Nss / pk12util on Solaris

Similar Messages

• Migration from Netware 6.x  NSS to Solaris 10 ZFS

  Hi,
  I am looking at Solaris and ZFS as being the possible future of our file store for users.
  We have around 3TB (40million files) of data to transfer to ZFS from Netware 6.5 NSS volumes.
  What is the best way to do this?
  I have tried running utilities like richcopy (son of robocopy) , teracopy, fastcopy from a Windows client mapped to the Netware server via NCP and the Solaris server via Samba.
  In all tests the copy very quickly failed, rendering the Solaris server unusable. I imagine this has to do with the utilities expecting a destination NTFS filesystem, and ZFS combined with Samba does not fit the bill.
  I have tried running the old rsync client from Netware, but this does not seem to talk to Solaris rsyncd.
  As well as NCP, Netware has the ability to export its NSS volumes as a CIFS share.
  I have tried mounting a CIFS share of the Netware volume on Solaris...but Solaris as far as I am aware does not support mount -t smbfs as this is Linux only. You can mount smb:// from the Gui (Nautilus), but this does not help a great deal. I was hoping to run maybe Midnight Commander, but I presume that I would need a valid smb share to the Netware volume from the command line?
  I really want to avoid the idea of staging on say NTFS first, then from NTFS to ZFS. A two part copy would take forever. It needs to be direct.
  BTW..I am not bothered about ACL's or quota. These can be backed up from Netware and reapplied with ZFS/chown/chmod commands.
  A wild creative though did occur to me as follows -
  Opensolaris, unlike Solaris, has its CIFS kernel addition, and hence smb mounts from the command line (I presume), but I am not happy running opensolaris in production.So maybe I could mount the Netware NSS volume as a CIFS share on opensolaris (as a staging server), copy all the data to a ZFS pool locally, and the do a send receive to Solaris 10.......
  Maybe not...
  I suppose there is FTP, if I can get it to work on Netware.
  I really need a utility with full error checking, and that can be left unattended.
  Any ideas?

  Bu unusable I mean that the mapped ZFS Samba drive to the windows workstation died and was inaccessible.
  Logging onto the solaris box after this from the console was almost impossible. There was a massive delay. When I did log in there appeared to be no network at all. There were no errors in the smbd log file. I need to look at other logs to find out what is going on. Looking at the ZFS filesystem some files had copied over before it died.
  After rebooting the Solaris box I then tried dragging and dropping the same files to the ZFS filesystem with the native windows expolrer interface on the windows client. This worked, as in the Solaris box did not die and the files were copying happily (until I manually stopped it). As we all know Windows explorer is not a safe unattended way to copy large amounts of files.
  This tells me that the copy utilities on Windows are the problem, not native windows copy/paste.

• Solaris 10connectivity to EMC: failed to configure ANY device on FCA port

  I'm connecting a E2900 server with a EMC symmetrix storage with fiber channel.
  But I'm getting the following errors, and I'm not able to see the external disks. Any help is really appreciated.
  bash-3.00# cfgadm -al
  c3 fc-fabric connected unconfigured unknown
  c3::5006048c52a5b746 unavailable  connected    unconfigured failed
  c4 fc-fabric connected unconfigured unknown
  c4::5006048c52a5b749 unavailable  connected    unconfigured failed
  bash-3.00# cfgadm -c configure c3
  cfgadm: Library error: report LUNs failed: 5006048c52a5b746
  failed to configure ANY device on FCA port
  bash-3.00# tail -f /var/adm/messages
  Nov 27 16:42:12 cosemm1 scsi: [ID 243001 kern.warning] WARNING: /pseudo/fcp@0 (fcp0):
  Nov 27 16:42:12 cosemm1 Unsupported LUN Addressing method 40 in response to REPORT_LUN
  bash-3.00#
  SO is Solaris 10 and I have installed recommended pathes:
  118833-36 SunOS 5.10: Kernel patch
  125100-10 SunOS 5.10: Kernel patch
  120011-14 SunOS 5.10: Kernel patch
  127111-01 SunOS 5.10: Kernel patch
  119130-33 SunOS 5.10: Sun Fibre Channel Device Drivers (only necessary for Leadville Stack driver)
  125184-04 SunOS 5.10: Sun Fibre Channel Device Drivers.
  120222-21 SunOS 5.10: Emulex-Sun LightPulse fibre channel adapter driver v2.20k (only required for Emulex HBAs running Leadville)
  125166-06 SunOS 5.10: Qlogic ISP fibre channel device driver v2.22 (only required for Qlogic HBAs running Leadville)
  122640-05 SunOS 5.10: zfs genesis patch (require for zfs)
  120473-12 SunOS 5.10: lib nss ldap PAM zfs patch (require for zfs)
  119090-24 SunOS 5.10: iSCSI device driver and utilities
  Also I have modified /etc/system adding those lines:
  set ssd:ssd_max_throttle=20
  forceload: drv/ssd
  bash-3.00# modinfo |grep qlc
  66 7ba7e000 ce1f8 282 1 qlc (SunFC Qlogic FCA v20070717-2.22)
  bash-3.00# luxadm -e port
  /devices/ssm@0,0/pci@18,600000/SUNW,qlc@1/fp@0,0:devctl CONNECTED
  /devices/ssm@0,0/pci@19,600000/SUNW,qlc@2/fp@0,0:devctl CONNECTED
  bash-3.00# luxadm qlgc
  Found Path to 2 FC100/P, ISP2200, ISP23xx Devices
  Opening Device: /devices/ssm@0,0/pci@19,600000/SUNW,qlc@2/fp@0,0:devctl
  Detected FCode Version: QLA2460 Host Adapter FCode(SPARC): 1.26 05/17/07
  Opening Device: /devices/ssm@0,0/pci@18,600000/SUNW,qlc@1/fp@0,0:devctl
  Detected FCode Version: QLA2460 Host Adapter FCode(SPARC): 1.26 05/17/07
  Complete
  bash-3.00# luxadm -e port
  /devices/ssm@0,0/pci@18,600000/SUNW,qlc@1/fp@0,0:devctl CONNECTED
  /devices/ssm@0,0/pci@19,600000/SUNW,qlc@2/fp@0,0:devctl CONNECTED
  bash-3.00# luxadm -e dump_map /devices/ssm@0,0/pci@18,600000/SUNW,qlc@1/fp@0,0:
  devctl
  Pos Port_ID Hard_Addr Port WWN Node WWN Type
  0 610f13 0 5006048c52a5b746 5006048c52a5b746 0x0 (Disk device)
  1 617613 0 2100001b320122b7 2000001b320122b7 0x1f (Unknown Type,Host Bus Adapter)
  bash-3.00# luxadm -e dump_map /devices/ssm@0,0/pci@19,600000/SUNW,qlc@2/fp@0,0:
  devctl
  Pos Port_ID Hard_Addr Port WWN Node WWN Type
  0 620f13 0 5006048c52a5b749 5006048c52a5b749 0x0 (Disk device)
  1 627613 0 2100001b32014eb8 2000001b32014eb8 0x1f (Unknown Type,Host Bus Adapter)

  Check the configuration on the EMC side. This error message is the heart of the problem:
  "Unsupported LUN Addressing method 40 in response to REPORT_LUN"
  A quick Googling leads me to believe this means you're trying to assign a LUN ID higher than 255 to the host.
  Best of luck!

• Sapinst not started for PI 7.1 on Solaris 1064bit and Oracle10

  Hello,
  We are running NW 7.10 PI 7.1 installation on Sun Solaris 10 and Oracle 10.2.0.4 platform. We are using the following installation DVDs for installing PI.
  Installation Master   = 51033240_21
  Java Component = 51033242
  UC Kernel = 51033245
  We are doing following to run ./sapinst
  1. log on as root
  2. set JAVA_HOME, TEMP and DISPLAY
  3. go to master DVD and run ./sapinst
  The instgui is not showing any error Problematicc sentence structure ./SAPinst is just getting frozen. We used another script ./sapinstgui from the same directory and it shows us some logon screen with port 21212 in the GUI. However, when we try clicking logon it does nothing.
  We've ensured that port 21212 or any other port that supposed to be used by SAPinst are not blocked on the firewall or not used by any other application. Host and DNSfiles are also okay. Based on one of the previous forum   /etc/nss*.conf files also exist in our PI host.  Not sure why the SAPinst GUI is not started.
  We've also ensured that we need any new SAPinst support pach from marketplace, however current installation master dvd is the latest one release in March 09 and there are no further patches released by SAP.
  Please help if anyone of you have faced this issue before.
  Harshal

  I tried ./sapinst SAPINST_DIALOG_PORT=<free_port_number> as well as the default port number. Both of them fails.
  normally  ./sapinst itself should establish all the port automatically that it uses. Which currently is not happening.
  Do you want me to copy installation master dvd for Solaris on windows work station from where i'm initiating it through Xmanager session and try running ?  The installation master dvd that i'm currenty using is for Solaris platform which meanase ./sapinst is compiled for Solaris, how will it be supported by Windows ?
  Harshal

• Problems using NSS library as PKCS#11 provider with JAVA 6

  Hi,
  I�m trying to configure JAVA 6 on Solaris 10 SPARC to use Mozilla NSS library as PKCS#11 provider (to achieve FIPS-140 certification for my application). I�m following the guidelines from http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html#NSS but unfortunately something doesn�t work for me as expected...
  Let me describe the exact steps that I followed (because devil may be in the small details :-)
  I downloaded NSS 3.11.4 and NSPR 4.6.4 binaries from mozilla.org (32 bit �debug� versions for Solaris 9, because these were the only �binary� versions for SPARC available on Mozilla site and as far as I understand these are the exact versions that passed FIPS-140 certification), unpacked them under the /opt directory and copied both of them into a single /opt/nss tree as follows:
  mkdir /opt/nss
  cp �r /opt/nss-3.11.4/* /opt/nss
  cp �r /opt/nspr-4.6.4/* /opt/nss
  I created a PKCS#11 configuration file /opt/nss/pkcs11.cfg as per JAVA 6 security guide:
  name = NSScrypto
  nssLibraryDirectory = /opt/nss/lib
  nssDbMode = noDb
  attributes = compatibility
  (I know that this configuration is not for FIPS mode � but I thought that I�d better start with a simple NSS configuration)
  Then I modified /usr/jdk/jdk1.6.0_03/jre/lib/security/java.security file and replaced 1st provider with:
  security.provider.1=sun.security.pkcs11.SunPKCS11 /opt/nss/pkcs11.cfg
  Now everything should be in place � so I created a small JAVA program and ran it:
  import javax.crypto.SecretKeyFactory;
  import javax.crypto.spec.DESedeKeySpec;
  import javax.crypto.SecretKey;
  import javax.crypto.Cipher;
  import java.security.*;
  public class Test
  public static void main(String[] args)
  try
  SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
  DESedeKeySpec keySpec = null;
  keySpec = new DESedeKeySpec(new String("laKuf1Tcc6sOhsdPf49=m4es").getBytes());
  System.out.println("keyFactory provider: " + keyFactory.getProvider().getName());
  SecretKey key = keyFactory.generateSecret(keySpec);
  Cipher decryptCipher = Cipher.getInstance("DESede");
  decryptCipher.init(Cipher.DECRYPT_MODE, key);
  System.out.println("decryptCipher provider: " + decryptCipher.getProvider().getName());
  catch (Exception ex)
  ex.printStackTrace();
  Unfortunately it produced the following output:
  EMS-Server42# java test
  keyFactory provider: SunPKCS11-NSScrypto
  decryptCipher provider: SunJCE
  And when I comment out SunJCE provider in java.security file I get the following exception:
  java.security.NoSuchAlgorithmException: Cannot find any provider supporting DESede
  at javax.crypto.Cipher.getInstance(DashoA13*..)
  at test.main(test.java:38)
  So it looks like something is wrong with my NSS configuration. Because AFAIK DESede (3DES) is supported by the NSS library, but for some reason JAVA doesn�t see this algorithm implemented in NSS PKCS#11 provider.
  Any suggestions on what am I doing wrong?
  Best regards,
  Alex

  Works for me:
  import java.security.Provider;
  import java.security.SecureRandom;
  import java.security.Security;
  import javax.crypto.Cipher;
  import javax.crypto.SecretKey;
  import javax.crypto.SecretKeyFactory;
  import javax.crypto.spec.DESedeKeySpec;
  import javax.crypto.spec.IvParameterSpec;
  public class Test
    public static void main(String[] args)
      try
        String configFileName = "/nss/nss.cfg";
        Provider nss = new sun.security.pkcs11.SunPKCS11(configFileName);
        Security.addProvider(nss);
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede", nss);
        DESedeKeySpec keySpec = new DESedeKeySpec(new String("laKuf1Tcc6sOhsdPf49=m4es").getBytes("UTF-8"));
        System.out.println("keyFactory provider: " + keyFactory.getProvider().getName());
        SecretKey key = keyFactory.generateSecret(keySpec);
        //iv for CBC mode - note, in practice you don't generate a random iv for decryption :)
        byte[] iv = new byte[8];  //64-bit block size for 3DES
        SecureRandom sr = SecureRandom.getInstance("PKCS11", nss);
        sr.nextBytes(iv);
        IvParameterSpec params = new IvParameterSpec(iv);
        Cipher decryptCipher = Cipher.getInstance("DESede/CBC/NoPadding", nss);
        decryptCipher.init(Cipher.DECRYPT_MODE, key, params);
        System.out.println("decryptCipher provider: " + decryptCipher.getProvider().getName());
      catch (Exception ex)
        ex.printStackTrace();
  }Oh, I wouldn't expect your key loading to work when you switch over to FIPS mode.
  cfg file:
  name = NSScrypto
  nssLibraryDirectory = /nss
  nssSecmodDirectory = /nss
  nssModule = fipsYields the following error:
  java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: Could not create key
  because you can't directly handle keying material in FIPS. You'll have to save the secret key in the NSS certDB or generate a random one each time and send it wrapped to the other side.

• Registration issues....  Solaris 10 - 06/06

  Having issues registering my V440 running Solaris 10 06/06. I have posted the error below and them some system information below that. any help is appreciated.
  sysax /: /usr/sbin/sconadm register -a -r /usr/lib/breg/data/RegistrationProfile.properties
  sconadm is running
  Authenticating user ...
  Exception in thread "main" java.lang.reflect.UndeclaredThrowableException
  at $Proxy1.getInstanceName(Unknown Source)
  at com.sun.scn.client.SCNClientSession.login(SCNClientSession.java:371)
  at com.sun.cns.basicreg.cacao.ClientLoginCacaoAdapter.loginAccount(ClientLoginCacaoAdapter.java:209)
  at com.sun.cns.basicreg.BasicRegCLI.authenticateUser(BasicRegCLI.java:1079)
  at com.sun.cns.basicreg.BasicRegCLI.run(BasicRegCLI.java:669)
  at com.sun.cns.basicreg.BasicRegCLI.main(BasicRegCLI.java:562)
  Caused by: javax.management.InstanceNotFoundException: com.sun.scn:name=SCNBaseServiceFactory,assetSubProfile=Factory,host=sysax.consolidated.com,assetProfile=Factory,scnType=ServiceFactory,Vendor=Sun Microsystems Inc
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getMBean(DefaultMBeanServerInterceptor.java:1010)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getClassLoaderFor(DefaultMBeanServerInterceptor.java:1349)
  at com.sun.jmx.mbeanserver.JmxMBeanServer.getClassLoaderFor(JmxMBeanServer.java:1300)
  at com.sun.jdmk.interceptor.DefaultMBeanServerInterceptor.getClassLoaderFor(DefaultMBeanServerInterceptor.java:285)
  at com.sun.cacao.agent.DispatchInterceptor.getClassLoaderFor(DispatchInterceptor.java:474)
  at com.sun.cacao.agent.auth.impl.AccessControlInterceptor.getClassLoaderFor(AccessControlInterceptor.java:427)
  at com.sun.jdmk.JdmkMBeanServerImpl.getClassLoaderFor(JdmkMBeanServerImpl.java:1130)
  at com.sun.cacao.common.instrum.impl.InstrumDefaultForwarder.getClassLoaderFor(InstrumDefaultForwarder.java:153)
  at javax.management.remote.rmi.RMIConnectionImpl$4.run(RMIConnectionImpl.java:1306)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.management.remote.rmi.RMIConnectionImpl.getClassLoaderFor(RMIConnectionImpl.java:1303)
  at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:766)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
  at sun.rmi.transport.Transport$1.run(Transport.java:153)
  at java.security.AccessController.doPrivileged(Native Method)
  at sun.rmi.transport.Transport.serviceCall(Transport.java:149)
  at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
  at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
  at java.lang.Thread.run(Thread.java:595)
  at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:247)
  at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:223)
  at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:126)
  at com.sun.jmx.remote.internal.PRef.invoke(Unknown Source)
  at javax.management.remote.rmi.RMIConnectionImpl_Stub.invoke(Unknown Source)
  at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:969)
  at javax.management.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:201)
  ... 6 more
  sysax /: cat /etc/release
  Solaris 10 6/06 s10s_u2wos_09a SPARC
  Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
  Use is subject to license terms.
  Assembled 09 June 2006
  sysax /: cat /var/sadm/system/admin/CLUSTER
  CLUSTER=SUNWCall
  sysax /: java -version
  java version "1.5.0_06"
  Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
  Java HotSpot(TM) Server VM (build 1.5.0_06-b05, mixed mode)
  sysax /: smpatch get
  patchpro.backout.directory - ""
  patchpro.baseline.directory - /var/sadm/spool
  patchpro.download.directory - /var/sadm/spool
  patchpro.install.types - rebootafter:reconfigafter:standard
  patchpro.patch.source - https://getupdates1.sun.com/
  patchpro.patchset - current
  patchpro.proxy.host - ""
  patchpro.proxy.passwd **** ****
  patchpro.proxy.port - 8080
  patchpro.proxy.user - ""
  sysax /: cat /usr/lib/breg/data/RegistrationProfile.properties
  # CLI registration profile template version 1.0
  # ******** WARNING ********
  # This profile contains sensitive data: passwords and subscription
  # keys. You should take care in how you handle it, ensuring that it
  # is always adequately protected (mode 400 or 600, owned by root)
  # and not stored on insecure file systems like those exported through
  # standard NFS.
  # Sun Online account information. A new account can be created by visiting
  # http://updates.sun.com
  userName=**************
  password=***********
  # Name (label) of this machine as you would like it to appear on the Sun Connection
  # portal. If left blank hostname will be used
  hostName=devdbs01
  # Service Plan / contract number with Sun. For more information on this topic
  # please visit http://www.sun.com/service/warrantiescontracts/ . NOTE - a
  # subscription key is required to use the Sun Connection Portal.
  subscriptionKey=***************
  # Allow this host to be managed by the Sun Connection Portal. If set to true,
  # a subscription key is required.
  portalEnabled=true
  # HTTPS proxy information needed to connect to Sun for registration and patch
  # updates.
  proxyHostName=
  proxyPort=
  proxyUserName=
  proxyPassword=

  The error message I received was from the Sun Update Connection GUI. Once the patches I attempted to apply failed.
  sysax /tmp: ./suc.sh.2
  $USER:
  $LOGNAME: root
  Sat Feb 24 13:37:07 CST 2007
  sysax
  smpatch get:
  patchpro.backout.directory - ""
  patchpro.baseline.directory - /var/sadm/spool
  patchpro.download.directory - /var/sadm/spool
  patchpro.install.types - rebootafter:reconfigafter:standard
  patchpro.patch.source - https://getupdates1.sun.com/
  patchpro.patchset - current
  patchpro.proxy.host - ""
  patchpro.proxy.passwd **** ****
  patchpro.proxy.port - 8080
  patchpro.proxy.user - ""
  smpatch analyze:
  119252-15 SunOS 5.10: System Administration Applications Patch
  119081-25 SunOS 5.10: CD-ROM Install Boot Image Patch
  124630-03 SunOS 5.10: System Administration Applications, Network and Core Libraries Patch
  124188-02 SunOS 5.10: Trusted Solaris Attributes Patch
  119315-07 SunOS 5.10: Solaris Management Applications Patch
  121308-08 SunOS 5.10: Solaris Management Console Patch
  119313-10 SunOS 5.10: WBEM Patch
  119534-10 SunOS 5.10: Flash Archive Patch
  119254-34 SunOS 5.10: Install and Patch Utilities Patch
  119963-08 SunOS 5.10: Shared library patch for C++
  120753-03 SunOS 5.10: Microtasking libraries (libmtsk) patch
  123494-03 X11 6.6.2: fontconfig patch
  119812-02 X11 6.6.2: Freetype patch
  125014-02 SunOS 5.10: IP filter patch
  120780-03 SunOS 5.10: ixgb patch
  119764-05 SunOS 5.10 : ipmitool patch
  124258-01 SunOS 5.10: ufs and nfs driver patch
  124252-01 SunOS 5.10: nfssrv patch
  120812-15 OpenGL 1.5: OpenGL Patch for Solaris
  123839-04 SunOS 5.10: Fault Manager Patch
  124204-04 SunOS 5.10: zfs patch
  122911-02 SunOS 5.10: Apache 1.3 Patch
  120543-08 SunOS 5.10: Apache 2 Patch
  117463-04 SunOS 5.10: passwdutil Patch
  118890-03 SunOS 5.10: llib-lc patch
  125024-01 SunOS 5.10: basic audit reporting tool patch
  123908-01 SunOS 5.10: ar patch
  120887-06 SunOS 5.10: cdrw patch
  119580-05 SunOS 5.10: libcpc Patch
  124244-01 SunOS 5.10: /usr/bin/rm patch
  119685-10 SunOS 5.10: svc.startd patch
  124997-01 SunOS 5.10: /usr/bin/tip patch
  121081-06 SunOS 5.10: Connected Customer Agents 1.1.0
  120845-04 SunOS 5.10: auditd patch
  124235-01 SunOS 5.10: libpam.so.1 patch
  120050-05 SunOS 5.10: usermod patch
  122525-03 SunOS 5.10: Sun Fire V445 patch
  124614-01 SunOS 5.10: sconadm proxy: UnknownHostException
  120986-10 SunOS 5.10: mkfs and newfs patch
  125040-01 SunOS 5.10: /usr/lib/inet/in.mpathd patch
  122517-03 SunOS 5.10: Sun Fire V215/V245 platmod patch
  125035-01 SunOS 5.10: libinetsvc.so.1 patch
  123334-04 SunOS 5.10: e1000g_transition patch
  122660-07 SunOS 5.10: zones patch
  119998-02 SunOS 5.10: arp, ip, ipsecah drivers patch
  125026-01 SunOS 5.10: message queue patch
  118371-08 SunOS 5.10: elfsign Patch
  123328-01 SunOS 5.10: expr patch
  123520-01 SunOS 5.10: basename & dirname patch
  123915-01 SunOS 5.10: libcfgadm.so.1 patch
  125018-02 SunOS 5.10: scsi_vhci driver patch
  123912-02 SunOS 5.10: ppriv patch
  118367-04 SunOS 5.10: csh Patch
  125016-01 SunOS 5.10: audit and init patch
  119824-02 SunOS 5.10: prstat patch
  123910-01 SunOS 5.10: platform_sun4v.xml patch
  122255-04 SunOS 5.10: etc/flash/precreation/caplib patch
  123319-01 SunOS 5.10: sysacct patch
  118557-07 SunOS 5.10: platform/sun4u/kernel/drv/sparcv9/su patch
  123271-01 SunOS 5.10: iwscn patch
  124922-02 SunOS 5.10: ld.so.1 patch
  123301-01 SunOS 5.10: i2c_svc patch
  124325-01 SunOS 5.10: rcm modules patch
  121561-04 SunOS 5.10: keymap patch
  124918-02 SunOS 5.10: devfsadm, devlinks, drvconfig patch
  122032-04 SunOS 5.10: Update timezones patch
  124916-03 SunOS 5.10: sd, ssd drivers patch
  121002-03 SunOS 5.10: pax patch
  123252-01 SunOS 5.10: platform/SUNW,Netra-T2000 patch
  122412-01 SunOS 5.10: ipseckey patch
  122408-01 SunOS 5.10: libmtmalloc patch
  120473-02 SunOS 5.10: nss_compat patch
  124254-02 SunOS 5.10: sockfs patch
  124250-03 SunOS 5.10: rpcmod patch
  122752-04 SunOS 5.10: FMA snmp patch
  124999-01 SunOS 5.10: mc-us3 driver patch
  125319-01 SunOS 5.10: rmc_comm patch
  125028-02 SunOS 5.10: pcipsy patch
  118879-02 SunOS 5.10: dhcp daemon patch
  118815-05 SunOS 5.10: awk nawk patch
  121286-04 SunOS 5.10: libfru.so.1 and libfrureg.so.1 patch
  122363-02 SunOS 5.10: fru_container.conf and libfruaccess.so.1 patch
  119974-07 SunOS 5.10: fp plug-in for cfgadm
  120222-15 SunOS 5.10: Emulex-Sun LightPulse Fibre Channel Adapter driver
  119130-33 SunOS 5.10: Sun Fibre Channel Device Drivers
  120182-05 SunOS 5.10: Sun Fibre Channel Host Bus Adapter Library
  120346-06 SunOS 5.10: Common Fibre Channel HBA API Library
  124943-01 SunOS 5.10: SunFreeware gzip man pages patch
  122675-01 SunOS 5.10 : SunFreeware samba man pages patch
  123809-01 SunOS 5.10: rpcsec_gss patch
  121239-02 SunOS 5.10: libgss patch
  120719-02 SunOS 5.10 : SunFreeware gzip patch
  118925-05 SunOS 5.10: unistd header file patch
  124208-01 SunOS 5.10: Trusted Extensions header files patch
  124280-01 SunOS 5.10: libkdb.so.1 patch
  120469-05 SunOS 5.10: kerberos patch
  121006-02 SunOS 5.10: libkadm5 and kadmind patch
  124991-01 SunOS 5.10: llc2 driver patch
  124286-01 SunOS 5.10: chkey core dump
  123186-02 SunOS 5.10: NIS yp utilities patch
  124987-01 SunOS 5.10: ldap_cachemgr patch
  119470-10 SunOS 5.10: Sun Enterprise Network Array firmware and utilities
  122404-01 SunOS 5.10: xntpd patch
  124990-01 SunOS 5.10: Sun-Blade-100 libprtdiag_psr.so.1 patch
  121944-02 SunOS 5.10: libpsvcpolicy and libpsvcpolicy_psr patch
  122537-02 SunOS 5.10: libpiclenvmon.so.1 patch
  123590-02 SunOS 5.10: PostgresSQL patch
  120629-05 SunOS 5.10: libpool patch
  124993-01 SunOS 5.10: in.ndpd patch
  125011-01 SunOS 5.10: sendmail patch
  125022-01 SunOS 5.10: usr/sbin/sar patch
  122376-01 SunOS 5.10: prex patch
  120068-03 SunOS 5.10: in.telnetd patch
  124995-01 SunOS 5.10: ehci driver patch
  121010-05 SunOS 5.10: rpc.metad patch
  124256-01 SunOS 5.10: md_mirror patch
  125075-01 SunOS 5.10: svc-volfs patch
  125073-01 SunOS 5.10: vold patch
  119555-04 SunOS 5.10: Software to support QLogic Ultra3 SCSI host bus adapters
  119090-22 SunOS 5.10: Sun iSCSI Device Driver and Utilities
  120272-06 SunOS 5.10: SMA patch
  124463-02 SunOS sparc : cacao 2.0 patch 02
  119213-11 NSS_NSPR_JSS 3.11.4: NSPR 4.6.4 / NSS 3.11.4 / JSS 4.2.4
  118666-11 J2SE 5.0: update 11 patch (5.0u11)
  118667-11 J2SE 5.0: update 11 patch (5.0u11), 64bit
  122119-05 SunOS 5.10: Patch for Arabic Fonts
  119703-08 SunOS 5.10: Patch for localeadm issues
  123003-02 SunOS 5.10: dependency issue with SUNWopenssl-include
  123630-01 SunOS 5.10: HTTP proxy settings patch
  123005-05 SunOS 5.10: Basic Registration Update
  123011-01 SunOS 5.10: BR desktop icon patch
  119648-03 SunOS 5.10: vlan driver patch
  118777-08 SunOS 5.10: Sun GigaSwift Ethernet 1.0 driver patch
  121118-11 SunOS 5.10: Sun Update Connection System Client 1.0.9
  118712-13 SunOS 5.10: Sun XVR-100 Graphics Accelerator Patch
  120410-17 SunOS 5.10: Internet/Intranet Input Method Framework patch
  121734-05 SunOS 5.10: patch to support addition of new UTF-8 locales
  119810-03 SunOS 5.10: International Components for Unicode Patch
  120099-07 APOC 1.2: Sun Java(tm) Desktop System Configuration Shared Libraries
  119546-07 APOC 1.2: APOC Configuration Agent Patch
  124393-02 CDE 1.6: Dtlogin smf patch
  123611-02 X11 6.6.2: Trusted Extensions patch
  119280-10 CDE 1.6: Runtime library patch for Solaris 10
  119278-12 CDE 1.6: dtlogin patch
  124405-01 CDE1.6: sdtfprop patch
  124403-01 CDE1.6: dtstyle patch
  124401-01 CDE1.6: dtpad patch
  124399-01 CDE1.6: dtfile patch
  125279-01 CDE1.6: dtsession patch
  121977-02 CDE 1.6: dtlogin resources patch
  124397-02 CDE1.6: libDtWidget patch
  124395-01 CDE1.6: dtaction patch
  119117-29 Evolution 1.4.6 patch
  123938-01 GNOME 2.6.0: GNU Transport Layer Security Library Patch
  119418-03 GNOME 2.6.0: Gnome On-screen Keyboard Patch
  119414-13 GNOME 2.6.0: Gnome Accessibility Libraries Patch
  119598-08 GNOME 2.6.0: Gnome Screen Reader and Magnifier Patch
  120454-02 GNOME 2.6.0: Gnome Apoc GConf Adapter Patch
  120460-10 GNOME 2.6.0: Gnome libs Patch
  120284-04 GNOME 2.6.0: GNOME CORBA ORB and component framework
  122212-17 GNOME 2.6.0: GNOME Desktop Patch
  119410-05 GNOME 2.6.0: Gnome Applets Patch
  119540-05 GNOME 2.6.0: Gnome Dtlogin configuration Patch
  119548-07 GNOME 2.6.0: Gnome Multi-protocol instant messaging client Patch
  123162-02 GNOME 2.6.0: Gnome Java Run Time Patch
  120739-03 GNOME 2.6.0: GNOME PDF Viewer based on Xpdf
  119368-05 GNOME 2.6.0: Printing Technology Patch
  121606-02 GNOME 2.6.0: Python patch
  120288-03 GNOME 2.6.0: Gnome terminal Patch
  119906-08 Gnome 2.6.0: Virtual File System Framework patch
  119538-10 GNOME 2.6.0: Window Manager Patch
  119115-23 Mozilla 1.7 patch
  122958-02 GNOME 2.6.0: RealPlayer media application
  119903-02 OpenWindows 3.7.3: Xview Patch
  119059-21 X11 6.6.2: Xsun patch
  125045-01 X11 6.6.2: Xft patch
  124457-01 X11 6.6.2: xdm patch
  showrev -p
  119788-07
  120335-04
  121081-05
  121118-06
  121118-08
  121118-10
  121453-02
  122231-01
  java -version:
  java version "1.5.0_06"
  Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
  Java HotSpot(TM) Server VM (build 1.5.0_06-b05, mixed mode)
  /etc/release:
  Solaris 10 6/06 s10s_u2wos_09a SPARC
  Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
  Use is subject to license terms.
  Assembled 09 June 2006
  /var/sadm/system/admin/CLUSTER:
  CLUSTER=SUNWCall
  /usr/lib/cc-ccr/bin/ccr -g cns.assetid:
  1917645754
  patchsvr setup -l
  Patch source URL: https://getupdates1.sun.com/
  Cache location: /var/sadm/spool/patchsvr
  sysax /tmp: ps -ef | grep cc
  root 2006 2003 0 Feb 22 ? 0:17 /usr/lib/cc-cfw/platform/transport/bin/cctransport
  root 2022 2017 0 Feb 22 ? 0:01 /usr/lib/cc-cfw/platform/fwagent/bin/ccfwagent
  root 2003 1 0 Feb 22 ? 0:00 /bin/sh /usr/lib/cc-cfw/framework/lib/watchdog /usr/lib/cc-cfw/platform/transpo
  root 2013 2010 0 Feb 22 ? 0:01 /usr/lib/cc-cfw/platform/ccragent/bin/ccccragent
  root 2010 1 0 Feb 22 ? 0:00 /bin/sh /usr/lib/cc-cfw/framework/lib/watchdog /usr/lib/cc-cfw/platform/ccragen
  root 2017 1 0 Feb 22 ? 0:00 /bin/sh /usr/lib/cc-cfw/framework/lib/watchdog /usr/lib/cc-cfw/platform/fwagent
  noaccess 1898 1 0 Feb 22 ? 1:02 /usr/jdk/instances/jdk1.5.0/bin/java -server -XX:+BackgroundCompilation -Djava.
  root 8884 5284 0 13:39:27 console 0:00 grep cc
  sysax /tmp:

• Solaris 10 ldapclient set up cert8.db and key3.db

  I'm currently working on setting up a multi-master ldap cluster in a multi-site layout. There were a couple of questions which I have been trying to find the anser to but haven't had much luck.
  1. Is it possible to have a single cert8.db and key3.db generated to be used across all the clients which will be authenticating via tls, I have currently set up a CA on one of the master servers which I have used to issue cert's for all the servers in the cluster. Or is the only option to have the cert8.db and key3.db generated per site and used as such.
  2. Is there any way of getting the clients to import the certificate keys automatically without having to scp them around and then chmod them.

  >
  1. Is it possible to have a single cert8.db and key3.db generated to be used across all the clients which will be authenticating via tls, I have currently set up a CA on one of the master servers which I have used to issue cert's for all the servers in the cluster. Or is the only option to have the cert8.db and key3.db generated per site and used as such.The clients need to trust the CA which signed your LDAP servers' SSL certificates.
  In other words, your cert8.db/key3.db for this case only needs to have the public certificate for the CA you used to sign your LDAP server certs.
  You'll be happy to hear that "yes", this single cert8.db/key3.db set can be used on all clients.
  The slight exception is Solaris clients with very old NSS libraries installed (early Solaris 8). These clients need a cert7.db/key3.db set... but again, this same set can be used on all of them. This won't matter to you if all your clients are Solaris 9 or later with recent patch clusters.
  2. Is there any way of getting the clients to import the certificate keys automatically without having to scp them around and then chmod them.No keys involved on the client in this case, just the CA's public cert.
  You do have to copy them onto each client. chown root:root, chmod 444.

• Run DSEE 6.3.1.1.1 on Solaris 11

  Hello,
  I know that Solaris 11 is not a supported platform for the DSEE 6.3.x releases, but I've been stubbornly trying to get it working anyway.  What's interesting is that DSEE 6.3 works, and DSEE 6.3.1 works, but when I patch 6.3.1 to 6.3.1.1.1, suddenly cacaoadm doesn't work anymore.  I'm using the zip releases, and the final lines of output from the dsee_deploy command for the 6.3.1.1.1 patch are as follows:
  Configuring Cacao at /opt/SUNWdsee/dsee6/cacao_2
  Setting Cacao parameter jdmk-home with saved value [/opt/SUNWdsee/dsee6/private]
  Failed setting jdmk-home with value [/opt/SUNWdsee/dsee6/private]
  Setting Cacao parameter java-home with saved value [/opt/SUNWdsee/jre]
  Failed setting java-home with value [/opt/SUNWdsee/jre]
  Setting Cacao parameter nss-lib-home with saved value [/opt/SUNWdsee/dsee6/private/lib]
  Failed setting nss-lib-home with value [/opt/SUNWdsee/dsee6/private/lib]
  Setting Cacao parameter nss-tools-home with saved value [/opt/SUNWdsee/dsee6/bin]
  Failed setting nss-tools-home with value [/opt/SUNWdsee/dsee6/bin]
  Setting Cacao parameter jmxmp-connector-port with saved value [11162]
  Failed setting jmxmp-connector-port with value [11162]
  Setting Cacao parameter network-bind-address with saved value [0.0.0.0]
  Failed setting network-bind-address with value [0.0.0.0]
  Error: cannot register into cacao framework
  Cannot register sysidconfig script.
  Cannot perform firstime initialisation and configuration.
  The last two lines -- "Cannot register sysidconfig script" and "Cannot perform firstime initialisation and configuration" -- are the only output I can get from cacaoadm after updating to 6.3.1.1.1 no matter what I try.  Under 6.3 and 6.3.1, cacaoadm works fine.  Any ideas would be greatly appreciated.
  The reason for all of this is that we have an aging Sun server running DSEE 6.3.1 on Solaris 10, which I'm looking to replace.  We have a T4-1 running Solaris 11 which has a lot of unused resources available on it, and I would like to set up a zone on it to be the new LDAP server.  I tried ODSEE 11.1.1.7.0, and that installed just fine, but it doesn't work with our existing DSCC 6 server, which apparently can't interact with DSEE servers unless they're using cacao.  Before I go down the path of setting up DSCC 7 and incurring sporadic downtime for the restarts of the instances on all of our LDAP servers, I thought I'd try one last time to get 6.3.1.1.1 working.  If we're staying with the 6.3 family, we need 6.3.1.1.1 for it's support of 2048-bit SSL certificates.
  Sheesh!  Nothing's ever simple.  :-)

  I recall reading somewhere else in this forum that cacao is no longer used in 11.1.1.7.0, which would most likely be the cause of your problems.
  See:
  https://forums.oracle.com/message/10984367#10984367
  -mi

• Patches required to install JES4 on solaris 10

  hi,
  Could anyone please tell me what are all the kernal patches needed to install JES4 on solaris 10, for both x86 and sparc. Previously there was a bug in solaris 10 that caused the Messaging server dispatcher to hang. What is the latest patch that resolves this bug?
  Thanks!

  Hi,
  The required patches are listed in the patch README file e.g.
  README.118207-63
  A list of required patches are as follows:
  <snip>
  Solaris 10 sparc:
  OS: 119254-02
  NSS/NSPR/JSS: 119213-10
  SASL: 119345-01
  Solaris 10 x86:
  OS: 119255-02
  NSS/NSPR/JSS: 119214-10
  SASL: 119346-01
  These are not necessarily the latest patches - but a base minimum.
  For the dispatcher hang issue, I assume you are talking about bug #6383490 -> dispatcher hung, cannot handoff connections, which was thought to be due to bug #6408242 -> access to freed tcp_t in tcp_close() which was fixed in 119998-01 and 119999-01.
  Regards,
  Shane.

• Linux NSS DB Issue with Personal User/Client Certificate Friendly Names.

  I have an issue with the NSSDB lib and my browsers in which client certificates I use for an application (Nessus Vulnerability Scanner) show up in the list with the same friendly name/nickname, making it very difficult to distinguish which certificate goes with which server.
  Each certificate is generated on a different server with a different hostname but the same username. Upon importing the certificate into my browser, or even the pk12util command, the first certificate will appear correctly. However, importing additional certificates will just reuse the nickname from the first certificate instead of the nickname I chose. I have tested many different scenarios, and it doesn't seem the problem is related at all to the content of the nickname, so I have no idea how to force it to work correctly. I've searched around and found some indications of "nickname conflicts" and things, but nothing that helps me resolve the issue. I'm not sure if it's a bug or if it's some weird condition I've encountered.

  Maybe try to ask on the mozilla.dev.tech.crypto news group.
  *https://developer.mozilla.org/en-US/docs/NSS
  *news://news.mozilla.org/mozilla.dev.tech.crypto
  *http://groups.google.com/group/mozilla.dev.tech.crypto

• NSS Initialization Failure - Error 8038

  We are migrating a SunONE 7 legacy environment from Solaris 10 to Solaris 10 but with a new Solaris 10 Zone build. When we attempt to startup the admin server we get the following error:
  CORE1116: Sun ONE Application Server 7.0.0_07
  SEVERE: CORE1227: NSS initialization failed: unable to map error number -8038: Certificate database: cert7.db
  SEVERE: CORE3174: NSS initialization failed
  We have verified the NSS libraries on source and destination match but can't seem to figure out why NSS is failing, especially when we have no actual error.

  Dear All,
  I am having the same issue as well. The admin we had before has left and has not passed on the iPlanet 6.1 webserver Admin console username and password and the Trust Store username and password as well.
  How do we reset the Trust Store password and launch the console?
  [root@webserver01]# ./startconsole
  Sun ONE Web Server 6.1SP14 B03/27/2011 00:31
  Please enter password for "internal" token:
  Password incorrect. Please try again.
  Please enter password for "internal" token:
  Password incorrect. Please try again.
  Please enter password for "internal" token:
  failure: CORE1227: NSS initialization failed: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect: Certificate database: /opt/iplanet/server/alias/https-admserv-webserver01-cert8.db
  failure: CORE3174: NSS initialization failed
  Any help is greatly appreciated.
  Naga

• Logical interface in solaris 10

  Hi there,
  I need to configure logical interface in a solaris 10 3/05 server. After reading the Solaris 10 IP services manual, I am not quite sure what to do. All the examples and explanation are about using the new subcommand addif of ifconfig. It was not clear in the documentation if the setting logical interfaces via addif will persist across boot.
  Can one still configure logical interface in Solaris 10 in a more traditional way like in Solaris 8? In an Solaris 8 server I will do the following.
  Let's assume I want to configure in a solaris 8 server a logical interface named hme0:1 with IP address 192.168.20.28 with netmask 255.255.255.0 for hostname host001
  # cat /etc/hostname.hme0:1
  host001
  ^D
  # echo "192.168.20.28 host001" >> /etc/inet/hosts
  # echo "192.168.20.0 255.255.255.0" >> /etc/inet/netmasks
  # reboot -- -r
  Can one still do that in solaris 10 3/05 server?

  Hi there,
  I need to configure logical interface in a solaris 10
  3/05 server. After reading the Solaris 10 IP services
  manual, I am not quite sure what to do. All the
  examples and explanation are about using the new
  subcommand addif of ifconfig. It was not clear in the
  documentation if the setting logical interfaces via
  addif will persist across boot.No. No 'ifconfig' command is persistent.
  Can one still configure logical interface in Solaris
  10 in a more traditional way like in Solaris 8? In an
  Solaris 8 server I will do the following.
  Let's assume I want to configure in a solaris 8
  server a logical interface named hme0:1 with IP
  address 192.168.20.28 with netmask 255.255.255.0 for
  hostname host001
  # cat /etc/hostname.hme0:1
  host001
  ^D
  # echo "192.168.20.28 host001" >> /etc/inet/hosts
  # echo "192.168.20.0 255.255.255.0" >>
  /etc/inet/netmasks
  # reboot -- -r
  Can one still do that in solaris 10 3/05 server?Absolutely.
  You don't need to reboot (you can run ifconfig for this boot and let the files do the work next time) and the -r doesn't do anything with interfaces (expecially virtual interfaces) anyway.
  Darren

• Installation problem on Solaris

  I am trying to install sun one 7.0 on Solaris 8. The install is failing with this error:
  ERROR - library load failed with following error: Can't load library: /opt/SUNWappserver7/lib/libinstallCore.so
  INFO - End core server uninstallation
  anyone know what causes this??
  cheers

  Looks like Solaris package installation failed and installer reverted to uninstallation sequence. For low level pkgadd log please check /var/sadm/install/logs/Sun_ONE_Application_Server_install.B<timestamp> file (timestamp is date and time of your installation attempt in mmddHHMM format).
  Look for any errors in this file. Most likely thing that could have happened is that the installation of Java Help (SUNWjhrt) package failed because you didn't have existing package based J2SE installation on the system. If that's the case, workaround is to either preinstall package based J2SE installation or to selected option to install bundled J2SE that comes with application server.

• Installation problem on Solaris 10

  Dear All,
  We are trying to install j2sdk 1.4.2_13 on solaris server zone. I have downloaded j2sdk-1_4_2_13-nb-5_0-solsparc-ml.bin
  But when I try to execute this:
  #./j2sdk-1_4_2_13-nb-5_0-solsparc-ml.bin
  It gives me error: The installer is unable to run in graphical mode. Try running the installer with the -console or -silent flag
  Tried with -console:
  The wizard cannot continue because of the following error: Invalid command line option: console is not supported (10
  01) (403)
  WARNING: could not delete temporary file /tmp/ismp001/2599368
  WARNING: could not delete temporary file /tmp/ismp001/6183226
  WARNING: could not delete temporary file /tmp/ismp001/1222839
  Then tried with -silent:
  This time command just completed w/o any output at all.
  Please suggest what can I do?
  regards, Sean.

  Dear Siddhesh,
  Thanks for your reply.
  I tried using X Manager GUI for my Solaris. But when I double click the j2sdk-1_4_2_13-nb-5_0-solsparc-ml.bin file to run it, it simply denies saying:
  The filename "j2sdk-1_4_2_13-nb-5_0-solsparc-ml.bin" indicates that this file is of type "Unknown type". The contents of the file indicate that the file is of type "Shell script". If you open this file, the file might present a security risk to your system.
  Do not open the file unless you created the file yourself, or received the file from a trusted source. To open the file, rename the file to the correct extension for "Shell script", then open the file normally. Alternatively, use the Open With menu to choose a specific application for the file.
  Also /tmp has full authorizations:
  drwxrwxrwt   7 root     sys          557 Jun 24 08:34 tmp
  I dont have Hummingbird for X11 forwarding with this client. Do I have any other option??
  regards, Sean.

• New to Solaris, Some Samba and NTFS issues.

  Hi Im new to solaris and trying out ZFS which has been great.
  Im haivng some trouble that I cant find up to date info on so here goes:
  First how do you mount an NTFS volume in Solaris 11 Express?
  I need to access the data on an NTFS drive to populate my new ZFS tank.
  Secondly, I have read only access on my samba shares from windows machines but my smb.conf looks right. a copy of my smb.conf will follow
  Any suggestions would be appreciated.
  # This is the main Samba configuration file. You should read the
  # smb.conf(5) manual page in order to understand the options listed
  # here. Samba has a huge number of configurable options (perhaps too
  # many!) most of which are not shown in this example
  # For a step to step guide on installing, configuring and using samba,
  # read the Samba-HOWTO-Collection. This may be obtained from:
  # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
  # Many working examples of smb.conf files can be found in the
  # Samba-Guide which is generated daily and can be downloaded from:
  # http://www.samba.org/samba/docs/Samba-Guide.pdf
  # Any line which starts with a ; (semi-colon) or a # (hash)
  # is a comment and is ignored. In this example we will use a #
  # for commentry and a ; for parts of the config file that you
  # may wish to enable
  # NOTE: Whenever you modify this file you should run the command "testparm"
  # to check that you have not made any basic syntactic errors.
  #======================= Global Settings =====================================
  [global]
  # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
  workgroup = WORKGROUP
  # server string is the equivalent of the NT Description field
  server string = Samba Server
  # Security mode. Defines in which mode Samba will operate. Possible
  # values are share, user, server, domain and ads. Most people will want
  # user level security. See the Samba-HOWTO-Collection for details.
  security = share
  # This option is important for security. It allows you to restrict
  # connections to machines which are on your local network. The
  # following example restricts access to two C class networks and
  # the "loopback" interface. For more examples of the syntax see
  # the smb.conf man page
  ; hosts allow = 192.168.1. 192.168.2. 127.
  # If you want to automatically load your printer list rather
  # than setting them up individually then you'll need this
  load printers = yes
  # you may wish to override the location of the printcap file
  ; printcap name = /etc/printcap
  # on SystemV system setting printcap name to lpstat should allow
  # you to automatically obtain a printer list from the SystemV spool
  # system
  ; printcap name = lpstat
  # It should not be necessary to specify the print system type unless
  # it is non-standard. Currently supported print systems include:
  # bsd, cups, sysv, plp, lprng, aix, hpux, qnx
  ; printing = cups
  # Uncomment this if you want a guest account, you must add this to /etc/passwd
  # otherwise the user "nobody" is used
  ; guest account = pcguest
  # this tells Samba to use a separate log file for each machine
  # that connects
  log file = /var/samba/log/log.%m
  # Put a capping on the size of the log files (in Kb).
  max log size = 50
  # Use password server option only with security = server
  # The argument list may include:
  # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
  # or to auto-locate the domain controller/s
  # password server = *
  ; password server = <NT-Server-Name>
  # Use the realm option only with security = ads
  # Specifies the Active Directory realm the host is part of
  ; realm = MY_REALM
  # Backend to store user information in. New installations should
  # use either tdbsam or ldapsam. smbpasswd is available for backwards
  # compatibility. tdbsam requires no further configuration.
  passdb backend = smbpasswd
  # Using the following line enables you to customise your configuration
  # on a per machine basis. The %m gets replaced with the netbios name
  # of the machine that is connecting.
  # Note: Consider carefully the location in the configuration file of
  # this line. The included file is read at that point.
  ; include = /usr/sfw/lib/smb.conf.%m
  # Configure Samba to use multiple interfaces
  # If you have multiple network interfaces then you must list them
  # here. See the man page for details.
  ; interfaces = 192.168.12.2/24 192.168.13.2/24
  # Browser Control Options:
  # set local master to no if you don't want Samba to become a master
  # browser on your network. Otherwise the normal election rules apply
  ; local master = no
  # OS Level determines the precedence of this server in master browser
  # elections. The default value should be reasonable
  ; os level = 33
  # Domain Master specifies Samba to be the Domain Master Browser. This
  # allows Samba to collate browse lists between subnets. Don't use this
  # if you already have a Windows NT domain controller doing this job
  ; domain master = yes
  # Preferred Master causes Samba to force a local browser election on startup
  # and gives it a slightly higher chance of winning the election
  ; preferred master = yes
  # Enable this if you want Samba to be a domain logon server for
  # Windows95 workstations.
  ; domain logons = yes
  # if you enable domain logons then you may want a per-machine or
  # per user logon script
  # run a specific logon batch file per workstation (machine)
  ; logon script = %m.bat
  # run a specific logon batch file per username
  ; logon script = %U.bat
  # Where to store roving profiles (only for Win95 and WinNT)
  # %L substitutes for this servers netbios name, %U is username
  # You must uncomment the [Profiles] share below
  ; logon path = \\%L\Profiles\%U
  # Windows Internet Name Serving Support Section:
  # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
  ; wins support = yes
  # WINS Server - Tells the NMBD components of Samba to be a WINS Client
  #     Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
  ; wins server = w.x.y.z
  # WINS Proxy - Tells Samba to answer name resolution queries on
  # behalf of a non WINS capable client, for this to work there must be
  # at least one     WINS Server on the network. The default is NO.
  ; wins proxy = yes
  # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
  # via DNS nslookups. The default is NO.
  dns proxy = no
  # These scripts are used on a domain controller or stand-alone
  # machine to add or delete corresponding unix accounts
  ; add user script = /usr/sbin/useradd %u
  ; add group script = /usr/sbin/groupadd %g
  ; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
  ; delete user script = /usr/sbin/userdel %u
  ; delete user from group script = /usr/sbin/deluser %u %g
  ; delete group script = /usr/sbin/groupdel %g
  #============================ Share Definitions ==============================
  [homes]
  comment = Home Directories
  browseable = no
  writable = yes
  # Un-comment the following and create the netlogon directory for Domain Logons
  ; [netlogon]
  ; comment = Network Logon Service
  ; path = /usr/sfw/lib/netlogon
  ; guest ok = yes
  ; writable = no
  ; share modes = no
  # Un-comment the following to provide a specific roving profile share
  # the default is to use the user's home directory
  ;[Profiles]
  ; path = /usr/local/samba/profiles
  ; browseable = no
  ; guest ok = yes
  # NOTE: If you have a BSD-style print system there is no need to
  # specifically define each individual printer
  [printers]
  comment = All Printers
  path = /var/spool/samba
  browseable = no
  # Set public = yes to allow user 'guest account' to print
  guest ok = no
  writable = no
  printable = yes
  # This one is useful for people to share files
  ;[tmp]
  ; comment = Temporary file space
  ; path = /tmp
  ; read only = no
  ; public = yes
  # A publicly accessible directory, but read only, except for people in
  # the "staff" group
  ;[public]
  ; comment = Public Stuff
  ; path = /home/samba
  ; public = yes
  ; writable = no
  ; printable = no
  ; write list = @staff
  # Other examples.
  # A private printer, usable only by fred. Spool data will be placed in fred's
  # home directory. Note that fred must have write access to the spool directory,
  # wherever it is.
  ;[fredsprn]
  ; comment = Fred's Printer
  ; valid users = fred
  ; path = /homes/fred
  ; printer = freds_printer
  ; public = no
  ; writable = no
  ; printable = yes
  # A private directory, usable only by fred. Note that fred requires write
  # access to the directory.
  ;[fredsdir]
  ; comment = Fred's Service
  ; path = /usr/somewhere/private
  ; valid users = fred
  ; public = no
  ; writable = yes
  ; printable = no
  # a service which has a different directory for each machine that connects
  # this allows you to tailor configurations to incoming machines. You could
  # also use the %U option to tailor it by user name.
  # The %m gets replaced with the machine name that is connecting.
  ;[pchome]
  ; comment = PC Directories
  ; path = /usr/pc/%m
  ; public = no
  ; writable = yes
  # A publicly accessible directory, read/write to all users. Note that all files
  # created in the directory by users will be owned by the default user, so
  # any user with access can delete any other user's files. Obviously this
  # directory must be writable by the default user. Another user could of course
  # be specified, in which case all files would be owned by that user instead.
  ;[public]
  ; path = /usr/somewhere/else/public
  ; public = yes
  ; only guest = yes
  ; writable = yes
  ; printable = no
  # The following two entries demonstrate how to share a directory so that two
  # users can place files there that will be owned by the specific users. In this
  # setup, the directory should be writable by both users and should have the
  # sticky bit set on it to prevent abuse. Obviously this could be extended to
  # as many users as required.
  ;[myshare]
  ; comment = Mary's and Fred's stuff
  ; path = /usr/somewhere/shared
  ; valid users = mary fred
  ; public = no
  ; writable = yes
  ; printable = no
  ; create mask = 0765
  [Series]
  comment = TV Series
  path = /home/Kirby/Series
  public = yes
  only guest = yes
  writable = yes
  printable = no

  875739 wrote:
  Hi Im new to solaris and trying out ZFS which has been great.
  Im haivng some trouble that I cant find up to date info on so here goes:
  First how do you mount an NTFS volume in Solaris 11 Express?
  I need to access the data on an NTFS drive to populate my new ZFS tank.I never had a need for it but I think you'll have to compile fuse ntfs-3g manually.
  http://web.archiveorange.com/archive/v/u46DbWSGcIzl7pexf4hQ
  >
  Secondly, I have read only access on my samba shares from windows machines but my smb.conf looks right. a copy of my smb.conf will follow
  Any suggestions would be appreciated.You don't need to use Samba in Solaris 11 Express.
  http://download.oracle.com/docs/cd/E19963-01/html/821-1448/gaynd.html#gayne