Solaris Management Console no longer accepts logins after running JASS...
I have an unusual problem... I have a Solaris 10 system (with the 2/16/2005 patches on it. I am able to use the Solaris Management Console (v2.1) with no issues to make my disk storage adjustments, etc etc.
The problem is when I run JASS with the secure.driver setup. After that, the Management console no longer accepts the root password to authenticate. So, I know that JASS tightened something up, but I can't figure out what it did. Worse, when I undo the JASS run, it doesn't undo whatever it did to the security of the Management Console.
Any idea where the Solaris Management Console gets it's security information (and configuration) from? And how I can undo whatever JASS did to it?
Again, I've reinstalled this test box 3 times, and I know it's the JASS step that's locking me out, and not the recommended & security patches.
Thanks to all!
-- M
As a followup - right after posting this message, I opened a support case for this, and the solution is that you need to go into /etc/security/policy.conf and backup JASS's change to the default encryption model.
Change CRYPT_DEFAULT=1 back to CRYPT_DEFAULT=__unix__
Then, you have to clear the password using "passwd -d", and then reset it again to what you want. Then, the management console will work.
I guess the management console is set to always use the __unix__ method, and not look at the policy.conf's setting. So when JASS wanders from the default, it breaks SMC.
Similar Messages
-
Problem with solaris management console
I have installing solaris 9 x86 12/02 on my PC. After start solaris management console 2.1 and after loged in as root, smc display this message:
System Information is not able to connect to the server because the WBEM server daemon does not appear to be running. If it is running, try stopping and restarting it. After restarting the daemon, please also exit and restart the Solaris Management Console.
SMC server is running ok.
# /etc/init.d/init.wbem status
Solaris Management Console server version 2.1.0 running on port 898.
Thank you for help.
lukasHello Senthilkumar,
Here are the outputs from the commands. The other ones that I left out (/var/adm/messages and showrev -p) had a lot of output and I wasn't sure what you needed. Please let me know what to post or if you want me to post the whole things.
# more /etc/release
Solaris 8 7/01 s28x_u5wos_08 INTEL
Copyright 2001 Sun Microsystems, Inc. All Rights Reserved.
Assembled 06 June 2001
# java -version
java version "1.2.2"
Solaris VM (build Solaris_JDK_1.2.2_07a, native threads, sunwjit)
Here are the errors that come back when /etc/init.d/init.wbem fails.
Exception in thread "main" java.lang.NoClassDefFoundError: com/sun/management/viperimpl/server/ViperServer
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:495)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:110)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:252)
at java.net.URLClassLoader.access$1(URLClassLoader.java:218)
at java.net.URLClassLoader$1.run(URLClassLoader.java:199)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:193)
at java.lang.ClassLoader.loadClass(ClassLoader.java:300)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:290)
at java.lang.ClassLoader.loadClass(ClassLoader.java:256)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:316) -
No Solaris Management Console was available on the specific server
Hi all,
We had just finish setting up a new Solaris 10 environment. When i launch smc on the server, on selecting toolbox there's an error message:
No Solaris Management Console server was available on the specified server. Please ensure there is a Solaris Management Console server available on the specified host and that it is running.
However, upon verifying whether smc is running:
./init.wbem status
Solaris Management Console server version 2.1.0 running on port 898.
Not sure why this error message appeared, thanks.Regarding SMC (not SunMC)..
Note: SMC = Solaris Management Console
SunMC = Sun Management Center (topic of this forum)
Patch 121308-16+ makes WBEM "secure by default."
Customers running Solaris 10 6/06 or prior must modify the client's WBEM
configuration file to allow remote connections after installing patch 121308.
1. Modify the following line in /usr/sadm/lib/smc/policy/smcserver.config:
FROM:
remote.connections=false
TO:
remote.connections=true
2. Stop and restart wbem.
# /etc/init.d/init.wbem stop
# /etc/init.d/init.wbem start
3. Verify that WBEM is now listening for connections to port 898
on all interfaces:
# netstat -an |grep 898
*.898 *.* 0 0 49152 0 LISTEN
In Solaris [TM]10 update 3 (11/06), the startup mechanism for WBEM was changed
from the legacy (rc script) method to the new Service Management Facility (SMF).
To allow remote WBEM connections on Solaris 10 update 3 or later:
# svcadm disable wbem
# svccfg -s wbem setprop options/tcp_listen=true
# svcadm enable wbem -
How to access solaris management console from web browser??
Hi,
I am running Sol9 with the latest patches. The console gui freezes every time I try to admin NIS users in my NIS toolbox. It used to work but now it doesn't. I need to access this thing from a web browser if that's possible since there is no console that I can install on my windows laptop that can connect to the server.
Can this be done?? I can't find any info on docs.sun.com on what URL and port to use.
I did find something that says there is a /usr/sadm/bin/smcwebserver but it does not exist on any of my machines.
Help?? Please???
Thanks,
TomOn my machine, when I point my browser to http://<hostname>:898 (the management server port) I get a nice message telling me that a web version of the Solaris Management Console is not currently available. Running the console tells me I'm running v2.1 which is what came out of the box.
I think the webserver component you refer to only ships with v3.0 and later. You can go to http://wwws.sun.com/software/solaris/sunmanagementcenter/index.html and download a base version for free to check it out.
By the way, I don't use a remote console to manage remote servers. It's too clunky. My solution for running the SMC remotely is to start an XServer on my laptop, telnet to the Sun host, su - root, set DISPLAY=<mylaptop>:0 and then run smc directly from the host. As long as there's no firewall blocking port 6000 between you and your host, you should be OK. This should be straightforward if you've run any graphical X apps before.
However, I don't administer NIS and my laptop is a Mac. Your mileage may vary considerably. -
Solaris Management Console doesn't show user's groups
Hello friends:
I am using Solaris 10 under Sparc.
i am having some problem with Solaris Managemen Console
With users -> users accounts -> edit a user
when i click on Groups TAB i can read:
The groups can not be listed. You can ....
It has been running, but sice 1 day ago it doesn't...
We don't use NIS or LDAP, only files.
/etc/nsswitch.conf is nsswitch.dns
groups command runs ok
cd /etc
ruben@laika:/etc$ ls -l nsswitch.*
-rw-r--r-- 1 root sys 1120 Apr 8 13:08 nsswitch.conf
-rw-r--r-- 1 root sys 1120 Jan 21 23:29 nsswitch.dns
-rw-r--r-- 1 root sys 757 Jan 21 23:28 nsswitch.files
-rw-r--r-- 1 root sys 1248 Jan 21 23:29 nsswitch.ldap
-rw-r--r-- 1 root sys 1228 Jan 21 23:28 nsswitch.nis
-rw-r--r-- 1 root sys 1558 Jan 21 23:29 nsswitch.nisplus
ruben@laika:/etc$ groups ruben
users
ruben@laika:/etc$
Where could be the problem?
How could i reinit solaris management console server.
Solaris has been restarted a lot of times without result :(
Thank'si have reinstalled solaris and the problem continues.
Under Solaris Management Console groups and users doesn't run ok. Editing an user i can't see groups and editing groups i can't see its users...very very extrange.
A bug?
I don't know what is happening :( -
Can not login into Solaris Management Console
I have a stand alone Solaris 9 system, I am able to log in as root, when I try to run Solaris Management Console 2.1 to create/delete/modify users it prompts for the root password. I enter the root password and it doesn't take and prompts again to enter the root password. Current encryption is MD5, current password is 14 characters long, changed to 8 characters still same issue. Not sure exactly where to look or what I should be looking for, other information I have gathered if it helps:
/etc/user_attr
root::::profiles=All;auths=solaris.*,solaris.grant;type=normalSeems your root password is not working.
Boot the system with CD to single user from PROM (ok).
From OK prom issue boot cdrom -s, the system will boot to single user mode.
Mount your root device, it will be something like /dev/dsk/c0t0d0s0, mount it to some mount point like /mnt or /a. (mount /dev/dsk/c0t0d0s0 /mnt)
cd /mnt/etc
vi shadow
remove the encrypted password for user root and save the file.
cd /
umount /mnt or /a where root partition is mounted.
reboot the system and re-set your root password using passwd command. -
Root password fails on auth to Solaris Management Console Server
I've setup Solaris 10 x86 on a VA linux 1220 server, all is good so far except when I try to create additional users. I am logged in as root, and the root password logs in to the CDE, but fails on authentication to Solaris Management Console Server when I try to use any of the management apps like computers and networks or Users. So I'm stalled at the point where I should be configuring the system. I have been very careful about typing in the password exactly as I use it in the login screen, but it never works in the System Management tools for This Computer. The password I'm using is 26 characters long, is it too long? Or is there a step I'm missing?
Thanks,
BrianOne of my famous guesses, but unless you changed the default password algorithm the maximum length of your password is 8 characters, when logging in on the console or desktop, anything typed after those eight characters will be ignored (unless this behaviour changed very recently).
Its possibly that SMC, and its server component WBEM does not ignore the extra characters, which could cause this behavior.
What happens if you try and login to SMC with the root user and only the first eight characters of your password?
Btw, if this was the problem i think there is a way to change the default crypto algorithm to something that supports more characters.
.7/M. -
Solaris Management Console and root pasword
I upgraded to Solaris 10 last night and tried to perform some admin work to user accounts, using Solaris Management Console. When performing the task, Solaris wants to verify user and password, the root password fails. The root pasword is correct because it let me login as root. Solaris Management Console rejects all passwords for verification. Help me please.
Thanks for your help. I updated my root password from 4 charcters to 4charcters + 4 numerals , still SMC will not let me in. I updated 2 machines and both allow me to login as root (GUI) but SMC wants to confirm the password and will not let me in.
I have reinstalled (initialized rather than upgrade) Solaris 10 on one machine (Ultra60) , that machine now works fine. It allows me to login as root(GUI) ans the SMC accepts my root password
The machines are an Ultra10 and an Ultra60.
I choose to upgrade rather than a new install because of to much info to rebuild.
Brian -
SMC (Solaris Management Console)
On a fresh install of Sparc Solaris 9 - the SMC app works. Upon patching to yesterday's 9_Recommended - it fails - the applets all have red stop signs in the console, and it says someting like - 'There is no server running...' and 'No Solaris Management Console server was available on the specified server.'
This is in the console:
kermit console login: java.io.FileNotFoundException: /var/sadm/smc/properties/.s
erver (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:103)
at com.sun.management.viperimpl.util.security.SMCSSLConfig.setu pServer(S
MCSSLConfig.java:114)
at com.sun.management.viperimpl.server.ViperWbemServer.main(Vip erWbemSer
ver.java:61)
Starting Solaris Management Console server version 2.1.0.
endpoint created: :898
Solaris Management Console server is ready.
I have tried to stop/start/restart the server with the init.wbem script in /etc/init.d
Thanks for any hints!
S7I was able to correct this problem on my server
The .server file is the smc java keystore that contains
the private/public key pair for SSL
You can create this file by executing
cd /usr/sadm/lib/smc/bin
certtool -genkey
Once the keys are generated execute
/etc/init.d/init.wbem stop
/etc/init.d/init.wbem start
if your smpatch no longer works
take a look at the following article
http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/spfaq -
Solaris Management Console and X86 Disk
Greetings,
I am trying to use the Solaris Management Console to manage the 2 disks I have in my Intel PC. Both disk are allocated 100% to Solaris 10 and were formatted and partitioned by the installation program.
Why is it that when I use the Management Console it tells me that there is no Solaris FDISK partition and that I cannot manage the disk until I put a Solaris FDISK partition on them? It doesn't seem like the tool is all that useful if it cannot use the default format put on the disk by the install program.
On related note, why is it that auto layout during install creates partitions that are barely large enough to hold the OS? From what I can see it puts the bulk of the disk space into home for user home directories but this creates a problem when trying to install additional SW such as StarOffice.
Cheers
TCThanks for your help. I updated my root password from 4 charcters to 4charcters + 4 numerals , still SMC will not let me in. I updated 2 machines and both allow me to login as root (GUI) but SMC wants to confirm the password and will not let me in.
I have reinstalled (initialized rather than upgrade) Solaris 10 on one machine (Ultra60) , that machine now works fine. It allows me to login as root(GUI) ans the SMC accepts my root password
The machines are an Ultra10 and an Ultra60.
I choose to upgrade rather than a new install because of to much info to rebuild.
Brian -
Sources for Solaris Management Console, admintool, Process Manager
Hello again after a long time! I'm interested in this sources (Solaris Management Console, admintool, Process Manager) especially admintool source code. I'm working on a Solaris8_x86. Are this sources delivered with the operating system and where can I find'em? If this sources are not delivered with the OS, the question remains. Where can I find'em and some help (man pages or anything) about these programs and their source code?
Hi,
as I know, there aren't any sources available for admintool. If you are interested in Management Console, than check docs.sun.com.
Management Console is based on Jiro Technology as I remember. You can also check for CIM (Common Information Model) and WBEM (Web Based Enterprise Management).
Start with the Management Console Manuals.
Heiko -
Enhanced Storage Problem in Solaris Management Console Started in XManager
I have Sun Fire 480 with solaris 5.9 installed on it. I use XManager 1.3.9 on windows 2000 workstation to connect to it and launch Solaris Management Console (smc). After starting smc I point to Management Tools -> This Computer (sf480dbs) -> Storage -> Enhanced Storage. At that moment Log In dialog appears and I give root user name and password. After a few seconds SMC disappears (exits). If I look at CDE Error log there is the following exception
Thu Jul 31 21:00:36 2003 (/usr/dt/bin/dtexec) /usr/sbin/smc
Exception while creating engine named com.sun.java.help.search.DefaultSearchEngine for view: javax.help.SearchView@4db52b
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at javax.help.search.MergingSearchEngine.makeEngine(MergingSearchEngine.java:148)
at javax.help.search.MergingSearchEngine.merge(MergingSearchEngine.java:82)
at javax.help.JHelpSearchNavigator.merge(JHelpSearchNavigator.java:160)
at javax.help.JHelp.addHelpSet(JHelp.java:322)
at javax.help.JHelp.helpSetAdded(JHelp.java:288)
at javax.help.HelpSet.fireHelpSetAdded(HelpSet.java:344)
at javax.help.HelpSet.add(HelpSet.java:256)
at com.sun.management.viper.console.gui.help.VHelpViewer.consoleAction(VHelpViewer.java:138)
at com.sun.management.viper.console.VConsole.notifyListeners(VConsole.java:566)
at com.sun.management.viper.console.VConsole.consoleAction(VConsole.java:512)
at com.sun.management.viper.console.gui.VGUIConsole.consoleAction(VGUIConsole.java:566)
at com.sun.management.viperimpl.console.gui.SMCConsole.consoleAction(SMCConsole.java:292)
at com.sun.management.viperimpl.console.BaseConsoleManager.notifyListeners(BaseConsoleManager.java:370)
at com.sun.management.viperimpl.console.gui.GUIConsoleManager.loadOnlineHelpForTool(GUIConsoleManager.java:1198)
at com.sun.management.viperimpl.console.BaseConsoleManager.loadToolAndReplaceStub(BaseConsoleManager.java:2139)
at com.sun.management.viperimpl.console.BaseConsoleManager$ClickLoader.run(BaseConsoleManager.java:2060)
at com.sun.management.viper.util.ThreadPool$ThreadWorker.run(ThreadPool.java:138)
Caused by: java.security.InvalidParameterException
at com.sun.java.help.search.DefaultSearchEngine.<init>(DefaultSearchEngine.java:75)
... 21 more
Can anyone tell me anything what is problem?
I am newby to solaris and any ideas will be appreaciated.
Thanks in advance
David SuladzeTry search the WEB for your display adapter drivers. However, most of new especially intergated graphics are still not supported.
You may try to get it working with xsun, run kdmconfig and specify as display adapter VGA or Super VGA. I know that in some cases it helps.
As well do the same with Xorg and run /usr/X11/bin/xorgcfg, try to find somekind of generic VGA in drivers that are listed there.
As I know, smc runs only in graphical mode.
I saved the settings and pressed F2 for testing. I could see the displayDid you see buttons on that display (something like "yes", "no")?
xsun is very hard to set with most of display adapters and monitors, sometimes it shows only part of the screen, so you might not to see these buttons. However if you see them, press "yes" (or something like that, I dont exactly remember). Then reboot and your computer should start the GUI. -
Solaris Management Console (SMC) - Solaris 9 x86
I�ve just installed Solaris 9 (x86) version. I�m unable to install Solaris Management console.
I was using below command to add listed patches:
pkgadd -d . SUNWpmgr SUNWrmui SUNWlvmr SUNWlvma SUNWlvmg
I�m unable to find these packages on cd1. Somehow they�re on cd2. These cd�s are direct extract from Sun�s web site.
Anyway when I run the pkgadd command I�m getting the following error:
�No package associated with (SUNWpmgr)�
When I look into the SUNWpmgr, there are 2 files (pkgmap., pkginfo.) and 3 dir (install, archive, reloc)
Same with other packages
Please help me.I was able to correct this problem on my server
The .server file is the smc java keystore that contains
the private/public key pair for SSL
You can create this file by executing
cd /usr/sadm/lib/smc/bin
certtool -genkey
Once the keys are generated execute
/etc/init.d/init.wbem stop
/etc/init.d/init.wbem start
if your smpatch no longer works
take a look at the following article
http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/spfaq -
Solaris Management Console reports disk errors
Hello,
Solaris Management Console is reporting my disk as having a non-Solaris partition, negative space remaining, and overlapping partitions.
All this after a trouble free install of Solaris 10 on a checked IBM and a Fujitsu hdd. (AMD +2600 chip, ASUS A7V8X mb)
Any help would be appreciated.
Thank You,
RTAs a followup - right after posting this message, I opened a support case for this, and the solution is that you need to go into /etc/security/policy.conf and backup JASS's change to the default encryption model.
Change CRYPT_DEFAULT=1 back to CRYPT_DEFAULT=__unix__
Then, you have to clear the password using "passwd -d", and then reset it again to what you want. Then, the management console will work.
I guess the management console is set to always use the __unix__ method, and not look at the policy.conf's setting. So when JASS wanders from the default, it breaks SMC. -
Solaris Management Console toolbox could not be loaded
Hello,
when I start SMC I get this error, toolbox http://ultra:989/toolboxes/smc.tbx could not be loaded. I only noticed this yesterday, and I think it is related to some patch that was applied recently. When I did wget http://ultra:898/toolboxes/smc.tbx I got these headers
HTTP/1.0 200 OK
Date: Thu, 27 Oct 02005 21:21:52 GMT
Server: Tomcat/2.1
Content-Type: text/plain
Servlet-Engine: Tomcat/2.1 (Java 1.4.0_01; SunOS 5.9 sparc; java.vendor=Sun Microsystems Inc.)
Last-Modified: Tue, 31 Aug 02004 21:27:14 GMT
and wget complains of
Last-modified header invalid -- time-stamp ignored.
perhaps it is this header that's invalidating the download and so SMC complains?
This is solaris 9 on an ultra 5, fully patched (up to yesterday).
Thanks for your help!I seem to have come across the same issue as well. On an Ultra 2, I'm running Solaris 10 1/06 (after an upgrade from Solaris 10 5/05). SMC 2.1 was working fine before I applied the latest Recommended Solaris 10 patch cluster. Now when starting smc, I get the message,
"Server Not Running
No Solaris Management Console server was available on the specified server. Please ensure there is a Solaris Management Console server available on the specified host and that it is running."
with stop signs for all the management tools. I do not have patch 121309 installed which I suspect applies to the 6/06 release. In comparison to a working system, neither workstation had the entry for "smc 898/tcp" in its /etc/services file. I added it but did not make a difference so I removed the entry.
"/etc/init.d/init.wbem stop/start" did not do the trick. Using dananderson's advice in,
http://forum.java.sun.com/thread.jspa?threadID=5057915
I ended up having to completely remove and re-add all packages that had to do with smc using the Solaris 1/06 installation CD set. I confirmed smc was working again without the error. Update Manager suggested I add patches 121308-08 and 124188-02. Hesitantly, I added those two patches, rebooted and confirmed smc produced the error message again. I removed patches 121308-08 and 124188-02 and smc started working again. I will have to refrain from applying those patches so it continues to run.
I wish I had further explanation as to why those updates are killing my smc.
Maybe you are looking for
-
Hi, I have modified Sun javacard 2.2.1 api source code little bit. I have compiled all the source files of this api package and then i have generated EXP and JCA files. From these JCA files i need to generate Mask.c using Maskgen tool I have the foll
-
Is there a way to play old DOS games such as the original Sid Meier's Colonization for DOS on my iMac? I'm wanting to buy the original one (used to play it on my dad's old NEC PC all the time and prefer the DOS version over the Windows version, sligh
-
Hi All, I have one client specific requirement, My scenario is RFC to JDBC async. Is it possible to know the successfully posting status in async scenario in JDBC side? Like, from RFC they send details of 10 employee details in one go. And try to in
-
On Demand AJAX No Response?
Have a weird issue. We switched a web server (Oracle 10G App Server) over from our sandbox Apex area to our new development database which runs 3.2.0.00.27. I imported a few test applications from the sandbox which worked without issues because we us
-
How do I get Firefox on my iPad 4?
Thank you