sun.com  |  docs.sun.com
 
How To Buy   |   My Sun   |   Worldwide Sites
 
Sun Microsystems Logo
 Products and Services
 		 Support and Training
 
 

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  
 
System Administrationsmsconfig(1m)

NAME

 smsconfig - configures the SMS environment

SYNOPSIS

 smsconfig -m
 smsconfig -m I1 [domain_id| sc| netmask]
 smsconfig -m I2 [sc0| sc1| netmask]
 smsconfig -m L
 smsconfig -g
 smsconfig -a -u username -G platform_role platform
 smsconfig -r -u username -G platform_role platform
 smsconfig -a -u username -G domain_role domain_id
 smsconfig -r -u username -G domain_role domain_id
 smsconfig -l domain_id
 smsconfig -l platform
 smsconfig -s security_option
 smsconfig -v
 smsconfig -h

DESCRIPTION

 

smsconfig(1M) configures the SMS environment in a three areas: network management, security, and user group privileges.

smsconfig configures and modifies host name and IP address settings used by the MAN daemon, mand(1M). For each network, smsconfig can singularly set one or more interface designations within that network. By default, smsconfig steps through the configuration of both internal networks and the external community network.

Note – Once you have configured or changed the configuration of the MAN network you must reboot the system controller (SC) in order for the changes to take effect.

To configure an individual network, append the net_id to the command line. Management network net_ids are designated I1, I2, and L. Configure a single interface within an enterprise network by specifying both the desired interface and its net_id. Any changes made to the network configuration on one SC using smsconfig -m must be run on the other SC. Network configurations files are not automatically propagated.

For security purposes, SMS disables forwarding, broadcast, and multicast by setting the appropriate ndd utility variables upon startup.

The Sun Fire high end systems also enables you to further secure the SC allowing you to use smsconfig -s ssh as part of the Security Toolkit SC hardening process. To harden the SC, follow the procedures found in the following Sun BluePrints Online articles available at: http://www.sun.com/security/blueprints

  • Securing Sun Fire 12K and 15K System Controller: Updated for SMS 1.4
  • Securing Sun Fire 12K and 15K Domains: Updated for SMS 1.4

smsconfig configures the UNIX groups used by SMS to describe user privileges. SMS uses a default set of UNIX groups installed locally on each SC. smsconfig enables you to customize those groups using the -g option. For more information refer to the System Management Services (SMS) 1.4 Installation Guide .

smsconfig also adds users to SMS groups and configures domain and platform administrative privileges. smsconfig sets access control list (ACL) attributes on SMS directories.

Note – Do not manually edit the /etc/group SMS file entries to add or remove users. Otherwise user access will be compromised.

OPTIONS

 

The following options are supported:

-a
Adds a user to an SMS group and provides read, write, and execute access for a domain or for the platform directories. You must specify a valid username, SMS group, and if applicable, a domain_id
-G
Indicates an SMS group. No group name is case sensitive.
-g
Configures the UNIX groups used by SMS to describe user privileges.
-h
Help. Displays usage descriptions. Note – Use alone. Any option specified in addition to -h is ignored.
-l
Lists all users with access to the specified SMS domain or platform.
-m
Configures all interfaces for all enterprise networks and the external community.
-m I1
Configures all interfaces for enterprise network I1. Network designation is not case sensitive. You can exclude a domain from the I1 network configuration by using the word NONE as the MAN hostname. This applies to the I1 network only.
-mI2
Configures all interfaces for enterprise network I2. Network designation is not case sensitive.
-m L
Configures all interfaces for the external community network. Network designation is not case sensitive.
-r
Removes a user from an SMS group and denies read, write, and execute access for a domain or for the platform directories. You must specify a valid username, SMS group and if applicable, a domain_id.
-s security_option
This option is used to configure the SMS software to use the security feature. The feature to configure is specified by security_option

The following are valid values for security_option:

ssh
Instructs SMS to use ssh-based commands in place of the default rsh-based commands for communicating with the remote SC. All of the ssh-based commands must reside in /usr/bin.

If they are not found in /usr/bin, smsconfig exits and logs an error.

Note – NOTE: Ensure the Secure Shell is configured properly on both SCs before enabling the SMS software to use it. If ssh is not configured, smsconfig displays and logs an error then exits. Refer to the ssh and scp man pages for more information. Note – rsh(1) is the default remote shell in SMS software. When Secure Shell has not been configured properly, SMS attempts to use the default remote shell. Therefore we strongly recommended that you keep rsh enabled until smsconfig -s ssh successfully configures the SMS software. Once Secure Shell is configured you can disable rsh by hardening the SC. Refer to the Online Blueprints documentation and the security section of the System Management Services (SMS) 1.4 Installation Guide for more information.
rsh
Reconfigures SMS to use rsh-based commands.
-u username
Indicates user login name.
-v
Displays remote shell configuration.

OPERANDS

 

The following operands are supported:

domain_id
ID for a domain. Valid domain_ids are A-R and are not case sensitive.
domain_role
Valid domain_roles are:

admn

rcfg

platform
Specifies the Sun Fire high end platform and platform-specific directories. The platform name must begin with a letter, can contain numbers, letters, and the "-" symbol, and must not exceed 15 characters. (It must comply with RFC-921.) The platform name is used as the default prefix for hostnames of internal network interfaces. In example 1, below, the platform name is sun15.
platform_role
Valid platform_roles are:

admn

oper

svc

SC0, SC1
Interface designation for the Sun Fire high end systems SC. Interface designations are not case sensitive.
netmask
A 32-bit number that masks or screens out the network part of an IP address in a subnet so that only the host computer part of the address remains visible. Commonly displayed in decimal numbers, for example, 255.255.255.0 is a common netmask in a Class C subnet. netmask is not case sensitive.

EXTENDED DESCRIPTION

 

Group Privileges Required

 

You must have superuser privileges to run this command.

Refer to Chapter 2, "SMS Security Options and Administrative Privileges" in the System Management Services (SMS) 1.4 Administrator Guide for more information.

EXAMPLES

 Example 1. Setting Up the MAN Network
 

You must configure all interfaces in the MAN network. This example steps through all the prompts needed to completely set up all three enterprise networks using IPv4. An IPv6 network example differs slightly.

Caution-- The IP addresses shown in the following examples are examples only. Refer to your Sun Fire 15K/12K System Site Planning Guide for valid IP addresses for your network. Using invalid network IP addresses could, under certain circumstances, make your system unbootable!

There are no prompts for netmasks, and /etc/ipnodes are modified in addition to /etc/hosts.

On the CP1500 board, the default NICs for community C1 are hme0 and eri1. On the CP2140 board, they are eri0 and eri3. The CP2140 board was no hme devices. IP addresses on the external network for failover, hme0, eri0, eri1, and eri3 on each SC must be unique. The floating IP address is the same on both SCs.

By default, the I1 network settings are derived from the base network address entered for that network. You can exclude a domain from the I1 network configuration by using the word NONE as the MAN hostname. See Excluding Domain D From the I1 Network. For more information refer to the System Management Services (SMS) 1.4 Installation Guide .

Once you have configured the MAN network, you must reboot the SC.

  
sc0:# smsconfig -m
The platform name identifies the entire host machine to the SMS software.
The platform name occupies a different name space than domain names (hostnames of bootable systems).

What is the name of the platform this SMS will service? sun15

Configuring the External Network for Community C1

Do you want to define this Community? [y,n] y
Two network interfaces controllers (NICs) are required for IPMP network failover.
Enter NICs associated with community C1 [hme0 eri1]: [Return]

Enter hostname for hme0 [sun15-sc0-hme0]:[Return]
Enter IP address for sun15-sc0-hme0: 10.1.1.52

Enter hostname for eri1 [sun15-sc0-eri1]:[Return] 
Enter IP address for sun15-sc0-eri1: 10.1.1.53

The Logical/Floating IP hostname and address will "float" over towhichever system controller (SC0 or SC1) is acting as the main SC.

Enter Logical/Floating IP hostname for community C1 [sun15-sc-C1]: [Return]
Enter IP address for sun15-sc-C1: 10.1.1.50 
Enter Netmask for community C1: 255.255.255.0


Enter hostname for community C1 failover address [sun15-sc0-C1-failover]:[Return]
Enter IP address for sun15-sc0-C1-failover: 10.1.1.51

Hostname                 IP Address (platform=sun15)
--------                 ----------
sun15-sc-C1              10.1.1.50
sun15-sc0-C1-failover    10.1.1.51
sun15-sc0-eri0           10.1.1.52
sun15-sc0-eri3           10.1.1.53

Do you want to:
 1) Accept these network settings.
 2) Edit these network settings.
 3) Delete these network settings and go onto the next community? [y,n] y

Configuring the External Network for Community C2

Do you want to define this Community? [y,n] n

Configuring I1 Management Network - 'I1' is the Domain to SC MAN. 
MAN I1 Network Identification
Enter the IP network number (base address) for the I1 network: 10.2.1.0
Enter the netmask for the I1 MAN network [ 255.255.255.224 ]: [Return}

Hostname        IP Address   platform=sun15)
--------        ----------
netmask-i1      255.255.255.224
sun15-sc-i1     10.2.1.1
sun15-a         10.2.1.2
sun15-b         10.2.1.3
sun15-c         10.2.1.4
sun15-d         10.2.1.5
sun15-e         10.2.1.6
sun15-f         10.2.1.7
sun15-g         10.2.1.8
sun15-h         10.2.1.9
sun15-i         10.2.1.10
sun15-j         10.2.1.11
sun15-k         10.2.1.12
sun15-l         10.2.1.13
sun15-m         10.2.1.14
sun15-n         10.2.1.15
sun15-o         10.2.1.16
sun15-p         10.2.1.17
sun15-q         10.2.1.18
sun15-r         10.2.1.19

Do you want to accept these network settings? [y,n] y

Configuring I2 Management Network - 'I2' is for SC to SC MAN. 
MAN I2 Network Identification
Enter the IP network number (base address) for the I2 network: 10.3.1.0
Enter the netmask for the I2 MAN network [ 255.255.255.252 ]:[Return] 

Hostname           IP Address	(platform=sun15)
--------           ----------
netmask-i2         255.255.255.252
sun15-sc0-i2       10.3.1.1
sun15-sc1-i2       10.3.1.2

Do you want to accept these settings? [y,n] y
Creating /.rhosts to facilitate file propagation ... done.

MAN Network configuration modified!
Changes will take effect on next reboot.

The following changes are about to be applied to the "/etc/hosts" hosts file.
----------------------
ADD: 10.2.1.2   sun15-a #smsconfig-entry#
ADD: 10.2.1.3   sun15-b #smsconfig-entry#
ADD: 10.2.1.4   sun15-c #smsconfig-entry#
ADD: 10.2.1.5   sun15-d #smsconfig-entry#
ADD: 10.2.1.6   sun15-e #smsconfig-entry#
ADD: 10.2.1.7   sun15-f #smsconfig-entry#
ADD: 10.2.1.8   sun15-g #smsconfig-entry#
ADD: 10.2.1.9   sun15-h #smsconfig-entry#
ADD: 10.2.1.10  sun15-i #smsconfig-entry#
ADD: 10.2.1.11  sun15-j #smsconfig-entry#
ADD: 10.2.1.12  sun15-k #smsconfig-entry#
ADD: 10.2.1.13  sun15-l #smsconfig-entry#
ADD: 10.2.1.14  sun15-m #smsconfig-entry#
ADD: 10.2.1.15  sun15-n #smsconfig-entry#
ADD: 10.2.1.16  sun15-o #smsconfig-entry#
ADD: 10.2.1.17  sun15-p #smsconfig-entry#
ADD: 10.2.1.18  sun15-q #smsconfig-entry#
ADD: 10.2.1.19  sun15-r #smsconfig-entry#
ADD: 10.2.1.1   sun15-sc-i1 #smsconfig-entry#
ADD: 10.1.1.50  sun15-sc-C1 #smsconfig-entry#
ADD: 10.1.1.51  sun15-sc0-C1-failover #smsconfig-entry#
ADD: 10.1.1.52  sun15-sc0-hme0 #smsconfig-entry#
ADD: 10.1.1.53  sun15-sc0-eri1 #smsconfig-entry#
ADD: 10.3.1.1   sun15-sc0-i2 #smsconfig-entry#
ADD: 10.3.1.2   sun15-sc1-i2 #smsconfig-entry#
----------------------
Update the hosts file, "/etc/hosts", with these changes? [y,n] y
Hosts file "/etc/hosts" has been updated.

The following information is about to be applied to the "/etc/netmasks" file.
----------------------
ADD network: 10.1.1.50, mask:  255.255.255.0
ADD network: 10.2.1.0, mask: 255.255.255.224
ADD network: 10.3.1.0, mask: 255.255.255.252
----------------------
Update the netmasks file, "/etc/netmasks", with these changes? [y,n] y
Netmasks file "/etc/netmasks" has been updated.
smsconfig complete. Log file is /var/sadm/system/logs/smsconfig
sc#
Example 2. Configuring the I2 Network
 
  
sc0: # smsconfig -m I2
Configuring I2 Management Network - 'I2' is for SC to SC MAN
Which System Controller are you configuring [choose 0 or 1]: 0.
Hostname          IP Address	 (platform=sun15)
--------          ----------
netmask-i2        255.255.255.252
sun15-sc0-i2      10.3.1.1
sun15-sc1-i2      10.3.1.2
Do you want to accept these network settings? [y,n] n
MAN I2 Network Identification
Enter the IP network number (base address) for the I2 network: 172.16.0.0
Enter the netmask for the I2 MAN network [ 255.255.255.252 ]: [Return]
Hostname          IP Address	(platform=sun15)
--------          ----------
netmask-i2        255.255.255.252
sun15-sc0-i2      172.16.0.1
sun15-sc1-i2      172.16.0.2
Do you want to accept these network settings? [y,n] y
Creating /.rhosts to facilitate file propagation ... done.

MAN Network configuration modified!
Changes will take effect on the next reboot.
The following changes are about to be applied to the "/etc/hosts" hosts file.
----------------------
ADD: 172.16.0.1   sun15-sc0-i2 #smsconfig-entry#
ADD: 172.16.0.2   sun15-sc1-i2 #smsconfig-entry#
----------------------
Update the hosts file, "/etc/hosts". with these changes [y,n] y
Hosts file "/etc/hosts" has been updated.

The following information is about to be applied to the "/etc/netmasks" file.
---------------------
ADD network: 172.16.0.0, mask: 255.255.255.252
---------------------
Update the netmasks file, "/etc/netmasks", with these changes? [y,n] y
Netmasks file "/etc/netmasks" has been updated.

sc#
Example 3. Configuring Internal Host Name and IP Address, SC to Domain B, on the I1 Network
 
  
sc0: # smsconfig -m I1 B

Enter the MAN hostname for DB-I1 [ sun15-b ]: domainB-i1
I could not automatically determine the IP address of domainB-i1.

Please enter the IP address of domainB-i1: 10.2.1.20

You should make sure that this host/IP address is set up properly in the
 /etc/inet/hosts file or in your local name service system.

Network: I1 (DB-I1)  Hostname: domainB-i1  IP Address: 10.2.1.20

Do you want to accept these settings? [y,n] y

Creating /.rhosts to facilitate file propagation ... done.

MAN Network configuration modified!
Changes will take effect on the next reboot.

The following changes are about to be applied to the "/etc/hosts" hosts file.
----------------------
ADD: 10.2.1.20   domainB-i1 #smsconfig-entry#
----------------------
Update the hosts file, "/etc/hosts", with these changes? [y,n] y
Hosts file "/etc/hosts" has been updated.

sc#
Example 4. Excluding Domain D From the I1 Network
 

By excluding a domain, you will no longer be able to perform DR operations (rcfgadm) from the SC on that domain. You can still perform DR operations (cfgadm) on the domain itself. Refer to the Sun Fire 15K/12K Dynamic Reconfiguration (DR) User Guide for more information.

  
sc0: # smsconfig -m I1 D
Enter the MAN hostname for DB-I1 [ sun15-b ]: NONE
Network: I1 (DB-I1)  
Hostname: NONE  IP Address: None

Do you want to accept these settings? [y,n] y

Creating /.rhosts to facilitate file propagation ... done.

sc#
Example 5. Configuring Non-Default Groups
 

In this example all domain administrator and domain reconfiguration groups are left as the default groups.

  
sc0: # smsconfig -g
1) Edit current configuration
2) Restore default groups
3) Quit

Select one of the above options: 1

NOTE: In order to configure a new group the group must already exist.

The Platform Administrator group has configuration control, a means to
get environmental status, the ability to assign boards to domains, power
control and other generic service processor functions.
Enter the name of the Platform Administrator group [platadmn]? zeus

The Platform Operator group has a subset of the platform privileges,
limited generally to platform power control and platform status.

Enter the name of the Platform Operator group [platoper]? poseidon

The Platform Service group posses platform service command privileges in
addition to limited platform control and platform configuration status
privileges

Enter the name of the Platform Service group [platsvc]? kronos

The Domain Administrator group posses domain control and status, and
console access privileges (for the respective domain), but does not
posses platform wide control or platform resource allocation privileges.

Enter the name of the Domain A Administrator group [dmnaadmn]? [Return]

Enter the name of the Domain B Administrator group [dmnbadmn]? [Return]
Enter the name of the Domain C Administrator group [dmncadmn]? [Return] 
Enter the name of the Domain D Administrator group [dmndadmn]? [Return]
Enter the name of the Domain E Administrator group [dmneadmn]? [Return]
Enter the name of the Domain F Administrator group [dmnfadmn]? [Return] 
Enter the name of the Domain G Administrator group [dmngadmn]? [Return] 
Enter the name of the Domain H Administrator group [dmnhadmn]? [Return] 
Enter the name of the Domain I Administrator group [dmniadmn]? [Return]
Enter the name of the Domain J Administrator group [dmnjadmn]? [Return] 
Enter the name of the Domain K Administrator group [dmnkadmn]? [Return]
Enter the name of the Domain L Administrator group [dmnladmn]? [Return] 
Enter the name of the Domain M Administrator group [dmnmadmn]? [Return] 
Enter the name of the Domain N Administrator group [dmnnadmn]? [Return]
Enter the name of the Domain O Administrator group [dmnoadmn]? [Return]
Enter the name of the Domain P Administrator group [dmnpadmn]? [Return]
Enter the name of the Domain Q Administrator group [dmnqadmn]? [Return] 
Enter the name of the Domain R Administrator group [dmnradmn]? [Return]

The Domain Reconfiguration group posses a subset of the Domain
Administration group privileges. This group has no domain control other
than board power and reconfiguration (for the respective domain).

Enter the name of the Domain A Reconfiguration group [dmnarcfg]? [Return]
Enter the name of the Domain B Reconfiguration group [dmnbrcfg]? [Return] 
Enter the name of the Domain C Reconfiguration group [dmncrcfg]? [Return]
Enter the name of the Domain D Reconfiguration group [dmndrcfg]? [Return] 
Enter the name of the Domain E Reconfiguration group [dmnercfg]? [Return]
Enter the name of the Domain F Reconfiguration group [dmnfrcfg]? [Return] 
Enter the name of the Domain G Reconfiguration group [dmngrcfg]? [Return]
Enter the name of the Domain H Reconfiguration group [dmnhrcfg]? [Return]
Enter the name of the Domain I Reconfiguration group [dmnircfg]? [Return]
Enter the name of the Domain J Reconfiguration group [dmnjrcfg]? [Return]
Enter the name of the Domain K Reconfiguration group [dmnkrcfg]? [Return]
Enter the name of the Domain L Reconfiguration group [dmnlrcfg]? [Return]
Enter the name of the Domain M Reconfiguration group [dmnmrcfg]? [Return]
Enter the name of the Domain N Reconfiguration group [dmnnrcfg]? [Return]
Enter the name of the Domain O Reconfiguration group [dmnorcfg]? [Return]
Enter the name of the Domain P Reconfiguration group [dmnprcfg]? [Return] 
Enter the name of the Domain Q Reconfiguration group [dmnqrcfg]? [Return]
Enter the name of the Domain R Reconfiguration group [dmnrrcfg]? [Return]

Configuration complete.

Select one of the above options: 
1) Edit current configuration
2) Restore default groups
3) Quit
Select one of the above options: 3

sc#
Example 6. Configuring SMS to Use Secure Shell
 

Ensure ssh is enabled, otherwise when running this command you will receive an error message and smsconfig will exit.

  
sc0: # smsconfig -s ssh
Enabling ssh...
Password/passphrase authentication can be ignored.
System will use ssh
Tue Oct 12 13:21:06 PST 2002
smsconfig complete.
Example 7. Configuring SMS to Use rsh
 
  
sc0: # smsconfig -s rsh
System will use rsh
Tue Oct 12 13:25:06 PST 2002
smsconfig complete.
Example 8. Displaying the Remote Shell
 
  
sc0: # smsconfig -v
Remote Shell
============
Remote Shell             /usr/bin/rsh
Tue Oct 12 13:27:10 PST 2002
smsconfig complete.
Example 9. Adding a User to the Domain Administrator Group and Configuring Access to the Domain B Directories
 

You must specify a valid user name and valid SMS group and domain.

  
sc0: # smsconfig -a -u fdjones -G admn B
fdjones has been added to the dmnBadmn group.
All privileges to domain B have been applied.
Example 10. Adding a User to the Domain Configurator Group and Configuring Access to the Domain C Directories
 

You must specify a valid user name and valid SMS group and domain.

  
sc0: # smsconfig -a -u fdjones -G rcfg C
fdjones has been added to the dmnCrcfg group.
All privileges to domain C have been applied.
Example 11. Configuring Access to the Platform Directories
 

You must specify a valid user name and valid SMS group and the platform.

  
sc0: # smsconfig -a -u jtd -G svc platform 
jtd has been added to the platsvc group.
All privileges to the platform have been applied.
Example 12. Displaying Users With Access to the Domain C Directories
 
  
sc0: # smsconfig -l C 
fdjones
shea
Example 13. Displaying Users With Access to the Platform Directories
 
  
sc0: # smsconfig -l platform
fdjones
jtd
Example 14. Removing User Access to the Domain C Directories
 

You must specify a valid username and valid SMS group. Any user who belongs to more than one group with access to a domain, must be removed from all groups before directory access is denied.

  
sc0: # smsconfig -r -u fdjones -G rcfg C
fdjones has been removed from the dmnCrcfg group.
fdjones belongs to the dmnCadmn group
Access to domain C remains unchanged.
  
sc0: # smsconfig -r -u fdjones -G admn C
fdjones has been removed from the dmnCadmn group.
All access to domain C is now denied.
Example 15. Configuring Using an Invalid Group name
 

You must specify a valid SMS group.

  
sc0: # smsconfig -a -u fdjones -G staff D 
ERROR:  group staff does not exist
ABORTING.
Example 16. Mixing Groups and Designations
 

You must specify group names with the correct area designations. The admn group works with either designation.

  
sc0: # smsconfig -a -u fdjones -G rcfg platform 
ERROR:  group rcfg cannot access the platform
ABORTING.
  
sc0: # smsconfig -a -u fdjones -G oper D 
ERROR:  group oper cannot access a domain
ABORTING.

EXIT STATUS

 

The following exit values are returned:

0
Successful completion.
>0
An error occurred.

FILES

 

The following configuration files are required:

/etc/hostname.scman0
MAN Ethernet interface file
/etc/hostname.scman1
MAN Ethernet interface file
/etc/opt/SUNWSMS/config/MAN.cf
MAN daemon configuration file

Note – MAN.cf is an internal SMS system file and should not be modified except by authorized Sun Microsystems personnel.

ATTRIBUTES

 

See attributes(5) for descriptions of the following attributes.

Attribute TypesAttribute Values
AvailabilitySUNWSMSop
Interface StabilityEvolving

SEE ALSO

 

mand(1m), ndd(1m), rsh(1), scp(1),ssh(1)

SMS 1.4Go To TopLast Changed 06 October 2003
Company Info   |   Contact   |   Copyright 2003 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 USA. All rights reserved.