Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-1462071.1
Update Date:2012-06-08
Keywords:

Solution Type  Problem Resolution Sure

Solution  1462071.1 :   Sun Storage 7000 Unified Storage System: System log fills up with errors like "sshd[27261]: [ID 587833 auth.error] passwdutil.so: can't get domain" and takes a long time to view in BUI or CLI  


Related Items
  • Sun Storage 7310 Unified Storage System
  •  
  • Sun Storage 7410 Unified Storage System
  •  
  • Sun ZFS Storage 7120
  •  
  • Sun Storage 7110 Unified Storage System
  •  
  • Sun ZFS Storage 7320
  •  
  • Sun ZFS Storage 7420
  •  
  • Sun Storage 7210 Unified Storage System
  •  
Related Categories
  • PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
  •  




In this Document
Symptoms
Cause
Solution
References


Created from <SR 3-5333797611>

Applies to:

Sun Storage 7310 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7110 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7210 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7410 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7120 - Version Not Applicable to Not Applicable [Release N/A]
7000 Appliance OS (Fishworks)

Symptoms

The system log from either the BUI or CLI takes many minutes to load up the log on screen, the system log is filled up with errors like

Feb 16 12:37:53 s7000 sshd[27261]: [ID 587833 auth.error] passwdutil.so: can't get domain
Feb 16 12:37:58 s7000 sshd[27266]: [ID 587833 auth.error] passwdutil.so: can't get domain

From a support bundle these errors will be visible in the debug.sys and system.sys logs, both can be found in the logs directory of the bundle.

An error is added to the log every time ssh is used to try and log in as a particular directory user that has been added to the appliance as an admin user.

e.g.

A user "user1" is added to the appliance for administration purposes, the properties for the "user1" user are pulled from a directory service.

Cause

The error comes from NIS code but the NIS service may not necessarily be used for the directory service.

The cause of the problem is that when the user logs in via ssh the system tries to check for the NIS domain name, but if NIS is not the directory service the NIS domain name may not be set.

Solution

 <Bug 7168572> has been raised to prevent this error being raised if the NIS service is not enabled

There are two workarounds available:

1. Only ssh log in as user root.  This may require passwordless login via ssh being set up for root if automated scripts are being run via ssh where the password cannot be prompted for.

2. Add the domain name to the NIS service, there is no need to enable the NIS service - just configuring the domain name is enough.

 

s7000:> configuration services nis set domain=example.com

s7000:> configuration services nis show
Properties:
                      <status> = disabled
                        domain = example.com
                     broadcast = true
                     ypservers =

Once the domain is set the error will no longer appear.

References

@ <BUG:7168572> - SSH TO APPLIANCE CLI AS AN LDAP DIRECTORY USER ADDS ERRORS TO SYSTEM LOGS

Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback