24.846 bytes

Service Hints & Tips

Document ID: ROSN-42ZN7N

Network Station - Solving problems using RSH to start AIX applications

Applicable to: World-Wide

When IBM Network Station Manager is used to create a Remote Program item to either start up on log in, or to start from the user task bar, the application is started by using the remote shell command or RSH. When the application server is AIX there are a number of things that must be set up on the server before this process will work right. This document describes how to determine the problems when the Network Station Manager setup does not give a successful start of application on AIX to display on the Network Station.

AIX setup for rsh

When setting up AIX to run applications started from the Network Station, a few rules must be followed:

A user must exist on AIX with the same name as the user logs into the Network station. The user name on AIX must be the exact same as the name typed in the login screen on the Network Station. This includes case sensitivity.

The AIX system administrator must have given the Network Station authority to run applications for the specified user. This can be done in the user's .RHOSTS file, or can be done globally for the system in the /ETC/HOSTS.EQUIV file.
If you have any problems with permissions, one sure fire way to enable access is to add a single line to /ETC/HOSTS.EQUIV with two plus signs:

+ +

The user ID on the AIX system must have a password, and the user must have changed that password after it was assigned or changed by the system administrator.

The name server must be able to resolve the Network Station name from both the IP name and the IP dotted decimal address.

The display variable must be set to the Network Station to enable the AIX application to be seen on the Network Station. This is set automatically with the current RSH from the taskbar.

The application must be able to display using the X protocol. Non X-based applications may be started using the "-e" extension to AIXterm, but these applications must not be started in the background.

The Network Station must give permissions for the AIX application to display. This is equivalent to adding the RS/6000 to the Network Station xserver-access-control-list or setting xserver-access-control-enabled equal false.


When you use NSM to set up a remote application to start either at startup or from the user task bar, an item is added to one of the STARTUP.NSM files in the Network Station Manager directory. The location of this file depends on the server and whether the setup is for the entire system, for a group, or for a single user.

Why doesn't the application start?

There are a number of reasons that the application may not display on the Network Station when you click on the icon. This section will discuss some of the techniques for finding out why the application is not working as desired. Some of the techniques include:

Look in the Message Window.

Check user information.

Have domain names been assigned to the Network Stations?

Is RSH disabled on the system?

Use IPTRACE to see errors.


Using the Network Station User Console Message Window

The console message window on the Network Station is displayed when booting from the RS/6000 by pressing the Pause key and then clicking on the box labeled Messages.

The following message indicates that the RSH to host 9.19.129.12 was attempted, but failed. This does not tell much about why it failed, but it does indicate that it was done. To solve this problem, move to the other troubleshooting steps listed below.

Special Command Check, command = rsh
UserInit.c: Couldn't set up rsh connection to host 9.19.129.12

If the Network Station xserver access permissions are not set up right or with some name server problems, the message will show:

Special Command Check, command = rsh
rsh output = 1363-008 aixterm: Cannot make a connection to X server .

If the X server is not running, run the xinit command.
If the X server is running, check the specified display number.

A successful RSH will show like:

Special Command Check, command = rsh^M %XSERVER-I-NEWCLIENT, host "9.19.129.12" connected with blank authorization

In addition to error messages when the RSH session attempts to run, some of the configuration information will also be displayed in the window. For example:


Line 6: |RUN xhost tesch.aix.dfw.ibm.com|Line 6 after replacement: |RUN xhost tesch.aix.dfw.ibm.com| Special Command Check, command = xhost^M tesch.aix.dfw.ibm.com being added to access control list
Line 7: |MENUITEM "AIXTERM" rsh 9.19.129.12 aixterm|
Line 7 after replacement: |MENUITEM "AIXTERM" rsh 9.19.129.12 aixterm|



This indicates that indeed the Network Station was sent the command to add the button and the permissions were set to add 9.19.129.12 to the access control list. Notice that in this example the display variable was not set for the AIXterm command. The results of this are also shown in the IP trace information below and the X server is not running message above. The correct line would read:

Line 7 after replacement: |MENUITEM "AIXTERM" rsh 9.19.129.12 aixterm -display insv1:0.0|

Permission Problems

UNIX permission problems almost always have to do with the $HOME/.rhosts or /etc/hosts.equiv files.

Checking User Information

Look in the user's HOME directory. For the user joker, the default home directory is /home/joker. First look for the .RHOSTS file. For example, using the user joker type:

ls -l /home/joker/.rhosts

If the file does not exist, then the message that displays will be:

/home/joker/.rhosts not found

This means that the .RHOSTS file should be created, unless permissions have been extended for the entire system in the file /ETC/HOSTS.EQUIV.

The easiest setup, but the least secure is to add a line in /ETC/HOSTS.EQUIV with two plus signs separated by spaces:

+ +

If the file exists, check the permissions. For example, if you set up the file as root, the file might look like:

# ls -l /home/joker/.rhosts
-rw-r--r-- 1 root system 12 May 7 10:51 /home/joker/.rhosts

This will not work because the permissions are wrong. To correct this, type:

chown joker /home/joker/.rhosts
chmod 600 /home/joker/.rhosts

Has the user password been changed?

Many times administrators will create a new user and assign a password on AIX, but never really use the password. If you do not first login to the user ID and change the password, then you won't be able to rsh to this USERID. As root user, you can check this in /etc/security/passwd. If the flags show ADMCHG, then this hasn't been changed. You can simply delete the word and this should solve the problem:

Bad


kiosk1: password = 9IvqwPhJHHY1Y
lastupdate = 903987305
flags = ADMCHG




OK


kiosk1: password = 9IvqwPhJHHY1Y
lastupdate = 903987305
flags =



Is the User ID the same as the login ID?

The user ID on the UNIX system must be the same as the ACTLOGIN user ID on the Network Station.

Is the Network Station hostname assigned?

The Network Station must have a host name assigned via ether a DNS or by adding to the RS/6000 /etc/hosts file. This name must be unique. To see if the name is properly resolved use one of these tests replacing the ipaddress with the IP address of the Network Station, and ipname with the host name of the Network Station.

host ipaddress
host ipname
or
nslookup ipaddress
nslookup ipname

If both of these commands within each set do not return exactly the same information then you should work with your network administrator to resolve the problem.

Examples:


# nslookup insv1Server: wslkname.sl.dfw.ibm.com
Address: 9.19.141.242

Name: insv1.aix.dfw.ibm.comAddress: 9.19.129.161

# nslookup 9.19.129.161Server: wslkname.sl.dfw.ibm.com
Address: 9.19.141.242

Name: insv1.aix.dfw.ibm.comAddress: 9.19.129.161

# nslookup insv2Server: wslkname.sl.dfw.ibm.com
Address: 9.19.141.242

*** wslkname.sl.dfw.ibm.com can't find insv2:Non-existent host/domain

# host insv1 insv1.aix.dfw.ibm.com is 9.19.129.161 # host 9.19.129.161 insv1.aix.dfw.ibm.com is 9.19.129.161 # host insv2host: name insv2 NOT FOUND



Is rsh disabled on the system?

Some AIX system administrators turn off rshd for security reasons. If this is the case, you will not be able to implement the Network Station task button to start a command on AIX using rsh. If you are the system administrator and you want to see if rsh is enabled, use the following command:

grep rsh /etc/inetd.conf

If the response has a pound sign: (#) in the first column, then rsh has been disabled. Edit /etc/inetd.conf and remove the pound sign and then run the command:

refresh -s inetd

Using the AIX iptrace

The iptrace command must be run by the root user on AIX. This command captures all IP packets to and from the AIX system. To start the command use:

iptrace -a -b -s source_host -d dest_host trace.file

For example, between host redfox and network station insv1 use:

iptrace -a -b -s insv1 -d redfox joker.trace

Now click the button on the Network Station task bar to start the rsh session. Use ls -l joker.trace to see if the file increased in size:

# ls -l joker.trace
-rw-r--r-- 1 root system 1620 May 7 10:39 joker.trace

Next find the PID (process ID) of the iptrace:

# ps -ef | grep iptrace
root 21254 20514 1 10:41:47 pts/1 0:00 grep iptrace
root 21722 1 0 10:39:52 - 0:00 iptrace -a -b -s insv1 ...

In this example the process ID is 21722. Use this number to kill the iptrace process as follows:

# kill 21722

Use the ipformat command to convert the binary trace file to text:

# ipreport joker.trace > joker.report

Use vi to look at the file, or simply use the following grep command to just look at the messages.

# grep 0000 joker.report

error part shows:

00000000 01727368 643a2030 3832362d 38313320 |.rshd: 0826-813 |
00000010 5065726d 69737369 6f6e2069 73206465 |Permission is de|
00000020 6e696564 2e0a |nied.. |

This indicates that there are permission problems. Some of the possibilities are:

No /home/joker/.rhosts file
Wrong permissions on /home/joker/.rhosts file
Wrong format of /home/joker/.rhosts file
Wrong or missing information in /etc/hosts.equiv file

Another case where you might get an error is when the Network Station permissions have not been enabled for the RS/6000 to display X applications. Normally the Network Station Manager sets up this with a command in the startup.nsm file that runs the equivalent of the UNIX xhost + command. The line in startup.nsm will look like:

RUN xhost aixsrv1.cats.dfw.ibm.com
or
RUN xhost 9.45.12.224

This tells the network station to allow a specific host to display. If the network station does not recognize the host by that name, or if the RS/6000 reports itself as a different host name, then the connection will be refused and you will get a trace.report that shows:


# grep 0000 joker.report 00000000 31333633 2d303038 20616978 7465726d |1363-008 aixterm|
00000010 3a204361 6e6e6f74 206d616b 65206120 |: Cannot make a |
00000020 636f6e6e 65637469 6f6e2074 6f205820 |connection to X |
00000030 73657276 6572202e 0a094966 20746865 |server ...If the|
00000040 20582073 65727665 72206973 206e6f74 | X server is not|
00000050 2072756e 6e696e67 2c207275 6e207468 | running, run th|
00000060 65207869 6e697420 636f6d6d 616e642e |e xinit command.|
00000070 0a094966 20746865 20582073 65727665 |..If the X serve|
00000080 72206973 2072756e 6e696e67 2c206368 |r is running, ch|
00000090 65636b20 74686520 73706563 69666965 |eck the specifie|
000000a0 64206469 73706c61 79206e75 6d626572 |d display number|



This previous example was taken when the DISPLAY variable was not set right.

If the system administrator changes the users password, but the user does not log on and change the password before trying the rsh following may work.


00000000 6a6f6b65 72006a6f 6b657200 61697874 |joker.joker.aixt| 00000010 65726d20 2d646973 706c6179 20696e73 |erm -display ins|
00000020 76313a30 2e3000 |v1:0.0. |
00000000 01333030 342d3631 3020596f 75206172 |.3004-610 You ar|
00000010 65207265 71756972 65642074 6f206368 |e required to ch|
00000020 616e6765 20796f75 72207061 7373776f |ange your passwo|
00000030 72642e0a 09506c65 61736520 63686f6f |rd...Please choo|
00000040 73652061 206e6577 206f6e65 2e0a |se a new one.. |
00000000 01727368 643a2030 3832362d 38313320 |.rshd: 0826-813 |
00000010 5065726d 69737369 6f6e2069 73206465 |Permission is de|
00000020 6e696564 2e0a |nied.. |



This gives information on the problem, while the message window only showed:

Special Command Check, command = rsh
UserInit.c: Couldn't set up rsh connection to host 9.19.129.12

The information from iptrace may be different from that shown, but will often reflect the cause of the problem. These tools are available when troubleshooting rsh connections to the RS/6000 even though you have not booted the Network Station from the RS/6000.

Search Keywords

RS/6000, rsh, RSH, Network Station

Hint Category

3270 Emulation, 5250 Emulation, System Administration Tools

Date Created

10-12-98

Last Updated

10-05-99

Revision Date

14-11-99

Brand

Network Computers, IBM Network Station

Product Family

RS/6000 - Network Station

Machine Type

All, 8361, 8362

Model

All

TypeModel

Retain Tip (if applicable)

Reverse Doclinks
and Admin Purposes