GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Remote swlist fail/success on multi-homed host
Operating System - HP-UX
1847855
Members
2287
Online
104021
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2008 03:47 AM
09-17-2008 03:47 AM
Hi,
I'm tying down permissions (swacl) so that only the root user from a central system can run remote swlist etc. commands.
swlist -l bundle @ remotehost
I have two central servers I'm testing this from. One server works fine when the permissions are changed. The other does not. With further tests the permission granting/removing is working exactly as I require.
The issue is when running it from the multi-homed server. It is connected to two subnets:
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lan1 1500 192.11.16.0 192.11.16.22 32774 0 301669 0 0
lan0 1500 192.11.15.0 192.11.15.22 3693830 0 7649878 0 0
lo0 4136 127.0.0.0 127.0.0.1 72859 0 72859 0 0
Destination Gateway Flags Refs Interface Pmtu
127.0.0.1 127.0.0.1 UH 0 lo0 4136
192.11.16.22 192.11.16.22 UH 0 lan1 4136
192.11.15.22 192.11.15.22 UH 0 lan0 4136
192.11.16.0 192.11.16.22 U 2 lan1 1500
192.11.15.0 192.11.15.22 U 2 lan0 1500
127.0.0.0 127.0.0.1 U 0 lo0 0
default 192.11.15.1 UG 0 lan0 0
Both servers work all the time to hosts on the x.x.15.x LAN, whereas only the single NIC server will work to hosts on the x.x.16.x LAN (even though it is not directly connected to that LAN). On the multi-homed host the command will always return an error saying you don't have the required permissions, yet I know they are set correctly. If I take down lan1 on the MH system, the command will work fine. So I'm now stuck at the point thinking there is some issue with the multi-homed setup of this host, routing etc..
Any suggestions?
Thanks
I'm tying down permissions (swacl) so that only the root user from a central system can run remote swlist etc. commands.
swlist -l bundle @ remotehost
I have two central servers I'm testing this from. One server works fine when the permissions are changed. The other does not. With further tests the permission granting/removing is working exactly as I require.
The issue is when running it from the multi-homed server. It is connected to two subnets:
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lan1 1500 192.11.16.0 192.11.16.22 32774 0 301669 0 0
lan0 1500 192.11.15.0 192.11.15.22 3693830 0 7649878 0 0
lo0 4136 127.0.0.0 127.0.0.1 72859 0 72859 0 0
Destination Gateway Flags Refs Interface Pmtu
127.0.0.1 127.0.0.1 UH 0 lo0 4136
192.11.16.22 192.11.16.22 UH 0 lan1 4136
192.11.15.22 192.11.15.22 UH 0 lan0 4136
192.11.16.0 192.11.16.22 U 2 lan1 1500
192.11.15.0 192.11.15.22 U 2 lan0 1500
127.0.0.0 127.0.0.1 U 0 lo0 0
default 192.11.15.1 UG 0 lan0 0
Both servers work all the time to hosts on the x.x.15.x LAN, whereas only the single NIC server will work to hosts on the x.x.16.x LAN (even though it is not directly connected to that LAN). On the multi-homed host the command will always return an error saying you don't have the required permissions, yet I know they are set correctly. If I take down lan1 on the MH system, the command will work fine. So I'm now stuck at the point thinking there is some issue with the multi-homed setup of this host, routing etc..
Any suggestions?
Thanks
Solved! Go to Solution.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2008 08:37 AM
09-17-2008 08:37 AM
Solution
I figured swacls would be involved...
First check /var/adm/sw/swagentd.log and verify what system SD believes is trying to connect. If you forgot an alias add that in. If the host is one already included in your swacl try adding the explicit set of IPs being used as well.
First check /var/adm/sw/swagentd.log and verify what system SD believes is trying to connect. If you forgot an alias add that in. If the host is one already included in your swacl try adding the explicit set of IPs being used as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2008 10:29 AM
09-17-2008 10:29 AM
Re: Remote swlist fail/success on multi-homed host
the hostname will always resolve the the first one listed in /etc/hosts
can you create the acl using an IP address for the other lan ?
If not switch the two around in the host file, or lock in the lan you intend to use.
Multihomed hosts have these problems. You may not be able to have it both ways.
can you create the acl using an IP address for the other lan ?
If not switch the two around in the host file, or lock in the lan you intend to use.
Multihomed hosts have these problems. You may not be able to have it both ways.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2008 09:11 AM
10-06-2008 09:11 AM
Re: Remote swlist fail/success on multi-homed host
Tim/Bob cheers for the input.
I removed all entries from hosts. Both addresses could be resolved using DNS.
I now have swacl entries for both addresses of the central server on the client and it works fine.
So, even though the client on one subnet, can contact the central server on either of its subnet addresses - if the system is available on the local subnet it insists on using that (as demonstrated by me downing the 2nd LAN on the central server and it then working ok without additional swacl entries).
I guess the ip_strong_es_model variable may be at the bottom of all this.
I removed all entries from hosts. Both addresses could be resolved using DNS.
I now have swacl entries for both addresses of the central server on the client and it works fine.
So, even though the client on one subnet, can contact the central server on either of its subnet addresses - if the system is available on the local subnet it insists on using that (as demonstrated by me downing the 2nd LAN on the central server and it then working ok without additional swacl entries).
I guess the ip_strong_es_model variable may be at the bottom of all this.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2026 Hewlett Packard Enterprise Development LP