AIX and user access denied
Posted by Lincoln Zuljewic Silva in Aix on May 19, 2010
AIX has a security feature named unsuccessful_login_count (/etc/security/lastlog) . It is an user account feature that count the number of unsuccessful login attempts and it works conjunction with the user's loginretries (/etc/security/user) attribute.
So, if you configure the loginretries=5, the user will not be able to log in after 5 retries. To enable the login again, you should reset the unsuccessful_login_count parameter by editing the file /etc/security/lastlog or with the following command:
# chsec -f /etc/security/lastlog -a unsuccessful_login_count=0 -s foobar
You can identify this problem by the following message in syslog:
May 19 15:42:41 aixbox auth|security:info sshd[7884888]: Login restricted for foobar: 3004-303 There have been too
many unsuccessful login attempts; please see \tthe system administrator.
Print
del.icio.us
Facebook
Twitter
Google Bookmarks
Add to favorites
emailChange user settings and password attributes in AIX
Posted by Lincoln Zuljewic Silva in Aix on May 11, 2010
To change some user and password settings in AIX, you should use the command "chuser". Follow some available parameters:
- loginretries -> number of login failures before lock the account.
- maxage -> maximum age of a password (in weeks)
- gecos -> general information about the user.
- groups
- home
- minlen -> minimum password length
- pgrp -> primary group
Example:
# chuser loginretries='0' maxage='0' gecos='User Foo Bar' groups='group1,group2,group3' home='/home/foobar' minlen='7' pgrp='groupX' <username>
Unlock user account in AIX
Posted by Lincoln Zuljewic Silva in Aix on May 11, 2010
To unlock an user account in AIX, you should use the following command:
# chuser account_locked='true' <username>
Lock user account in AIX
Posted by Lincoln Zuljewic Silva in Aix on May 11, 2010
To lock an user account in AIX, you should use the following command:
# chuser account_locked='false' <username>
Increase lvol size in HP-UX
Posted by Lincoln Zuljewic Silva in HP-UX on May 7, 2010
Let’s assume that you want to increase 1Gb of the /dev/MyVG /lvol1 device (mounted as /filesystem):
# bdf /filesystem
Filesystem kbytes used avail %used Mounted on
/dev/ MyVG /lvol1
573440000 533892407 37080557 94% /filesystem
The actual size is 573440000 Kb (573 Gb) and you will increase it to 574440000 Kb (574 Gb).
- Check if there is available space in the Volume Group:
# vgdisplay MyVG
--- Volume groups ---
VG Name /dev/MyVG
VG Write Access read/write
VG Status available
Max LV 255
Cur LV 1
Open LV 1
Max PV 100
Cur PV 17
Act PV 17
Max PE per PV 15000
VGDA 34
PE Size (Mbytes) 16
Total PE 36907
Alloc PE 35000
Free PE 1907
Total PVG 1
Total Spare PVs 0
Total Spare PVs in use 0
Note the “Free PE” and “PE Size (Mbytes)”. It say that you has 30512 Mb (30Gb) available in MyVG (Free PE * PE Size).
- Increase the lvol:
# lvextend -L 574440 /dev/MyVG/lvol1 * the syntax is: lvexten -L <new size in Mb> <lvol path>
- Now, increase the filesystem:
# fsadm -b 574440m /filesystem * the syntax is: fsadm –b <new size in Mb> <mount point>
Changing the HP-UX hostname
Posted by Lincoln Zuljewic Silva in HP-UX on May 7, 2010
To change the hostname in HP-UX:
- Edit the file "/etc/rc.config.d/netconf"
# /etc/rc.config.d/netconf
- Look for the line that starts with HOSTNAME and change the hostname, example:
HOSTNAME="mylittleserver"
- Now, apply the change:
# /sbin/init.d/hostname start
Rename a Super Dome Partition
Posted by Lincoln Zuljewic Silva in HP-UX on April 23, 2010
To rename a Super Dome Partition (for example change the name that is showed in the MP console menu), do the following:
Login into any host of this SD and run:
parmodify -p <partition number> -P <partition name>
Example:
parmodify -p 2 -P WEBSERVER01
Updating partition table in Linux
Posted by Lincoln Zuljewic Silva in Linux on March 15, 2010
When you use the "fdisk" to handle the partitions of a disk, depending on the disc, the "fdisk" will bring the following message:
WARNING: Re-reading the partition table failed with error 22: Invalid argument.
The kernel still uses the old table.
The new table will be used at the next reboot.
Syncing disks.
No, you do not have to restart the server for the changes are applied, simply use the following command (example):
kpartx -a /dev/sda
This will re-read the partition table on /dev/sda and create the mapping of the system partitions (/dev/sda1, /dev/sda2, etc).
Physical memory in AIX
Posted by Lincoln Zuljewic Silva in Aix on February 18, 2010
To check the amount of physical RAM that a AIX Server has, you can use the following commands:
# lsattr -El sys0 | grep realmem
realmem 16121856 Amount of usable physical memory in Kbytes
or
# lsattr -El mem0
goodsize 15744 Amount of usable physical memory in Mbytes False
size 15744 Total amount of physical memory in Mbytes False
or
# prtconf|grep "Memory Size"
Memory Size: 15744 MB Good Memory Size: 15744 MB
Glance shortcuts
Posted by Lincoln Zuljewic Silva in HP-UX on February 4, 2010
To use the buttons at the bottom of the glance, you should do an "export TERM=dtterm".
After that, you will be able to use:
F1 for ProcList
F2 for CPU Rpt
F3 for Mem Rpt
F4 for Disk Rpt
F5 for NextKeys
F6 for SlctProc
F7 for Help
F8 for Exit
Control agent problem (OVO)
Posted by Lincoln Zuljewic Silva in HP-UX on January 8, 2010
Sometimes the OVO agent stops communicating with the OVO Server.
Control agent on nodeHOST isn't accessible. (OpC40-405) Network communication problem: Could not obtain endpoint information from node ncadg_ip_udp:10.0.0.10[]. (OpC40-399)
To reestablish the communication, you should restart it:
To stop, use the command:
# /opt/OV/bin/OpC/opcagt -stop
Check if it is stopped:
# /opt/OV/bin/OpC/opcagt -status
ITO Managed Node status :
-------------------------
Control Agent /opt/OV/bin/OpC/opcctla (3818) is running
Message Agent /opt/OV/bin/OpC/opcmsga (3819) is running
Subagent 1:
Action Agent /opt/OV/bin/OpC/opcacta (3820) is running
Logfile Encapsulator /opt/OV/bin/OpC/opcle (3821) is running
Monitor Agent /opt/OV/bin/OpC/opcmona (3822) is running
Message Interceptor /opt/OV/bin/OpC/opcmsgi (3823) is running
Attention: the "Control Agent" may not stop, you can kill it with a "kill -9 PID"
To start, use the command:
# /opt/OV/bin/OpC/opcagt -start
Check powerpath links in HP-UX
Posted by Lincoln Zuljewic Silva in HP-UX on December 22, 2009
To check if the powerpath links are up in HP-UX, you can use the following command:
# powermt display dev=all
When Glance stop working
Posted by Lincoln Zuljewic Silva in HP-UX on December 6, 2009
Sometimes glance (performance monitor for HP-UX) can crash (before crash, it will return 0% of CPU, Disk and networking) working with the following error:
GlancePlus fatal error.
== Fatal Nums Error == C.04.50.57 02/10/07 ==
User: root/6pts/6(/dev/pts/6) Date: Sun Dec 6 15:52:12
File: /crm/numsVob/hp/11.0/nums.C Line: 485 Product id: Glance
System: server B.11.11 9000/800
Errno: 0 (Error 0)
Connection to midaemon lost -- check midaemon process and status.mi == End of Error Msg
=============================
To solve it, you should:
Stop MWA:
# mwa stop
Remove all files (including the hidden ones) from /var/opt/perf/datafiles:
# rm -rf /var/opt/perf/datafiles/* rm -rf /var/opt/perf/datafiles/.*
Check if midaemon and ttd are stopped:
# mwa status
If midaemon and ttd didn’t stop, force stops them with the command kill (the PID was returned by the command ‘mwa status’).
Now, start MWA again:
# mwa start
Disable file size limit in AIX
Posted by Lincoln Zuljewic Silva in Aix on December 4, 2009
By default, if you try do copy/create a file larger than 2Gb in AIX, you will get a “file too large” message. That happen because AIX have a default limit of 2Gb for files.
To disable (or increase) this limit, edit /etc/security/limits and change the parameter fsize to “-1” or whatever value you want.
You can change it in “default” to apply to all users or change it to a specific user.
Remember that the file system should be JFS2.
Working with “SVC”
Posted by Lincoln Zuljewic Silva in Solaris on December 2, 2009
Follow useful commands to work with “SVC” in Solaris:
More option can be found at “man svcadm”
# svcs -a -> list all installed services.
# svcadm disable SERVICE -> disable a service. if you use “svcadm disable -t SERVICE”, the service will be disabled only until the next reboot. You can use this commando to stop a service.
# svcadm enable SERVICE -> enable a service. If you use “svcadm enable -t SERVICE”, the service will not be enabled automatically on reboot.
# svcadm restart SERVICE -> restart a service.
# svcadm reload SERVICE -> reload the configuration file.
More options can be found at “man svcadm”
Creating an user on AIX
Posted by Lincoln Zuljewic Silva in Aix on December 1, 2009
Creating an user on AIX
On AIX, you can use the following commands to create an user
# mkuser pgrp='primary group' groups='other groups' home='home directory' shell='/usr/bin/ksh' gecos='GECOS' USERNAME
Forcing an user changing the password on AIX
Posted by Lincoln Zuljewic Silva in Aix on November 30, 2009
Forcing an user changing the password on AIX
On AIX, you can use the following commands to unlock na user and force it to change it’s password on first logon:
# pwdadm -f ADMCHG USER
Lock an user account in HP-UX
Posted by Lincoln Zuljewic Silva in HP-UX on September 24, 2009
To lock an user account in HP-UX, you can use the following command:
# /usr/lbin/modprpw -m alock=YES USER
Martian Friend
Posted by Lincoln Zuljewic Silva in Linux on September 15, 2009
You may find some weird messages indications in your syslog telling you something like “martian source” like the followings:
When a host needs send a package to another host, it can define the route on the network or use the default route. Those “source routed packages” are identified in Linux as martian packages. You can configure your Linux log/do not log those packages:
# echo 0 > /proc/sys/net/ipv4/conf/*/log_martians #do not log
Merge many depots
Posted by Lincoln Zuljewic Silva in HP-UX on August 25, 2009
When you have many depot files, you can create a single big depot and install it instead of install one by one. Let’s assume that you need install the following depots, and they are all located in the directory /tmp/install/depots:
autoconf-2.64-hppa-11.11.depot bison-2.4.1-hppa-11.11.depot gawk-3.1.7-hppa-11.11.depot sed-4.2.1-hppa-11.11.depot tcltk-8.5.7-hppa-11.11.depot texinfo-4.13-hppa-11.11.depot zip-3.0-hppa-11.11.depot
To create a single depot, run the follow commands:
# cd /tmp/install/ for i in `ls depots/*.depot` ;do swcopy -s /tmp/install/$i \* @/tmp/install/big;done
Now, to install it, you can use:
# swinstall -s /tmp/install/big