>Hi, > >I couldn't add 0.0.0.0 to admin_low as well, so I removed it from public for now and have it in admin_low only
Yes you can. 0.0.0.0:admin_low is wild cards for all addresses, and applies to anything not more-narrowly listed in tnrhdb. 0.0.0.0/32:admin_low is ONE address, 0.0.0.0 literally, and can be a different label from the wild card just as easily as 192.160.2.1 could be. >#\:\:0:admin_low >127.0.0.1:cipso >#\:\:1:cipso >192.168.1.11:cipso >192.168.1.0:admin_low >0.0.0.0:admin_low > >I already have SRSS but can't log in beyond the session clearance, all what I get is mouse cursor on back screen. Beyond that I don't know. I'm not an OpenSolaris person. If this were 10 I'd tell you to check all your automount tables (/zone/*/root/etc/auto_home_whatever) and make sure your home directories for the user exists in all zones and make sure you are patched up and and..... >Thanks, >Dan > > >--- On Wed, 11/2/09, Jan Parcel <jan.parcel at sun.com> wrote: > >> From: Jan Parcel <jan.parcel at sun.com> >> Subject: Re: TX on b105 - network config >> To: security-discuss at opensolaris.org, danjagor at yahoo.co.uk >> Date: Wednesday, 11 February, 2009, 4:02 PM >> You won't be able to run Sun Ray with 0.0.0.0:public >> unless you also >> add 0.0.0.0/32:admin_low, since dhcp has to run in the >> global zone >> for Sun Ray, so you need literal 0.0.0.0 to be gz. >> >> If you are headless and have not yet set up SRSS how do you >> get the session >> clearance boxes? >> >> >> >Date: Wed, 11 Feb 2009 07:40:10 -0800 (PST) >> >From: Dan <danjagor at yahoo.co.uk> >> >Subject: Re: TX on b105 - network config >> >To: security-discuss at opensolaris.org >> >Delivered-to: security-discuss at opensolaris.org >> >X-Original-To: security-discuss at opensolaris.org >> >X-Antispam: No, score=0.0/5.0, scanned in 0.062sec at >> (localhost [127.0.0.1]) >> by smf-spamd v1.3.1 - http://smfs.sf.net/ >> >List-Unsubscribe: >> <http://mail.opensolaris.org/mailman/options/security-discuss>, >> >List-Id: OpenSolaris Security Discussions >> <security-discuss.opensolaris.org> >> > >> >Hi and thanks both of you for reply. >> > >> >for now I've got this in tnrhdb: >> > >> >#\:\:0:admin_low >> >127.0.0.1:cipso >> >#\:\:1:cipso >> >192.168.1.11:cipso >> >192.168.1.0:admin_low >> >0.0.0.0:public >> > >> >so I assume that public zone should be able to connect >> to any network. >> > >> >This is a headless box and I want to set up SRSS 4.1 >> which is why I've got >> 192.168.1.0:admin_low >> >also all required ports: >> >#/usr/sbin/tninfo -m global >> >private: >> 111/tcp;111/udp;515/tcp;631/tcp;2049/tcp;6000-6099/tcp >> >shared: 6000-6003/tcp;7007/tcp;7010/tcp;7015/tcp >> > >> >However, when I try to log in I get only the >> message/session window, after that >> setting session clearance... and thats it >> > >> >Can't find any suspicious log or information why. >> > >> >Many thanks, >> >Dan >> >-- >> >This message posted from opensolaris.org >> >_______________________________________________ >> >security-discuss mailing list >> >security-discuss at opensolaris.org >> >> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ >> Jan Parcel, Sustaining, Trusted OE >> Internal Trusted Support Pages: http://trusted.sfbay > > > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Jan Parcel, Sustaining, Trusted OE Internal Trusted Support Pages: http://trusted.sfbay
