Bits on Bytes bits on iphone, programming, and all things tech

Before you can enable the samba service in SMF the config file needs to be created. Copy /etc/sfw/smb.conf-example to /etc/sfw/smb.conf. Make sure you have lines that look like this:

security = user
passdb backend = tdbsam

That will let you use the Solaris user accounts for samba access. Next set up a share that you’d like to test with. Here’s a simple one I used:

[htdocs]
path = /opt/coolstack/apache2/htdocs
valid users = cjs00c
public = no
writable = yes

Start up the samba service with svcadm enable samba. Now we need to add a user/pass to the samba user database: smbpasswd -a cjs00c. You should be able to connect to your new samba share now.

Just for fun, the samba password database file is located at /etc/sfw/private/passdb.tdb. If you’d like to check it for users you can use:
tdbtool /etc/sfw/private/passdb.tdb
tdb> info
3 records totalling 224 bytes
tdb> dump

key 12 bytes
USER_cjs00c
data 213 bytes
[a whole bunch of encoded data here]

key 13 bytes
INFO/version
data 4 bytes
[000] 03 00 00 00 …

key 13 bytes
RID_000004b0
data 7 bytes
[000] 63 6A 73 30 30 63 00 cjs00c
tdb>

Boot to the Solaris DVD and at the GRUB menu select Solaris (it’s the default option)

At the next menu choose ‘Solaris Interactive Text’ either desktop or console. I chose #4, the console session because it loads faster.

The installer asks you a few network and configuration questions first. For simplicity I’ll just list my summary:

Networked: Yes
Use DHCP: No
Host name: gibbs
IP address: 150.252.xxx.xxx
System part of a subnet: Yes
Netmask: 255.255.xxx.xxx
Enable IPv6: No
Default Route: Specify one
Router IP Address: 150.252.xxx.xxx
Configure Kerberos Security: No
Name service: DNS
Domain name: acu.edu
Server address(es): 150.252.xxx.xxx
150.252.xxx.xxx
Search domain(s): acu.edu
NFSv4 Domain Name: << Value to be derived dynamically >>
Time zone: Central Time
(US/Central)
Date and time: 2008-11-03 14:14:00

After entering the root password the screen goes blank for a few seconds, some scripts start executing, then the installation screen comes back.

1. Select the “Standard” installation
2. Automatically eject CD/DVD
3. Auto Reboot
4. Accept the license agreement
5. Select any extra regional support
6. Select POSIX C (C)
7. Select None for Web Start products
8. Select ZFS for the filesystem
9. Select Entire Distribution
10. Select disk to install on

Configure the ZFS settings. I changed the swap size to 2G and left everything else default.

ZFS Pool Name: rpool
ZFS Root Dataset Name: s10x_u6wos07b
ZFS Pool Size (in MB): 39214
Size of Swap Area (in MB): 2048
Size of Dump Area (in MB): 1024
Keep / and /var combined

Add remote mounts if you have any and begin installation!

So apparently when I wrote part 1, I completely forgot about the zone configuration - which needs to be done in order to use any networking services.

So to configure the zone you need to log into the zone’s ‘console’ after booting it for the first time.

# zlogin -C myzone

If you don’t see anything hit enter. You should be presented with a terminal choice. After that it should be pretty standard system configuration questions.

Alternatively, this can be automated by creating a sysidcfg file and placing it in /etc

If you were like me and installed the original release of OpenSolaris, it might be time to upgrade. The original release (2008.05) was based on the Solaris Nevada code version 86. The current version of Nevada is 93. The great thing about OpenSolaris is that the changes in Nevada get ported over to the OpenSolaris package server. This means you can easily upgrade to the latest package set with one command: pkg image-update

It gets better! OpenSolaris will even help protect your system by creating an entirely new boot environment and upgrading that. So if something were to not go as expected you could always boot back into your original environment. Read the rest of this entry »

My purpose for doing this was to automate file transfers between servers. So I needed a secure copy method (SCP) without prompting for a password (SSH keys). I’ll call my two systems production and backup. I need to be able to ssh from production to backup without it prompting for a password.

On production generate your private/public key pair:

chris@production ~$ ssh-keygen -t dsa

Generating public/private dsa key pair.
Enter file in which to save the key (/export/home/chris/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/chris/.ssh/id_dsa.
Your public key has been saved in /export/home/chris/.ssh/id_dsa.pub.
The key fingerprint is:
bd:cf:bb:c0:30:1c:c3:5f:74:80:3b:f0:1f:82:20:bb chris@production

Put the public key file (id_dsa.pub) on the remote system you will be ssh’ing to as the authorized_keys2 file in the .ssh directory of the user you will be using to ssh:

chris@production ~$ scp ~/.ssh/id_dsa.pub backup:.ssh/authorized_keys2

Or append it if you have a preexisting authorized_keys2 file.

That’s it. You should be able to ssh from production to backup with whatever password you entered in the key generation process (or none if you didn’t enter one).

$ sudo service com.apple.DirectoryServices stop

Not fun.

So I know there is ample documentation on this in the Sun docs but if you’ve ever tried to read Sun docs then you know that someone giving an example is much easier to understand. The goal will be to create a container in the fewest number of steps. This should work on any release of Solaris 10 but I will be using u3. Read the rest of this entry »

In this scenario I am using a fresh install of Solaris 10 u3. There are two network interfaces configured: vfe0 is the “external” interface as it connects directly to the cable modem and gets it’s IP via DHCP; rtls0 is the “internal” interface as it connects to a local network switch along with other computers on the network. Use routeadm to enable IP Forwarding & IP Routing at the system level: Read the rest of this entry »