SunRay Server 1.3 - SmartCards

Similar Messages

• Issue with configuration of another sunray server on same network

  Hello,
  I'm wondering whether it's possible to have another sun ray environment in the same network next to another.
  I'm trying to setup a test environment to do some testing, but after installing the server the only server displayed in the test sunray webGUI is the production sunray server. Luckily I cannot do anything with it, because if I could do actions with the production server from the test server that would be a huge security issue.
  Kind regards,
  J

  Just FYI, a sunray server array will have a group signature that is shared amongst other members in that array. If a new sunray server is setup with a different group signature, they should not care about eachother.

• Sunray unit connected to Linux Sunray server and Solaris Sunray Server

  Hi,
  Currently, I work in a development environment where there is two Sunray servers.
  One server is running on Linux ubuntu and the second one is running on Solaris.
  In order to connect to the wanted sunray server, the dhcp server is configured with the list of the mac address of the sunray units. So one sunray unit connects always to the same sunray server.
  I would like to know if it is possible to have the two sunray server available from one sunray unit. And make the choice of sunray Server in function of the sun card inserted in the sunray unit.
  - from my sunray unit A, if I insert my sun card AC I can open a session on the Linux server.
  - from my sunray unit A, if I insert my sun card BC I can open a session on the Solaris server.
  Thanks

  You can do this by using an SRSS feature called "Automatic Multi-Group Hotdesking", or AMGH for short. For details read the "Regional Hotdesking" section in the SRSS Admin Guide and the manpages for utamghadm, ut_amgh_script_interface, ut_amgh_get_server_list and ut_amgh_free_server_list, and/or read the AMGH entries in [Bob Doolittle's blog|http://blogs.sun.com/bobd/].

• Vdi 3.1 troubles with sunray server

  hi
  i'm not able to restart (warm or cold) sunray services from the webui (logged in as root) and the sunray server itself react not as expected (the sunray client stands on 26 D)
  i found access denied messages in the log but i dont know why they occur i've not changed access rights or something like that
  Feb 4 09:38:57 vdi inetd[645]: [ID 317013 daemon.notice] utrcmd[2981] from 172.27.35.16 33120
  Feb 4 09:38:57 vdi in.utrcmdd[2981]: [ID 808958 daemon.warning] refused connect from vdi (access denied)
  Feb 4 09:39:02 vdi inetd[645]: [ID 317013 daemon.notice] utrcmd[2990] from 172.27.35.16 33126
  Feb 4 09:39:02 vdi in.utrcmdd[2990]: [ID 808958 daemon.warning] refused connect from vdi (access denied)
  Feb 4 09:39:02 vdi inetd[645]: [ID 317013 daemon.notice] utrcmd[2992] from 172.27.35.16 33134
  Feb 4 09:39:02 vdi in.utrcmdd[2992]: [ID 808958 daemon.warning] refused connect from vdi (access denied)
  Feb 4 09:39:05 vdi java[2037]: [ID 521130 user.info] utadt:: username={root} hostname={vdi} service={Admin} cmd={} message={Services restart using warm restart failed for host(s) vdi} status={0} return_val={0}
  Feb 4 09:39:05 vdi inetd[645]: [ID 317013 daemon.notice] utrcmd[3001] from 172.27.35.16 33139
  Feb 4 09:39:05 vdi in.utrcmdd[3001]: [ID 808958 daemon.warning] refused connect from vdi (access denied)
  could you help me to solve this issue?
  thank you
  br
  Andre

  Would probably need to see your VDI instance cacao log file to see why this is failing, but you might need to add the following to [libdefaults] section of your krb5.conf file, for 2008R2 AD server:
  default_tkt_enctypes = rc4-hmac
  default_tgs_enctypes = rc4-hmac
  And then restart VDI services (/opt/SUNWvda/sbin/vda-service restart)
  Note that VDI will actually try to query individual AD servers as defines as part of your AD Global Catalog when it tries to lookup AD domain data. This means you need to verify that your global calalog referenced servers are valid and having matching forward and reverse DNS information:
  For example:
  $ *nslookup -querytype=any gc.tcp.vdi.com.*
  Server:          win2008.vdi.com
  Address:     192.168.1.100#53
  gc.tcp.vdi.com     service = 0 100 3268 win2008.vdi.com*.
  $ nslookup win2008.vdi.com.
  Server:          win2008.vdi.com
  Address:     192.168.1.100#53
  Name:     win2008.vdi.com
  Address: _192.168.1.100_
  r$ nslookup 192.168.1.100
  Server:          win2008.vdi.com
  Address:     192.168.1.100#53
  100.1.168.192.in-addr.arpa     name = win2008.vdi.com.*
  You'd want to verify that every record returned by the *nslookup -querytype=any gc.tcp.yourdoamin.com* command refers to a server that can be reached and has matching forward and reverse DNS. Otherwise, this may trigger VDI to have failures or delays in performing directory queries.
  Beyond that, you need to look in the cacao.log file for errors that you can find and post.
  Edited by: DoesNotCompute on Oct 13, 2012 11:48 AM

• SunRay server in zone

  Can i install SunRay Server in a non-global zone?

  Someone please do something about this. SRSS in zones is a non-negotiable requirement to participate in future of desktop virtualisation, etc.

• How to configure polish keyboard on SunRay Server Software

  Hi all
  I have a anoying probem with Sun USB Keyboard working on SunRay.
  I've installed SunRay Server Software 3.1 on RedHat ES
  Everything works fine but the keyboard on terminal client. Keyboard pluged into the server (RH ES) works good, i can press ALT+key to see polish letter, but it doesn't work when i log in from SunRay terminal. Even xmodmap on server shows different logs than on terminal. It is like client can't see the polish layout and keyboard type. I think it takes default from somewhere.
  Is there any other file to confgure layout different then xorg.conf? Maybe in /opt/SUNut ?
  I was trying to configure it through setxkbmap but I get error: "XKB extension not present on :11.0"
  Have no clue to solve that problem...Can anyone help me?
  thanks in advance!

  Sorry, Dariusz but your issue is not a hardware issue.
  Operating Environment locale and its influence on a keyboard mapping is 100% a software issue.
  You might consider posting your question to one of the OS forums.
  However, since you are not using Solaris or JDS, there may not be any answer for you here.
  I do not see the Sun Ray software as qualified for CentOS
  http://www.sun.com/software/sunray/index.xml
  If you have purchased the Sun Ray License(s) to use the software beyond the 90 day evaluation period, then you can contact Sun's technical support and open a service case.
  http://www.sun.com/service/contacting/solution.html

• How to increase the dhcp IP range for sunray server

  Hello,
  We need help on how to reconfigure DHCP on sunray server. The current configuration is range of 150 DHCP addresses has been configured for the 10.218.0.0 network, which is exhausted now.
  Yes with utadm -a will add new and -d will delete, here do we have any option to reconfigure and add additional 10 more addresses.
  OR any thing that how to backup existing network configuration and then delete->and add new configuration.
  Appreciate help on this.
  Thanks,
  Dattatray.

  Hi Francisco
  If you are trying extend the validity of the resource, then as you said that you tried extending the resource by extending the General data tab, and the validity of the resource still remains till 12.2010.
  The validity of the resource if governed by a couple of things :
  Validity as defined in R/3 Work center under capacity tab in the APO resource tab
  In CFC9, you can define what should the validity of the resource be, when you are CIFing the resource.
  Moreover, as you have righlty read in various posts across the forums, you can use the report /SAPAPO/CRES_CAPACITY_LENGTHEN to extend the validity of the resource. But I am not sure how are using this report. Please type in se38, enter this report and execute. In the next screen, enter the version, the resource and the location at which the resource exists. Click on execute and validity of the resource should increase.
  Let me know if it helps.
  Rgds, Sandeep

• Authentification to a server with a smartcard

  Hello,
  I've done my first steps in javacard and I'm working on a project, the aim is to realize a secure authentification to a server with a smartcard , all cryptographic operations must be done in the smartcard (for the the client's side) and not in the computer considering that a computer is vulnerable to virus,physical attacks, ....
  We've heard about this application http://www.sconnect.com/ , but seemed not to be published...
  We've thank to do a web interface using javascript .
  We will appreciate any other ideas or advices.
  (sorry for my bad english)
  thanks a lot.

  I think it's time to ask what you want to do and what you expect to happen...
  You can create a socket to a port on any machine on the internet. If the machine has a server listening on that port, the socket connection will be created. Then you are connected to that machine via that socket.
  Once you have a socket, both sides can read from/write to it. Think of it as a phone conversation between 2 people. You can't hear if someone doesn't speak. Most of the time, client/server connections work by the client making a request (ask a question) and the server sending a response (give an answer). Just like a phone, if the server doesn't like the question, it might just hang up. Or it might give you an answer saying they don't understand the question or is busy or whatever (and probably hang up).
  For web servers, really the server doesn't care who calls it. If you ask it the right question, in the right format, the server will give you an answer. Some servers allow multiple requests per call, some only one, and if only one it'll hang up after the answer. The "right format" is defined by the HTTP protocol, which defines the format of the question and the format of the answer. But the server really doesn't know that the request comes from a web browser or any other application. Internally, the browser formats what you type in the location bar into a request to the specified server, makes the call, makes the request and shows the answer.
  There's nothing wrong with opening a socket to a web server and asking for a page and showing the results or doing whatever with it...
  In fact, try this (assuming you're using Windows):
  Open a DOS window (command prompt). Type (without quotes) "telnet www.google.com 80", hit enter. The window will show nothing, but type "GET /index.html" and hit enter 2 times. It'll print out the Google home page HTML.

• Sunray Server Software 1.3 and Solaris 9

  Any idea when Sunray Server 1.3 will be supported on Solaris 9? I'm a bit surprised that there haven't been any patches released yet, Solaris 9 has been out for a while now...

  Hi there,
  as far as I know, 1.x will never be supported on Solaris 9, but the upcomming 2.0 will.
  Regards,
  Chris

• Sunray Server Sizing - Solaris x64

  Hi,
  Where can I obtain information on how to size a Sunray server running on x4170 hardware for CPU and memory in a pure kiosk configuration where the Sun connector redirects the session to a XP VM? Currently I base my config on 20 - 35 users per CPU core and 256MB ram per user. Also with network configuration as in how do I team NIC's together using Solaris 10 for the above configuration, is it needed or what are the best practices.
  Thank you.

  On the SunRay wiki are some sizing examples. Memory is the crucial part, they say.

• Cleaning /tmp on a SunRay server

  Hello,
  I'm running a server with 70 SunRay units, used by a different group of users every week. Mostly. Some stick around for a few months, but the majority are here for a week at a time. The /tmp directory gets littered quickly with files related to SunRay usage. We're also using Sun's GNOME 2.0 desktop environment, which creates /tmp files. Some of the files in /tmp should not be deleted, since they will cause the SunRay units to go into a "transient state", where they have an IP address, but no graphics data is arriving from the server. The screen will display only a blue box containing the IP and MAC addresses, a status code, etc, and it will float around the screen like a screensaver. The same thing appears to happen after about 30 days, to random SunRay units, if no files from /tmp are deleted. I am trying to determine which files, if deleted, will cause the floating blue box of death, and which ones I should nuke to maintain stability.
  Here are some examples of files from /tmp that I'm not sure when or if to erase:
  -rw------- 1 root other 352 Aug 30 15:07 .Xauth.Aay8j
  drwxrwxr-x 2 root root 1536 Sep 28 14:28 .X11-pipe
  -rw-rw-rw- 1 root other 0 Aug 10 18:11 X101
  prw-rw-rw- 1 root other 0 Sep 28 08:25 X11
  prw-rw-rw- 1 root other 0 Sep 28 08:39 X12
  -rw-rw-rw- 1 root other 0 Sep 27 20:39 X13
  drwxrwxr-x 2 root root 1536 Sep 28 14:28 .X11-unix
  srwxrwxrwx 1 root other 0 Sep 28 01:25 X10
  srwxrwxrwx 1 root other 0 Aug 10 18:11 X100
  srwxrwxrwx 1 root other 0 Aug 10 18:11 X101
  What is a good way to tell if the .Xauth* files, and the files in the .X11-unix and .X11-pipe dirs, are still in use or are from a now non-existent X session?
  -rw-rw-rw- 1 root other 1388 Sep 28 01:26 .dcs.robson:10.37dd79
  srwxr-xr-x 1 jbullock 03frg304 0 Sep 23 07:03 jpsock.140_03.12710
  -rw------- 1 jbullock 03frg304 49 Sep 23 06:58 sh12690.2
  There are dozens of .dcs* and sh* files. What are the .dcs*, jpsock.* and sh* files for, and when is it safe to nuke them?
  Many thanks,
  Brent

  i had the "Mailbox is on a different server" error too recently (mine shows up in ms outlook express) - and believe my problem came from having the hostnamealiases space delimited instead of comma separated (with no spaces, e.g. "foo.host1.com,bar.host2.com") - comma delimited, no spaces seems to be required ...
  i am having a different problem now though:
  i can login to communications express hosted domains via -
  the main host url using credentials like: [email protected]/passwd
  but when going to any of the hosted.com's urls, and trying to login without the @hosted1.com in the user - i get redirected to access manager (and subsequently can't login using either uid or [email protected] at the hosted1.com/uwc url).
  here's what i have in AMConfig.properties:
  com.sun.identity.server.fqdnMap[mail.hosted1.com]=mail.actual.org
  com.sun.identity.server.fqdnMap[mail.hosted2.com]=mail.actual.org
  com.sun.identity.server.fqdnMap[mail.hosted3.com]=mail.actual.org
  here's what i have in uwcauth.properties:
  virtualdomain.mode = y
  mail.actual.org.isvirutalhostname=mail.actual.org
  i have also added the cookiedomains in amconsole under service configuration --> platform - in addition to creating directories (hosted1.com, hosted2.com, hosted3.com) under /opt/SUNWuwc/WEB-INF/domain - containing the original files and directories under /opt/SUNWuwc/WEB-INF/domain (i was not clear if these directories should take this form e.g. including the .com or if they should just contain the domain-name --e.g. hosted1?)
  i can receive hosted email via pop using uid [email protected]/passwd, etc.
  thanks for any input.
  s7
  using sparc 2005q4 msg -58; uwc - 42

• Sunray Server Capacity Planning

  I've searched high and low on the net to see how to spec out a server for a 50-desktop environment.
  Each desktop will use the uttsc connector.. However on my 2 systems I've tried, the Load average is through the roof. (5.2 install/kiosk users)
  Has anyone calculated the I/O / Resources for X user?

  What kind of systems did you try ?
  For serving 50 simple RDP (kiosk) desktops I would go for one a physical server with 1 quadcore with 8GB memory.
  good luck.

• Sunray Server and DTUs USB Support

  I'm looking for help on usb support through the Sunray DTUs. I would like to be able to connect a usb device as I would with inside of Windows from a Sunray. USB drives are about the only thing I have working but not consistently. I've used the USB drive daemon posted on the Thinkthin blog and that works most of the time. I would like to use printers connected directly to the DTU. I have an idea on how to add the printer using the tmp/SUWut/units/<macaddress>/dev path but it seems that I cannot get it to work; maybe I'm using the wrong settings/drivers. I would also like to use USB cdroms, floppys, etc. Basically anything that doesn't require a special driver in Windows I would like to use on a DTU. It makes it hard to convince people that these can replace desktops when the functionality of things like USB are nowhere nearly as developed as Windows desktops. BTW, I need it both on the Solaris side and through the Sunray Windows connector. Any help would be greatly appreciated.

  I am not sure about sunray connector (windows) but within solaris it is rather transparent as long as the usb drive device is not NTFS. Plug it in and it should show up in /tmp/SUNWut/mnt/user/. I use a dvdwriter (lightscribe) the same way.
  Whenever I have problems with users not being able to mount thumb drives it is always a NTFS issue or a high density thumb drive (8-16gb).
  Not sure why sun doesn't put something more apparent on the desktop when you mount a drive. The rest of the world does that and it would make it a bit more user friendly. If you want a pain in the rear try using virtualbox through a sunray and mount usb devices. It works but it is really convoluted.
  Never bothered with printers.

• What TCP/UDP ports are required for Sunray to communicate withSunray server

  Hi,
  Our Sunray appliances and Sunray servers are setting in two different VLANs. For there is no ACL applied between both the VLANs, but we are plannin g to place ACL between these two VLAN for security reason. Do any have a list of ports require for Sunrays to communicate with the Sunray server.
  Thanks for the Help
  Moe Hans
  Network Administrator
  Kwantlen Polytechnic University
  Surrey, BC
  [email protected]

  [http://wikis.sun.com/display/SRSS4dot2/Ports+and+Protocols]

• Sunray software 4.1 server troubles

  Good morning,
  I was using sunray server sw 3.2 without significant problems. I´ve upgraded the sw to version 4.1 and now I have two main troubles:
  1. When I select into options choose a server from a list, to make a remote connection, the list of servers appears correctly but if I select one of them the login screen take me back to the initial sun ray server login screen.
  2. The font of some applications has a different aspect than before, but the fonts default settings have no changed.
  I´m using Solaris 10 and the server is an X4100 M2. Is there any patch I need to install to solve these topics or any missing configuration I´ve forgotten?
  Thanks a lot for your help.
  Edited by: mabelDG on Nov 10, 2009 1:19 AM

  forum choice notwithstanding, i don't think there is a cluster agent for sunray. not to say it couldn't be done but you'd be doing it yourself.
  i might have it wrong but i thought you'd make the home directories highly available (through whatever means) and create a failover group within the sunray framework to provide HA. a quick google brings up http://docs.sun.com/source/819-2384/failover.html.