System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

syslog: identd: remote owner request failed :

 
SOLVED
Go to solution
ostapvv
Trusted Contributor

syslog: identd: remote owner request failed :

Hello!
I Receiving every 1 minutes the following message in syslog.log:

syslog: identd: remote owner request failed : No such file or directory

B.11.31 U 9000/800
Can you help me?
Thanks.
10 REPLIES
Laurent Menase
Honored Contributor

Re: syslog: identd: remote owner request failed :

have you at least one xport patch? if none, then it can be due to that.

else it could be a peer which tries every ports to try to get some info.
you could try to get a network trace and match the one which matches with the time of syslog.

ostapvv
Trusted Contributor

Re: syslog: identd: remote owner request failed :

hi,
what is - one xport patch ?
Laurent Menase
Honored Contributor

Re: syslog: identd: remote owner request failed :

what /stand/vmunix |grep tcp
Bob_Vance
Esteemed Contributor

Re: syslog: identd: remote owner request failed :

I believe that he meant "xport" ~= "transport",
as in a patch:
PHNE_37395 cumulative ARPA Transport patch


IOW, have you patched network stuff up-to-date, lately.


bv
"The lyf so short, the craft so long to lerne." - Chaucer
Bob_Vance
Esteemed Contributor

Re: syslog: identd: remote owner request failed :

It's easy to use 'nettl'
to do a trace and see where these are coming from
(once you've devined how to do it the first time ;>)


Create filter file:
Pine4 ## echo 'filter tcp_dport 113' > /tmp/nf1

Start trace to screen:
Pine4 ## nettl -traceon 0x30800000 -e ns_ls_ip \
|netfmt -F -N -n -l -1 -c /tmp/nf1

---- SUBSYSTEM FILTERS IN EFFECT ---
...
--------- LAYER 4 -----------------
filter tcp_dport 113
--------- LAYER 5 -----------------
--------- END SUBSYSTEM FILTERS ---

here, 'nettl' is waiting for some matching packets (tcp on port 113)

Do a test ident connection from another system:
Pine3 ## telnet pine4 113
Connected to Pine4.wgl.com.
Escape character is '^]'.
type something:
TESTING
0 , 0 : ERROR : INVALID-PORT
Connection closed by foreign host.

back on the trace screen several output messages will appear:
IP 172.16.0.3.61083 > 172.16.0.4.113: [DF] S ...
...
left of > is source from IP 172.16.0.3 using random port.61083
right of > is target IP 172.16.0.4 to 113

ctl-C to kill the trace


bv
"The lyf so short, the craft so long to lerne." - Chaucer
Laurent Menase
Honored Contributor

Re: syslog: identd: remote owner request failed :

yes xport patch is transport/arpa patch
- sorry for the jargon-
if there is no patch at all installed on the system on 11.31, identd can't identify connection which come as ipv4 mapped to ipv6 addresses, with ipv4 address, so if the socket was a mapped one, it can't get it.
this was fixed in one of the first ARPA/xport patch of 11.31.

else if you want to used nettl filtering be sure to update nettl patch to the last version.
ostapvv
Trusted Contributor

Re: syslog: identd: remote owner request failed :

Thanks , but I have installed - HP-UX B.11.31.1009

but your recomendation patch to hp-ux 11.23
s700_800 11.23 cumulative ARPA Transport patch HP-UX: 11.23


/#what /stand/vmunix |grep tcp
$Revision: stcpmap: @(#) pa20_64-perf R11.31_BL2010_0327_1 PATCH_11.31 PHNE_41004
stcpmap.c $Date: 2009/01/30 15:30:35 $Revision: r11.31/7 PATCH_11.31 (PHNE_39203)
$Revision: tcp: @(#) pa20_64-perf R11.31_BL2010_0327_1 PATCH_11.31 PHNE_41004
tcp.c $Date: 2010/02/23 10:05:51 $Revision: r11.31/12 PATCH_11.31 (PHNE_41004)
$Revision: tcp6: B.11.31_LR
$Source: /project/unixvm-cvs/src/hp/kernel/vxvm/kmsg_tcp.c,v $ $Revision: 1.16.62.1.6.1 $
Laurent Menase
Honored Contributor
Solution

Re: syslog: identd: remote owner request failed :

so no problem like that one known
so you probably need to make a network trace and probably a tusc at the same time.

I think it is probable that HP support would be a good way to progress.
Bob_Vance
Esteemed Contributor

Re: syslog: identd: remote owner request failed :

Sorry about that.

I was just giving an example of a Transport Patch, not recommending which one to install.

Your patch is a Transport patch

11.31 cumulative ARPA Transport patch PHNE_41004


The latest is:

11.31 cumulative ARPA Transport patch PHNE_41714


I think that Laurent is saying that your patch, PHNE_41004, should have fixed the issue to which he was referring.


I still think that the trace would be interesting.



bv
"The lyf so short, the craft so long to lerne." - Chaucer
Laurent Menase
Honored Contributor

Re: syslog: identd: remote owner request failed :

yes trace + tusc at the same time


usually it means that the connection which iyou are querying for doesn't exist anymore,

can be due to a vulnerability scanners for instance.

A trace will give you indications on which 4ulp was looked for,