Guru Of Geeks

​To prevent the following error when accessing remote sessions: Citrix Receiver SSL error Contact your help desk with the following information: You have not chosen to trust"/C=US/ST=/L=/O=Equifax/OU=Equifax Secure Certificate Authority/CN=", the issuer of the server's security certificate ((SSL error 61). Make Firefox's certificates accessible to Citrix, e.g., Code: sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts ​

I have set up a system cron job to do this (as the system user "www-data"). The entry in /etc/crontab looks like this: */15 * * * * www-data cd /usr/share/bugzilla/; /usr/local/share/bugzilla/ whine.pl

​​ Problem(Abstract) When many datastage jobs are running for long time, the RT_LOGxxx files can become very big. If the log files are not regularly purged, in some cases, a file system full on the datastage file system can occur. If the corruption of datastage system files is restricted to the RT_LOGxxx files, a procedure to delete and recreate the RT_LOGxxx files can be attempted in order to recover from the corruption. Symptom Error message appears when trying to open specific job from Director client: "Error calling subroutine: DSR_PROJECT (Action=8); check DataStage is set up correctly in project PPPP (Subroutine failed to complete successfully (30107)" Other similar errors may occur as well. Cause RT_LOGxxx files got corrupted for file system full, or other similar system crash. Resolving the problem To delete the problem RT_LOGxxx, you need to first identify the job num...

​ Problem(Abstract) When trying to view a job log in DataStage Director, an error similar to the following is received: Error selecting from log file RT_LOGnn Command was: SSELECT RT_LOGnn WITH @ID LIKE '1NON' COUNT.SU Error was: Internal data error. File <path_to>/RT_LOGnn/<filename>': Computed blink of 0xnnnn does not match expected blink of 0xnnnn! Detected within group starting at address 0xnnnnnn! Cause The error message received indicates that the log file for the job is corrupted. Resolving the problem To resolve the problem, the log file must be discarded and recreated. There are a number of ways to accomplish this. Reimport the job and overwrite the existing job. Rename the job or do a File-->Save as in Designer. You can then delete the old job and rename your new job back to the original name. Manually recreate the RT_LOGxxx file. Note: The job with the associated RT_LOG may need to be re-compi...

Below is the sample APT CONFIG FILE ,see in bold to mention conductor node. { node "node0" { fastname "server1" pools "conductor" resource disk "/datastage/Ascential/DataStage/Datasets/node0" {pools "conductor"} resource scratchdisk "/datastage/Ascential/DataStage/Scratch/node0" {pools ""} } node "node1" { fastname "server2" pools "" resource disk "/datastage/Ascential/DataStage/Datasets/node1" {pools ""} resource scratchdisk "/datastage/Ascential/DataStage/Scratch/node1" {pools ""} } node "node2" { fastname "server2" pools "" resource disk "/datastage/Ascential/DataStage/Datasets/node2" {pools ""} resource scratchdisk "/datastage/Ascential/DataStage/Scratch/node2" {pools ""} } } Please find the below different answers : -...

​DataStage jobs can be exported into two ways, using GUI and using command prompt. To export jobs from GUI, go to Export --> DataStage Component menu or right click on the particular job to export. A pop up window named "Repository Window" will appear on the screen where all or selected jobs can be exported. This Repository window allows various options to choose from. These options are as follows: A. Change Selection - This section has three options "Add", "Remove" and "Select All". Using these options you can either select all the jobs to export or select/remove selective jobs from "Items to Export" section just above this section. B. Job Components to Export - This Option gives user a choice to export the code in one of the following way: 1) Export job design with executables (where applicable) - export files created using 1st method would contain a separate section for executable of the job. St...

Putting it all together: Single Sign On Once clients have keytab files, we can now trust the KDC. This means that GSSAPI will work, and we can ssh, or telnet, or login from box to box without further authentication. eg: -sh-3.2$ hostname rhel5host1. example.com -sh-3.2$ kinit Password for unix1@ EXAMPLE.COM : -sh-3.2$ ssh rhel6host1. example.com Last login: Fri Aug 12 17:19:11 2011 from rhel5host1. example.com -sh-4.1$ exit logout Connection to rhel6host1. example.com closed. -sh-3.2$ ssh sol10host1. example.com Last login: Fri Aug 12 17:11:40 2011 from rhel6host1.exam Oracle Corporation      SunOS 5.10      Generic Patch   January 2005 $ exit Connection to sol10host1. example.com closed. and this will work from Windows  Putty.exe  too: Still to do I can't get Secondary Groups in Red Hat 6 or Solaris 10 to work. This maybe due to the format that users are displayed in LDAP: Red Hat 5.6 -sh-3.2$ id -a unix2 uid=10001(unix2) gid=10000(unixgrp1) groups=10000(unixg...

Background There is a particular difficulty in Kerberos with Windows: What encryption type to use. Encryption is used for both the ticket-granting-ticket and session tickets. NB. I strongly suggest to use the a strong same encryption type for both, and to hard code that type at both ends. In Windows, this is done through Group Policy: To confirm whether an encyption type is supported, edit krb5.conf, and insert into the libdefaults section: [libdefaults]  default_tkt_enctypes = rc4-hmac   default_tgs_enctypes = rc4-hmac   permitted_enctypes = rc4-hmac There exists a handy too from  http://www.css-security.com/downloads/  called GetTicket , which can be used to test whether a Ticket-Granting-Ticket and Service-Ticket can be obtained. default_tkt_enctypes controls the ticket granting ticket, and default_tgs_enctypes controls the service ticket. Typical Errors Poor Granting Ticket (default_tkt_enctypes): # /opt/cssi/gettkt_2.3.2/bin/css_gettkt -v -p host/sol10host...

Background Continuation of setting up LDAP/Kerberos clients to use Windows 2008R2 Server as the "source of truth". See the previous  blog  , for the steps for how Windows was set up. Installation of RHEL6.0 Create a Red Hat Linux 6 Kickstart configuration: install text reboot cdrom lang en_US.UTF-8 keyboard us network --device eth0 --bootproto dhcp rootpw password firewall --disabled authconfig --enableshadow --passalgo=sha512 --enablefingerprint selinux --disabled timezone --utc Australia/Melbourne bootloader --location=mbr --driveorder=sda --append="crashkernel=auto crashkernel=auto rhgb quiet" clearpart --all --initlabel --drives=sda part /boot --fstype ext4 --size=500 --ondisk=sda part pv.1 --grow --size=1 --ondisk=sda volgroup vg_rhel6 --pesize=4096 pv.1 logvol / --fstype ext4 --name=lv_root --vgname=vg_rhel6 --grow -size=1024 logvol swap --name=lv_swap --vgname=vg_rhel6 --grow --size=1024 --maxsize=2048 %packages @Base @Core @base openl...

Background Continuation of setting up LDAP/Kerberos clients to use Windows 2008R2 Server as the "source of truth". See the previous  blog  , for the steps for how Windows was set up. Installation of RHEL5.6 Create a Red Hat Linux 5 Kickstart configuration: install text reboot cdrom key --skip lang en_US.UTF-8 keyboard us xconfig --disabled network --device eth0 --bootproto dhcp rootpw password firewall --disabled authconfig --useshadow --enablemd5 selinux --disabled timezone --utc Australia/Melbourne bootloader --location=mbr --driveorder=sda --append="rhgb quiet" clearpart --all --initlabel --drives=sda part /boot --fstype ext3 --size=100 --ondisk=sda part pv.1 --size=1 --grow --ondisk=sda volgroup vg_rhel56 --pesize=4096 pv.1 logvol / --fstype ext3 --name=lv_root --vgname=vg_rhel56 --size=1024 --grow logvol swap --fstype swap --name=lv_swap --vgname=vg_rhel56 --size=1024 --grow --maxsize=2048 %packages @base openldap-clients Save this fil...