24.846 bytes |
Service Hints & Tips |
Document ID: ROSN-42ZN7N |
Network Station - Solving problems using RSH to start AIX applications
Applicable to: World-Wide
When IBM Network Station Manager is used to create a Remote Program item to either start up on log in, or to start from the user task bar, the application is started by using the remote shell command or RSH. When the application server is AIX there are a number of things that must be set up on the server before this process will work right. This document describes how to determine the problems when the Network Station Manager setup does not give a successful start of application on AIX to display on the Network Station.
AIX setup for rsh
When setting up AIX to run applications started from the Network Station, a few rules must be followed:
A user must exist on AIX with the same name as the user logs into the Network station. The user name on AIX must be the exact same as the name typed in the login screen on the Network Station. This includes case sensitivity. |
The AIX system administrator must have given the Network Station authority to run applications for the specified user. This can be done in the user's .RHOSTS file, or can be done globally for the system in the /ETC/HOSTS.EQUIV file. |
The user ID on the AIX system must have a password, and the user must have changed that password after it was assigned or changed by the system administrator. |
The name server must be able to resolve the Network Station name from both the IP name and the IP dotted decimal address. |
The display variable must be set to the Network Station to enable the AIX application to be seen on the Network Station. This is set automatically with the current RSH from the taskbar. |
The application must be able to display using the X protocol. Non X-based applications may be started using the "-e" extension to AIXterm, but these applications must not be started in the background. |
The Network Station must give permissions for the AIX application to display. This is equivalent to adding the RS/6000 to the Network Station xserver-access-control-list or setting xserver-access-control-enabled equal false. |
Look in the Message Window. |
Check user information. |
Have domain names been assigned to the Network Stations? |
Is RSH disabled on the system? |
Use IPTRACE to see errors. |
Using the Network Station User Console Message Window
The console message window on the Network Station is displayed when booting from the RS/6000 by pressing the Pause key and then clicking on the box labeled Messages.
The following message indicates that the RSH to host 9.19.129.12 was attempted, but failed. This does not tell much about why it failed, but it does indicate that it was done. To solve this problem, move to the other troubleshooting steps listed below.
Special Command Check, command = rsh
UserInit.c: Couldn't set up rsh connection to host 9.19.129.12
If the Network Station xserver access permissions are not set up right or with some name server problems, the message will show:
Special Command Check, command = rsh
rsh output = 1363-008 aixterm: Cannot make a connection to X server .
If the X server is not running, run the xinit command.
If the X server is running, check the specified display number.
A successful RSH will show like:
Special Command Check, command = rsh^M %XSERVER-I-NEWCLIENT, host "9.19.129.12" connected with blank authorization
In addition to error messages when the RSH session attempts to run, some of the configuration information will also be displayed in the window. For example:
Line 6: |RUN xhost tesch.aix.dfw.ibm.com|Line 6 after replacement: |RUN xhost tesch.aix.dfw.ibm.com| Special Command Check, command = xhost^M tesch.aix.dfw.ibm.com being added to access control list |
This indicates that indeed the Network Station was sent the command to add the button and the permissions were set to add 9.19.129.12 to the access control list. Notice that in this example the display variable was not set for the AIXterm command. The results of this are also shown in the IP trace information below and the X server is not running message above. The correct line would read:
Line 7 after replacement: |MENUITEM "AIXTERM" rsh 9.19.129.12 aixterm -display insv1:0.0|
Permission Problems
UNIX permission problems almost always have to do with the $HOME/.rhosts or /etc/hosts.equiv files.
Checking User Information
Look in the user's HOME directory. For the user joker, the default home directory is /home/joker. First look for the .RHOSTS file. For example, using the user joker type:
ls -l /home/joker/.rhosts
If the file does not exist, then the message that displays will be:
/home/joker/.rhosts not found
This means that the .RHOSTS file should be created, unless permissions have been extended for the entire system in the file /ETC/HOSTS.EQUIV.
The easiest setup, but the least secure is to add a line in /ETC/HOSTS.EQUIV with two plus signs separated by spaces:
+ +
If the file exists, check the permissions. For example, if you set up the file as root, the file might look like:
# ls -l /home/joker/.rhosts
-rw-r--r-- 1 root system 12 May 7 10:51 /home/joker/.rhosts
This will not work because the permissions are wrong. To correct this, type:
chown joker /home/joker/.rhosts
chmod 600 /home/joker/.rhosts
Has the user password been changed?
Many times administrators will create a new user and assign a password on AIX, but never really use the password. If you do not first login to the user ID and change the password, then you won't be able to rsh to this USERID. As root user, you can check this in /etc/security/passwd. If the flags show ADMCHG, then this hasn't been changed. You can simply delete the word and this should solve the problem:
Bad
kiosk1: password = 9IvqwPhJHHY1Y |
OK
kiosk1: password = 9IvqwPhJHHY1Y |
Is the User ID the same as the login ID?
The user ID on the UNIX system must be the same as the ACTLOGIN user ID on the Network Station.
Is the Network Station hostname assigned?
The Network Station must have a host name assigned via ether a DNS or by adding to the RS/6000 /etc/hosts file. This name must be unique. To see if the name is properly resolved use one of these tests replacing the ipaddress with the IP address of the Network Station, and ipname with the host name of the Network Station.
host ipaddress
host ipname
or
nslookup ipaddress
nslookup ipname
If both of these commands within each set do not return exactly the same information then you should work with your network administrator to resolve the problem.
Examples:
# nslookup insv1Server: wslkname.sl.dfw.ibm.com |
Name: insv1.aix.dfw.ibm.comAddress: 9.19.129.161 |
# nslookup 9.19.129.161Server: wslkname.sl.dfw.ibm.com |
Name: insv1.aix.dfw.ibm.comAddress: 9.19.129.161 |
# nslookup insv2Server: wslkname.sl.dfw.ibm.com |
*** wslkname.sl.dfw.ibm.com can't find insv2:Non-existent host/domain |
# host insv1 insv1.aix.dfw.ibm.com is 9.19.129.161 # host 9.19.129.161 insv1.aix.dfw.ibm.com is 9.19.129.161 # host insv2host: name insv2 NOT FOUND |
Is rsh disabled on the system?
Some AIX system administrators turn off rshd for security reasons. If this is the case, you will not be able to implement the Network Station task button to start a command on AIX using rsh. If you are the system administrator and you want to see if rsh is enabled, use the following command:
grep rsh /etc/inetd.conf
If the response has a pound sign: (#) in the first column, then rsh has been disabled. Edit /etc/inetd.conf and remove the pound sign and then run the command:
refresh -s inetd
Using the AIX iptrace
The iptrace command must be run by the root user on AIX. This command captures all IP packets to and from the AIX system. To start the command use:
iptrace -a -b -s source_host -d dest_host trace.file
For example, between host redfox and network station insv1 use:
iptrace -a -b -s insv1 -d redfox joker.trace
Now click the button on the Network Station task bar to start the rsh session. Use ls -l joker.trace to see if the file increased in size:
# ls -l joker.trace
-rw-r--r-- 1 root system 1620 May 7 10:39 joker.trace
Next find the PID (process ID) of the iptrace:
# ps -ef | grep iptrace
root 21254 20514 1 10:41:47 pts/1 0:00 grep iptrace
root 21722 1 0 10:39:52 - 0:00 iptrace -a -b -s insv1 ...
In this example the process ID is 21722. Use this number to kill the iptrace process as follows:
# kill 21722
Use the ipformat command to convert the binary trace file to text:
# ipreport joker.trace > joker.report
Use vi to look at the file, or simply use the following grep command to just look at the messages.
# grep 0000 joker.report
error part shows:
00000000 01727368 643a2030 3832362d 38313320 |.rshd: 0826-813 |
00000010 5065726d 69737369 6f6e2069 73206465 |Permission is de|
00000020 6e696564 2e0a |nied.. |
This indicates that there are permission problems. Some of the possibilities are:
No /home/joker/.rhosts file
Wrong permissions on /home/joker/.rhosts file
Wrong format of /home/joker/.rhosts file
Wrong or missing information in /etc/hosts.equiv file
Another case where you might get an error is when the Network Station permissions have not been enabled for the RS/6000 to display X applications. Normally the Network Station Manager sets up this with a command in the startup.nsm file that runs the equivalent of the UNIX xhost + command. The line in startup.nsm will look like:
RUN xhost aixsrv1.cats.dfw.ibm.com
or
RUN xhost 9.45.12.224
This tells the network station to allow a specific host to display. If the network station does not recognize the host by that name, or if the RS/6000 reports itself as a different host name, then the connection will be refused and you will get a trace.report that shows:
# grep 0000 joker.report 00000000 31333633 2d303038 20616978 7465726d |1363-008 aixterm| |
This previous example was taken when the DISPLAY variable was not set right.
If the system administrator changes the users password, but the user does not log on and change the password before trying the rsh following may work.
00000000 6a6f6b65 72006a6f 6b657200 61697874 |joker.joker.aixt| 00000010 65726d20 2d646973 706c6179 20696e73 |erm -display ins| |
This gives information on the problem, while the message window only showed:
Special Command Check, command = rsh
UserInit.c: Couldn't set up rsh connection to host 9.19.129.12
The information from iptrace may be different from that shown, but will often reflect the cause of the problem. These tools are available when troubleshooting rsh connections to the RS/6000 even though you have not booted the Network Station from the RS/6000.
Search Keywords |
RS/6000, rsh, RSH, Network Station | |
Hint Category |
3270 Emulation, 5250 Emulation, System Administration Tools | |
Date Created |
10-12-98 | |
Last Updated |
10-05-99 | |
Revision Date |
14-11-99 | |
Brand |
Network Computers, IBM Network Station | |
Product Family |
RS/6000 - Network Station | |
Machine Type |
All, 8361, 8362 | |
Model |
All | |
TypeModel |
| |
Retain Tip (if applicable) |
| |
Reverse Doclinks |