Please take note of the following known problems and workarounds when installing UnixWare 7.1.3 Update Pack 4 or UnixWare 7.1.4:
xAPIC support was designed for IBM x440 systems. On some platforms, such as the IBM xSeries 360 (x360), the OS detects it should use xAPIC but the platform does not properly support it. If this happens, the symptoms are device timeouts (either a disk driver or HBA) very early during the boot process. The system will display a message stating that an HBA or disk command has timed out, and the system will become unresponsive (hang). If you are using a Multi-Processing (MP) system with Pentium 4 (Xeon) processors and this occurs do the following:
Reset the system.
When the system displays the UnixWare logo during the boot sequence, interrupt the boot by pressing any key.
At the boot prompt enter:
USE_XAPIC=N boot
The system should now boot normally.
Once the system is running, edit /stand/boot and add the following entry to the file:
USE_XAPIC=N
This will ensure that you do not need to interrupt the boot process again.
A new dlpi driver tuneable in /etc/conf/pack.d/dlpi/space.c allows the administrator to turn off MAC header size prediction, which causes problems on IBM SNA Gateway systems:
int mac_header_size = 0;
This variable can be set as follows:
| 0 (default) | the kernel discovers the optimal MAC header size |
| less than 0 | disable MAC header size prediction optimization |
| greater than 0 | use the MAC header size specified in the space.c file |
To disable MAC header size prediction, edit /etc/conf/pack.d/dlpi/space.c and change the value of
mac_header_size to -1.
Then enter the following commands to rebuild the kernel and reboot:
# idbuild -M dlpi # shutdown -i6 -g0 -y
The mac_header_size tuneable is installed with the nics package.
527969
If you are installing UnixWare 7.1.4 for the first time on an IBM xSeries Server with devices in an attached IBM RXE-100 Remote I/O Expansion Enclosure, you must enter a boot paramater for the devices in the RXE-100 to be recognized. As the UnixWare installation program boots, it displays the Unixware logo. When you see the logo, press the Spacebar to interrupt the program. When the [boot] prompt appears, enter the following two commands:
[boot] psm=mps [boot] boot
Your system will then continue to boot. Continue the installation normally.
Notices like the following may appear in /var/adm/syslog and /var/adm/log/osmlog after installation of the Update Pack:
Jan 30 11:47:40 systemname sco_pmd[884]: license [nnnnnnnnn/167/1.0] missing dependent product [xxx/8.0]
These messages are a consequence of the license upgrade process and can be safely ignored. Enter the following commands, as root, to remove the offending license from the license database and refresh the Policy Manager Daemon (sco_pmd):
/etc/brand -r nnnnnnnnn /etc/sco_pmd -r
Where nnnnnnnnn is copied from the notices in the system logs, as shown in the example above. Once the brand command is run as shown and sco_pmd is restarted, these notices will no longer be generated in the system logs.
You may see the following error during installation of the OpenSSH (openssh) package:
##Executing postinstall script. dynamic linker: /usr/sbin/sshd: could not open libcrypto.so.0.9.7 Killed /etc/init.d/opensshd: Error 137 starting /usr/sbin/sshd....Bailing.
Or, you may see the following errors when running OpenSSH commands after installation:
dynamic linker: /usr/bin/ssh-keygen: binder error: symbol not found: OPENSSL_add_all_algorithms_noconf; referenced from: /usr/bin/ssh-keygen Killed dynamic linker: /usr/bin/ssh-keygen: binder error: symbol not found: OPENSSL_add_all_algorithms_noconf; referenced from: /usr/bin/ssh-keygen Killed dynamic linker: /usr/bin/ssh-keygen: binder error: symbol not found: OPENSSL_add_all_algorithms_noconf; referenced from: /usr/bin/ssh-keygen Killed OpenSSL version mismatch. Built against 90703f, you have 90607f /etc/init.d/opensshd: Error 255 starting /usr/sbin/sshd... bailing.
These messages indicates that the OpenSSL (openssl) package is either not installed, or the installed
version of OpenSSL is an earlier version than the one required by OpenSSH.
To fix this, install the latest openssl package (from the same media on which you found
openssh) and then re-install openssh.
527982 528971
Although the Upgrade Wizard will display a warning about insufficient disk space when selecting packages, it may fail to automatically select all packages for update without displaying a warning. If the summary of packages automatically selected to be installed is incomplete due to insufficient disk space, use the work-around below to abort the Upgrade Wizard:
# ps -af | grep uli
root 3672 2721 TS 80 0 13:23:58 pts/15 0:00 /usr/lib/uli/framework/w
izardFW /usr/lib/uli/wizard/ULIWZD
# kill -9 3672
# rm -f /tmp/uli.lck
The kill command takes as its argument the Process ID (PID) of the uli process returned by the ps command, as shown.
After terminating the uli process, and freeing space on your hard disk, restart the Upgrade Wizard.
When launching the Upgrde Wizard using the uli command from a desktop window, the Upgrade Wizard
may exit unexpectedly if you press the space bar a few times while it is loading.
To work around this, re-run the Upgrade Wizard.
527905
If you use the Upgrade Wizard (uli) to install, and you see the message
Incorrect media detected, you are using the incorrect version of the Upgrade Wizard
for the media you are trying to install.
Exit the Upgrade Wizard, and load the uli package from the Update Pack media you are
attempting to install, following the directions in the section
Installation Procedures.
If the Upgrade Wizard loses window focus after the Update Set is installed and it's not possible to select packages or activate window buttons using the mouse, either press the <Ctrl> key while clicking the mouse button, or re-start the window manager from the root window menu (click the right mouse button to see the menu).
During installation of the Update Pack on a system that was upgraded from a release prior to Release 7.1.3, warnings such as the following may be displayed:
UX:pkginstall: WARNING: /etc/conf/pack.d/msr/Driver.o <shared file is volatile> UX:pkginstall: WARNING: /etc/conf/pack.d/pcid/Driver.o <shared file is volatile> UX:pkginstall: WARNING: /etc/conf/pack.d/ppp/Driver.o <shared file is volatile> UX:pkginstall: WARNING: /etc/conf/pack.d/pppml/Driver.o <shared file is volatile> ...
The Warnings displayed on your system will depend on the originally installed release.
These Warnings are expected and can be safely ignored.
527406
After installation, you may see the following messages in /var/sadm/install/logs/uw713u4.out:
UX:removef: ERROR: attribute verification of
</usr/lib/locale/de/LC_MESSAGES/ifor.cat> failed
pathname does not exist
UX:removef: ERROR: attribute verification of
</usr/lib/locale/es/LC_MESSAGES/ifor.cat> failed
pathname does not exist
UX:removef: ERROR: attribute verification of
</usr/lib/locale/fr/LC_MESSAGES/ifor.cat> failed
pathname does not exist
UX:removef: ERROR: attribute verification of
</usr/lib/locale/ja/LC_MESSAGES/ifor.cat> failed
pathname does not exist
You may also see the following warnings in /var/sadm/install/logs/uw713u4.log:
UX:pkginstall: WARNING: /etc/conf/mdevice.d/mps <shared file is volatile> UX:pkginstall: WARNING: /usr/sbin/ifor_pmd <no longer a regular file>
These messages are expected and may be safely ignored.
528812
If you use the CDE desktop, the default Classic Mozilla theme may result in a color scheme that is unreadable when your graphics card is set to use 256 colors. To work around this, do one of the following:
Increase the number of colors used by the card to more than 256. Do this using the scoadmin video configuration manager.
Change the Mozilla theme to the modern theme. Open Mozilla, and select Edit > Preferences > Appearance > Themes from the menu. Choose the modern them, and select OK. A screen pops up, informing you that you need to restart Mozilla for the change to take effect. Click OK, and then restart Mozilla.
The default home page listed in the Edit > Preferences > Navigator window is http://www.caldera.com, even though the link points to The SCO Group, Inc., Web Site at http://www.sco.com. This is a legacy of previous releases of the system, and can be updated if desired.
The startup script for the OpenLDAP slapd daemon is missing, so slapd will not start on boot. To start slapd, enter the following command, as root:
/usr/libexec/slapd -u root -h 'ldap:/// ldaps:///' 2>/dev/null
You can also create a file named /etc/rc2.d/S99slapd, with the above contents, and slapd will start automatically on reboots. For further information on slapd, see the slapd(8C) manual page and the OpenLDAP documentation under Networking in the online documentation on http://localhost:8458.
Problems have been observed with the DocView (http://hostname:8458) PRINT BOOK facility:
Some files do not print when selected from the PRINT BOOK list, or the incorrect content is printed instead. This occurs in C and non-C locales.
Multibyte files cannot be printed (this includes, for example, Japanese-language documentation from the jabasedoc package on the Localized Documentation CD in the UnixWare Media Kit) from the PRINT BOOK list. This is because the underlying engine in DocView for printing HTML (HTMLDOC) does not support multibyte files.
Some documents are not being printed in foreign languages when locale is properly selected and the foreign-language documentation is installed.
The workaround in all these cases is to display the files individually from the DocView SITE MAP interface (which is identical to the PRINT BOOK list), and use your browser's Print command to print the files.
For example, if you use the PRINT BOOK interface to print a New Features file
and it does not work, click on the SITE MAP button on the DocView menu (http://hostname:8458) and
select the name of the link that you wanted to print (the SITE MAP and PRINT BOOK lists are identical).
Once the document is loaded into the browser, print it using your browser's
Print command (File > Print in Netscape) to print to a local printer or
to a file.
The formats available depend on your local browser's setup.
527817
If you are installing the OpenServer Kernel Personality (OKP) product on top of the Upgrade Pack, do not add the OKP License to the License Manager before beginning installation of OKP. Instead, add the license during installation of OKP, as described in the OKP Release Notes. If you do add an OKP License to the License Manager before the OKP product is installed, the License Manager may report the following when you install the license:
Licensing of <Unknown Product with id 181> is successfully completed
Thereafter, the main License Manager screen may list the OKP license incorrectly, as follows:
Unknown Product with id 181
If this occurs, you should remove the OKP license
(License > Remove in the License Manager menu) and then add it again (License > Add).
The License Manager will then display the license correctly.
528252
Removing the vxva package (VERITAS ODM Visual Administrator) from the system causes the scoadmin account graphical account manager to fail with these messages:
Unable to retrieve locales Unable to get initial list of users
The problem is caused by symbolic links left behind by the removal of the vxva package. To fix the problem, remove the links by entering the following commands (as root):
rm /usr/lib/locale/C/LC_MESSAGES/Vxva_inst /usr/lib/locale/C/LC_MESSAGES/Vxva_msgs
The PostgreSQL installation creates a postgres user if one does not already exist on the system. The postgres user is automatically configured with root's password. The script /etc/init.d/postgresql can be used to automatically start the PostgreSQL postmaster binary running as this user. The postgres user's password can be modified using the passwd(1) program.
The samba package (Samba 3.0) does not contain a sample /usr/lib/samba/lib/smb.conf; Samba will not start without one. If you already have an earlier version of Samba installed, your existing smb.conf file will not be altered, and Samba should start normally. If you are installing Samba for the first time, copy the file provided in Appendix A below to /usr/lib/samba/lib/smb.conf, and to /usr/lib/samba/lib/smb.conf.sample as a backup copy. You can then edit smb.conf for your configuration.
Another alternative is to launch the Samba Web Administration Tool (SWAT) utility (/usr/lib/samba/sbin/swat) and use the web interface to create an initial smb.conf.
Note: if you use SWAT to configure Samba, SWAT overwrites /usr/lib/samba/lib/smb.conf with a version it creates from your specifications in the web interface. This will lose any customizations you make to a manually edited version. It is therefore important to keep a back-up copy of any manual edits you make to smb.conf.
When starting smbd or smbclient, warnings like the example below are displayed: for smbd in /var/adm/syslog, and for smbclient to standard out.
[2004/02/23 10:52:17, 0] lib/charcnv.c:(134) Conversion from UTF8 to CP850 not supported
These warnings can be safely ignored; both smbd and smbclient should startup after these messages are displayed.
CGI.pm is a Perl module (contained in the perl5 package available from the base UnixWare media) that provides function calls for form definition. There is a vulnerability present in forms created with the start_form() and start_multipart_form() functions defined in CGI.pm. If the action for the form is left unspecified in a call to either function, the form action can be manipulated by a malicious user (using an appropriate URL) to launch a cross site scripting attack against the host system.
If you use the CGI.pm module in any Perl programs, it is recommended that you install the
perl and perlmods packages, available
on the SCO Web Services Enabling CD.
The perlmods package contains an updated CGI.pm module that closes this vulnerability.
528214
The squid manual page installed by the squid package contains a number of errors:
The Squid proxy server control script is located at /etc/init.d/squid.
The Squid software is located under /usr/lib/squid.
To start up Squid, the Domain Name Service (DNS) daemon in.named(1M) must already be running, and Squid must be able to reach at least one of the specified DNS servers; otherwise, it will not start. Follow this procedure to configure and begin using Squid:
Edit the file /usr/lib/squid/etc/squid.conf, and make the following changes:
visible_hostname keyword, and insert a line like the following:
visible_hostname nodename
where nodename is the name you want returned by the server to clients in messages.
Enable access for your clients.
This is done with a combination of the http_access and acl keywords (search for
http_access keyword; the acl section is just above it in the file).
To simply allow all hosts to access squid, enter a single http_access statement:
http_access allow all
Most sites will want better security, and allow only known sites to access the proxy. The following two statements allow only hosts on the "10.0.0" subnet to access the server:
acl local 10.0.0.0/255.255.255.0 http_access allow local
Note that the ordering of http_access entries in the squid.conf file is important.
You may need to put entries for local clients at the top of the list of http_access entries
in order for them to work.
See the comments in the file /usr/lib/squid/etc/squid.conf as well as the Squid documentation installed along with the squid package, in the online documentation under Internet and Intranet, for more information on configuring Squid.
Enter, as root:
/usr/lib/squid/bin/squid -z
to initialize the Squid caches.
Start Squid:
/etc/init.d/squid start
On each client (including the local system), set the browser's preferences to go to the proxy server instead of connecting directly to the internet. In Netscape or Mozilla, this is done by opening the browser Preferences (Edit > Preferences) and selecting Advanced > Proxies. Select Manual Configuration, and click on View. In the following window, set at least the http: and ftp: entries to point to the nodename or IP address of the UnixWare system running the Squid proxy server; then, set the port for both entries to 3128, the default port on which the UnixWare Squid server listens for requests. Save your changes to the browser's Preferences.
The browser will now access the internet through the Squid proxy. Check the files under /usr/lib/squid/logs if you encounter problems.
# This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not many any basic syntactic errors. # #======================= Global Settings ===================================== [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = MYGROUP # server string is the equivalent of the NT Description field server string = Samba Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = lpstat load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = sysv # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /usr/lib/samba/var/log.%m # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server ; password server = NT-Server-Name # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 ; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents ; encrypt passwords = yes ; smb passwd file = /etc/smbpasswd # The following are needed to allow password changing from Windows to # update the Linux sytsem password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only # the encrypted SMB passwords. They allow the Unix password # to be kept in sync with the SMB password. ; unix password sync = Yes ; passwd program = /usr/bin/passwd %u ; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # Unix users can map to different SMB User names ; username map = /etc/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) ; remote browse sync = 192.168.3.25 192.168.5.255 # Cause this host to announce itself to local subnets here ; remote announce = 192.168.1.255 192.168.2.44 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply ; local master = no # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable ; os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job ; domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election ; preferred master = yes # Use only if you have an NT server on your network that has been # configured at install time to be a primary domain controller. ; domain controller = NT-Domain-Controller-SMBName # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. ; domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U # All NetBIOS names must be resolved to IP Addresses # 'Name Resolve Order' allows the named resolution mechanism to be specified # the default order is "host lmhosts wins bcast". "host" means use the unix # system gethostbyname() function call that will use either /etc/hosts OR # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf # and the /etc/resolv.conf file. "host" therefore is system configuration # dependant. This parameter is most often of use to prevent DNS lookups # in order to resolve NetBIOS names to IP Addresses. Use with care! # The example below excludes use of name resolution for machines that are NOT # on the local network segment # - OR - are not deliberately to be known via lmhosts or via WINS. ; name resolve order = wins lmhosts bcast # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server ; wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no # Case Preservation can be handy - system default is _no_ # NOTE: These can be set on a per share basis ; preserve case = no ; short preserve case = no # Default case is normally upper case for all DOS files ; default case = lower # Be very careful with case sensitivity - it can break things! ; case sensitive = no #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes # Un-comment the following and create the netlogon directory for Domain Logons ; [netlogon] ; comment = Network Logon Service ; path = /home/netlogon ; guest ok = yes ; writable = no ; share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ;[Profiles] ; path = /home/profiles ; browseable = no ; guest ok = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes # This one is useful for people to share files ;[tmp] ; comment = Temporary file space ; path = /tmp ; read only = no ; public = yes # A publicly accessible directory, but read only, except for people in # the "staff" group ;[public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = @staff # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; writable = no ; printable = yes # A private directory, usable only by fred. Note that fred requires write # access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %u option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writable = yes # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765
© Copyright 2004 The SCO Group, Inc. All rights reserved.