Monday, December 5, 2022

Boot AIX lpar from single user mode to multiuser

Boot a AIX lpar which was stuck in single user mode. AIX admin unable to access over network using ip address and cyyberark

Solution: Tried to access using nim jump server, putty and cyyberark but throwing network connection timeout, do decided to access from HMC console and found its stuck at single user mode.

Thanks!!!!
:)
Happy reading

LDAP user authentication issue on AIX LDAP client

Login issue for multiple LDAP users on AIX client server.

Hello all, 

Today I am going to discuss one incident where User on AIX server unable to switch to his home directory and when AIX admin tried to list user properties using lsuser command that command also not showing any details.


 #lsuser -R LDAP username 

Error message: 
3004-687 user abcd does not exist.

When did primary check found that this issue is on all LDAP client server.
 
Steps which AIX admin must perform to do troubleshooting are
  • Check whether NFS mounted LDAP mount point is mounted and healthy state . From this nfs mount point user home directory is accessible.
  • Make sure that slapd -server daemon and secldapclntd - Client Daemon active on LDAP server and LDAP client.
  • Also make sure that there is no CPU and memory bottleneck on this server.
✓checked and verify LDAP demon working on AIX LDAP server and client.using following command
.
#ps -eaf |grep -i slapd
#ps -eaf |grep -i secldapclntd
#ps -eaf |grep -i LDAP 

AIX LDAP  Server Daemon : slapd
 runs in LDAP server, processes the requests from LDAP client server

 #lsuser -R LDAP username // to disply LDAP user information 
secldapclntd - Client Daemon 

In case restart of client LDAP daemon need that achieved by using command:
# /usr/sbin/restart-secldapclntd

Below command will display ldapsever which is currently active.
#ls-secldapclntd
#ps -eaf |grep -i LDAP this will show running daemon process on AIX LDAP client and server.

Second thing which tried to verify is log file of LDAP on AIX LDAP server, here is the main breakthrough/clue we got.also we engaged database team and they saying that authentication denied error they getting when they tried to login, this information was sufficient to move towards solution. Also from AIX side IBM software support suggested to reset ldapdb2 user password.

Problem is ldapdb2 password was expired and that causing LDAP client requests are rejected.
Log file path for LDAP server where found ldapdb2 password expired 
----------------------------------
"db2cli.log" had following error message
"Sql30082N security processing failed with reason 1 password expired sqlstate=08001"


Also for this we got software support and they suggested to run command to reset password of ldapdb2 user.
Command for password reset on AIX ldap server
----------------------------------
#idscfgdb -l ldapdb2 -w <new password>

Here make sure that ibm slapd must be stopped when AIX admin execute this command.


✓Executed following command and took reboot of AIX LDAP server.
idscfgdb -l ldapdb2 -w <new password>

Also here forgot one thing that when thus issue occurred during that time our AIX patching team did pathcing and our first doubt was this caused because of this pathching, but main culprit was ldapdb2 password was expired. After password reset and AIX LDAP server reboot all AIX LDAP client able to access their home directory and switch to their account 


At the end we can conclude that there are following possible reasons for error "3004-687 user does not exist on LDAP client
1 check secldapclntd is active and running on AIX client.
2 Check whether NFS mounted LDAP mount point is mounted and healthy state
slapd
 runs in LDAP server, processes the requests from LDAP client server. Make sure it's active
4.Last important is ldapdb2 user password is not expired

Useful command while troubleshooting LDAP issue on AIX

#lsuser -R LDAP username 

#idscfgdb -l ldapdb2 -w <new password>.      Reset ldapdb2 password 

#ps -eaf |grep -i LDAP.       Display running LDAP process

# /usr/sbin/restart-secldapclntd.       Restart LDAP client demon

# /usr/sbin/start-secldapclntd    start LDAP client demon

# /usr/sbin/stop-secldapclntd          stop LDAP client demon


Thanks  :)
Happy Reading !!!!

Sunday, December 4, 2022

VCS freeze and unfreeze on AIX

VCS freeze and unfreeze on AIX
Thanks 
:)

Resource group switch and online and offline on AIX VCS cluster

Resource group switch and online and offline on AIX VCS cluster

Helpful command hagrp, hastatus.
Command usefull during DR .
Thanks
:)

Saturday, December 3, 2022

AIX HACMP script to monitor cluster resource group health

Shell script to monitor AIX cluster health

while true
do
clrginfo
lssrc -ls clstrmgrES |grep -i state
Sleep 5
done

It show RG status and cluster is in stable or not.

Thanks !!!
:)

How to access LPAR from HMC console

How To access AIX LPAR VIO inside power server frame using HMC command line console.

1.Login to HMC using IP address or FQDN
2. Enter following command

#vtmenu
1.powerframe1
2.powerframe2
3.powerframe3



This command will display all POWER frame connected to this HMC, enter number of a frame which you wanted to access.

3. if AIX admin wanted to see list of AIX LPAR and VIO inside powerframe6, he must enter number 6

output:

hscroot@hmc> vtmenu
 Retrieving name of managed system(s) . . . 

 ----------------------------------------------------------
  Managed Systems:
 ----------------------------------------------------------
1)powerframe1
2)powerframe2
3)powerframe3

 Enter Number of Managed System.   (q to quit): 1

 ----------------------------------------------------------
  Partitions On Managed System:  powerframe1
 ----------------------------------------------------------
   1)    lpar1                              Running
   2)    lpar2                              Running
   3)    lpar3                              Running
   4)    lpar4                              Running
   5)    lpar5                              Running

Enter user name : root
Enter password :XXXXXXXX

lpar1#

===============================================================

now AIX admin can access AIX LPAR using entering number. In this case AIX admin wanted to access
lpar1 so here he entered 1.

once entered AIX admin can login using root password.


AIX admin can exit from lpar1# console using following sequence of steps.
    
1.
lpar1# exit

once exited from # prompt,



IBM AIX LPAR 

login: ~.

Terminate session [y/n]: y



once AIX admin pressed yes it will exit AIX lpar1 session.

**AIX admin must press ~ first and then . to exit AIX lpar1 session.
~.  (tilt +dot)  //key combination

Thanks !!!!

:)






Add Alias IP address to AIX server ethernet interface using chdev command

 Hello All,

Today topic is Alias IP configuration on ethernet interface.

Scenario 1:

Alias IP configuration on en0 using chdev with permanent/temporary.


Command for assigning alias IP on en0 interface permanently is like following.

#chdev -l en0 -a alias4=192.168.0.100,255.255.255.0

This will add IP address 192.168.0.100 as Alias IP to en0 interface. AIX admin can verify this using command

#ifconfig -a 

Chdev command permanently set IP to interface en0. this alias IP address remain on AIX interface after reboot also.

    Let's consider scenario where AIX admin wanted to set IP address for temporary purpose, he can use following command 

#ifconfig en0 192.168.1.3 netmask 255.255.255.0 alias


Scenario 2:

If AIX admin wanted to remove that alias IP, how he can remove that??

Answer:

Remove a permanently added alias from an interface

chdev -l en0 -a delalias4=192.168.1.3,255.255.255.0


Another useful command for adding default route on AIX server

#route add default 192.168.1.1


Here I am sharing small script to check whether AIX server ethernet interface are pingable or not

============================================================

for i in `ifconfig -a |grep -i inet |awk '{print $2}'`

do

echo $i

ping -c 10  $i

done


Above script will ping to IP address assigned to interface, if they up and active will get ping response.



Thanks!!!!
:)






Friday, December 2, 2022

Execute AIX mksysb in background with nohup utility

 Hello All,

Today i am writing this blog to show how AIX Admin can Execute AIX mksysb backup using "nohup" utility and monitor logs using tail command.


                        AIX Mksysb                                 


This method is usefull to get logs of AIX mksysb backup command

#nohup mksysb -ieX /backup/Aixlpar.mksysb &

Above command will generate 1 process id and run this command in background, also create nohup.out file,where all logs for above command will logged. If above mksysb backup command fails,AIX admin can review nohup.out file and take correct action to solve issue.


Command to monitor logs in "nohup.out"   // nohup.out will genrate in same path from where AIX admin executed mksysb command.

#tail -f nohup.out

Some other useful command for taking AIX server mksysb backup are :

Create a mksysb backup of the rootvg volume group

 #mksysb -i /mnt/Aixlpar.mksysb.`hostname`_`date +%m%d%y`

Above command will create backup with servername and time,date and year format.


Thanks !!!

:)