|
|
Sun Ray Server Software 1.3
Readme
|
The Sun RayTM Server Software 1.3 Readme provides last minute information about the Sun Ray server software 1.3. Topics covered in this readme include:
The Sun Ray server software (SRSS) 1.3 replaces the Sun Ray server software 1.2 as the next generation software release. This server-based software includes the same functionality as the 1.2 release plus the following new features:
- Packet Reporting Tool (monitoring tool and guidelines)
- Controlled Access Mode (CAM)
- Simple Network Management Protocol (SNMP) Monitoring (using SunMC software)
- Enhanced Session Management
- Non-Smart Card Mobility (NSCM)
The installation and upgrade procedures have changed. Please read the Installation Guide before attempting to install or upgrade the software.
The recommended versions of the SolarisTM operating environment are:
- Solaris 2.6 HW 5/98
- Solaris 2.7 11/99
- Solaris 8 4/01 and later updates
Note - Make sure you have the recommended patches for your version of the Solaris software before installing or upgrading to the Sun Ray server software 1.3. Go to this URL:
http://sunsolve.Sun.COM
and click on the "Patchfinder" link.
Besides CD-ROM media, the Sun Ray server software 1.3 is also available as an electronic software download (ESD). In this case, the software is downloaded and extracted into an image directory. This directory is an image of the Sun Ray server software 1.3 CD-ROM. The contents of the image directory are as follows:
Controlled_Access_Mode/ Sun_Ray_Admin_Server_1.0/
Copyright Sun_Ray_Server_Software_1.3/
Docs/ Supplemental/
FR_Copyright admin_default
LDAP_client/ lib/
Patches/ sbin/
README.html utinstall*
Sun_Directory_Services_3.1/ utpreserve*
|
Note - The initial ESD release of the Sun Ray Server Software 1.3 will not have localized documentation directories. Later releases and the CD-ROM itself will.
In this readme and in all other Sun Ray server software 1.3 documentation, when reference to the image directory is made or the example of /cdrom/cdrom0 is provided, system administrators who are using an ESD of the Sun Ray software should move to the directory with the contents shown above.
The localized Sun Ray Server Software 1.3 documentation is available in PDF format in the CD-ROM image directory. For example:
| /cdrom/cdrom0/Docs/Solaris_2.6+/locale/package/reloc/SUNWut/doc/locale/
|
where locale and package are according to the following table:
TABLE 1 Language, Locale, and Package
Language
|
Locale
|
Package
|
|---|
|
English
|
en
|
SUNWeutdo
|
|
French
|
fr
|
SUNWfutdo
|
|
Japanese
|
ja
|
SUNWjutdo
|
|
Korean
|
ko
|
SUNWkutdo
|
|
Simplified Chinese
|
zh
|
SUNWcutdo
|
|
Traditional Chinese
|
zh_TW
|
SUNWhutdo
|
Unlike the previous release, Japanese documentation is not installed automatically by the utinstall script. Documentation for non-English languages is installed using the pkgadd command.
 |
To Manually Install a Localized Documentation Package
|
K<(»Z
Note - For the en locale (English) this procedure is not mandatory.
This procedure uses locales and package names from TABLE 1.
| |
1. |
As superuser of the Sun Ray server, change to the directory for your locale. For example:
# cd /cdrom/cdrom0/Docs/Solaris_2.6+/locale
|
|
| |
2. |
If your locale is fr, ko, zh, or zh_TW, follow these immediate steps.Otherwise, go to Step 3. |
| |
a. |
Check for previous documentation for your locale. Type:
|
| |
b. |
If the package is found, remove it. Type:
|
| |
3. |
Install the new localized documentation package by typing:
|
| |
|
After installation, the localized documentation is available on the Sun Ray server at the following path:
|
Japanese Documentation
For the 1.3 release of the Sun Ray server software, Japanese documentation is not available from the Online Documents link of the Administration Tool.
Japanese man pages are available in PDF format in the Sun Ray Server Software 1.3 Reference Manual, part number 816-1754-10.
The following features are deprecated in the Sun Ray server software 1.3. They remain in this release to provide a period of migration to new applications. They will be removed in the next release of Sun Ray server software. Users are advised to use the replacement features.
- The session X property, _SUN_CORONA_SESSION, is replaced by _SUN_SUNRAY_SESSION.
- The token name environment variable, CORONA_TOKEN, is replaced by SUN_SUNRAY_TOKEN.
- The utsettings.hotkey property of the utsettings.properties file has been replaced by the equivalent property in the utslaunch.properties file.
- Refer to the utslaunch.properties man page for more details.
- The terminalId attribute displayed in the callback status command from the authd daemon is replaced by the terminalCID attribute, which displays a terminal's canonical ID.
- The utload command will be removed in the next release.
Note - The authd daemon callback status command is not a public or supported interface.
In this readme and for all Sun Ray server software 1.3 documentation, reference to Sun Ray server host names means the host names displayed by this command:
The following sections update or correct the information in the Sun Ray Server Software 1.3 Installation Guide.
Preparing for Upgrade
Replace the section "Preparing for Upgrade" on page 31, with the following text and two procedures:
If you are upgrading a Sun Ray server in a failover group, perform the following procedures. Otherwise, go to "Preserving the Configuration".
| |
To Disable Token Redirection
|
K<(»Z
Note - Perform this procedure on all Sun Ray servers before upgrading any Sun Ray server. This procedure might take 10 minutes to complete.
| |
1. |
As superuser, open a shell window on the Sun Ray server. |
| |
2. |
Edit the /etc/opt/SUNWut/auth.props file. |
| |
3. |
Check the value of the acceptRedirectToken property. |
| |
|
If it is true, change it to false. |
| |
4. |
Save the /etc/opt/SUNWut/auth.props file. |
| |
5. |
Reset the authentication policy:
# /opt/SUNWut/sbin/utpolicy -i soft
|
|
| |
|
There is a brief interruption of Sun Ray services. User sessions are re-attached. |
| |
6. |
Continue to the next procedure, To Disconnect the Sun Ray Server From the Interconnect" and upgrade all Sun Ray servers as instructed. |
Note - After all Sun Ray servers have been upgraded, return the acceptRedirectToken property to its original value and reset the authentication policy.
| |
To Disconnect the Sun Ray Server From the Interconnect
|
K<(»Z
Caution - This procedure disconnects users from their sessions on the Sun Ray server. Have your users terminate their sessions before you continue.
Note - This procedure might take three minutes to complete.
| |
1. |
If you are upgrading from the Sun Ray enterprise server software 1.1, follow these immediate steps. Otherwise, go to Step 2 |
| |
a. |
Physically disconnect the cable from the Sun Ray server to the Sun Ray
interconnect.
|
| |
2. |
As superuser, open a shell window on the Sun Ray server. |
| |
3. |
Disconnect the Sun Ray server from the Sun Ray interconnect:
# /opt/SUNWut/sbin/utadm -f
|
|
| |
|
The Sun Ray server is disconnected from the Sun Ray interconnect. |
| |
4. |
Do one of the following tasks: |
- If you want to upgrade or re-install the Solaris operating environment, see "Preserving the Configuration" on page 31.
- Otherwise, go to "Upgrading the Sun Ray Server" on page 34.
Reconnect to the Sun Ray Interconnect.
Between step 2 and step 3 in the procedure, "To Configure the Sun Ray Interconnect Interface" on page 41, insert the following note:
Note - If you disconnected the cable between the Sun Ray server and the Sun Ray interconnect, reconnect it now.
SunMC Agent Restart
The note at the top of page 49 provides incorrect file paths. Replace that note with the following:
Note - If any of the servers are monitored by the Sun Management Center, restart the agent on that server. Type:
# /opt/SUNWsymon/sbin/es-stop -a
# /opt/SUNWsymon/sbin/es-start -a
The following sections update or correct the information in the Sun Ray Server Software 1.3 Administrator's Guide.
Revised Preface Information
In the Preface section, "How This Book Is Organized," replace the chapter descriptions with the following:
| |
|
Chapter 1 describes the Sun Ray system. |
| |
|
Chapter 2 describes non-smart card mobility. |
| |
|
Chapter 3 describes the Administration Tool. |
| |
|
Chapter 4 describes the command-line interface. |
| |
|
Chapter 5 describes peripherals for Sun Ray appliances. |
Revised PostScriptTM Printer Information
Disregard the following information in "To Set Up a Printer" on page 90, step 8e,:
Select the printer type according to your printer model. If no option matches, select other; then type your printer type or unknown.
Revised Appendix Information
In Appendix A, "Troubleshooting," section, "No Ethernet," the second sentence is replaced by the following:
The Ethernet address is shown in the icon.
The following sections update or correct the information in the Sun Ray Server Software 1.3 Advanced Administrator's Guide.
Chapter 2, "VLANs and the Sun Ray"
utcapture
In the section "Starting utcapture," replace the fourth paragraph with the following:
This command captures data every 15 seconds from the Authentication Manager that is running on the local host and then writes it to stdout:
% /opt/SUNWut/sbin/utcapture -s server5118.eng 080020a893cb 080020b34231
|
Acceptable Packet Loss Rate
On pages 27 and 31, information describing acceptable packet loss rate is inconsistent.
When the packet loss to the Sun Ray client is greater than 0.1% as reported by the /opt/SUNWut/sbin/utcapture tool, the performance of the client might be impacted. To improve performance, follow the recommendations outlined in "Recommendations for VLAN Implementations" on page 27 and make appropriate modifications to your network.
Note - Sun Ray deployments using VLAN technology are only supported when the packet loss is 0.1% or less.
Chapter 3, "Monitoring the Sun Ray System"
Lost Percent
Figure 3-11 Desktop Panels, refers to the percentage of lost packets accumulated since the listed appliances were brought up. Results are provided every five minutes. This percentage differs from the /opt/SUNWut/sbin/utcapture command where the lost percentage is a change from the previous reading and is provided every 15 seconds.
Activating the Sun Ray Module
Replace step 1 in the procedure, "To Activate the Sun Ray Module" on page 42, with the following step 1:
| |
1. |
Register the module by typing:
# /opt/SUNWut/sbin/utsunmc
|
|
| |
|
This command adds the module to the SunMC software and starts the agent. |
Chapter 6, "Failover"
Replacement Procedure
The following procedure replaces the one found in the Failover chapter. This procedure expects the primary server: to have crashed, not exist, or be in a quiescent state and unable to make changes to the LDAP database.
| |
To Replace a Primary Server
|
port��
| |
1. |
On one of the secondary servers, disable updates to the LDAP server:
# /opt/SUNWconn/ldap/sbin/dsservcmd -f
|
|
| |
2. |
Capture the current data store to a file called /tmp/store:
| # /opt/SUNWconn/sbin/ldbmcat /var/opt/SUNWconn/ldap/dbm.ut/id2entry.dbb > /tmp/store
|
|
| |
|
This provides an LDIF format file of the current database. |
| |
3. |
Enable updates to the LDAP server:
# /opt/SUNWconn/ldap/sbin/dsservcmd -n
|
|
| |
4. |
Install and configure a Sun Ray server according to the procedures in the Sun Ray Server Software 1.3 Installation Guide. |
Note - Use the same admin password and group signature you originally configured.
| |
5. |
FTP the /tmp/store file from the secondary server to the new Sun Ray primary server. |
| |
6. |
Stop Sun Ray services:
# /etc/init.d/utsvc stop
# /etc/init.d/dsserv stop
|
|
| |
7. |
If the new primary server host name is different than the previous primary server, perform these steps. Otherwise, go to Step 8 |
| |
a. |
On the secondary server, use an editor to view the
/etc/opt/SUNWut/utadmin.conf file.
|
| |
b. |
Record the information provided for the admin.user.name and
admin.subtree properties.
|
| |
c. |
On the primary server, open the /etc/opt/SUNWut/utadmin.conf file and
replicate the values for the admin.user.name and admin.subtree properties.
|
| |
d. |
Use an editor to view the
/etc/opt/SUNWconn/ldap/current/dsserv.acl.conf file.
|
| |
e. |
Edit the following lines:
access to dn=".*,admin_subtree" attrs=userPassword
by self write
by * compare
access to dn=".*,admin_subtree"
by dn="cn=utadmin,admin_subtree" write
|
|
| |
|
Change admin_subtree to the value of the admin.subtree property. |
| |
8. |
Change to the LDAP directory:
# cd /var/opt/SUNWconn/ldap
|
|
| |
9. |
Rename the old database information:
|
| |
10. |
Create a new database directory:
|
| |
11. |
Change permissions for the directory:
|
| |
12. |
Change ownership of the directory to root and group sys:
|
| |
13. |
Reload the data store:
# /opt/SUNWconn/ldap/sbin/ldif2ldbm -c -n 2 -j 10 -i /tmp/store
|
|
| |
14. |
Configure the primary server for LDAP replication:
# /opt/SUNWut/sbin/utreplica -p secondary_server ...
|
|
| |
|
Where secondary_server is a space delimited list of the exact secondary server host names. You might see a warning that replication is already configured. This warning can be ignored. |
| |
15. |
If the new primary server host name is different than the previous primary server, perform these steps. Otherwise, go to Step 16 |
| |
a. |
For each secondary Sun Ray server, unconfigure LDAP replication:
# /opt/SUNWut/sbin/utreplica -u
|
|
| |
b. |
Reconfigure LDAP replication:
# /opt/SUNWut/sbin/utreplica -s new_primary
|
|
| |
|
Where new_primary is the exact host name of the new primary Sun Ray server. The LDAP database is re-synchronized. This might take a few minutes to complete. |
| |
16. |
Verify the datastore by typing:
# /opt/SUNWut/sbin/utuser -l
|
|
| |
17. |
Reboot the Sun Ray server:
|
Procedure Title Change
Change the procedure title "To Replace the Primary Server with a Secondary Server" to "To Promote a Secondary Server to a Primary Server.
Rebuilding the Data Store
In the procedure "To Rebuild the Primary Server Administration Data Store," add the following substeps after step 3:
| |
a. |
Type:
# /opt/SUNWut/sbin/utconfig
|
|
Note - Enter the same admin password and group signature you originally configured.
| |
b. |
Stop the SunDS server, type:
# /etc/init.d/dsserv stop
|
|
Appendix A, "Controlled Browser"
"No Proxy" Setting
The following information was unintentionally omitted from the Controlled Browser Functionality section of the appendix:
For added security, the end user cannot configure the controlled browser. As such, they cannot set "No Proxy" for an IP address, host name, or domain. The following procedure provides the Sun Ray administrator a method of setting a "No Proxy" for all users of the controlled browser.
| |
To Set "No Proxy" for an IP Address or Host Name
|
port��
| |
1. |
As superuser, open the /opt/SUNWbb/config/prefs.def file in an editor. |
| |
2. |
Search for the line which begins with:
"network.proxy.no_proxies_on"
|
|
| |
3. |
Append a comma delimited list of host names, domain names, or IP addresses, beginning with localhost and enclosed by double-quotes. For example:
"network.proxy.no_proxies_on" "localhost,.central,172.16.182.216"
|
|
Note - Domain names require a leading period to distinguish from host names.
Adobe® Acrobat Reader Plug-In
In the procedure "To Add Adobe Acrobat Reader Plug-in and Application," replace step 5 with the following:
| |
5. |
Copy the Acrobat Reader plug-in library into the NetscapeTM plug-in directory:
# cd /var/opt/SUNWbb/root/bb/apps/Acrobat4/Browsers/sparcsolaris
# chmod 755 nppdf.so
# cp nppdf.so /var/opt/SUNWbb/root/bb/apps/netscape/plugins
|
|
Also, in step 8, add the following lines to the list of executable commands:
# cp -p /usr/bin/sh /var/opt/SUNWbb/root/bin
# cp -p /usr/bin/sh /var/opt/SUNWbb/root/usr/bin
# cp -p /usr/bin/expr /var/opt/SUNWbb/root/usr/bin
|
RealPlayer Plug-In
In the procedure "To Add RealPlayer Plug-in and Application," in step 5, add the following lines to the list of commands:
# cd /var/opt/SUNWbb/root/bin
# ln -s /bb/apps/RealPlayer8/realplay
|
In steps 11 and 12, change app.d to apps.d.
This section identifies known problems in the Sun Ray server software 1.3 and provides workarounds. Topics covered are:
- Installation and Upgrade
- Sun WebServerTM and Sun Ray Administration Server
- Administration Tool and GUIs
- Sun Management Center (SunMC)
- Login and Sessions
- Other
Installation and Upgrade
Policy Information Not Preserved
When you upgrade from the Sun Ray Enterprise Server Software 1.0, the policy information is not retained.
Workaround:
| |
1. |
Before you begin the upgrade process, note the current policy information:
# /opt/SUNWut/sbin/utpolicy
# Reading policy file: /etc/opt/SUNWut/policy/utpolicy
# Current Policy:
/opt/SUNWut/sbin/utpolicy policy_string
|
|
| |
|
Where policy_string is the policy currently set. |
| |
3. |
Restore the previous policy by typing:
# /opt/SUNWut/sbin/utpolicy policy_string
|
|
utinstall Error Message
When upgrading to the Sun Ray server software 1.3 in zero administration mode, you might see the following error:
ERROR: Please run utconfig first before further setting/querying
of utpolicy.
|
This error can be ignored.
Alternate Server Values Not Rejected
When configuring for an alternate authentication server using the utadm command, values the user rejects are retained and concatenated to the desired values.
Workaround:
Completely unconfigure the Sun Ray interface and reconfigure. For example:
# /opt/SUNWut/sbin/utadm -r
# /opt/SUNWut/sbin/utadm -a interface_name
|
Upgrade of Firmware Over Multiple Sun Ray Interfaces
When upgrading the Sun Ray appliance firmware, do not attempt to apply the upgrade over multiple Sun Ray interfaces. For example:
# /opt/SUNWut/sbin/utfwadm -A -a -n all
|
This causes errors.
Workaround:
Upgrade the firmware over the Sun Ray interfaces separately. For example:
# /opt/SUNWut/sbin/utfwadm -A -a -n interface_name
|
SUNWskild Package Not Removed
For a high encryption installation, the SUNWskild package is not removed after you run the utinstall -u command.
Workaround:
 |
Remove SUNWskild by typing:
|
Sun WebServer and Sun Ray Administration Server
Incorrect Reference to the Sun WebServer
When you upgrade to Sun Ray Server software 1.3, the system creates log files. These log files might reference the Sun WebServer if there is an existing Sun WebServer configuration on the system. The Sun Ray Administration Server replaces the Sun WebServer.
Sun Ray Administration Server Not Installed
The Sun Ray Administration Server software is a web server and a required component of the Sun Ray server software 1.3. Previous releases of the Sun Ray server software used the Sun WebServer software. When installing/upgrading to the Sun Ray server software 1.3, the user might be asked whether to remove the existing Sun WebServer software as it is no longer needed. If the user responds "No" to the prompt, the Sun Ray Administration Server is not installed.
Workaround:
Refer to the following procedure after completing the installation/upgrade of Sun Ray server software 1.3, but before any further configuration.
Note - Perform this procedure only if you want to retain your Sun WebServer during installation/upgrade. Otherwise, elect to remove it.
| |
To Enable Installation of the Sun Ray Administration Server
|
port��
| |
1. |
Install/upgrade the Sun Ray server software 1.3 as described in the Sun Ray Server Software 1.3 Installation Guide. |
| |
|
Perform the tasks in chapters 2, 3, or 4. Do not continue to chapter 5. |
| |
2. |
Manually add the Sun Ray Administration Server software. |
| |
a. |
Change to the image directory. For example:
|
| |
b. |
Change to the Sun Ray Administration Server product directory:
# cd Sun_Ray_Admin_Server_1.0/Solaris_2.6+/Product
|
|
| |
c. |
Add the software packages:
# pkgadd -d . SUNWutws SUNWutwsc
|
|
| |
|
During the pkgadd operation, respond with the default values except for this prompt:
Construct a server instance and website [y,n,?,q] n
|
|
| |
d. |
Respond "n" (no) to this prompt.
|
| |
|
The pkgadd operation finishes. |
| |
e. |
If you are installing the Sun Ray server software for the first time, go to Step 5
|
| |
3. |
Determine if you are upgrading an existing Sun WebServer instance. |
| |
|
Type as superuser:
# grep -l 'SUNWut begin' /var/http/*/*/*/conf/access.conf
|
|
| |
|
If there is an instance, a line of output similar to this is displayed:
/var/http/instance_name/websites/default_site/conf/access.conf
|
|
| |
|
If no information or an error is returned, go to Step 5. The default instance_name is utadmin. |
| |
4. |
Type the following commands to remove this instance:
# /usr/bin/htserver stop instance_name
# /usr/bin/htserver delete instance_name
# rm -f /etc/http/instance_name.httpd.conf*
# rm -rf /var/http/instance_name
|
|
| |
5. |
Configure the Sun Ray server software 1.3 as described in the Sun Ray Server Software 1.3 Installation Guide. |
Note - Respond "Yes" if prompted to configure the Sun Ray Administration Server.
Do Not Change CGI User Group Assignment
When the CGI user (utwww) is created, it is assigned to the group utadmin. Do not change this assignment.
Administration Tool and GUIs
Administration Password Must Be Less Than 17 Characters
If the administration password is greater than 16 characters, you might be unable to log in to the Administration Tool, as the password might have become corrupted.
If you change the password to more than 16 characters, you might see an error message:
- If you used the Administration Tool to change the password, you might see this message:
Error 500: Server Error
The server encountered an internal error and was unable to fulfill
the request.
|
- If you used the /opt/SUNWut/sbin/utpw command, you might see this message:
Error: could not connect to admin server
Make sure the SunDS server is running and that the values for
"rootdn" and "rootdn" password are correct. The server encountered
an internal error and was unable to fulfill the request.
|
Workaround:
Restore the Sun Ray server from a backup copy to the state is was before the password was changed. If you reconfigure the Sun Ray server software, you will lose all acquired Sun Ray LDAP data.
Suggested Web Browser
To fully experience the graphical Administration Tool feature of the Sun Ray server software 1.3, a thoroughly JavaScriptTM compatible web browser is required. The Netscape Communicator is the preferred browser, as it provides the best results.
Controlled Access Mode (CAM) Application Not Configurable
After you add a CAM application, you cannot configure it from non-English locales.
Workaround:
There are two possible workarounds:
- Log in to the Administration Tool under the en_US locale.
- Remove the application and add it again under the intended locale.
CAM Users Not Completely Removed by utconfig
If a Sun Ray server is enabled for CAM, and the utconfig -u command is used to remove the CAM users, CAM users with active sessions are not removed.
| |
To Properly Unconfigure a Sun Ray Enabled With CAM
|
port��
Note - For this procedure, it is not necessary to use the utreplica command.
| |
1. |
Inform all users to exit their sessions. |
| |
2. |
As superuser, stop all Sun Ray services:
|
| |
3. |
Check for remaining active CAM users:
|
| |
|
If any processes are remaining, wait until they terminate. |
| |
4. |
Repeat Step 3 until there are no more instances of kiosk displayed. |
| |
5. |
Run utconfig:
# /opt/SUNWut/sbin/utconfig -u
|
|
Workaround:
If the proper sequence was not followed, perform these steps to remove all CAM users.
| |
To Remove CAM Users
|
port��
| |
1. |
As superuser, update the /etc/shadow file:
|
| |
2. |
Remove all CAM users:
# /opt/SUNWut/bin/bbmkuser -r
|
|
Finding Users by Token ID
In the Administration Tool, if you are trying to locate a registered user by Token ID, you might see this error message in the Find User window:
Workaround:
| |
Click the View by ID link to find a matching user by Token ID.
|
Sun Ray Administration Fails Due to cryptorand Daemon
Consider the situation where the Sun Ray Administration Server is configured to use a secure sockets layer (SSL) on a system that supports dynamic reconfiguration. After removing a CPU board, the cryptorand program might exit and render the Sun Ray Administration Server unreachable.
Workaround:
| |
Restart the cryptorand daemon. Type:
# /etc/init.d/cryptorand start
|
|
What the Reset Button Does
The reset button found in the Administration Tool window either:
- Erases immediate changes to field values and returns them to their previous or default values.
- Stops and then starts Sun Ray services.
Note - The reset button does not reload or refresh a window.
Cancel Button Causes Error
When editing user properties in the Japanese locale, clicking the Cancel button might display an internal error.
Workaround:
Instead of the Cancel button, click the Back button in your browser.
Controlled Browser in English
The Controlled Browser is displayed in English when launched from the Sun Ray Appliance.
Sun Management Center (SunMC)
Misleading Message
When you install the Sun Ray server software 1.3 or run the /opt/SUNWut/sbin/utsunmc command on a system without the SunMC software, the following message is displayed and can be ignored:
NOTE: Sun Management Center version installed.
Minimum version required is 2.1.1
|
Alarms on Upgraded Systems
If you are a Beta Customer upgrading to the final release of SRSS 1.3, you might see SunMC alarms.
Workaround:
| |
Uninstall and reinstall the software.
|
rpc.bootparamd Alarms
If rpc.bootparamd is down, a critical alarm on system Up Time might be displayed. Since this is not a critical service, this alarm can be ignored.
Desktop Exception Table Lists All Desktops
The Exceptions Desktop Table should list only desktops with exception conditions 2 (down) or 3 (no X service). However, it displays all the desktops including those that are in normal condition 1(up). Ignore the desktops that are in normal condition.
Login and Sessions
User Sessions Error Message
Using the Administration Tool, if you see the following error message:
when you view User Sessions, make sure that the utadmin group exists in the /etc/group file. Do not add the utadmin group to the NIS database. The Session Management feature of Sun Ray Administration Tool depends upon the utadmin group in the /etc/group file to work properly.
Workaround:
Add the utadmin group to the /etc/group file.
Detached NSCM Sessions Not Managed
The Administration Tool Session Management feature and the utsession command might not be able to manage and list detached non-smart card mobile (NSCM) sessions correctly.
Workaround:
| |
Type:
# touch /tmp/SUNWut/session_proc/display_number
|
|
| |
|
Where display_number is the display number of the detached NSCM session. |
NSCM Endless Loop
Consider the situation where Sun Ray servers in a failover group use local maps for user name/password pairs. A user logs into one server which has the user's authentication information. However, the load balancing algorithm re-directs the user's session to another Sun Ray server, which has no knowledge of the user. The result is that the user is dropped into an endless loop of authentication error messages.
Workaround:
The NSCM session feature of the Sun Ray server software 1.3 requires that servers in a failover group use a common map for user name/password pairs. For example, if NIS is used, then the Sun Ray servers must access the same NIS domain or the passwd property of their /etc/nsswitch.conf files should be the same.
Additionally, all user home directories must be mounted.
Log File Reports Error for auth Tokens
If the authentication policy on the SunRay server is set to enable non smart card mobile sessions and appliance registration, you might see the following error message in the /var/opt/SUNWut/log/messages file when the services are reset:
utuser[6602]: Internal Error: could not get logical token for raw
token 'auth.test2'
|
The message is displayed because registration is enabled for pseudo-tokens and not for mobile tokens. As a result, the database has registration information for the appliance only, and the system cannot find registration information for the mobile tokens.
Workaround:
Currently there is no facility to register mobile tokens. You can ignore this message.
Sessions Accessible Without Authorization
Should a pseudo-token become disconnected from the Sun Ray server for any reason: appliance power cycle, server restart, network failure; upon reconnection, if the session is re-directed to the same appliance, the session is accessible without authorization. This security hole exists until the screen lock is activated.
Workaround:
There are two workarounds available:
- Use the utaction command to lock the screen on disconnect.
- Disable pseudo-sessions and use smart card or NSCM sessions instead.
| |
To Use the utaction Command to Lock the Screen
|
port��
| |
1. |
As superuser, create the /usr/dt/config/Xsessiond.d/0101.SUNWut file:
# touch /usr/dt/config/Xsessiond.d/0101.SUNWut
|
|
| |
2. |
Open the file with an editor and add one of the following lines: |
- For CDE, add:
/opt/SUNWut/lib/utaction -d '/usr/dt/bin/dtaction LockDisplay' &
|
- For other window managers, add:
/opt/SUNWut/lib/utaction -d '/usr/openwin/bin/xlock' &
|
Note - The utaction mechanism does not work for remote sessions.
NSCM Sessions, Solaris 8 Software, and CDE
Consider a Sun Ray server that has the Solaris 8 or later operating environment installed, is configured with the CDE window manager, and is using NSCM sessions. Upon doing a screen lock, the user's session is actually disconnected from the Sun Ray appliance and the NSCM login GUI is displayed. This enables another user to log in from the same appliance without having to terminate the previous user's sessions.
This feature is not available to Sun Ray servers not using the Solaris 8 operating environment and CDE.
Start Over Button in Japanese Locale Not Functioning
For the NSCM GUI in the Japanese locale, if a user types the wrong character into the user name field, pressing the Start Over button does not erase input. Instead, the user is advanced to the password field. Login will not be possible.
Workaround:
In this situation, reset the GUI by pressing Ctrl + Alt + Bksp, Bksp. A new NSCM GUI is displayed.
Registration With Non-ASCII Characters Not Possible
When a user self-registers, the registration GUI does not accept non-ascii (double-byte) characters.
Other
Restarting the Policy Freezes Sun Ray Appliances
In rare occurrences after running the /opt/SUNWut/sbin/utpolicy -i clear command, the Sun Ray appliances may not come up.
Workaround:
Restart the Sun Ray Authentication Manager and services.
| |
As superuser, type:
# /etc/init.d/utsvc restart
|
|
Faulty Packet Loss Report
The /opt/SUNWut/sbin/utcapture application sometimes reports a percent loss greater than 100%. This faulty indication occurs when a Sun Ray appliance resets due to a power cycle or connects to another server in the failover group and can be ignored.
HP Printer Software Prevents DHCP Daemon From Starting
If the HP printer bootpd daemon is running at power-on time and it has bound to port 67, the Sun Ray DHCP daemon, /usr/lib/inet/in.dhcpd, cannot be started. As a result, the Sun Ray private interfaces, such as hme1, cannot be configured.
To resolve this problem, perform the following steps before running utadm -a interface:
| |
1. |
As superuser, verify that port 67 is in use by typing:
# /usr/bin/netstat -an | grep \*\.67
|
|
| |
2. |
If port 67 is bound by some process, download the lsof utility from the Sun freeware Web site: |
| |
|
http://www.sunfreeware.com |
| |
3. |
At the Web site, lsof is in the list of SPARC/Solaris 8 Packages in the lower right corner. |
| |
5. |
Identify which process is bound to port 67 by typing:
|
| |
6. |
Remove the process bound to port 67 by typing:
|
Directory Components for Commands Required
When invoking Sun Ray specific commands, make sure to include the directory component. For example:
# cd /opt/SUNWut/sbin
# ./utpolicy -i clear
|
Or:
# /opt/SUNWut/sbin/utpolicy -i clear
|
utselect GUI Is Not Displayed
In a failover condition, if the selectAtLogin property of the /etc/opt/SUNWut/auth.props file is set to true and there is only one Sun Ray server up, then no GUI is displayed when the /opt/SUNWut/bin/utselect -L command is invoked.
See the utselect and auth.props man pages for information.
Server Selection With Multihead
If you have a multihead configuration with an odd number of screens and XINERAMA enabled, you might not be able to generate responses when you click the buttons in the server selection (utselect) GUI at log in.
However, you can select and highlight any of servers in the selection list.
Workaround:
Double-click one of the servers to launch a session on that server.
ShowMe TVTM Restart
If you are using ShowMe TV and you stop and start the Sun Ray services, you must also restart ShowMe TV.
