ILOM service mode password for SF v1280 - Netra Servers

We are having issue to get on to ILOM, after power cycle it asks for password and it seems not able to pass through this. We tried all our std password and default passwords. But it seems this is some thing oracle has to provide temp ILOM password. Domain/OS is not coming up. It seems oracle does not give this if server is not supported. But there should be a way to generate by customer if oracle can't help on this.


Install ORDS with an user different to Sys

I'm Trying to install ORDS3.0.7  and connect it to an Oracle 11g R2 Data Base. Following the steps in the installation manual, I'm asked to insert an user with SYSDBA privileges, the DataBase Manager assigned me one user different to sys, it has SYSDBA privileges, and I can connect with this user as sysdba using SQLDeveloper, but, when I insert it's name and it's password in the install proccess I get the message."You can only specify a user with SYSDBA privilege. Try again." Is it a bug with the ORDS Install or I need additional privileges?
I found the answer here Problem while installing Oracle REST Data Services schemaI had to make a manual installation, extracting the files from ords.war. I'm already connecting to Apex and everything works fine, but Now I'm having some problems consuming a RestFul Servide, i get a message like this (I get it in spanish I tried to translate) 503 Service Unaviable - The user or password in the connection pool develop_rt is not valid, has expired or is blocked
 I don´t know if it is related with the manual installation or some problems with the data Base.

SSH user access

Hi  Lads, I have some issue with allowing ssh access in user level. Can someone please help to resolve? Thanks in advance. Below is scenario. I have three servers GW, DB1 and DB2. two users oracle and grid (System has many users but mentioning only two users). I have configured password less ssh between DB1 and DB2 for users oracle and grid. It is working without any issues. Now, The question is how can we restrict ssh access from GW to DB1 and DB2 server for only users oracle and grid? All other users should be able to login from server GW without interrupting password less authentication between DB1 and DB2. I have tried to configure things in /etc/hosts.deny but it not allowing any users and /etc/ssh/sshd_config Allowusers option but no luck. Am i missing anything? Thanks,Naveen.
Not sure I follow what you're trying to do.  Would tcpwrappers, ipfilter, or the packet filter firewall meet your needs? The later is:             Name: network/firewall          Summary: Solaris Firewall Driver      Description: Solaris Firewall is derived from OpenBSD PF. Package delivers                   kernel module and pfctl tool.      With some info: 
Read up on how to configure authorized_keys. You must be already using it to allow password less authentication, but if you read the docs about it, you will notice, that there is a "from" option which you can add to specify the address from which the certificate is allowed. So you can have the "from" configured for GW for every users except for oracle and grid who can only ssh in from DB1 or DB2.
I'm not clear with the question The question is how can we restrict ssh access from GW to DB1 and DB2 server for only users oracle and grid? All other users should be able to login from server GW without interrupting password less authentication between DB1 and DB2. So you want to block SSH access DB1 and DB2 except oracle and grid user ? Password less authentication is configured at the user level then how other login with password will interrupt that ? ThanksEldho Varghese
Hi All, Thanks for your inputs and sorry for my communication. I am not that much good explaining issues in English. I will make sure my question will be clear in future. #sleepyweasel Thanks for your inputs. #handat Thanks for your suggestions. #3063279 password less interrupting when I add AllowUsers parameter in sshd_confi and ssh is blocking for entire server when add IP in hosts.deny file. That's why I mentioned without interrupt password less.    Anyways, I got the solution this morning after read more about sshd option. I have added below comments in sshd_config file that met my requirements. DenyUsers parameters blocked ssh login from server GW server as a oracle user to DB1 server and at the same time it is not interrupted password less ssh between DB1 and DB2 servers. root#DB1# cat /etc/ssh/sshd_config|grep -i denyDenyUsers oracle#GW

Password Aging

Hi volks
I'm in trouble.. i'm very new to DS.
I have to implement some security policies.
On my DS are over 100 Users. All have passwords. Now, I would like that a password will be locked, if the password isn't changed by the user after some days, that theres a minimum of days passed since the last change and a warning, that the user have to change his password. There should be also a prompt, who forces the User to change his password at first logon.
This is one users entry:
gecos=test test
cn=test test
loginShell=/bin/bashI know that i need to add following attributes:
shadowMin,shadowLastChange, shadowWarning, shadowMax
I tried everything out, but it didn't work.
Please help me, it's really urgent.
Thank you in forward and regards,
Ok so you are using LDAP as naming service. Right?
What OS are your clients using? What version?
What is the version of the directory server?
If the OS is Solaris have you applied the latest patches?
The only supported way you can get password managment (such as aging, reset, lockout etc) is to use pam_ldap and enable the password policies on the directory server.
Here is a doc that you want to look at in the event you are using Solaris 10 clients. Similar document(s) exist for older versions of Solaris.
In particular for pam_ldap with password management you want to use this pam.conf
Note this pam.conf is specific to Solaris 10 and for Solaris 9 you'll have to look at the same document but intended for Solaris 9.
Finally a word of caution about pam_ldap. As soon as you switch to using pam_ldap, your passwords are sent in clear text over the wire. Therefore it is a good idea to enable SSL from your clients when using pam_ldap.
Yes, Im using LDAP as Naming Service on Solaris 9 with version 5.1. The latest patches are installed. Thank you for the link.
the link to solaris 9 is:
I believe you will find that even if you setup the directory server to age passwords and to lock out accounts upon multiple bad password entries... Users will still be able to login depending how the client machine's pam.conf file is configured, what versions of software the client is running (version of SSH, Telnet, etc.) and if they are using public/private keys.
The directory will pass back an indicator that the password is expired, but the client side software may ignore or mis-handle this message. The user may or may not get a message that says 'your password will expire in X days'...
It's just not reliable.
The only way we have found to really lock out users whose passwords have expired is to run a separate process that looks for expiring passwords and send the user a message.. and if the password does expire, we then change the user's login shell to /bin/expired%(original shell)

OVDC - login

When 'logging in' to OVDC what exactly is my user/password being authenticated against. I'm not understanding how the authentication process works using the software client.
I see how the tokens work, I think...
I've created a pseudo token for my laptop running the software
I've associated both the pseudo token and the AnySunRay.000 token to my LDAP user and the pools that my user is associated with...
I type my LDAP user/pass into OVDC and get a password error?...
Can someone briefly explain what is actually happening during the login, and shed some light on why OVDC doesnt connect.
MS-RDP connects perfectly, as long as I save the LDAP user/pass credentials
The VDI login authenticates against the directory service that you set up through the VDI gui or command line. If you have already added your ldap server through the GUI, go to the "user" tab and try searching for your user. From our experience, this does not always work with all LDAP servers and a little tweaking may be neccessary.

Direct login to Sunray session without authentication or login in screen

Does anyone know how to enable direct login with out having to enter a username and password. For example a custom app requires an upgrade which is run as a specific user this upgrade will force the server to reboot, the expected behavior would be to boot into the same session without having to logon and enter passwd.
Thanks Jim 
Windows? Kiosk Mode? VDI or SRS?
We tag a username, password, and application to a token (be it smart card or sun ray dtu) so that it automatically logs on and runs a process, tend to use it for display boards or call stat kiosks etc.
Bit more info will help if possible. 
I am running in SRS, Kiosk mode might also be an option