Recovering T2000 ALOM Passwords

Procedure as below for reseting the T2000 ALOM password due to no scadm command available for the sun4v architecture in Solaris 10.

Recovering T2000 ALOM Passwords

For security reasons, this procedure is available only while accessing the system
directly through the serial port. The procedure resets all ALOM NVRAM settings.

To Recover Your ALOM Passwords:
1. Connect to the ALOM serial port.

2. Power down the Sun Fire T2000 Server.

Remove the power cords from both power supplies. Wait several seconds for power
to discharge before reinserting the cords.

3. Press the Escape key during ALOM boot when the following text is displayed on
the console:

Boot Sector FLASH CRC Test
Boot Sector FLASH CRC Test, PASSED.

Return to Boot Monitor for Handshake
After pressing the Escape key, the ALOM boot escape menu is printed:

e – Erase ALOM NVRAM.
m – Run POST Menu.
R – Reset ALOM.
r – Return to bootmon.
Your selection:

4. Enter e to erase the ALOM NVRAM.

Your selection: e
ALOM NVRAM erased.


e – Erase ALOM NVRAM.
m – Run POST Menu.
R – Reset ALOM.
r – Return to bootmon.
Your selection:
5. Enter r to return to the ALOM boot process.
Your selection: r

Status = 00007fff

ALOM then boots and resets all NVRAM settings. You are automatically logged on
as user admin with no password and no permissions. All ALOM NVRAM settings
are reset to the factory defaults.

BTW: Make sure place the following lines in your /etc/system file for Solaris 10 which is for mandatory T2000 support.

* Begin tuning recommended for T2000
set pcie:pcie_aer_ce_mask=0x1
set autoup=900
set tune_t_fsflushr=1
set rlim_fd_max=260000
set rlim_fd_cur=260000
set sq_max_size=100
set ipge:ipge_tx_ring_size=2048
set ipge:ipge_srv_fifo_depth=16000
set ipge:ipge_reclaim_pending=32
set ipge:ipge_bcopy_thresh=512
set ipge:ipge_dvma_thresh=1
set ip:ip_squeue_fanout=1
set ipge:ipge_tx_syncq=1
set segkmem_lpsize=0x400000
* End tuning recommended for T2000

Enable Syslog Logging Of SSH Access

These are the steps to enable logging of sshd on Solaris 8
Will probably work on 9 and 10, though the restart of syslog in 10 is different.

Add one line to syslog configuration file
vi /etc/syslog.conf /var/log/sshd.log

Create the log file
touch /var/log/sshd.log

Enable syslog in the sshd_config (uncomment line)
vi /etc/ssh/sshd_config

SyslogFacility AUTH
LogLevel INFO

Restart syslogd

/etc/init.d/syslog stop
/etc/init.d/syslog start

Login and check that there is a new entry in /var/log/sshd.log