While attempting to boot a NIM client from a NIM master. The new master had been configured on an existing LPAR, with a running application and had been hardened from an OS security point of view. The following message was displayed on the console while attempting to tftp the
client info file:
TFTP::FAILED TO READ FIRST DATA BLOCK..RETRYING TRANSFER.. 1
Starting tftpd produced the following message in syslog:
Aug 14 12:44:12 bxaix85 daemon:info tftpd[1019942]: [00000001] EZZ7062I Error: cannot determine the user.
The NIM boot failed after bootpd, when the connection to tftpd was attempted. It timed out.
The lssrc command showed tftpd was running. However, there was a <defunct> child process.
# lssrc -a | grep tft
tftpd tcpip 725102 active
# ps -ef | grep tftp
root 622694 725102 0 16:12:33 - 0:00 <defunct>
root 725102 188634 0 16:12:33 - 0:00 /usr/sbin/tftpd -v -s
The user "nobody" had been removed from the system as part of the AIX security hardening policy. To fix the problem I had to add user nobody on the NIM master and restart tftpd.
# stopsrc -s tftpd
# mkuser id=4294967294 pgrp=nobody groups=nobody home=/ nobody
# startsrc -s tftpd
The following message appeared in syslog:
Aug 18 14:38:07 bxaix85 daemon:info tftpd[622696]: [00000001] EZZ7001I Starting.
The tftpd processes appeared to be running as expected now.
# lssrc -a | grep tft
tftpd tcpip 725102 active
# ps -ef | grep tftp
nobody 622694 725102 0 16:12:33 - 0:00 /usr/sbin/tftpd -v -s
root 725102 188634 0 16:12:33 - 0:00 /usr/sbin/tftpd -v -s
The NIM client was then able to boot and the install completed successfully.
No comments:
Post a Comment