Questions
and Answers
Amy Rich
Q People in our company, a systems
administration consulting agency, do a lot of traveling and work
on a lot of remote systems. A good portion of us have Treo 600/650s
with Sprint PCS service (unlimited data for a cheap flat rate per
month) and Apple PowerBooks (they run Unix underneath the hood)
that we use to keep in touch from the road. The Treos are great
if you don't need a lot of screen territory, and the PowerBooks
are great when there's a network connection available. Sometimes
we need the usability of the laptop without having wireless or wired
nearby, though. I've heard you can use the Treo as a modem for your
laptop. This would fit the bill nicely! Do you know what software
is required and how to configure things?
A If you have a Treo 650 and use
Bluetooth, install the 1.12 updater patch from:
http://www.palm.com/us/support/downloads/treo650updater/sprint.html
This patch enables Bluetooth dial-up networking without the need for
any extra software. If you want to use USB instead, then you can purchase
the WirelessModem software from:
http://www.notifymail.com/palm/wmodem/index.shtml
This software supports all of the Treo models as modems and Windows,
Mac, or Linux on the host. There's also documentation for using the
AT&T/Cingular network as well.
The site http://www.sprintpcsinfo.com/ details using an
older, free version of the WirelessModem driver for the Mac without
the shareware phone portion. Detailed directions can be found at:
http://www.sprintpcsinfo.com/modules.php?name=Content&pa=showpage&pid=41
If you have a Verizon phone instead of a Sprint phone, you can enable
the Treo tethered mode by dialing #*#TETHERED (##83843733)
instead of ##TETHERED (##83843733).
If you're interested in using your Treo as a wireless modem for
Windows, you can also take a look at the commercial software PDANet:
http://www.junefabrics.com/palmnet/index.php
Q We have a number of second-hand
Sun v240 machines that we purchased at an auction. They came preinstalled
with Solaris 9, but we'd like to wipe them and start over with out
own installations. The problem is that the ALOM password has been
set, and we have no idea what it is. If this were simply the root
password (which we DO have), we could boot from CD-ROM or the network
to reset it, but I'm not sure how to work around this for the ALOM.
Can you tell me an easy way to reset the ALOM password?
A Since you say that you have the
root password to the OS, changing the ALOM password is fairly trivial.
You need to run the scadm command and specify userpassword
and the username admin as arguments:
/usr/platform/'/bin/uname -i'/sbin/scadm userpassword admin
When you choose a new password, you must adhere to the following guidelines
(uppercase and lowercase letters are considered equivalent for comparison
purposes):
Passwords must contain between six and eight characters. Passwords
longer than eight characters are truncated at the eighth character.
Passwords must contain at least two alphabetic characters and
at least one numeric or special character.
Passwords must differ from the user's ALOM login name and any
reverse or circular shift of that login name.
The new password must differ from the old one by at least three
characters.
Q We have a number of end users
running OS X 10.3 and 10.4 on their wireless laptops. Sometimes
they complain about connection issues in various parts of the building.
When we go to the same part of the building with our own laptops
or they come to our offices, the problem disappears. To troubleshoot
this, I'd like to check the signal strength and quality every 10
minutes or so. I know the end user can put the wireless quality
graphic in the menu bar, and they can pull up the Internet Connect
panel from there, but that doesn't give us a continuous text-based
log that we can parse and graph. Are there any tools we can run
from cron that will output machine-readable text?
A There's actually a program called
airport that ships with the OS that you can query from the
command line (or from cron) to obtain text output instead of graphical
output. The command is buried at:
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport
To keep a running log of wireless performance, you could write a script
that time-stamped a log file and then parsed the output of:
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I
The output looks similar to the following for a laptop using 802.11g
with 128-bit WEP:
commQuality: 42
rawQuality: 26
avgSignalLevel: -73
avgNoiseLevel: -94
linkStatus: ESS
portType: Client
lastTxRate: 54
maxRate: 54
lastAssocStatus: 1
BSSID: xx:xx:xx:xx:xx:xx
SSID: <SSID Name>
Security: cipher: WEP 128
The airport command also allows you to manipulate the wireless
connection as well as view the current status. If you run airport
with the -h option, it outputs the following list of supported
arguments:
-a --autojoin Join first available trusted network
from list
-p --applyprefs Apply settings as currently configured
via System Preferences
-u --updateprefs Examine network preferences and repair
if necessary
-z --disassociate Disassociate from any network
-i<arg> --ibss=<arg> Create IBSS
-f<arg> --file=<arg> use <arg> as airport preference file
instead of /Library/Preferences/ \
SystemConfiguration/ \
com.apple.airport.preferences.plist
-m<arg> --mac=<arg> use <arg> instead of current AirPort
MAC Address
-x --xml Print info as XML
-h --help Show this help
-o<arg> --oldencrypt=<arg> Encrypt string <arg> with
Panther-style encryption
-s<arg> --scan=<arg> Perform a wireless broadcast scan
will perform a directed scan if the
optional <arg> is provided
-r<arg> --repeats=<arg> Repeat the command the specified
number of times
-A<arg> --associate=<arg> Associate to network will prompt for
network name if arg is not specified
and if necessary, for a password if
the network is using WEP or WPA and
the --password argument is not used
-I --getinfo Print current wireless status,
e.g. signal info, BSSID, port type etc.
-P<arg> --psk=<arg> Create PSK from specified passphrase
and SSID
-S --showstack Print the current list of known networks
--bssid=<arg> Specify BSSID to associate with
--channel=<arg> Set arbitrary channel on the card
--password=<arg> Specify a WEP key or WPA password
when associating to a network
--property=<arg> Set a property in the driver's
IORegistry
--ssid=<arg> Specify SSID when creating a PSK, or
associating to a network
Q As part of our Solaris 8 JumpStart
process, we set up all of the DiskSuite mirrors with a finish script.
Unfortunately, the boot-device is not modified to include both
the initial disk and its mirror. Is there a way to accomplish this
in a finish script?
A In my installations, I tend to
create an alias for the secondary mirror and then reference the
alias in the boot-device. Once you know the path to the disk
(e.g., /dev/dsk/c1t0d0s0), you can use the following code
snippet to set up an alias and configure the boot-device.
In the following example, the path to the boot device is stored
in the variable ${mpart}:
# determine the device path to the mirror disk
# get the device path of the mirror disk and chop off the leading bits
mdev=`ls -l ${mpart} | awk '{print $11}' | sed -n \
's/..\/..\/devices//p'`
echo "mdev=${mdev}"
# now we need to change sd, ssd, or dad to disk (scsi, fibre, or ide)
# test for standard sd device
if [ "X`echo ${mdev} | grep '/sd@'`" = "X${mdev}" ]; then
mirror1=`echo ${mdev} | sed -n 's/sd@/disk@/p'`
# test for fibre disk
elif [ "X`echo ${mdev} | grep '/ssd@'`" = "X${mdev}" ]; then
mirror1=`echo ${mdev} | sed -n 's/ssd@/disk@/p'`
# test for ide
elif [ "X`echo ${mdev} | grep '/dad@'`" = "X${mdev}" ]; then
mirror1=`echo $mdev | sed -n 's/dad@/disk@/p'`
# we haven't found a known disk type
else
echo "No valid disk type (ssd, sd, dad) found." && exit 1
fi
echo "mirror1=${mirror1}"
# set up nvramrc and a devalias if we have a valid mirror
if [ "X${mirror1}" != "X" ]; then
echo "setting up nvramrc and a devalias for mirror1"
eeprom 'use-nvramrc?=true'
echo "saving old nvramrc settings"
eeprom nvramrc | \
egrep -v 'data not available|devalias mirror1' | \
sed 's/nvramrc=//g' > /tmp/nvramrc.$$
echo "devalias mirror1 ${mirror1}" >> /tmp/nvramrc.$$
eeprom nvramrc="`cat /tmp/nvramrc.$$`"
rm /tmp/nvramrc.$$
# reset the boot-path to include the first entry (the main disk)
# and our newly defined boot mirror
# get the current boot disk, and drop everything else from
# the bootpath
bdisk=`eeprom boot-device| sed -n 's/boot-device=//p'|awk \
'{print $1}'`
# set our new boot path
if [ "X${bdisk}" != "X" ]; then
echo "setting boot-device to \"${bdisk} mirror1\""
eeprom boot-device="${bdisk} mirror1"
else
echo "No valid boot disk found, not setting boot-path" \
&& exit 1
fi
else
echo "Can not find mirror device name, not changing eeprom" \
&& exit 1
fi
# also make sure that we can boot with only half of the replicas,
# since we tend not to store them anywhere but the two boot mirrors
echo '* enable booting with only half of the \
replicas' >> /etc/system
echo 'set md:mirrored_root_flag=1' >> /etc/system
Q We purchased many of the first generation
17" Apple PowerBooks for our systems administration staff. I happened
to pick up a big lot of Memorex DVD+RW 4.7 GB discs on Ebay, but I
can't get any of them to work in my Powerbook. I first suspected faulty
DVDs, but since they all failed, I couldn't imagine that was the case.
I then tried another admin's PowerBook, and they failed there, too.
It turns out that the PowerBook has a Matshita DVD-R UJ-815A drive
in it, which the System Profiler lists as a DVD-RW drive. I'm guessing
there's a big difference between DVD+RW and DVD-RW?
A You are correct in assuming that
the DVD+RW blanks you bought are not compatible with your DVD-RW
hardware. Like the early days of VCRs where Betamax competed with
VHS, there are multiple recordable DVD formats. There are actually
three different DVD recording standards:
- DVD-RW: Developed by Pioneer and approved by the DVD
Forum.
- DVD+RW: Developed by the DVD+RW Alliance (led
by Dell, HP, Mitsubishi, Philips, Ricoh, Sony, RCA, and Yamaha)
but not approved by the DVD Forum.
- DVD-RAM: Marketed by the RAM Promotion Group (Hitachi,
Toshiba, Maxell, LG Electronics, Matsushita/Panasonic, Samsung
and Teac) and approved by the DVD Forum.
The naming scheme chosen by the developers of each standard
makes it confusing when buying drives and media. The DVD-RW
and DVD+RW formats contain similar features and are compatible
with many standalone DVD players and most DVD-ROMs. Most new
DVD recorders use a hybrid of the two formats called DVD±RW,
supporting both types of media. If your drive only supports
DVD+RW or DVD-RW, though, you must buy the corresponding
media.
DVD-RAM, on the other hand, is generally a better quality
but less popular format, much like Betamax.
Q We're running a mix of Solaris
8 and Solaris 9 hosts at our site. Our new security administrator
has dictated that we implement time restrictions on when people
can log into the machines. I'm looking for some software that
would allow me to configure applicable login hours based on
username or group, or something like that. Know of anything
that might fit the bill?
A There's a freely available
collection of PAM modules created by a company called Computer
Smiths that might do what you're looking for. The modules are
available from:
http://www.comsmiths.com.au/pam/
Of particular interest to you would be the PAM_login_times
module, which is configurable with a 15-minute granularity. To
use PAM_login_times, download the appropriate Solaris package
file for your OS version, and use pkgadd to install it
on each target machine. The login_times program allows
you to examine or set the enable and prohibit times, stored in
/var/adm/login_times, for the specified users:
login_times [ -e RANGE ] [ -p RANGE ] [ user ... ]
-e Set the enable range. This specifies the times logins are
allowed. See below for a description of the valid input for a RANGE
-p Set the prohibit range. This specifies the times logins are
not allowed. If both the -e and -p options are specified the
ranges are checked in the specified order.
user One or more users can be specified for the set, or
informational modes of operation. If no users are specified only
the informational mode is permissible.
RANGE
The range input is specified as ddd hh:mm - ddd hh:mm. Multi-day
ranges can be specified if desired. The days start on Sunday and
go to Saturday. An example range would be Sun 00:00 - Sat 23:59
which specifies all periods during the week. The times are
converted to 15 minute periods, so the smallest period specifiable
is 15 minutes.
Either the starting time, or the ending time may be left off,
leaving the RANGE '-' to mean Sun 00:00 - Sat 23:59.
Note that spaces in the range have to be quoted to protect them
from the shell.
You'll also need to modify /etc/pam.conf and insert the
entry for the Login Times PAM module near the top of the authentication
group. If you're restricting telnet, for example, you'd want the
line:
telnet auth required /usr/lib/security/pam_login_times.so.1
before the line:
telnet auth required /usr/lib/security/pam_unix.so.1
If you're trying to restrict access to your machine via SSH and
you're using OpenSSH, make sure to turn on PAM support within
OpenSSH or modifications made to /etc/pam.conf will have
no affect.
Amy Rich has more than a decade of Unix systems administration
experience in various types of environments. Her current roles
include that of Senior Systems Administrator for the University
Systems Group at Tufts University, Unix systems administration
consultant, author, and charter member of LOPSA. She can be
reached at: qna@oceanwave.com. |