Category: CA

Stopping and Starting eTrust Access Control

To stop eTrust Access Control, use secons -s

root@solaris:/ # /usr/seos/bin/secons -s
eTrust secons v5.30 (5.30) – Console Utility
Copyright 2003 Computer Associates International, Inc.
eTrust is now DOWN !!!

To start it, use seload

root@solaris:/ # /usr/seos/bin/seload
eTrust seload v5.30 (5.30) – Loader Utility
Copyright 2003 Computer Associates International, Inc.
eTrust kernel extension is already loaded.
Starting eTrust daemon. (/usr/seos/bin/seosd)
18 Jul 2010 11:59:48> WAKE_UP : Server going up
18 Jul 2010 11:59:48> INFO : Filter Mask: ‘WATCHDOG*’ is registered
18 Jul 2010 11:59:48> INFO : Filter Mask: ‘INFO : Setting PV*’ is registered
18 Jul 2010 11:59:48> INFO : Filter Mask: ‘INFO : DB*’ is registered
18 Jul 2010 11:59:48> INFO : Filter Mask: ‘*seosd.trace*’ is registered
18 Jul 2010 11:59:48> INFO : Filter Mask: ‘*FILE*secons*(*/log/*)*’ is registered
Starting seosd. PID = 8115.
Starting seagent. PID = 8117
Starting seoswd. PID = 8137
seagent: Loading database image…
Executing [daemons] command: /usr/seos/bin/serevu
seagent: Initialization phase completed
Starting serevu. PID = 8141
serevu: Multiple instances of serevu are not allowed.

CA BrightStor ARCserve Backup – User not validated in the authentication server

To check the backup jobs on CA ARCserve Backup you type ca_dbmgr -show jobs

root@aix_lab:/ # /opt/CA/BrightStorARCserve/bin/ca_dbmgr -show jobs

NO. JOB ID JOB NO. JOB TYPE JOB STATUS JOB OWNER START TIME END TIME SET NAME DURATION(hh:mm:ss)COMMENTS

——————————————————————————————————————————————————————————–

——————————————————————-
1 277 99 Backup Cancelled caroot 05/25/10 07:00 05/25/10 19:00 12:00:48 aix_lab

2 278 99 Backup Incomplete caroot 05/26/10 07:00 05/26/10 08:57 01:57:24 aix_lab

3 279 99 Backup Incomplete caroot 05/27/10 07:00 05/27/10 09:08 02:08:42 aix_lab

4 280 99 Backup Incomplete caroot 05/28/10 07:00 05/28/10 09:41 02:41:11 aix_lab

5 281 99 Backup Active caroot 05/29/10 07:00 N/A 125:56:21 aix_lab

6 282 99 Backup Incomplete caroot 06/01/10 07:00 06/01/10 19:10 12:10:34 aix_lab

7 283 99 Backup Cancelled caroot 06/02/10 14:05 06/02/10 17:44 03:38:16 aix_lab

8 285 99 Backup Incomplete caroot 06/02/10 17:49 06/02/10 19:49 02:00:22 aix_lab

9 286 99 Backup Incomplete caroot 06/03/10 07:00 06/03/10 09:34 02:34:13 aix_lab

Check the status using cstatus

root@aix_lab:/ # /opt/CA/BrightStorARCserve/sbin/cstatus

caservd 966798
cadiscovd
cauthd 1233114
caloggerd 1462454
cadbd
camediad 1015990
caqd
staging 618564
cprocess

cacommd 1138824
httpd 741386 893058 897114

dbclean
MergeCat

To stop ARCserve use cstop

root@aix_lab:/ # /opt/CA/BrightStorARCserve/sbin/cstop

Stopping BrightStor ARCserve Backup…

Waiting for BrightStor ARCserve Backup to exit(0)…

BrightStor ARCserve Backup unloaded successfully

BrightStor ARCserve Backup GUI daemons stopped

After you stop, there is no daemon to authenticate your user.

root@aix_lab:/ # /opt/CA/BrightStorARCserve/bin/ca_dbmgr -show jobs
User not validated in the authentication server

root@root@aix_lab:/ # /opt/CA/BrightStorARCserve/sbin/cstatus
caservd
cadiscovd
cauthd
caloggerd
cadbd
camediad
caqd
staging
cprocess

cacommd
httpd

dbclean
MergeCat

Start ARCserve to make it work again

root@aix_lab:/ # /opt/CA/BrightStorARCserve/sbin/cstart

Starting BrightStor ARCserve Backup …

Please wait for all services to start. This may take a few minutes…

BrightStor ARCserve Backup GUI daemons started

CA eTrust – Users cannot set their own password via selang

I logged in the server with my user and I became root using su

emerson@solaris:~ $ su –
Password:

I was trying to reset my password but it was giving the error message “Users cannot set their own password via selang”

root@solaris:/ # /usr/seos/bin/selang -c “cu emerson pwasown(changeme) unix”
CA Access Control selang v12.0.1.1262 – CA Access Control command line interpreter
Copyright (c) 2008 CA. All rights reserved.

(localhost)
ERROR: Operation not allowed
ERROR: Users cannot set their own password via selang
(localhost)
Unix :
======
ERROR: Operation not allowed
ERROR: Users cannot set their own password via selang

If you login with the user and try to replace the user’s password it will give this error. You need to login with another user to run the command above.

CA Access Control sepass error message: Password was changed recently, cannot be changed again at this time

When you try to change the password of a user that recently changed its password and the server has the CA Access Control, the change will be denied.

root@solaris:/ # passwd username
CA Access Control sepass v12.0.1.1262 – Password replacement
Copyright (c) 2008 CA. All rights reserved.
Password was changed recently, cannot be changed again at this time.

To force the password change, type the command and change <username> and <password>to the values appropriate to your case

root@solaris:/ # /usr/seos/bin/selang -c “cu <username> pwasown (<password>)”
CA Access Control selang v12.0.1.1262 – CA Access Control command line interpreter
Copyright (c) 2008 CA. All rights reserved.

(localhost)
Successfully updated USER <username>
(localhost)
Native:
===
Successfully updated USER <username>

CA XCOM for Linux

Here is a brief document to help you install or uninstall Computer Associates XCOM Data Transport for Linux

How to install XCOM

Check if there is a group named xcomadm on your server. If not, please create it.

root@linux:~ # groupmod xcomadm
groupmod: group ‘xcomadm’ does not exist

Check if the package is not installed. The name of the package is CA_XCOM.

root@linux:~ # rpm -qi -p CA_XCOM.xclx86.k2.6.motif2.2.rpm
Name        : CA_XCOM Relocations: (not relocatable)
Version     : r11                               Vendor: (none)
Release     : 0603                          Build Date: Sat 03 Jun 2006 04:30:04 PM BRT
Install Date: (not installed)               Build Host: usprsus1.ca.com
Group       : Applications/Productivity     Source RPM: CA_XCOM-r11-0603.src.rpm
Size        : 11887644                         License: commercial
Signature : (none)
Summary     : A file transfer program.
Description :
CA-XCOM is a general purpose file transfer program.

root@linux:~ # rpm -qa | grep CA_XCOM
root@linux:~ #

Since it is not installed, let’s install the package. If you install the package using rpm, remember to check if you have the package called openmotif22.

root@linux:/dsmc/T3/software/files/xcom-linux # yum install CA_XCOM.xclx86.k2.6.motif2.2.rpm
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.atlantic.net
* updates: centos.mirror.nac.net
* addons: centos.aol.com
* extras: mirror.nyi.net
Setting up Install Process
Parsing package install arguments
Examining CA_XCOM.xclx86.k2.6.motif2.2.rpm: CA_XCOM-r11-0603.i586
Marking CA_XCOM.xclx86.k2.6.motif2.2.rpm to be installed
Resolving Dependencies
–> Running transaction check
—> Package CA_XCOM.i586 0:r11-0603 set to be updated
–> Processing Dependency: libXm.so.3 for package: CA_XCOM
–> Running transaction check
—> Package openmotif22.i386 0:2.2.3-18 set to be updated
–> Finished Dependency Resolution
Dependencies Resolved

================================================================================

Package        Arch    Version       Repository                           Size

================================================================================

Installing:
CA_XCOM        i586    r11-0603      CA_XCOM.xclx86.k2.6.motif2.2.rpm    4.5 M
Installing for dependencies:
openmotif22    i386    2.2.3-18      base                                1.3 M

Transaction Summary

================================================================================
Install      2 Package(s)
Update       0 Package(s)
Remove       0 Package(s)

Total download size: 5.8 M
Is this ok [y/N]: y

Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing     : openmotif22                                       [1/2]
Installing     : CA_XCOM                                           [2/2]
Create Q, trusted, src, and trace directories
Make everything in /usr/spool/xcom and /usr/lib/xcom directories group xcomadm
Create the link for the program dealing with remotely initiated transfers
Set the permissions on the xcom directories /usr/spool/xcom/Q, /usr/spool/xcom/trace, /usr/spool/xcom/trusted, /usr/spool/xcom/ssl and /usr/spool/xcom/src
CA_XCOM install finished.

Installed: CA_XCOM.i586 0:r11-0603
Dependency Installed: openmotif22.i386 0:2.2.3-18
Complete!

Add the following lines to the /etc/services file

txpi 8044/tcp # xcom
txpis 8045/tcp # xcom (r11 only)

Create two files in /etc/xinetd.d called txpi and txpis

root@linux:~ # vi /etc/xinetd.d/txpi
# default: on
# description: The Unicenter CA-XCOM Data Transport Server.
service txpi
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/lib/xcom/xcomtcp
server_args = REMOTE 0
}

root@linux:~ # vi /etc/xinetd.d/txpis
# default: on
# description: The Unicenter CA-XCOM Data Transport Server.
service txpis
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/lib/xcom/xcomtcp
server_args = REMOTE 0 SSL
}

Start XCOM

root@linux:~ # /usr/sbin/xcomd
2008/09/28 21:01:53 PRG=xcomd PID=16368
XCOMU0088I xcomd started.

Making the daemon automatically start on startup

root@linux:~ # echo “xcom:3:once:/usr/sbin/xcomd” >> /etc/inittab
root@linux:~ # grep xcom /etc/inittab
xcom:3:once:/usr/bin/xcomd

Make xinetd reread its configuration file

root@linux:~ # pkill –HUP xinetd

Now check if there is a process listening on ports 8044 and 8045

root@linux:~ # netstat -an | grep 8044
tcp 0 0 0.0.0.0:8044 0.0.0.0:* LISTEN

root@linux:~ # netstat -an | grep 8045
tcp 0 0 0.0.0.0:8045 0.0.0.0:* EN

How to uninstall XCOM

Stop XCOM daemon

root@linux:~ # /usr/sbin/xcomd -s
XCOMU0079I xcomd: stop requested.
XCOMU0082I xcomd: stop request accepted.

Uninstall XCOM package

root@linux:~ # rpm -e CA_XCOM
Test if xcomd is running
xcomd not running, proceeding with uninstall.
Remove the program dealing with remotely initiated transfers
Remove the xcom directories
CA_XCOM uninstall finished.

Login denied by eTrust Security solutions : User Inactivity Time

When you receive the error message “Login denied by eTrust Security solutions : User Inactivity Time”, you need to reenable the user with the senable command

emerson@192.168.1.50’s password:
Login denied by eTrust Security solutions : User Inactivity Time
Connection to 192.168.1.50 closed.

root@solariswithetrust:/ # /usr/seos/bin/senable emerson
senable: user emerson was not revoked by local serevu.
senable: Checking if user emerson is disabled on localhost in UNIX.
senable: User emerson already enabled.
senable: Checking if user emerson is disabled on localhost in eTrust database.
senable: User emerson is already resumed in eTrust.
(localhost)
Successfully connected
INFO: Target host’s version is 5.10b (5.14)
Unix OS info: solariswithetrust SunOS 5.8 11 Feb 2010 14:58:42 BRST
(localhost)
Successfully updated USER emerson

(localhost)
Successfully connected
INFO: Target host’s version is 5.10b (5.14)
Unix OS info: solariswithetrust SunOS 5.8 11 Feb 2010 14:58:43 BRST
(localhost)
Unix :
======
Successfully updated USER emerson

User emerson enabled on localhost.
emersoneTrust sepass v5.10b (5.10) – password replacement
Portions of this product Copyright (c) 1999-2001 Computer Associates International, Inc.
Portions of this product Copyright (c) 1995-2001 Memco Software Ltd., a CA company. All rights reserved.

Changing password for emerson
Enter yours or emerson’s password:
Enter new password:
Verify new password:
Local password updated successfully.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: