Solaris Ping

I never remember how to make Solaris ping show the time of each ping, like GNU Ping does, without any arguments the output is like:

% ping foo
foo is alive
%

If you want to see the time of each ping, use -s which makes it more like the GNU Ping you find on linux:

% ping -s foo
PING foo: 56 data bytes
64 bytes from foo.somedomain.com (10.44.101.16): icmp_seq=0. time=0. ms
64 bytes from foo.somedomain.com (10.44.101.16): icmp_seq=1. time=0. ms
^C
----foo PING Statistics----
2 packets transmitted, 2 packets received, 0% packet loss
round-trip (ms)  min/avg/max = 0/0/0
%

That is all.

LDAP Authentication in Solaris 10

I’ve just been setting up a Solaris 10 machine to authenticate from a OpenLdap directory, this is the command I used to make it work, note that the IP on the end is the IP of the directory server

# ldapclient manual -v \\
       -a defaultsearchbase=dc=riviera,dc=org.uk \\
       -a domainname=riviera.org.uk \\
       192.168.254.100

The output produced is shown below

Parsing defaultsearchbase=dc=riviera,dc=org.uk
Parsing domainname=riviera.org.uk
Arguments parsed:
        defaultSearchBase: dc=riviera,dc=org.uk
        domainName: riviera.org.uk
        defaultServerList: 192.168.254.100
Handling manual option
Proxy DN: NULL
Proxy password: NULL
Authentication method: 0
Authentication method: 0
No proxyDN/proxyPassword required
About to modify this machines configuration by writing the files
Stopping network services
Stopping sendmail
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: sleep 400000 microseconds
stop: network/smtp:sendmail... success
Stopping nscd
stop: sleep 100000 microseconds
stop: system/name-service-cache:default... success
Stopping autofs
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: sleep 400000 microseconds
stop: sleep 800000 microseconds
stop: sleep 1600000 microseconds
stop: sleep 3200000 microseconds
stop: system/filesystem/autofs:default... success
Stopping ldap
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: network/ldap/client:default... success
nisd not running
nis(yp) not running
Removing existing restore directory
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: stat(/var/nis/NIS_COLD_START)=-1
file_backup: No /var/nis/NIS_COLD_START file.
file_backup: nis domain is "riviera.org.uk"
file_backup: stat(/var/yp/binding/riviera.org.uk)=-1
file_backup: No /var/yp/binding/riviera.org.uk directory.
file_backup: stat(/var/ldap/ldap_client_file)=0
file_backup: (/var/ldap/ldap_client_file -> /var/ldap/restore/ldap_client_file)
file_backup: (/var/ldap/ldap_client_cred -> /var/ldap/restore/ldap_client_cred)
Starting network services
start: /usr/bin/domainname riviera.org.uk... success
start: sleep 100000 microseconds
start: sleep 200000 microseconds
start: sleep 400000 microseconds
start: sleep 800000 microseconds
start: sleep 1600000 microseconds
start: sleep 3200000 microseconds
start: sleep 6400000 microseconds
start: sleep 12800000 microseconds
start: sleep 25600000 microseconds
start: sleep 51200000 microseconds
start: network/ldap/client:default... success
start: sleep 100000 microseconds
start: sleep 200000 microseconds
start: sleep 400000 microseconds
start: system/filesystem/autofs:default... success
start: sleep 100000 microseconds
start: system/name-service-cache:default... success
start: sleep 100000 microseconds
start: sleep 200000 microseconds
start: sleep 400000 microseconds
start: network/smtp:sendmail... success
restart: sleep 100000 microseconds
restart: sleep 200000 microseconds
restart: milestone/name-services:default... success
System successfully configured
#

Then test that this is indeed working:

# grep rk295 /etc/passwd
# getent passwd | grep rk295
rk295:x:512:512::/home/rk295:/bin/bash
#

I found that after this had finished, hostname resolution no longer worked. Looking inside /etc/nsswitch.conf I found that the hosts entry had been changed to:

hosts:               ldap [NOTFOUND=return] files

I do not use LDAP for hostname resolution so I had to change this back to:

hosts:               files dns

And similarly the networks line was the same so I had to change that to use files dns as well.

At this point you can query LDAP using getent but you still need to configure PAM to use it for authentication etc. To do this you need to make some changes to /etc/pam.conf. Principally these changes involved telling it should fall back to LDAP if it doesnt match your credentials against the local files. My edited pam.conf is shown below, the lines which I have edited or added are shown in red.

#
#ident	"@(#)pam.conf	1.28	04/04/21 SMI"
#
# Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# PAM configuration
#
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
#
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login	auth requisite		pam_authtok_get.so.1
login	auth required		pam_dhkeys.so.1
login	auth required		pam_unix_cred.so.1

login	auth sufficient		pam_unix_auth.so.1

login	auth required		pam_dial_auth.so.1

login	auth required 		pam_ldap.so.1

#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin	auth sufficient		pam_rhosts_auth.so.1
rlogin	auth requisite		pam_authtok_get.so.1
rlogin	auth required		pam_dhkeys.so.1
rlogin	auth required		pam_unix_cred.so.1

rlogin	auth sufficient		pam_unix_auth.so.1
rlogin	auth required 		pam_ldap.so.1

#
# Kerberized rlogin service
#
krlogin	auth required		pam_unix_cred.so.1
krlogin	auth binding		pam_krb5.so.1
krlogin	auth required		pam_unix_auth.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh	auth sufficient		pam_rhosts_auth.so.1
rsh	auth required		pam_unix_cred.so.1
#
# Kerberized rsh service
#
krsh	auth required		pam_unix_cred.so.1
krsh	auth binding		pam_krb5.so.1
krsh	auth required		pam_unix_auth.so.1
#
# Kerberized telnet service
#
ktelnet	auth required		pam_unix_cred.so.1
ktelnet	auth binding		pam_krb5.so.1
ktelnet	auth required		pam_unix_auth.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp	auth requisite		pam_authtok_get.so.1
ppp	auth required		pam_dhkeys.so.1
ppp	auth required		pam_unix_cred.so.1

ppp	auth sufficient		pam_unix_auth.so.1

ppp	auth required		pam_dial_auth.so.1

ppp	auth required 		pam_ldap.so.1

#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other	auth requisite		pam_authtok_get.so.1
other	auth required		pam_dhkeys.so.1
other	auth required		pam_unix_cred.so.1

other	auth sufficient		pam_unix_auth.so.1
other	auth required		pam_ldap.so.1

#
# passwd command (explicit because of a different authentication module)
#

passwd	auth sufficient		pam_passwd_auth.so.1
passwd	auth required 		pam_ldap.so.1

#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron	account required	pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#

other	account sufficient 	pam_ldap.so.1

other	account requisite	pam_roles.so.1
other	account required	pam_unix_account.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other	session required	pam_unix_session.so.1
#
# Default definition for  Password management
# Used when service name is not explicitly mentioned for password management
#
other	password required	pam_dhkeys.so.1
other	password requisite	pam_authtok_get.so.1
other	password requisite	pam_authtok_check.so.1
other	password required	pam_authtok_store.so.1
#
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#

Now you should be able to su to a user whose credentials are stored only in ldap.

Mapping Between Logical and Physical Device Names on a Sun E450

If you need to find the slot that a disk is in from a given logical name (c3t3d0) you can follow this document from sun. I’ve mirrored the important bits below incase it disapears

  1. Determine the UNIX physical device name from the SCSI error message.

    SCSI error messages are typically displayed in the system console
    and logged in the /usr/adm/messages file.

             WARNING: /pci@6,4000/scsi@4,1/sd@3,0 (sd228)
             Error for Command: read(10)     Error level: Retryable
             Requested Block: 3991014        Error Block: 3991269
             Vendor: FUJITSU                 Serial Number: 9606005441
             Sense Key: Media Error
             ASC: 0x11 (unrecovered read error), ASCQ: 0x0, FRU: 0x0
    

    In the example SCSI error message above, the UNIX physical device name is /pci@6,4000/scsi@4,1/sd@3.

  2. Determine the UNIX logical device name by listing the contents of
    the /dev/rdsk directory.

    Use the grep command to filter the output for any occurrence of
    the UNIX physical device name determined in Step 1:

            % ls -l /dev/rdsk | grep /pci@6,4000/scsi@4,1/sd@3
            lrwxrwxrwx   1 root     root        45 Jan 30 09:07 c12t3d0s0 ->
            ../../devices/pci@6,4000/scsi@4,1/sd@3,0:a,raw
            lrwxrwxrwx   1 root     root        45 Jan 30 09:07 c12t3d0s1 ->
            ../../devices/pci@6,4000/scsi@4,1/sd@3,0:b,raw
            lrwxrwxrwx   1 root     root        45 Jan 30 09:07 c12t3d0s2 ->
            ../../devices/pci@6,4000/scsi@4,1/sd@3,0:c,raw
            lrwxrwxrwx1 root     root        45 Jan 30 09:07 c12t3d0s3 ->
            ../../devices/pci@6,4000/scsi@4,1/sd@3,0:d,raw
            lrwxrwxrwx   1 root     root        45 Jan 30 09:07 c12t3d0s4 ->
            ../../devices/pci@6,4000/scsi@4,1/sd@3,0:e,raw
            lrwxrwxrwx   1 root     root        45 Jan 30 09:07 c12t3d0s5 ->
            ../../devices/pci@6,4000/scsi@4,1/sd@3,0:f,raw
            lrwxrwxrwx   1 root     root        45 Jan 30 09:07 c12t3d0s6 ->
            ../../devices/pci@6,4000/scsi@4,1/sd@3,0:g,raw
            lrwxrwxrwx   1 root     root        45 Jan 30 09:07 c12t3d0s7 ->
            ../../devices/pci@6,4000/scsi@4,1/sd@3,0:h,raw
    

    The resulting output indicates the associated UNIX logical device name.
    In this example, the logical device name is c12t3d0

  3. Determine the disk slot number using the prtconf command.

    Substitute the string disk@ for sd@ in the physical device name determined in Step 1. The result in this example is
    /pci@6,4000/scsi@4,1/disk@3.

    Use the grep command to find this name in the output of the
    prtconf command:

            % prtconf -vp | grep /pci@6,4000/scsi@4,1/disk@3
              slot#11:  '/pci@6,4000/scsi@4,1/disk@3'
    

CDROM sub folders empty when they shouldn't be

I was recently setting up a Jumpstart server and when I ran the setup_install_server script in Solaris_9/Tools I was getting:

ERROR: /cdrom/sol_9_sparc/s0/Solaris_9/Tools/Boot is not a valid install boot image
Check that boot image is valid, or use [-t]
to specify a valid boot image.

The solution is to restart the vold service which can be done with a simple:

# /etc/init.d/volmgt stop
# /etc/init.d/volmgt start

Thanks to Nicholas for pointing this out to me.