Nss / pk12util on Solaris
Hi - has anyone any experience with getting the above from Mozilla installed on Solaris? I'm running Solaris 10 11/06 s10s_u3wos_10 SPARC on some T1000 / T2000 servers and need the pk12util command but am at a loss as to how to get this installed. I see other O/S distros just provide all the necessary nss* packages and the tools are there but not Solaris.
The main link is http://www.mozilla.org/projects/security/pki/nss/ and then there's download details here http://www.mozilla.org/projects/security/pki/src/download.html
I'm almost certain that some of the problems I'll have if I need to build from source which I don't want to do is my servers will have no compiler installed, they won't have gmake and I'm also working on zones.
Any help would be greatly appreciated.
Thanks - Julian.
Hi!
Check on you system. On my i found more one pk12util.
bash-3.00$ grep pk12util /var/sadm/install/contents
/usr/appserver/lib/install/templates/pk12util.sh.template f none 0644 root bin 329 26943 1155745133 SUNWasut
/usr/appserver/lib/pk12util f none 0755 root bin 135240 41456 1155745133 SUNWasut
/usr/appserver/lib/pk12util.sh e appservenv 0755 root bin 329 26943 1155745133 SUNWasut
/usr/appserver/lib/upgrade/pk12util f none 0755 root bin 100116 4833 1155745134 SUNWasut
/usr/sfw/bin/pk12util f none 0755 root bin 139536 44255 1268710916 SUNWtlsu
/usr/sfw/bin/sparcv9/pk12util f none 0755 root bin 156240 55607 1268710920 SUNWtlsu
-bash-3.00$ pkginfo SUNWasut
system SUNWasut Sun Java System Application Server, upgrade tool
-bash-3.00$ pkginfo SUNWtlsu
system SUNWtlsu Network Security Services Tools
-bash-3.00$
Reagrds.
Similar Messages
-
Migration from Netware 6.x NSS to Solaris 10 ZFS
Hi,
I am looking at Solaris and ZFS as being the possible future of our file store for users.
We have around 3TB (40million files) of data to transfer to ZFS from Netware 6.5 NSS volumes.
What is the best way to do this?
I have tried running utilities like richcopy (son of robocopy) , teracopy, fastcopy from a Windows client mapped to the Netware server via NCP and the Solaris server via Samba.
In all tests the copy very quickly failed, rendering the Solaris server unusable. I imagine this has to do with the utilities expecting a destination NTFS filesystem, and ZFS combined with Samba does not fit the bill.
I have tried running the old rsync client from Netware, but this does not seem to talk to Solaris rsyncd.
As well as NCP, Netware has the ability to export its NSS volumes as a CIFS share.
I have tried mounting a CIFS share of the Netware volume on Solaris...but Solaris as far as I am aware does not support mount -t smbfs as this is Linux only. You can mount smb:// from the Gui (Nautilus), but this does not help a great deal. I was hoping to run maybe Midnight Commander, but I presume that I would need a valid smb share to the Netware volume from the command line?
I really want to avoid the idea of staging on say NTFS first, then from NTFS to ZFS. A two part copy would take forever. It needs to be direct.
BTW..I am not bothered about ACL's or quota. These can be backed up from Netware and reapplied with ZFS/chown/chmod commands.
A wild creative though did occur to me as follows -
Opensolaris, unlike Solaris, has its CIFS kernel addition, and hence smb mounts from the command line (I presume), but I am not happy running opensolaris in production.So maybe I could mount the Netware NSS volume as a CIFS share on opensolaris (as a staging server), copy all the data to a ZFS pool locally, and the do a send receive to Solaris 10.......
Maybe not...
I suppose there is FTP, if I can get it to work on Netware.
I really need a utility with full error checking, and that can be left unattended.
Any ideas?Bu unusable I mean that the mapped ZFS Samba drive to the windows workstation died and was inaccessible.
Logging onto the solaris box after this from the console was almost impossible. There was a massive delay. When I did log in there appeared to be no network at all. There were no errors in the smbd log file. I need to look at other logs to find out what is going on. Looking at the ZFS filesystem some files had copied over before it died.
After rebooting the Solaris box I then tried dragging and dropping the same files to the ZFS filesystem with the native windows expolrer interface on the windows client. This worked, as in the Solaris box did not die and the files were copying happily (until I manually stopped it). As we all know Windows explorer is not a safe unattended way to copy large amounts of files.
This tells me that the copy utilities on Windows are the problem, not native windows copy/paste. -
Solaris 10connectivity to EMC: failed to configure ANY device on FCA port
I'm connecting a E2900 server with a EMC symmetrix storage with fiber channel.
But I'm getting the following errors, and I'm not able to see the external disks. Any help is really appreciated.
bash-3.00# cfgadm -al
c3 fc-fabric connected unconfigured unknown
c3::5006048c52a5b746 unavailable connected unconfigured failed
c4 fc-fabric connected unconfigured unknown
c4::5006048c52a5b749 unavailable connected unconfigured failed
bash-3.00# cfgadm -c configure c3
cfgadm: Library error: report LUNs failed: 5006048c52a5b746
failed to configure ANY device on FCA port
bash-3.00# tail -f /var/adm/messages
Nov 27 16:42:12 cosemm1 scsi: [ID 243001 kern.warning] WARNING: /pseudo/fcp@0 (fcp0):
Nov 27 16:42:12 cosemm1 Unsupported LUN Addressing method 40 in response to REPORT_LUN
bash-3.00#
SO is Solaris 10 and I have installed recommended pathes:
118833-36 SunOS 5.10: Kernel patch
125100-10 SunOS 5.10: Kernel patch
120011-14 SunOS 5.10: Kernel patch
127111-01 SunOS 5.10: Kernel patch
119130-33 SunOS 5.10: Sun Fibre Channel Device Drivers (only necessary for Leadville Stack driver)
125184-04 SunOS 5.10: Sun Fibre Channel Device Drivers.
120222-21 SunOS 5.10: Emulex-Sun LightPulse fibre channel adapter driver v2.20k (only required for Emulex HBAs running Leadville)
125166-06 SunOS 5.10: Qlogic ISP fibre channel device driver v2.22 (only required for Qlogic HBAs running Leadville)
122640-05 SunOS 5.10: zfs genesis patch (require for zfs)
120473-12 SunOS 5.10: lib nss ldap PAM zfs patch (require for zfs)
119090-24 SunOS 5.10: iSCSI device driver and utilities
Also I have modified /etc/system adding those lines:
set ssd:ssd_max_throttle=20
forceload: drv/ssd
bash-3.00# modinfo |grep qlc
66 7ba7e000 ce1f8 282 1 qlc (SunFC Qlogic FCA v20070717-2.22)
bash-3.00# luxadm -e port
/devices/ssm@0,0/pci@18,600000/SUNW,qlc@1/fp@0,0:devctl CONNECTED
/devices/ssm@0,0/pci@19,600000/SUNW,qlc@2/fp@0,0:devctl CONNECTED
bash-3.00# luxadm qlgc
Found Path to 2 FC100/P, ISP2200, ISP23xx Devices
Opening Device: /devices/ssm@0,0/pci@19,600000/SUNW,qlc@2/fp@0,0:devctl
Detected FCode Version: QLA2460 Host Adapter FCode(SPARC): 1.26 05/17/07
Opening Device: /devices/ssm@0,0/pci@18,600000/SUNW,qlc@1/fp@0,0:devctl
Detected FCode Version: QLA2460 Host Adapter FCode(SPARC): 1.26 05/17/07
Complete
bash-3.00# luxadm -e port
/devices/ssm@0,0/pci@18,600000/SUNW,qlc@1/fp@0,0:devctl CONNECTED
/devices/ssm@0,0/pci@19,600000/SUNW,qlc@2/fp@0,0:devctl CONNECTED
bash-3.00# luxadm -e dump_map /devices/ssm@0,0/pci@18,600000/SUNW,qlc@1/fp@0,0:
devctl
Pos Port_ID Hard_Addr Port WWN Node WWN Type
0 610f13 0 5006048c52a5b746 5006048c52a5b746 0x0 (Disk device)
1 617613 0 2100001b320122b7 2000001b320122b7 0x1f (Unknown Type,Host Bus Adapter)
bash-3.00# luxadm -e dump_map /devices/ssm@0,0/pci@19,600000/SUNW,qlc@2/fp@0,0:
devctl
Pos Port_ID Hard_Addr Port WWN Node WWN Type
0 620f13 0 5006048c52a5b749 5006048c52a5b749 0x0 (Disk device)
1 627613 0 2100001b32014eb8 2000001b32014eb8 0x1f (Unknown Type,Host Bus Adapter)Check the configuration on the EMC side. This error message is the heart of the problem:
"Unsupported LUN Addressing method 40 in response to REPORT_LUN"
A quick Googling leads me to believe this means you're trying to assign a LUN ID higher than 255 to the host.
Best of luck! -
Sapinst not started for PI 7.1 on Solaris 1064bit and Oracle10
Hello,
We are running NW 7.10 PI 7.1 installation on Sun Solaris 10 and Oracle 10.2.0.4 platform. We are using the following installation DVDs for installing PI.
Installation Master = 51033240_21
Java Component = 51033242
UC Kernel = 51033245
We are doing following to run ./sapinst
1. log on as root
2. set JAVA_HOME, TEMP and DISPLAY
3. go to master DVD and run ./sapinst
The instgui is not showing any error Problematicc sentence structure ./SAPinst is just getting frozen. We used another script ./sapinstgui from the same directory and it shows us some logon screen with port 21212 in the GUI. However, when we try clicking logon it does nothing.
We've ensured that port 21212 or any other port that supposed to be used by SAPinst are not blocked on the firewall or not used by any other application. Host and DNSfiles are also okay. Based on one of the previous forum /etc/nss*.conf files also exist in our PI host. Not sure why the SAPinst GUI is not started.
We've also ensured that we need any new SAPinst support pach from marketplace, however current installation master dvd is the latest one release in March 09 and there are no further patches released by SAP.
Please help if anyone of you have faced this issue before.
HarshalI tried ./sapinst SAPINST_DIALOG_PORT=<free_port_number> as well as the default port number. Both of them fails.
normally ./sapinst itself should establish all the port automatically that it uses. Which currently is not happening.
Do you want me to copy installation master dvd for Solaris on windows work station from where i'm initiating it through Xmanager session and try running ? The installation master dvd that i'm currenty using is for Solaris platform which meanase ./sapinst is compiled for Solaris, how will it be supported by Windows ?
Harshal -
Problems using NSS library as PKCS#11 provider with JAVA 6
Hi,
I�m trying to configure JAVA 6 on Solaris 10 SPARC to use Mozilla NSS library as PKCS#11 provider (to achieve FIPS-140 certification for my application). I�m following the guidelines from http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html#NSS but unfortunately something doesn�t work for me as expected...
Let me describe the exact steps that I followed (because devil may be in the small details :-)
I downloaded NSS 3.11.4 and NSPR 4.6.4 binaries from mozilla.org (32 bit �debug� versions for Solaris 9, because these were the only �binary� versions for SPARC available on Mozilla site and as far as I understand these are the exact versions that passed FIPS-140 certification), unpacked them under the /opt directory and copied both of them into a single /opt/nss tree as follows:
mkdir /opt/nss
cp �r /opt/nss-3.11.4/* /opt/nss
cp �r /opt/nspr-4.6.4/* /opt/nss
I created a PKCS#11 configuration file /opt/nss/pkcs11.cfg as per JAVA 6 security guide:
name = NSScrypto
nssLibraryDirectory = /opt/nss/lib
nssDbMode = noDb
attributes = compatibility
(I know that this configuration is not for FIPS mode � but I thought that I�d better start with a simple NSS configuration)
Then I modified /usr/jdk/jdk1.6.0_03/jre/lib/security/java.security file and replaced 1st provider with:
security.provider.1=sun.security.pkcs11.SunPKCS11 /opt/nss/pkcs11.cfg
Now everything should be in place � so I created a small JAVA program and ran it:
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.*;
public class Test
public static void main(String[] args)
try
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
DESedeKeySpec keySpec = null;
keySpec = new DESedeKeySpec(new String("laKuf1Tcc6sOhsdPf49=m4es").getBytes());
System.out.println("keyFactory provider: " + keyFactory.getProvider().getName());
SecretKey key = keyFactory.generateSecret(keySpec);
Cipher decryptCipher = Cipher.getInstance("DESede");
decryptCipher.init(Cipher.DECRYPT_MODE, key);
System.out.println("decryptCipher provider: " + decryptCipher.getProvider().getName());
catch (Exception ex)
ex.printStackTrace();
Unfortunately it produced the following output:
EMS-Server42# java test
keyFactory provider: SunPKCS11-NSScrypto
decryptCipher provider: SunJCE
And when I comment out SunJCE provider in java.security file I get the following exception:
java.security.NoSuchAlgorithmException: Cannot find any provider supporting DESede
at javax.crypto.Cipher.getInstance(DashoA13*..)
at test.main(test.java:38)
So it looks like something is wrong with my NSS configuration. Because AFAIK DESede (3DES) is supported by the NSS library, but for some reason JAVA doesn�t see this algorithm implemented in NSS PKCS#11 provider.
Any suggestions on what am I doing wrong?
Best regards,
AlexWorks for me:
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.IvParameterSpec;
public class Test
public static void main(String[] args)
try
String configFileName = "/nss/nss.cfg";
Provider nss = new sun.security.pkcs11.SunPKCS11(configFileName);
Security.addProvider(nss);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede", nss);
DESedeKeySpec keySpec = new DESedeKeySpec(new String("laKuf1Tcc6sOhsdPf49=m4es").getBytes("UTF-8"));
System.out.println("keyFactory provider: " + keyFactory.getProvider().getName());
SecretKey key = keyFactory.generateSecret(keySpec);
//iv for CBC mode - note, in practice you don't generate a random iv for decryption :)
byte[] iv = new byte[8]; //64-bit block size for 3DES
SecureRandom sr = SecureRandom.getInstance("PKCS11", nss);
sr.nextBytes(iv);
IvParameterSpec params = new IvParameterSpec(iv);
Cipher decryptCipher = Cipher.getInstance("DESede/CBC/NoPadding", nss);
decryptCipher.init(Cipher.DECRYPT_MODE, key, params);
System.out.println("decryptCipher provider: " + decryptCipher.getProvider().getName());
catch (Exception ex)
ex.printStackTrace();
}Oh, I wouldn't expect your key loading to work when you switch over to FIPS mode.
cfg file:
name = NSScrypto
nssLibraryDirectory = /nss
nssSecmodDirectory = /nss
nssModule = fipsYields the following error:
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: Could not create key
because you can't directly handle keying material in FIPS. You'll have to save the secret key in the NSS certDB or generate a random one each time and send it wrapped to the other side. -
Registration issues.... Solaris 10 - 06/06
Having issues registering my V440 running Solaris 10 06/06. I have posted the error below and them some system information below that. any help is appreciated.
sysax /: /usr/sbin/sconadm register -a -r /usr/lib/breg/data/RegistrationProfile.properties
sconadm is running
Authenticating user ...
Exception in thread "main" java.lang.reflect.UndeclaredThrowableException
at $Proxy1.getInstanceName(Unknown Source)
at com.sun.scn.client.SCNClientSession.login(SCNClientSession.java:371)
at com.sun.cns.basicreg.cacao.ClientLoginCacaoAdapter.loginAccount(ClientLoginCacaoAdapter.java:209)
at com.sun.cns.basicreg.BasicRegCLI.authenticateUser(BasicRegCLI.java:1079)
at com.sun.cns.basicreg.BasicRegCLI.run(BasicRegCLI.java:669)
at com.sun.cns.basicreg.BasicRegCLI.main(BasicRegCLI.java:562)
Caused by: javax.management.InstanceNotFoundException: com.sun.scn:name=SCNBaseServiceFactory,assetSubProfile=Factory,host=sysax.consolidated.com,assetProfile=Factory,scnType=ServiceFactory,Vendor=Sun Microsystems Inc
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getMBean(DefaultMBeanServerInterceptor.java:1010)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getClassLoaderFor(DefaultMBeanServerInterceptor.java:1349)
at com.sun.jmx.mbeanserver.JmxMBeanServer.getClassLoaderFor(JmxMBeanServer.java:1300)
at com.sun.jdmk.interceptor.DefaultMBeanServerInterceptor.getClassLoaderFor(DefaultMBeanServerInterceptor.java:285)
at com.sun.cacao.agent.DispatchInterceptor.getClassLoaderFor(DispatchInterceptor.java:474)
at com.sun.cacao.agent.auth.impl.AccessControlInterceptor.getClassLoaderFor(AccessControlInterceptor.java:427)
at com.sun.jdmk.JdmkMBeanServerImpl.getClassLoaderFor(JdmkMBeanServerImpl.java:1130)
at com.sun.cacao.common.instrum.impl.InstrumDefaultForwarder.getClassLoaderFor(InstrumDefaultForwarder.java:153)
at javax.management.remote.rmi.RMIConnectionImpl$4.run(RMIConnectionImpl.java:1306)
at java.security.AccessController.doPrivileged(Native Method)
at javax.management.remote.rmi.RMIConnectionImpl.getClassLoaderFor(RMIConnectionImpl.java:1303)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:766)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
at sun.rmi.transport.Transport$1.run(Transport.java:153)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:149)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
at java.lang.Thread.run(Thread.java:595)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:247)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:223)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:126)
at com.sun.jmx.remote.internal.PRef.invoke(Unknown Source)
at javax.management.remote.rmi.RMIConnectionImpl_Stub.invoke(Unknown Source)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:969)
at javax.management.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:201)
... 6 more
sysax /: cat /etc/release
Solaris 10 6/06 s10s_u2wos_09a SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 09 June 2006
sysax /: cat /var/sadm/system/admin/CLUSTER
CLUSTER=SUNWCall
sysax /: java -version
java version "1.5.0_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
Java HotSpot(TM) Server VM (build 1.5.0_06-b05, mixed mode)
sysax /: smpatch get
patchpro.backout.directory - ""
patchpro.baseline.directory - /var/sadm/spool
patchpro.download.directory - /var/sadm/spool
patchpro.install.types - rebootafter:reconfigafter:standard
patchpro.patch.source - https://getupdates1.sun.com/
patchpro.patchset - current
patchpro.proxy.host - ""
patchpro.proxy.passwd **** ****
patchpro.proxy.port - 8080
patchpro.proxy.user - ""
sysax /: cat /usr/lib/breg/data/RegistrationProfile.properties
# CLI registration profile template version 1.0
# ******** WARNING ********
# This profile contains sensitive data: passwords and subscription
# keys. You should take care in how you handle it, ensuring that it
# is always adequately protected (mode 400 or 600, owned by root)
# and not stored on insecure file systems like those exported through
# standard NFS.
# Sun Online account information. A new account can be created by visiting
# http://updates.sun.com
userName=**************
password=***********
# Name (label) of this machine as you would like it to appear on the Sun Connection
# portal. If left blank hostname will be used
hostName=devdbs01
# Service Plan / contract number with Sun. For more information on this topic
# please visit http://www.sun.com/service/warrantiescontracts/ . NOTE - a
# subscription key is required to use the Sun Connection Portal.
subscriptionKey=***************
# Allow this host to be managed by the Sun Connection Portal. If set to true,
# a subscription key is required.
portalEnabled=true
# HTTPS proxy information needed to connect to Sun for registration and patch
# updates.
proxyHostName=
proxyPort=
proxyUserName=
proxyPassword=The error message I received was from the Sun Update Connection GUI. Once the patches I attempted to apply failed.
sysax /tmp: ./suc.sh.2
$USER:
$LOGNAME: root
Sat Feb 24 13:37:07 CST 2007
sysax
smpatch get:
patchpro.backout.directory - ""
patchpro.baseline.directory - /var/sadm/spool
patchpro.download.directory - /var/sadm/spool
patchpro.install.types - rebootafter:reconfigafter:standard
patchpro.patch.source - https://getupdates1.sun.com/
patchpro.patchset - current
patchpro.proxy.host - ""
patchpro.proxy.passwd **** ****
patchpro.proxy.port - 8080
patchpro.proxy.user - ""
smpatch analyze:
119252-15 SunOS 5.10: System Administration Applications Patch
119081-25 SunOS 5.10: CD-ROM Install Boot Image Patch
124630-03 SunOS 5.10: System Administration Applications, Network and Core Libraries Patch
124188-02 SunOS 5.10: Trusted Solaris Attributes Patch
119315-07 SunOS 5.10: Solaris Management Applications Patch
121308-08 SunOS 5.10: Solaris Management Console Patch
119313-10 SunOS 5.10: WBEM Patch
119534-10 SunOS 5.10: Flash Archive Patch
119254-34 SunOS 5.10: Install and Patch Utilities Patch
119963-08 SunOS 5.10: Shared library patch for C++
120753-03 SunOS 5.10: Microtasking libraries (libmtsk) patch
123494-03 X11 6.6.2: fontconfig patch
119812-02 X11 6.6.2: Freetype patch
125014-02 SunOS 5.10: IP filter patch
120780-03 SunOS 5.10: ixgb patch
119764-05 SunOS 5.10 : ipmitool patch
124258-01 SunOS 5.10: ufs and nfs driver patch
124252-01 SunOS 5.10: nfssrv patch
120812-15 OpenGL 1.5: OpenGL Patch for Solaris
123839-04 SunOS 5.10: Fault Manager Patch
124204-04 SunOS 5.10: zfs patch
122911-02 SunOS 5.10: Apache 1.3 Patch
120543-08 SunOS 5.10: Apache 2 Patch
117463-04 SunOS 5.10: passwdutil Patch
118890-03 SunOS 5.10: llib-lc patch
125024-01 SunOS 5.10: basic audit reporting tool patch
123908-01 SunOS 5.10: ar patch
120887-06 SunOS 5.10: cdrw patch
119580-05 SunOS 5.10: libcpc Patch
124244-01 SunOS 5.10: /usr/bin/rm patch
119685-10 SunOS 5.10: svc.startd patch
124997-01 SunOS 5.10: /usr/bin/tip patch
121081-06 SunOS 5.10: Connected Customer Agents 1.1.0
120845-04 SunOS 5.10: auditd patch
124235-01 SunOS 5.10: libpam.so.1 patch
120050-05 SunOS 5.10: usermod patch
122525-03 SunOS 5.10: Sun Fire V445 patch
124614-01 SunOS 5.10: sconadm proxy: UnknownHostException
120986-10 SunOS 5.10: mkfs and newfs patch
125040-01 SunOS 5.10: /usr/lib/inet/in.mpathd patch
122517-03 SunOS 5.10: Sun Fire V215/V245 platmod patch
125035-01 SunOS 5.10: libinetsvc.so.1 patch
123334-04 SunOS 5.10: e1000g_transition patch
122660-07 SunOS 5.10: zones patch
119998-02 SunOS 5.10: arp, ip, ipsecah drivers patch
125026-01 SunOS 5.10: message queue patch
118371-08 SunOS 5.10: elfsign Patch
123328-01 SunOS 5.10: expr patch
123520-01 SunOS 5.10: basename & dirname patch
123915-01 SunOS 5.10: libcfgadm.so.1 patch
125018-02 SunOS 5.10: scsi_vhci driver patch
123912-02 SunOS 5.10: ppriv patch
118367-04 SunOS 5.10: csh Patch
125016-01 SunOS 5.10: audit and init patch
119824-02 SunOS 5.10: prstat patch
123910-01 SunOS 5.10: platform_sun4v.xml patch
122255-04 SunOS 5.10: etc/flash/precreation/caplib patch
123319-01 SunOS 5.10: sysacct patch
118557-07 SunOS 5.10: platform/sun4u/kernel/drv/sparcv9/su patch
123271-01 SunOS 5.10: iwscn patch
124922-02 SunOS 5.10: ld.so.1 patch
123301-01 SunOS 5.10: i2c_svc patch
124325-01 SunOS 5.10: rcm modules patch
121561-04 SunOS 5.10: keymap patch
124918-02 SunOS 5.10: devfsadm, devlinks, drvconfig patch
122032-04 SunOS 5.10: Update timezones patch
124916-03 SunOS 5.10: sd, ssd drivers patch
121002-03 SunOS 5.10: pax patch
123252-01 SunOS 5.10: platform/SUNW,Netra-T2000 patch
122412-01 SunOS 5.10: ipseckey patch
122408-01 SunOS 5.10: libmtmalloc patch
120473-02 SunOS 5.10: nss_compat patch
124254-02 SunOS 5.10: sockfs patch
124250-03 SunOS 5.10: rpcmod patch
122752-04 SunOS 5.10: FMA snmp patch
124999-01 SunOS 5.10: mc-us3 driver patch
125319-01 SunOS 5.10: rmc_comm patch
125028-02 SunOS 5.10: pcipsy patch
118879-02 SunOS 5.10: dhcp daemon patch
118815-05 SunOS 5.10: awk nawk patch
121286-04 SunOS 5.10: libfru.so.1 and libfrureg.so.1 patch
122363-02 SunOS 5.10: fru_container.conf and libfruaccess.so.1 patch
119974-07 SunOS 5.10: fp plug-in for cfgadm
120222-15 SunOS 5.10: Emulex-Sun LightPulse Fibre Channel Adapter driver
119130-33 SunOS 5.10: Sun Fibre Channel Device Drivers
120182-05 SunOS 5.10: Sun Fibre Channel Host Bus Adapter Library
120346-06 SunOS 5.10: Common Fibre Channel HBA API Library
124943-01 SunOS 5.10: SunFreeware gzip man pages patch
122675-01 SunOS 5.10 : SunFreeware samba man pages patch
123809-01 SunOS 5.10: rpcsec_gss patch
121239-02 SunOS 5.10: libgss patch
120719-02 SunOS 5.10 : SunFreeware gzip patch
118925-05 SunOS 5.10: unistd header file patch
124208-01 SunOS 5.10: Trusted Extensions header files patch
124280-01 SunOS 5.10: libkdb.so.1 patch
120469-05 SunOS 5.10: kerberos patch
121006-02 SunOS 5.10: libkadm5 and kadmind patch
124991-01 SunOS 5.10: llc2 driver patch
124286-01 SunOS 5.10: chkey core dump
123186-02 SunOS 5.10: NIS yp utilities patch
124987-01 SunOS 5.10: ldap_cachemgr patch
119470-10 SunOS 5.10: Sun Enterprise Network Array firmware and utilities
122404-01 SunOS 5.10: xntpd patch
124990-01 SunOS 5.10: Sun-Blade-100 libprtdiag_psr.so.1 patch
121944-02 SunOS 5.10: libpsvcpolicy and libpsvcpolicy_psr patch
122537-02 SunOS 5.10: libpiclenvmon.so.1 patch
123590-02 SunOS 5.10: PostgresSQL patch
120629-05 SunOS 5.10: libpool patch
124993-01 SunOS 5.10: in.ndpd patch
125011-01 SunOS 5.10: sendmail patch
125022-01 SunOS 5.10: usr/sbin/sar patch
122376-01 SunOS 5.10: prex patch
120068-03 SunOS 5.10: in.telnetd patch
124995-01 SunOS 5.10: ehci driver patch
121010-05 SunOS 5.10: rpc.metad patch
124256-01 SunOS 5.10: md_mirror patch
125075-01 SunOS 5.10: svc-volfs patch
125073-01 SunOS 5.10: vold patch
119555-04 SunOS 5.10: Software to support QLogic Ultra3 SCSI host bus adapters
119090-22 SunOS 5.10: Sun iSCSI Device Driver and Utilities
120272-06 SunOS 5.10: SMA patch
124463-02 SunOS sparc : cacao 2.0 patch 02
119213-11 NSS_NSPR_JSS 3.11.4: NSPR 4.6.4 / NSS 3.11.4 / JSS 4.2.4
118666-11 J2SE 5.0: update 11 patch (5.0u11)
118667-11 J2SE 5.0: update 11 patch (5.0u11), 64bit
122119-05 SunOS 5.10: Patch for Arabic Fonts
119703-08 SunOS 5.10: Patch for localeadm issues
123003-02 SunOS 5.10: dependency issue with SUNWopenssl-include
123630-01 SunOS 5.10: HTTP proxy settings patch
123005-05 SunOS 5.10: Basic Registration Update
123011-01 SunOS 5.10: BR desktop icon patch
119648-03 SunOS 5.10: vlan driver patch
118777-08 SunOS 5.10: Sun GigaSwift Ethernet 1.0 driver patch
121118-11 SunOS 5.10: Sun Update Connection System Client 1.0.9
118712-13 SunOS 5.10: Sun XVR-100 Graphics Accelerator Patch
120410-17 SunOS 5.10: Internet/Intranet Input Method Framework patch
121734-05 SunOS 5.10: patch to support addition of new UTF-8 locales
119810-03 SunOS 5.10: International Components for Unicode Patch
120099-07 APOC 1.2: Sun Java(tm) Desktop System Configuration Shared Libraries
119546-07 APOC 1.2: APOC Configuration Agent Patch
124393-02 CDE 1.6: Dtlogin smf patch
123611-02 X11 6.6.2: Trusted Extensions patch
119280-10 CDE 1.6: Runtime library patch for Solaris 10
119278-12 CDE 1.6: dtlogin patch
124405-01 CDE1.6: sdtfprop patch
124403-01 CDE1.6: dtstyle patch
124401-01 CDE1.6: dtpad patch
124399-01 CDE1.6: dtfile patch
125279-01 CDE1.6: dtsession patch
121977-02 CDE 1.6: dtlogin resources patch
124397-02 CDE1.6: libDtWidget patch
124395-01 CDE1.6: dtaction patch
119117-29 Evolution 1.4.6 patch
123938-01 GNOME 2.6.0: GNU Transport Layer Security Library Patch
119418-03 GNOME 2.6.0: Gnome On-screen Keyboard Patch
119414-13 GNOME 2.6.0: Gnome Accessibility Libraries Patch
119598-08 GNOME 2.6.0: Gnome Screen Reader and Magnifier Patch
120454-02 GNOME 2.6.0: Gnome Apoc GConf Adapter Patch
120460-10 GNOME 2.6.0: Gnome libs Patch
120284-04 GNOME 2.6.0: GNOME CORBA ORB and component framework
122212-17 GNOME 2.6.0: GNOME Desktop Patch
119410-05 GNOME 2.6.0: Gnome Applets Patch
119540-05 GNOME 2.6.0: Gnome Dtlogin configuration Patch
119548-07 GNOME 2.6.0: Gnome Multi-protocol instant messaging client Patch
123162-02 GNOME 2.6.0: Gnome Java Run Time Patch
120739-03 GNOME 2.6.0: GNOME PDF Viewer based on Xpdf
119368-05 GNOME 2.6.0: Printing Technology Patch
121606-02 GNOME 2.6.0: Python patch
120288-03 GNOME 2.6.0: Gnome terminal Patch
119906-08 Gnome 2.6.0: Virtual File System Framework patch
119538-10 GNOME 2.6.0: Window Manager Patch
119115-23 Mozilla 1.7 patch
122958-02 GNOME 2.6.0: RealPlayer media application
119903-02 OpenWindows 3.7.3: Xview Patch
119059-21 X11 6.6.2: Xsun patch
125045-01 X11 6.6.2: Xft patch
124457-01 X11 6.6.2: xdm patch
showrev -p
119788-07
120335-04
121081-05
121118-06
121118-08
121118-10
121453-02
122231-01
java -version:
java version "1.5.0_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
Java HotSpot(TM) Server VM (build 1.5.0_06-b05, mixed mode)
/etc/release:
Solaris 10 6/06 s10s_u2wos_09a SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 09 June 2006
/var/sadm/system/admin/CLUSTER:
CLUSTER=SUNWCall
/usr/lib/cc-ccr/bin/ccr -g cns.assetid:
1917645754
patchsvr setup -l
Patch source URL: https://getupdates1.sun.com/
Cache location: /var/sadm/spool/patchsvr
sysax /tmp: ps -ef | grep cc
root 2006 2003 0 Feb 22 ? 0:17 /usr/lib/cc-cfw/platform/transport/bin/cctransport
root 2022 2017 0 Feb 22 ? 0:01 /usr/lib/cc-cfw/platform/fwagent/bin/ccfwagent
root 2003 1 0 Feb 22 ? 0:00 /bin/sh /usr/lib/cc-cfw/framework/lib/watchdog /usr/lib/cc-cfw/platform/transpo
root 2013 2010 0 Feb 22 ? 0:01 /usr/lib/cc-cfw/platform/ccragent/bin/ccccragent
root 2010 1 0 Feb 22 ? 0:00 /bin/sh /usr/lib/cc-cfw/framework/lib/watchdog /usr/lib/cc-cfw/platform/ccragen
root 2017 1 0 Feb 22 ? 0:00 /bin/sh /usr/lib/cc-cfw/framework/lib/watchdog /usr/lib/cc-cfw/platform/fwagent
noaccess 1898 1 0 Feb 22 ? 1:02 /usr/jdk/instances/jdk1.5.0/bin/java -server -XX:+BackgroundCompilation -Djava.
root 8884 5284 0 13:39:27 console 0:00 grep cc
sysax /tmp: -
Solaris 10 ldapclient set up cert8.db and key3.db
I'm currently working on setting up a multi-master ldap cluster in a multi-site layout. There were a couple of questions which I have been trying to find the anser to but haven't had much luck.
1. Is it possible to have a single cert8.db and key3.db generated to be used across all the clients which will be authenticating via tls, I have currently set up a CA on one of the master servers which I have used to issue cert's for all the servers in the cluster. Or is the only option to have the cert8.db and key3.db generated per site and used as such.
2. Is there any way of getting the clients to import the certificate keys automatically without having to scp them around and then chmod them.>
1. Is it possible to have a single cert8.db and key3.db generated to be used across all the clients which will be authenticating via tls, I have currently set up a CA on one of the master servers which I have used to issue cert's for all the servers in the cluster. Or is the only option to have the cert8.db and key3.db generated per site and used as such.The clients need to trust the CA which signed your LDAP servers' SSL certificates.
In other words, your cert8.db/key3.db for this case only needs to have the public certificate for the CA you used to sign your LDAP server certs.
You'll be happy to hear that "yes", this single cert8.db/key3.db set can be used on all clients.
The slight exception is Solaris clients with very old NSS libraries installed (early Solaris 8). These clients need a cert7.db/key3.db set... but again, this same set can be used on all of them. This won't matter to you if all your clients are Solaris 9 or later with recent patch clusters.
2. Is there any way of getting the clients to import the certificate keys automatically without having to scp them around and then chmod them.No keys involved on the client in this case, just the CA's public cert.
You do have to copy them onto each client. chown root:root, chmod 444. -
Run DSEE 6.3.1.1.1 on Solaris 11
Hello,
I know that Solaris 11 is not a supported platform for the DSEE 6.3.x releases, but I've been stubbornly trying to get it working anyway. What's interesting is that DSEE 6.3 works, and DSEE 6.3.1 works, but when I patch 6.3.1 to 6.3.1.1.1, suddenly cacaoadm doesn't work anymore. I'm using the zip releases, and the final lines of output from the dsee_deploy command for the 6.3.1.1.1 patch are as follows:
Configuring Cacao at /opt/SUNWdsee/dsee6/cacao_2
Setting Cacao parameter jdmk-home with saved value [/opt/SUNWdsee/dsee6/private]
Failed setting jdmk-home with value [/opt/SUNWdsee/dsee6/private]
Setting Cacao parameter java-home with saved value [/opt/SUNWdsee/jre]
Failed setting java-home with value [/opt/SUNWdsee/jre]
Setting Cacao parameter nss-lib-home with saved value [/opt/SUNWdsee/dsee6/private/lib]
Failed setting nss-lib-home with value [/opt/SUNWdsee/dsee6/private/lib]
Setting Cacao parameter nss-tools-home with saved value [/opt/SUNWdsee/dsee6/bin]
Failed setting nss-tools-home with value [/opt/SUNWdsee/dsee6/bin]
Setting Cacao parameter jmxmp-connector-port with saved value [11162]
Failed setting jmxmp-connector-port with value [11162]
Setting Cacao parameter network-bind-address with saved value [0.0.0.0]
Failed setting network-bind-address with value [0.0.0.0]
Error: cannot register into cacao framework
Cannot register sysidconfig script.
Cannot perform firstime initialisation and configuration.
The last two lines -- "Cannot register sysidconfig script" and "Cannot perform firstime initialisation and configuration" -- are the only output I can get from cacaoadm after updating to 6.3.1.1.1 no matter what I try. Under 6.3 and 6.3.1, cacaoadm works fine. Any ideas would be greatly appreciated.
The reason for all of this is that we have an aging Sun server running DSEE 6.3.1 on Solaris 10, which I'm looking to replace. We have a T4-1 running Solaris 11 which has a lot of unused resources available on it, and I would like to set up a zone on it to be the new LDAP server. I tried ODSEE 11.1.1.7.0, and that installed just fine, but it doesn't work with our existing DSCC 6 server, which apparently can't interact with DSEE servers unless they're using cacao. Before I go down the path of setting up DSCC 7 and incurring sporadic downtime for the restarts of the instances on all of our LDAP servers, I thought I'd try one last time to get 6.3.1.1.1 working. If we're staying with the 6.3 family, we need 6.3.1.1.1 for it's support of 2048-bit SSL certificates.
Sheesh! Nothing's ever simple. :-)I recall reading somewhere else in this forum that cacao is no longer used in 11.1.1.7.0, which would most likely be the cause of your problems.
See:
https://forums.oracle.com/message/10984367#10984367
-mi -
Patches required to install JES4 on solaris 10
hi,
Could anyone please tell me what are all the kernal patches needed to install JES4 on solaris 10, for both x86 and sparc. Previously there was a bug in solaris 10 that caused the Messaging server dispatcher to hang. What is the latest patch that resolves this bug?
Thanks!Hi,
The required patches are listed in the patch README file e.g.
README.118207-63
A list of required patches are as follows:
<snip>
Solaris 10 sparc:
OS: 119254-02
NSS/NSPR/JSS: 119213-10
SASL: 119345-01
Solaris 10 x86:
OS: 119255-02
NSS/NSPR/JSS: 119214-10
SASL: 119346-01
These are not necessarily the latest patches - but a base minimum.
For the dispatcher hang issue, I assume you are talking about bug #6383490 -> dispatcher hung, cannot handoff connections, which was thought to be due to bug #6408242 -> access to freed tcp_t in tcp_close() which was fixed in 119998-01 and 119999-01.
Regards,
Shane. -
Linux NSS DB Issue with Personal User/Client Certificate Friendly Names.
I have an issue with the NSSDB lib and my browsers in which client certificates I use for an application (Nessus Vulnerability Scanner) show up in the list with the same friendly name/nickname, making it very difficult to distinguish which certificate goes with which server.
Each certificate is generated on a different server with a different hostname but the same username. Upon importing the certificate into my browser, or even the pk12util command, the first certificate will appear correctly. However, importing additional certificates will just reuse the nickname from the first certificate instead of the nickname I chose. I have tested many different scenarios, and it doesn't seem the problem is related at all to the content of the nickname, so I have no idea how to force it to work correctly. I've searched around and found some indications of "nickname conflicts" and things, but nothing that helps me resolve the issue. I'm not sure if it's a bug or if it's some weird condition I've encountered.Maybe try to ask on the mozilla.dev.tech.crypto news group.
*https://developer.mozilla.org/en-US/docs/NSS
*news://news.mozilla.org/mozilla.dev.tech.crypto
*http://groups.google.com/group/mozilla.dev.tech.crypto -
NSS Initialization Failure - Error 8038
We are migrating a SunONE 7 legacy environment from Solaris 10 to Solaris 10 but with a new Solaris 10 Zone build. When we attempt to startup the admin server we get the following error:
CORE1116: Sun ONE Application Server 7.0.0_07
SEVERE: CORE1227: NSS initialization failed: unable to map error number -8038: Certificate database: cert7.db
SEVERE: CORE3174: NSS initialization failed
We have verified the NSS libraries on source and destination match but can't seem to figure out why NSS is failing, especially when we have no actual error.Dear All,
I am having the same issue as well. The admin we had before has left and has not passed on the iPlanet 6.1 webserver Admin console username and password and the Trust Store username and password as well.
How do we reset the Trust Store password and launch the console?
[root@webserver01]# ./startconsole
Sun ONE Web Server 6.1SP14 B03/27/2011 00:31
Please enter password for "internal" token:
Password incorrect. Please try again.
Please enter password for "internal" token:
Password incorrect. Please try again.
Please enter password for "internal" token:
failure: CORE1227: NSS initialization failed: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect: Certificate database: /opt/iplanet/server/alias/https-admserv-webserver01-cert8.db
failure: CORE3174: NSS initialization failed
Any help is greatly appreciated.
Naga -
Logical interface in solaris 10
Hi there,
I need to configure logical interface in a solaris 10 3/05 server. After reading the Solaris 10 IP services manual, I am not quite sure what to do. All the examples and explanation are about using the new subcommand addif of ifconfig. It was not clear in the documentation if the setting logical interfaces via addif will persist across boot.
Can one still configure logical interface in Solaris 10 in a more traditional way like in Solaris 8? In an Solaris 8 server I will do the following.
Let's assume I want to configure in a solaris 8 server a logical interface named hme0:1 with IP address 192.168.20.28 with netmask 255.255.255.0 for hostname host001
# cat /etc/hostname.hme0:1
host001
^D
# echo "192.168.20.28 host001" >> /etc/inet/hosts
# echo "192.168.20.0 255.255.255.0" >> /etc/inet/netmasks
# reboot -- -r
Can one still do that in solaris 10 3/05 server?Hi there,
I need to configure logical interface in a solaris 10
3/05 server. After reading the Solaris 10 IP services
manual, I am not quite sure what to do. All the
examples and explanation are about using the new
subcommand addif of ifconfig. It was not clear in the
documentation if the setting logical interfaces via
addif will persist across boot.No. No 'ifconfig' command is persistent.
Can one still configure logical interface in Solaris
10 in a more traditional way like in Solaris 8? In an
Solaris 8 server I will do the following.
Let's assume I want to configure in a solaris 8
server a logical interface named hme0:1 with IP
address 192.168.20.28 with netmask 255.255.255.0 for
hostname host001
# cat /etc/hostname.hme0:1
host001
^D
# echo "192.168.20.28 host001" >> /etc/inet/hosts
# echo "192.168.20.0 255.255.255.0" >>
/etc/inet/netmasks
# reboot -- -r
Can one still do that in solaris 10 3/05 server?Absolutely.
You don't need to reboot (you can run ifconfig for this boot and let the files do the work next time) and the -r doesn't do anything with interfaces (expecially virtual interfaces) anyway.
Darren -
Installation problem on Solaris
I am trying to install sun one 7.0 on Solaris 8. The install is failing with this error:
ERROR - library load failed with following error: Can't load library: /opt/SUNWappserver7/lib/libinstallCore.so
INFO - End core server uninstallation
anyone know what causes this??
cheersLooks like Solaris package installation failed and installer reverted to uninstallation sequence. For low level pkgadd log please check /var/sadm/install/logs/Sun_ONE_Application_Server_install.B<timestamp> file (timestamp is date and time of your installation attempt in mmddHHMM format).
Look for any errors in this file. Most likely thing that could have happened is that the installation of Java Help (SUNWjhrt) package failed because you didn't have existing package based J2SE installation on the system. If that's the case, workaround is to either preinstall package based J2SE installation or to selected option to install bundled J2SE that comes with application server. -
Installation problem on Solaris 10
Dear All,
We are trying to install j2sdk 1.4.2_13 on solaris server zone. I have downloaded j2sdk-1_4_2_13-nb-5_0-solsparc-ml.bin
But when I try to execute this:
#./j2sdk-1_4_2_13-nb-5_0-solsparc-ml.bin
It gives me error: The installer is unable to run in graphical mode. Try running the installer with the -console or -silent flag
Tried with -console:
The wizard cannot continue because of the following error: Invalid command line option: console is not supported (10
01) (403)
WARNING: could not delete temporary file /tmp/ismp001/2599368
WARNING: could not delete temporary file /tmp/ismp001/6183226
WARNING: could not delete temporary file /tmp/ismp001/1222839
Then tried with -silent:
This time command just completed w/o any output at all.
Please suggest what can I do?
regards, Sean.Dear Siddhesh,
Thanks for your reply.
I tried using X Manager GUI for my Solaris. But when I double click the j2sdk-1_4_2_13-nb-5_0-solsparc-ml.bin file to run it, it simply denies saying:
The filename "j2sdk-1_4_2_13-nb-5_0-solsparc-ml.bin" indicates that this file is of type "Unknown type". The contents of the file indicate that the file is of type "Shell script". If you open this file, the file might present a security risk to your system.
Do not open the file unless you created the file yourself, or received the file from a trusted source. To open the file, rename the file to the correct extension for "Shell script", then open the file normally. Alternatively, use the Open With menu to choose a specific application for the file.
Also /tmp has full authorizations:
drwxrwxrwt 7 root sys 557 Jun 24 08:34 tmp
I dont have Hummingbird for X11 forwarding with this client. Do I have any other option??
regards, Sean. -
New to Solaris, Some Samba and NTFS issues.
Hi Im new to solaris and trying out ZFS which has been great.
Im haivng some trouble that I cant find up to date info on so here goes:
First how do you mount an NTFS volume in Solaris 11 Express?
I need to access the data on an NTFS drive to populate my new ZFS tank.
Secondly, I have read only access on my samba shares from windows machines but my smb.conf looks right. a copy of my smb.conf will follow
Any suggestions would be appreciated.
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
# For a step to step guide on installing, configuring and using samba,
# read the Samba-HOWTO-Collection. This may be obtained from:
# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
# Many working examples of smb.conf files can be found in the
# Samba-Guide which is generated daily and can be downloaded from:
# http://www.samba.org/samba/docs/Samba-Guide.pdf
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#======================= Global Settings =====================================
[global]
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
workgroup = WORKGROUP
# server string is the equivalent of the NT Description field
server string = Samba Server
# Security mode. Defines in which mode Samba will operate. Possible
# values are share, user, server, domain and ads. Most people will want
# user level security. See the Samba-HOWTO-Collection for details.
security = share
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
; hosts allow = 192.168.1. 192.168.2. 127.
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = yes
# you may wish to override the location of the printcap file
; printcap name = /etc/printcap
# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
; printcap name = lpstat
# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, cups, sysv, plp, lprng, aix, hpux, qnx
; printing = cups
# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/samba/log/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 50
# Use password server option only with security = server
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
; password server = <NT-Server-Name>
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
; realm = MY_REALM
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
passdb backend = smbpasswd
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
# this line. The included file is read at that point.
; include = /usr/sfw/lib/smb.conf.%m
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
; interfaces = 192.168.12.2/24 192.168.13.2/24
# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
; local master = no
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
; os level = 33
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
; domain master = yes
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
; preferred master = yes
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = yes
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
dns proxy = no
# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
; add user script = /usr/sbin/useradd %u
; add group script = /usr/sbin/groupadd %g
; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
; delete user script = /usr/sbin/userdel %u
; delete user from group script = /usr/sbin/deluser %u %g
; delete group script = /usr/sbin/groupdel %g
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /usr/sfw/lib/netlogon
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /usr/local/samba/profiles
; browseable = no
; guest ok = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes
# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = no
; printable = no
; write list = @staff
# Other examples.
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /homes/fred
; printer = freds_printer
; public = no
; writable = no
; printable = yes
# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no
# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/pc/%m
; public = no
; writable = yes
# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
; path = /usr/somewhere/else/public
; public = yes
; only guest = yes
; writable = yes
; printable = no
# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; printable = no
; create mask = 0765
[Series]
comment = TV Series
path = /home/Kirby/Series
public = yes
only guest = yes
writable = yes
printable = no875739 wrote:
Hi Im new to solaris and trying out ZFS which has been great.
Im haivng some trouble that I cant find up to date info on so here goes:
First how do you mount an NTFS volume in Solaris 11 Express?
I need to access the data on an NTFS drive to populate my new ZFS tank.I never had a need for it but I think you'll have to compile fuse ntfs-3g manually.
http://web.archiveorange.com/archive/v/u46DbWSGcIzl7pexf4hQ
>
Secondly, I have read only access on my samba shares from windows machines but my smb.conf looks right. a copy of my smb.conf will follow
Any suggestions would be appreciated.You don't need to use Samba in Solaris 11 Express.
http://download.oracle.com/docs/cd/E19963-01/html/821-1448/gaynd.html#gayne
Maybe you are looking for
-
Using Automator to open a program with a delay after a programmed restart
Hi to all! With my old PowerPc I used to start unattended sessions of my Newsreader (Unison) overnight simply putting Unison in my Login elements window, and programming a restart at a fixed hour. Unfortunately, with my very fast new iMac this doesn'
-
One Portal - multiple URl's, orgs, groups
Hi Forum I am in the process of doing a proof of concept for using Web Space Server to manage a large spectrum of diverse communities, hosted within a single portal. One could describe this as a large virtual organisation. The basic requirements are
-
Hi Friends! I need create a graph in wad, and one of the series should be u201Cobjetiveu201D. This value will be constant and could be modified on runtime (then, is not possible put it as a query variable). The char will be in columns and objective
-
I can't open iphoto after downgrading
I downgraded from Yosemite back to Mountain Lion and now iphoto wouldn't open. I downloaded iphoto 9.4.1 but wouldn't install it without me having iphoto 9.1 or later. I am confused, what should I do? Thanks.
-
Hi all, I have created a field(ZZ_XXX) on VA02 screen. I have created dataelement for this field using PARVW as domain. For this field i would like to have F4 search help, it should show all available partner functions (ex: sold-to-party, billing,etc