Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition | |||
|
|
Solution Type Technical Instruction Sure Solution 1010574.1 : Sun Ray[TM] Controlled Access Mode
PreviouslyPublishedAs 214549 Description The purpose of this document is to give information on how to configure and enable the CAM (Controlled Access Mode) Environment, also known as Kiosk mode. Steps to Follow CAM (Controlled Access Mode) requires that the SUNWutkio and SUNWbbchr packages are installed. These packages reside in different locations in Sun Ray[TM] Package location on Sun Ray[TM] Server Software 1.3 CDROM: /cdrom/sun_ray_13/Sun_Ray_Server_Software_1.3/Solaris_2.6+/Product/ system SUNWutkio Sun Ray server Controlled Access Mode /cdrom/sun_ray_13/Controlled_Access_Mode/Solaris_2.6+/Product system SUNWbbchr chroot runtime environment for BB Package location on Sun Ray[TM] Server Software 2.0 CDROM: /cdrom/srss_2_0/Sun_Ray_Server_Software_2.0/Solaris_8+/Packages system SUNWutkio Sun Ray server Controlled Access Mode /cdrom/srss_2_0/Controlled_Access_Mode_2.0/Solaris_8+/Packages system SUNWbbchr chroot runtime environment for BB Package location on Sun Ray[TM] Server Software 3.0 CDROM: /cdrom/srss_3/Sun_Ray_Core_Services_3.0/Solaris_8+/Packages system SUNWutkio Sun Ray server Controlled Access Mode system SUNWutkir Sun Ray server Controlled Access Mode /cdrom/srss_3/Controlled_Access_Mode_2.0/Solaris_8+/Packages system SUNWbbchr chroot runtime environment for BB ____________________________________________________________________________
Note: These packages are part of the Sun Ray [TM] Server Software installation Configuring the CAM Environment: The configuration of the CAM Environment is done by utconfig and must be Admin GUI Menu Path: ADMIN->POLICY Admin GUI with utconfig run, and NO CAM Environment Configured. Change Policy (Example Only Not to scale) Server:SunRay 1.3 ___________________________________________________________________________ Card Users Non-Card Users O Enable Mobile Sessions Access: Access: O None O None * All Users * All Users O Registered Users O Registered Users O Allow Self Registration O Allow Self Registration O Self Registration Requires Solaris Authentication ___________________________________________________________________________ Multihead Features enabled: O Yes * NO ___________________________________________________________________________ When utconfig is run you are asked the following default questions Configure Controlled Access Mode? (y/[n])? y Enter user prefix [utcu]: Enter userID range start [150000]: (Default start uid) Enter number of users [25]: (Default range of anonymous users)
Note: You must check for a uid conflict prior to configuring the Cam The default uid range for CAM starts at 150000 out to the number of These ranges are configurable. A conflict of uids or anonymous user names will cause the CAM configuration Example: passwd uid conflict with the first default CAM uid of 150000 will Passwd entry: test:x:150000:10:Test User:/tmp:/bin/sh Results in the following error: Checking for previous Controlled Access Mode configuration ... not configured... Adding new Controlled Access Mode configuration ... passwd entry for utcu0 failed no users configured Controlled Acccess Mode configuration failed! Please remove all /var/opt/SUNWut/kiosk/kiosk.conf updated Example: passwd uid conflict with any CAM user uid will result in the In this example we took the default 25 users to be created. Passwd entry: test:x:150020:10:Test User:/tmp:/bin/sh (This is a conflict with uid for utcu20 CAM user.) Results in the following error: Checking for previous Controlled Access Mode configuration ... not configured... Adding new Controlled Access Mode configuration ... ....................passwd entry for utcu20 failed 20 users configured Controlled Acccess Mode configuration failed! Please remove all This created CAM user entries from utcu0 - utcu19 Enabling the utpolicy for CAM will result in 20 CAM users but not the Best resolution for this issue is to run "utconfig -u" and use a different Then run utconfig again. Admin GUI with utconfig run and CAM Environment Configured. ___________________________________________________________________________ Change Policy (Example Only not to scale) Server:SunRay 1.3 ___________________________________________________________________________ Card Users Non-Card Users O Controlled Access Mode O Controlled Access Mode O Enable Mobile Sessions Access: Access: O None O None * All Users * All Users O Registered Users O Registered Users O Allow Self Registration O Allow Self Registration O Self Registration Requires Solaris Authentication ___________________________________________________________________________ Multihead Features enabled: O Yes * NO ___________________________________________________________________________ Enabling Controlled Access Mode The CAM feature is administered through the Sun Ray Administration Tool or CAM is a policy decision that affects system-level operations. Turn You can enable the CAM Policy option for smart card users, non smartcard When controlled access mode is turned on, kiosk.start uses scripts to To enable CAM policy through CLI. Login on a Sun Ray server as root to enable CAM 1)cd /opt/SUNWut/sbin The policy change to CAM is significant. For example, after You are presented with the following banner after the utpolicy command THE MOST RECENT POLICY CHANGE WAS SIGNIFICANT (If you cannot afford to terminate existing sessions, then you can restart The authentication manager must be restarted for changes to take /opt/SUNWut/sbin/utpolicy -i clear To Enable Controlled Access Mode with the Admin GUI Bring up your browser and login to Admin GUI: 1a) http://<server name>:1660 (If remote server administration enable) or 2)login: admin and enter password you defined in utconfig 3)Select the arrow to the left of Admin to expand the navigation menu. 4) Click the Policy link. 5) For smart card users, select the Controlled Access Mode check box in the Card Users column. 6) For non-smart card users, select the Controlled Access Mode check box in the Non-Card Users column. 7) Click the Apply button. 8) Select the Reset Services menu. 9) Under Scope, click the Local or Group radio button, depending on the failover scenario. 10) Click the Reset or Restart button. Again, a services restart is recommended to avoid leaving behind existing sessions which cannot be accessed any more after the significant policy change. CAM Setup in a Failover Group The CAM environment must be configured on all servers in a failover group. In a failover environment, the administrative settings in the kiosk.conf
Note - Applications must be installed in the same location and set up the Additional Note: For futher setting or changes available in CAM please Controlled Browser The Controlled Browser is an unsupported product. For your convenience, with Sun Ray[TM] Server Software 1.3 and 2.0, we have provided a sample implementation of the Netscape Navigator 4.76 browser. This browser is provided in English only and has not been localized. The objective of this implementation is to provide a browser environment The browser is specially set up to provide for a more controlled and Netscape Navigator functions normally with the exception of disabled Installing the Controlled Browswer: Do not install a controlled browser until your system is configured with Controlled Browser Package located here in Sun Ray 1.3 1.cd /cdrom/sun_ray_13/Supplemental/Controlled_Browser/Solaris_2.6+/Product Controlled Browser Package located here in Sun Ray 2.0 1.cd /cdrom/srss_2_0/Supplemental/Controlled_Browser/Solaris_8+/Packages 2. Execute the cbinstall install script #./cbinstall
Note: In order for the Controlled Browser feature to work properly, the Sun domain {DNS domain name} nameserver {DNS server IP address} nameserver {backup DNS server IP address if available} An example of this file is as follows: domain sun.com nameserver 100.111.1.110 nameserver 100.111.1.111 nameserver 100.111.1.112 More information on resolv.conf can be found on its man page man resolv.conf. The use of DNS also requires that dns be added to the /etc/nsswitch.conf # "hosts:" and "services:" in this file are used only if the hosts: files nis dns (Your entry may very based on the name services you are running in your environment.) Product Sun Ray Server Software 2.0 Sun Ray Server Software 1.3 Sun Ray Server Software 3.0 Sun Ray 1g Ultra-Thin Client Sun Ray 1 Ultra-Thin Client Sun Ray 100 Ultra-Thin Client Sun Ray 150 Ultra-Thin Client Sun Ray 170 Ultra-Thin Client Internal Comments pete.tapia@Sun.COM
Sun Ray, sunray, CAM, Controlled Access Mode Previously Published As 72329 Change History Date: 2006-01-22 User Name: 18392 Action: Update Canceled Comment: *** Restored Published Content *** SSH Audit Version: 0 Date: 2006-01-22 User Name: 18392 Action: Update Started Comment: SSH Audit Version: 0 Date: 2006-01-17 User Name: 18392 Action: Update Canceled Comment: *** Restored Published Content *** SSH Audit Version: 0 Date: 2006-01-17 User Name: 18392 Action: Update Started Comment: SSH Audit Version: 0 Attachments This solution has no attachment |
||||||||||||
|