Anthony Winstanley wrote:
Yes, you are correct in your assumption.
We actually have made our "subgroups" into separate FOGs... AMGH sounds like
it might help; will have to poke at that.
Here's another question:
Say a SunRay starts off in a FOG serving kiosk sessions. User utswitches to
a different FOG serving linux desktop sessions. Can AMGH switch the SunRay
back to the kiosk FOG when the user's session ends? (Either login/logout or
session kill with CTRL-ALT-BKSP,BKSP)
Where are all the places AMGH is invoked to redirect a SunRay?
I recommend you read the AMGH How-To on my blog: http://blogs.sun.com/bobd
AMGH is triggered by PAM. It is instrumented at two points in the login
process - immediately before login (for AMGH mappings that don't rely on
the username), and immediately after entering the username (for AMGH
mappings that rely on it).
If the purpose of the kiosk is merely to direct people to Linux vs
Solaris servers, and if users typically use either one or the other,
consider eliminating the kiosk server and simply rely on AMGH to send
users to their appropriate FOG. In this case, when any user logs in,
they'll be directed to the appropriate FOG automatically, so you
probably don't care in which FOG the DTU starts, but if you need a
consistent look you could always send DTUs to a particular FOG upon
logout and bootup (since this is where DTUs get parked when idle, let's
call it a "parking FOG" :). It could of course serve sessions as well
to some subset of users).
To determine a good AMGH architecture for your needs the first question
is whether users use smartcards or not? There are three cases:
1 Users always use smartcards
In this case, you can use the presence of a "pseudo" token to detect
smartcard removal, and send a DTU to the "parking FOG". You'll probably
want to use the smartcard tokens to drive the AMGH mapping, and set the
username as well for convenience so users don't need to type it in.
2 Users never user smartcards
In this case, users will have to type in their usernames before you
can determine an AMGH mapping. You can detect whether or not the
username is passed in to your AMGH script, and if it hasn't been passed
in you can direct the DTU to the "parking FOG".
3 Some of both.
You'll have to use a combination of the above. If it's not a pseudo
token, use the token to direct the user where they belong. If it is a
pseudo token and the username is set send them where they belong,
otherwise send the DTU to the "parking FOG".
Note that the reference AMGH scripts provided don't have such
sophisticated logic - you'll need to write your own, but it shouldn't be
very difficult if you adapt one of the reference scripts to your needs.
One downside of using a "parking FOG" (sometimes called a "landing zone"
because you typically also direct DTUs to that FOG upon bootup) is that
you might get unnecessary bouncing around of DTUs. For example if one
user removes their smartcard and then inserts it again, they may get
directed to the parking FOG and then back again, with lots of OSD icons
flashing and several seconds of unnecessary delays. If you don't need a
parking FOG, consider leaving the DTU where it resides upon logout.
Whenever the next person logs in (or inserts their card), the DTU will
be redirected to a different FOG only if necessary.
-Bob
Anthony
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bob Doolittle
Sent: July-17-08 2:39 PM
To: SunRay-Users mailing list
Subject: Re: [SunRay-Users] utswitch to trusted subgroup
Anthony Winstanley wrote:
I would really like to be able to utswitch -r to a subgroup of trusted
hosts rather than the whole pool. Any suggestions?
We have 3 subgroups: kiosk server, linux server, solaris server. On
the kiosk server, users click on "Linux" or "Solaris" which utswitches
them (-r) to the right pool, and then there's some gunk in the logout
script that utswitches the DTU back to the kiosk pool once the session
is ended, but this is a pain... Hotdesking provides three different
results depending on which pool the DTU is attached to already... :p
And management is a pain too.
I assume you mean "FOG" when you say "pool", and that subgroup is a
subset of a FOG?
Why can't you make the separate "subgroups" into separate FOGs? That
would resolve your issue it seems. When combined with AMGH, this can be
a powerful environment.
-Bob
Maybe this is a feature request?
Cheers,
Anthony Winstanley
Education Technology Coordinator
UBC Department of CPSC
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
