-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Walter,
I feel your pain! The documentation for AMGH is extremely lacking.
I've been working on this for over a month finding bits of information
all over the place and not just in one place. And no examples is the
biggest problem.
I will attach my notes that I have done so far in testing out AMGH. My
test server has three network connections: 1 for my test VLAN, second
one for my main Sunray VLAN, and third is for our regular network. My
test sunray server is running in kiosk mode and I wanted when I insert
my smart card for it to find my saved session on our main sunray FOG
group. It is working. You can weed out all the setting up the routing
stuff if you're just working on one shared network.
Walter R. Moore wrote:
> I've read the official docs and the howto
> (http://blogs.sun.com/bobd/resource/Getting Started with AMGH.html) for
> AMGH, and I've read through Sun's own AMGH script, and I feel really at
> sea.
>
> Can someone please break this down to the simplest scenario for me, with
> examples?
>
> Say I have a FOG that is my dhcp auth server etc for sun rays, and say I
> wanted to have it handle all sessions except for specific tokens I have
> marked as going to a separate server.
>
> Thanks in advance -- feel free to answer to me or to the list.. if you
> answer to me I'll be happy to summarize to the list.
>
> -Walter Moore
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> SunRay-Users mailing list
> [email protected]
> http://www.filibeto.org/mailman/listinfo/sunray-users
- --
C. J. Keist Email: [EMAIL PROTECTED]
UNIX/Network Manager Phone: 970-491-0630
Engineering Network Services Fax: 970-491-5569
College of Engineering, CSU
Ft. Collins, CO 80523-1301
All I want is a chance to prove 'Money can't buy happiness'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJNuhlA29OFr7C6jcRAnLrAKCjfJVWTwQB36ovF06jMTSwDli5XACgqYEb
DgST9mTKuaClBvw9c/c0A5g=
=f5b+
-----END PGP SIGNATURE-----
I was setting up a test sunray server running in kiosk mode with a VLAN that
my sunray thin client was sitting on. I wanted to be able to instert my ID
card and have it find my saved session on our main sunray FOG group on our main
network. So the setup is our main FOG with each server having two NICs, one for
the VLAN for the sunray thins; second NIC for our regular network. My test
sunray server running in kiosk mode with two NIC's, one for my test VLAN and
second on the regular network (same as the FOG).
So what I had to do was first turn my test sunray server into a router. To
do this I did the following:
Enable ipv4 forwarding:
svcadm enable svc:/network/ipv4-forwarding:default
Enable routing:
svcadm enable svc:/network/routing/route:default
Next I disabled my sunray interconnect to my test VLAN.
/opt/SUNWut/sbin/utadm -d ce0
Then turned on LAN connection support
/opt/SUNWut/sbin/utadm -L on
Question: Is there way to turn on LAN support to just one NIC interface?
Answer: NO
To make sure none of my other Sunray thin clients tried connecting to my test
server I setup IPfilter and put in the following in /etc/ipf/ipf.conf:
block in on eri0 proto tcp from xxx.xx.xxx.0/21 to any port = 7007
block in on eri0 proto tcp from xxx.xx.xxx.0/21 to any port = 7009
block in on eri0 proto udp from xxx.xx.xxx.0/21 to any port = 7009
xxx is my regular network. I assume the above is adequate to block any thin
client connecting to my server?
Then you need to setup DHCP server to server out ip address to my test VLAN.
Key thing here is to make sure and change the default macro to not deal out DNS
info. But you do need to make sure and have a router defined. I don't want my
thin client being able to find my sunray servers in my main FOG group.
The default DHCP macro should have the following settings:
Include Locale
Timeserv 129.82.225.54
LeaseTim 86400
LeaseNeg
Router 192.168.128.1
Then I had to put in NAT config to get my network packets forwarding out from
my test VLAN, so in /etc/ipf/ipnat.conf I have:
map eri0 192.168.128.0/24 -> xxx.xx.xxx.54/32
xxx.xx.xxx.54 is IP of my test sunray server.
So now AMGH is working, inserting my ID card in my test sunray it does query my
master sunray server in our main FOG and then finds my saved session! But one
problem remains. When I pull my card out my test sunray connects to a login
screen of one of my main sunray servers instead of falling back to my test
sunray kiosk server!?!? How do I get my test sunray to fall back to it's
sunray kiosk server?
Well, I tried to put third nic up on the sunray vlan so I can route traffic
from you test vlan to the sunray vlan. Problem was as soon as I brought up
the third nic I would starting having network packet loss problems. Looking
ifconfig -a output I saw that all the nic were getting the system MAC address.
Having two nics with the same MAC is okay but not three?!?!? So do the
following command to find the MAC address for each nic:
prtpicl -c network -v
This spits out a lot of output, but key lines to look for are:
network (network, a1000002e1) (Beginning of network card info)
driver-name eri (Type of drive)
instance 0 (So this is eri0 network device)
The main system nic will not show a local-mac-address as it gets that from the
system.
Other cards look for:
network (network, a1000002e1) (Beginning of network card info)
local-mac-address 00 14 4f 03 53 f4
driver-name ce
instance 0 (This ce0 network device)
Then use the info to set the ether address for the nic using ifconfig
ifconfig ce0 ether 0:14:4f:3:53:f4
Then at ok prompt do:
setenv local-mac-address? true
boot
The AMGH stopped working going from my test VLAN to the Sunray VLAN. Found
out I had to put in the host ip and names for my sunray servers in the
/etc/hosts file:
192.168.100.1 sunfire2.engr.colostate.edu sunfire2
192.168.100.10 sunfire.engr.colostate.edu sunfire
192.168.100.9 sunfire3.engr.colostate.edu sunfire3
192.168.100.11 sunfire4.engr.colostate.edu sunfire4
192.168.100.12 sunfire5.engr.colostate.edu sunfire5
192.168.100.13 sunfire6.engr.colostate.edu sunfire6
Now it's working again through my sunray VLAN's! This will keep the kiosk
VLAN secure as you will not be able to surf the internet with your lap top
if you try and use the network jack a kiosk is on.
After all this, settting up AMGH is simple with the provided scripts in:
/opt/SUNWutref/amgh
I used the utamghref_script. You need to create a file called back_end_db
in this same directory. In this file I put in my CARD ID:
token=Mondex.909d44514ec20000 host=192.168.100.1
This will direct AMGH when it sees my smart card to forward to my main
sunray FOG master server at 192.168.100.1
Then in /opt/SUNWut/sbin run the following to enable AMGH:
utamghadm -s /opt/SUNWutreg/amgh/utamghref_script
You will then need to restart your sunray services:
utrestart -c
That's it. If you lucky it will now redirect to your saved session on the
other sunray FOG group.
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
