Questions and Answers

Amy Rich

Q People in our company, a systems administration consulting agency, do a lot of traveling and work on a lot of remote systems. A good portion of us have Treo 600/650s with Sprint PCS service (unlimited data for a cheap flat rate per month) and Apple PowerBooks (they run Unix underneath the hood) that we use to keep in touch from the road. The Treos are great if you don't need a lot of screen territory, and the PowerBooks are great when there's a network connection available. Sometimes we need the usability of the laptop without having wireless or wired nearby, though. I've heard you can use the Treo as a modem for your laptop. This would fit the bill nicely! Do you know what software is required and how to configure things?

A If you have a Treo 650 and use Bluetooth, install the 1.12 updater patch from:

http://www.palm.com/us/support/downloads/treo650updater/sprint.html

http://www.notifymail.com/palm/wmodem/index.shtml

The site http://www.sprintpcsinfo.com/ details using an older, free version of the WirelessModem driver for the Mac without the shareware phone portion. Detailed directions can be found at:

http://www.sprintpcsinfo.com/modules.php?name=Content&pa=showpage&pid=41

If you're interested in using your Treo as a wireless modem for Windows, you can also take a look at the commercial software PDANet:

http://www.junefabrics.com/palmnet/index.php

A Since you say that you have the root password to the OS, changing the ALOM password is fairly trivial. You need to run the scadm command and specify userpassword and the username admin as arguments:

/usr/platform/'/bin/uname -i'/sbin/scadm userpassword admin

Passwords must contain between six and eight characters. Passwords longer than eight characters are truncated at the eighth character.

Passwords must contain at least two alphabetic characters and at least one numeric or special character.

Passwords must differ from the user's ALOM login name and any reverse or circular shift of that login name.

The new password must differ from the old one by at least three characters.

Q We have a number of end users running OS X 10.3 and 10.4 on their wireless laptops. Sometimes they complain about connection issues in various parts of the building. When we go to the same part of the building with our own laptops or they come to our offices, the problem disappears. To troubleshoot this, I'd like to check the signal strength and quality every 10 minutes or so. I know the end user can put the wireless quality graphic in the menu bar, and they can pull up the Internet Connect panel from there, but that doesn't give us a continuous text-based log that we can parse and graph. Are there any tools we can run from cron that will output machine-readable text?

A There's actually a program called airport that ships with the OS that you can query from the command line (or from cron) to obtain text output instead of graphical output. The command is buried at:

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I

        commQuality: 42
         rawQuality: 26
     avgSignalLevel: -73
      avgNoiseLevel: -94
         linkStatus: ESS
           portType: Client
         lastTxRate: 54
            maxRate: 54
    lastAssocStatus: 1
              BSSID: xx:xx:xx:xx:xx:xx
               SSID: <SSID Name>
           Security:   cipher: WEP 128

-a      --autojoin          Join first available trusted network 
                            from list
-p      --applyprefs        Apply settings as currently configured 
                            via System Preferences
-u      --updateprefs       Examine network preferences and repair 
                            if necessary
-z      --disassociate      Disassociate from any network
-i<arg> --ibss=<arg>        Create IBSS
-f<arg> --file=<arg>        use <arg> as airport preference file 
                            instead of /Library/Preferences/ \
                            SystemConfiguration/ \
                            com.apple.airport.preferences.plist
-m<arg> --mac=<arg>         use <arg> instead of current AirPort 
                            MAC Address
-x      --xml               Print info as XML
-h      --help              Show this help
-o<arg> --oldencrypt=<arg>  Encrypt string <arg> with 
                            Panther-style encryption  
-s<arg> --scan=<arg>        Perform a wireless broadcast scan 
                            will perform a directed scan if the 
                            optional <arg> is provided
-r<arg> --repeats=<arg>     Repeat the command the specified 
                            number of times
-A<arg> --associate=<arg>   Associate to network will prompt for 
                            network name if arg is not specified 
                            and if necessary, for a password if 
                            the network is using WEP or WPA and 
                            the --password argument is not used
-I      --getinfo           Print current wireless status, 
                            e.g. signal info, BSSID, port type etc.
-P<arg> --psk=<arg>         Create PSK from specified passphrase 
                            and SSID
-S      --showstack         Print the current list of known networks
        --bssid=<arg>       Specify BSSID to associate with
        --channel=<arg>     Set arbitrary channel on the card
        --password=<arg>    Specify a WEP key or WPA password 
                            when associating to a network
        --property=<arg>    Set a property in the driver's 
                            IORegistry
        --ssid=<arg>        Specify SSID when creating a PSK, or 
                            associating to a network
							

A In my installations, I tend to create an alias for the secondary mirror and then reference the alias in the boot-device. Once you know the path to the disk (e.g., /dev/dsk/c1t0d0s0), you can use the following code snippet to set up an alias and configure the boot-device. In the following example, the path to the boot device is stored in the variable ${mpart}:

# determine the device path to the mirror disk

# get the device path of the mirror disk and chop off the leading bits
mdev=`ls -l ${mpart} | awk '{print $11}' | sed -n \
  's/..\/..\/devices//p'`
echo "mdev=${mdev}"

# now we need to change sd, ssd, or dad to disk (scsi, fibre, or ide)
# test for standard sd device
if [ "X`echo ${mdev} | grep '/sd@'`" = "X${mdev}" ]; then
  mirror1=`echo ${mdev} | sed -n 's/sd@/disk@/p'`
# test for fibre disk
elif [ "X`echo ${mdev} | grep '/ssd@'`" = "X${mdev}" ]; then
  mirror1=`echo ${mdev} | sed -n 's/ssd@/disk@/p'`
# test for ide
elif [ "X`echo ${mdev} | grep '/dad@'`" = "X${mdev}" ]; then
  mirror1=`echo $mdev | sed -n 's/dad@/disk@/p'`
# we haven't found a known disk type
else
  echo "No valid disk type (ssd, sd, dad) found." && exit 1
fi

echo "mirror1=${mirror1}"

# set up nvramrc and a devalias if we have a valid mirror

if [ "X${mirror1}" != "X" ]; then
  echo "setting up nvramrc and a devalias for mirror1"
  eeprom 'use-nvramrc?=true'
  echo "saving old nvramrc settings"
       eeprom nvramrc | \
   egrep -v 'data not available|devalias mirror1' | \
   sed 's/nvramrc=//g' > /tmp/nvramrc.$$
 echo "devalias mirror1 ${mirror1}" >>  /tmp/nvramrc.$$

  eeprom nvramrc="`cat /tmp/nvramrc.$$`"
       rm /tmp/nvramrc.$$

  # reset the boot-path to include the first entry (the main disk)
  # and our newly defined boot mirror

  # get the current boot disk, and drop everything else from 
  # the bootpath
  bdisk=`eeprom boot-device| sed -n 's/boot-device=//p'|awk \
    '{print $1}'`
  # set our new boot path
  if [ "X${bdisk}" != "X" ]; then
    echo "setting boot-device to \"${bdisk} mirror1\""
    eeprom boot-device="${bdisk} mirror1"
  else
         echo "No valid boot disk found, not setting boot-path" \
           && exit 1
  fi
     else
       echo "Can not find mirror device name, not changing eeprom" \
         && exit 1
  fi

# also make sure that we can boot with only half of the replicas, 
# since we tend not to store them anywhere but the two boot mirrors

echo '* enable booting with only half of the \
  replicas' >> /etc/system
echo 'set md:mirrored_root_flag=1' >> /etc/system

A You are correct in assuming that the DVD+RW blanks you bought are not compatible with your DVD-RW hardware. Like the early days of VCRs where Betamax competed with VHS, there are multiple recordable DVD formats. There are actually three different DVD recording standards:

• DVD-RW: Developed by Pioneer and approved by the DVD Forum.
• DVD+RW: Developed by the DVD+RW Alliance (led by Dell, HP, Mitsubishi, Philips, Ricoh, Sony, RCA, and Yamaha) but not approved by the DVD Forum.
• DVD-RAM: Marketed by the RAM Promotion Group (Hitachi, Toshiba, Maxell, LG Electronics, Matsushita/Panasonic, Samsung and Teac) and approved by the DVD Forum.

The naming scheme chosen by the developers of each standard makes it confusing when buying drives and media. The DVD-RW and DVD+RW formats contain similar features and are compatible with many standalone DVD players and most DVD-ROMs. Most new DVD recorders use a hybrid of the two formats called DVD±RW, supporting both types of media. If your drive only supports DVD+RW or DVD-RW, though, you must buy the corresponding media.

DVD-RAM, on the other hand, is generally a better quality but less popular format, much like Betamax.

Q We're running a mix of Solaris 8 and Solaris 9 hosts at our site. Our new security administrator has dictated that we implement time restrictions on when people can log into the machines. I'm looking for some software that would allow me to configure applicable login hours based on username or group, or something like that. Know of anything that might fit the bill?

A There's a freely available collection of PAM modules created by a company called Computer Smiths that might do what you're looking for. The modules are available from:

http://www.comsmiths.com.au/pam/

login_times  [ -e RANGE ] [ -p RANGE ] [ user ... ]

-e   Set the enable range. This specifies the times logins are 
allowed. See below for a description of the valid input for a RANGE

-p   Set the prohibit range. This specifies the times logins are 
not allowed.  If both the -e and -p options are specified the 
ranges are checked in the specified order.

user One or more users can be specified for the set, or 
informational modes of operation. If no users are specified only 
the informational mode is permissible.

RANGE

The range input is specified as ddd hh:mm - ddd hh:mm. Multi-day 
ranges can be specified if desired. The days start on Sunday and 
go to Saturday.  An example range would be Sun 00:00 - Sat 23:59 
which specifies all periods during the week.  The times are 
converted to 15 minute periods, so the smallest period specifiable 
is 15 minutes.

Either the starting time, or the ending time may be left off, 
leaving the RANGE '-' to mean Sun 00:00 - Sat 23:59.

Note that spaces in the range have to be quoted to protect them 
from the shell.

telnet auth required /usr/lib/security/pam_login_times.so.1

telnet auth required /usr/lib/security/pam_unix.so.1

Amy Rich has more than a decade of Unix systems administration experience in various types of environments. Her current roles include that of Senior Systems Administrator for the University Systems Group at Tufts University, Unix systems administration consultant, author, and charter member of LOPSA. She can be reached at: qna@oceanwave.com.