November 6, 2009 at 10:44 am
· Filed under Solaris, Solaris 10
So I had some trouble gettin snmp working. I edited /etc/snmp/conf/snmpd.conf with the proper trap and community for my enviroment. Every time I tried to start snmp I would get erros.
checking /var/adm/messages
Nov 6 10:09:29 pressman2 /usr/lib/snmp/snmpdx: [ID 702911 daemon.error] can’t read the directory snmpd.conf [errno: Not a directory(20)]
me trying to start snmp
bash-3.00# svcadm enable svc:/application/management/snmpdx:default
bash-3.00# svcs|grep snmp
offline 10:03:20 svc:/application/management/snmpdx:default
On the second line you can see that I check and it was not started or offline. So then it was time to consult with svcs -x. That stated that I was missing a prerequisite process that snmp relied on.
bash-3.00# svcs -x
svc:/application/management/seaport:default (net-snmp SNMP daemon)
State: disabled since Wed Oct 28 16:25:27 2009
Reason: Disabled by an administrator.
See: http://sun.com/msg/SMF-8000-05
See: snmpd(1M)
Impact: 1 dependent service is not running. (Use -v for list.)
bash-3.00# svcs |grep snmp
online 11:25:54 svc:/application/management/snmpdx:default
Now everything works like it should.
Permalink
September 28, 2009 at 1:37 pm
· Filed under Uncategorized
So you set up your radius server, and you want to make sure that it is authenicationg your users properly.
$radtest username password servername port secret
$radtest clinets-username clients-password (hostname of server) (radtest username password servername port secret) (shared secret between radius client and server)
I would like to note that if set the hostname to somewhere where a radius server does not exist then you will keep on getting output saying “Sending Access-Request of id 27 to 203.65.22.105 port 1812″ this is because the radius server works over UDP so it has no idea if the server received the packets or not, so it just keeps trying.
A successful test looks like this
hostname:~# radtest username userpassword hostname.com 1813 sharedsecret
Sending Access-Request of id 60 to 203.65.22.105 port 1812 User-Name = “username”
User-Password = “userpassword”
NAS-IP-Address =203.65.22.105
NAS-Port = 1813
rad_recv: Access-Accept packet from host 203.65.22.105 port 1812, id=60, length=20
A rejected login test looks like this
hostname:~# radtest username userpassword hostname.com 1813 sharedsecret
Sending Access-Request of id 60 to 203.65.22.105 port 1812 User-Name = “username”
User-Password = “userpassword”
NAS-IP-Address =203.65.22.105
NAS-Port = 1813
rad_recv: Access-Reject packet from host 208.73.74.68 port 1812, id=80, length=20
Permalink
July 7, 2009 at 8:42 am
· Filed under Solaris, Solaris 10
I was trying to ssh from one Sun Soalris server to another.
# ssh remoteserver
ssh_exchange_identification: Connection closed by remote host
# ssh -v remoteserver
Sun_SSH_1.1.1, SSH protocols 1.5/2.0, OpenSSL 0×0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to mimi [10.20.55.222] port 22.
debug1: Connection established.
debug1: identity file /.ssh/identity type -1
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
debug1: Calling cleanup 0×34ae8(0×0)
#
Err it would not let me connect. As you can see I first tried to ssh, then ssh in verbose mode. As you can see the output did not really give anything that useful.
I logged into the remote server and all it would tell me is
Jul 7 11:37:53 remoteserver sshd[21761]: refused connect from clientserver
I wold have to be connected to the serial console to see this message, I was not able to see the message anywhere else. Not in /var/adm/messages or /var/log/syslog
So what I ended up doing was adding this line to /etc/hosts.allow
p_ctminetd,sshd,bpcd,vnetd,vopied,bpjava-msvc: 10.20.55. : allow
That line allowed any host in the 10.20.55.* subnet to connect to the server now, and ssh was allowed to connect.
Permalink