - get password entry
getpwuid getpwnam (3c) - get password entry
getpwuid_r getpwnam (3c) - get password entry
getspent getspnam (3c) - get password entry
getspent_r getspnam (3c) - get password entry
getspnam getspnam (3c) - get password entry
getspnam_r getspnam (3c) - get password entry
grpck pwck (1m) - password/group file checkers
kpasswd kpasswd (1) - change a user\&'s Kerberos password
lckpwdf lckpwdf (3c) - manipulate shadow password database lock file
mkpwdict mkpwdict (1m) - maintain password-strength checking database
nispasswd nispasswd (1) - change NIS+ password information
nispasswdd rpc.nispasswdd (1m) - NIS+ password update daemon
pam_authtok_check pam_authtok_check (5) - authentication and password management module
pam_authtok_get pam_authtok_get (5) - authentication and password management module
pam_authtok_store pam_authtok_store (5) - password management module
pam_chauthtok pam_chauthtok (3pam) - perform password related functions within the PAM framework
pam_krb5 pam_krb5 (5) - authentication, account, session, and password management PAM modules for Kerberos V5
pam_passwd_auth pam_passwd_auth (5) - authentication module for password
passmgmt passmgmt (1m) - password files management
passwd passwd (1) - change login password and password attributes
passwd passwd (4) - password file
putpwent putpwent (3c) - write password file entry
putspent putspent (3c) - write shadow password file entry
pwck pwck (1m) - password/group file checkers
pwd pwd.h (3head) - password structure
pwd.h pwd.h (3head) - password structure
rpc.nispasswdd rpc.nispasswdd (1m) - NIS+ password update daemon
rpc.yppasswdd rpc.yppasswdd (1m) - server for modifying NIS password file
sasl_checkpass sasl_checkpass (3sasl) - check a plaintext password
sasl_getsecret_t sasl_getsecret_t (3sasl) - the SASL callback function for secrets (passwords)
sasl_server_userdb_checkpass_t sasl_server_userdb_checkpass_t (3sasl) - plaintext password verification callback function
sasl_server_userdb_setpass_t sasl_server_userdb_setpass_t (3sasl) - user database plaintext password setting callback function
sasl_setpass sasl_setpass (3sasl) - set the password for a user
setpwent getpwnam (3c) - get password entry
setspent getspnam (3c) - get password entry
shadow shadow (4) - shadow password file
ulckpwdf lckpwdf (3c) - manipulate shadow password database lock file
vipw vipw (1b) - edit the password file
yppasswd yppasswd (1) - change your network password in the NIS database
yppasswdd rpc.yppasswdd (1m) - server for modifying NIS password file
yppasswdd yppasswdd (4) - configuration file for rpc\&.yppasswdd (NIS password daemon)
#
#


Here is the file created by running the catman command
#
# pwd
/usr/share/man
#
# ls -la w*
-rw-r--r--   1 root     root       930633 Jan 12 16:52 windex
#
#
Among other things, catman creates the windex file.
For more information, type "man catman".

 

Use cal to display a calendar

# cal 7 1964
   July 1964
 S  M Tu  W Th  F  S
          1  2  3  4
 5  6  7  8  9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31

#
valid months are 1-12
valid years are 1-9999

To see a calendar for an entire year, omit the month and just enter the year
# cal 2006

                                2006

         Jan                    Feb                    Mar
 S  M Tu  W Th  F  S    S  M Tu  W Th  F  S    S  M Tu  W Th  F  S
 1  2  3  4  5  6  7             1  2  3  4             1  2  3  4
 8  9 10 11 12 13 14    5  6  7  8  9 10 11    5  6  7  8  9 10 11
15 16 17 18 19 20 21   12 13 14 15 16 17 18   12 13 14 15 16 17 18
22 23 24 25 26 27 28   19 20 21 22 23 24 25   19 20 21 22 23 24 25
29 30 31               26 27 28               26 27 28 29 30 31

     <snip>

#
#







Use factor to obtain the prime factors of a number

# factor 123
123
     3
     41

#
3*41=123

# factor 127
127
     127

#
127 is a prime number

# factor 2047
2047
     23
     89

#
23*89=2047


Use factor interactively - enter 0 to exit
# factor
123
     3
     41        3*41=123

3
     3         3 is a prime number

45
     3
     3
     5         3*3*5=45

67
     67        67 is a prime number

0              enter 0 (zero) to exit
#


The largest number factor can handle is 1E14, or 100 trillion.
#
# factor 100000000000000
100000000000000
     2
     2
     2
     2
     2
     2
     2
     2
     2
     2
     2
     2
     2
     2
     5
     5
     5
     5
     5
     5
     5
     5
     5
     5
     5
     5
     5
     5

#
2ˆ14*5ˆ14=100,000,000,000,000


# factor 100000000000001
100000000000001
Ouch!
#
Entering a number greater than 100 trillion causes an error.











CREATING MIRRORS
@ Verizon


NMBG
needs mirror
c1t0d0 = filesystem
c1t1d0 = unassigned
format c1t1d0 identical to c1t0d0
create initial metadbs
metadb -a -c 3 -f c1t0d0s0
metadb -a -c 3 c1t1d0s0

MNBEMSE
needs mirror
c0t0d0 = filesystem
c0t0d0 = unused
create meta databases
#metadb -a -c 3 -f c0t0d0s3
#metadb -a -c 3 c0t1d0s3
create concatenation volumes
#metainit -f d10 1 1 c0t0d0s0
#metainit d20 1 1 c0t1d0s0
#metainit -f d11 1 1 c0t0d0s1
#metainit d21 1 1 c0t1d0s1
create one-way mirror for root "/"
#metainit d0 -m d10
run metaroot command to modify /etc/vsftab & /etc/system
#metaroot
create one-way mirror for swap
#metainit d1 -m d11
edit /etc/vfstab
old entry = /dev/dsk/c0t0d0s1 - - swap - no -
new entry = /dev/md/dsk/d1 - - swap - no -
after reboot, run dumpadm









8/29/2006
NMBTST
#metadb
c0t8d0s3 (x3)
c0t0d0s3 (x3)
#

disks
0 c0t0d0 SUN36G
1 c0t8d0 SUN36G
2 c0t9d0 SUN36G not partitioned
3 c0t10d0 SUN36G not partitioned
4 c0t11d0 SUN36G not partitioned
5 c0d12d0 SUN36G not partitioned

/ = /dev/md/dsk/d0 = d10+d20
swap = /dev/md//dsk/d1 = d11+d21
/opt = /dev/md/dsk/d6 = d16+d26



8/29/2006
NMBTSTOBSP
already mirrored

update dump device
#dumpadm -d /dev/md/dsk/d1
Dump Device: /dev/md/dsk/d1 (swap)
#

record alternate bootpath
#ls -l /dev/dsk/c0t8d0s0

../../devices/pci@1f,4000/scsi@3/sd@8,0:a

therefore, alternate bootpath = pci@1f,4000/scsi@3/disk@8,0:a
record the alternate bootpath on paper for use in an emergency


8/29/2006
NMBJMPSVR
already mirrored
record alternate bootpath


8/29/2006
NMBDEVDBSP
4 disks present

need to mirror swap
#metainit -f d16 1 1 c0t0d0s1
#metainit d17 1 1 c0t8d0s1
#
#metainit d15 -m d16
#
#vi vfstab

after reboot (required to umount & mount swap)
establish mirror for swap
#metainit d15 d17

configure dump device
#prtconf -pv | grep bootpath
bootpath: /pci@1f,4000/scsi@3/disk@0,0:a

determine alternate bootpath
#ls -l /dev/dsk/c0t8d0s0

.../../pci@1f,4000/scsi@3/sd@8,0:a

therefore, record the alternate boopath /pci@1f,4000/scsi@3/disk@8,0:a


8/30/2006
NMBDEV
4x SUN36G
alternate bootpath /pci@1f,4000/scsi@3/disk@8,0:a


8/30/2006
NMBDEVAPPSVR
swap is not mirrored
#metainit -f d13 1 1 c0t0d0s1
d13: Concat/Stripe is setup
#metainit d14 1 1 c0t8d0s1
d14: Concat/Stripe is setup
#
#metainit d12 -m d13
d12: Mirror is setup
#
#cp -p /etc/vfstab /etc/vfstab.bak
#vi /etc/vfstab

after reboot:
#metattach d12 d14
#

then the dump device needs to be updated
#dumpadm -d /dev/md/dsk/d12

alternate bootpath
pci@1f,4000/scsi@3/disk@8,0:a


8/30/2006
NMBCON-TEST
12 drives
6x SUN9.0G
3x SUN18G
3x SUN36G
system was not mirrored
set up mirrors
update dump device
alternate bootpath = /pci@1f,4000/scsi@3/disk@1,0:a


8/31/2006
NMBCMDM2
mirror system
update dumpdevice
alt bootpath = /pci@1c,600000/scsi@2/disk@1,0:a


8/31/2006
NMSBACS
mirror system
update dumpdevice
#ls -l /dev/dsk/c0t2d0s0
../../pci@1f,0/ide@d/dad@2,0:a
#

if disk 0 fails, alternate bootpath for disk 1 = /pci@1f,0/ide@d/disk@2,0:a



9/1/2006
NMBEMSJ
alternate bootpath = pci@1f,4000/scsi@3/disk@1,0:a


9/1/2006
NMBDMSP
#ls -l /dev/dsk/c2t4d0s0

../sbus@6,0/SUNW,socal@d,10000/sf@0,0/ssd@w210000203733c5c9,0:a

#



9/5/2006
NMBCONJ
swap is not mirrored
alternate disk bootpath = pci@1f,4000/scsi@3/disk@1,0:a


9/5/1006
NMBCONA1
swap is not mirrrored
alternate bootpath = pci@1f,4000/scsi@3/disk@1,0:a


9/5/2006
NMBCONV
swap is not mirrored
alt bootpath = pci@1f,4000/scsi@3/disk@1,0:a


9/25/2006
NMBCONV
#swap -l
/dev/md/dsk/d100
#
#dumpadm
Dump device:    /dev/dsk/c0t0d0s1   (dedicated)
#
#dumpadm -d /dev/md/dsk/d100
Dump device:    /dev/md/dsk/d100    (swap)
#
#



2/6/2007
NMBDBSS          Sun E2900, Solaris 5.9
#meatttach d1 d21                          (swap)
d1: submirror d21 is attached          (about 25 minutes to sync)
#
#metattach d0 d20
d0: submirror d20 is attached          (about 1hr45min to sync 52gb)
#



2/21/2007
NMBFTWAPPSVR1
#metattach d0 d20
d0: submirror d20 is attached
#
#metattach d1 d21
d1: submirror d21 is attached
#




2/21/2007
NMBFTWSVR1
/ = d0
swap = d1
#metattach d0 d20
d0: submirror is attached
#
#metattach d1 d21
d1: submirror d21 is attached
#




2/22/2007
NMBEMSE
#metattach d0 d20
d0: submirror d20 is attached
#
#metattach d1 d21
d1: submirror d21 is attached
#


2/28/2007
NMBCONF
rebooted to apply DST patches
#metattach d100 d102
D100: submirror is attached
#






















 

return to top
home

Copyright © billhance.com.  All rights reserved.