This is what it's telling me in log/messages
When dtlogin starts up:
Mar 5 18:12:35 sunray-test.cs.dit.ie
kiosk:utkioskconfig:refresh[13413]: [ID 702911 user.info] Disabled Kiosk
Mode for display ':2'
Mar 5 18:12:35 sunray-test.cs.dit.ie dtlogin[13310]: [ID 118685
user.info] pam_sunray_amgh::[DPY=2] AMGH_SUMMARY:
token=Payflex.xxxxxxxxxxxxx, username=, AMGH_Done?=NO(Local Session),
Details=AMGH is not required., AMGH_Target=*NONE*
When i enter my username:
Mar 5 18:12:58 sunray-test.cs.dit.ie utauthd: [ID 558384 user.info]
Worker1 NOTICE: AuthRecord:redirect:: Redirecting terminal
IEEE802.0018ed000629 to a non-trusted host xxxxx
Mar 5 18:12:58 sunray-test.cs.dit.ie utauthd: [ID 279884 user.info]
Worker1 NOTICE: Redirecting with params: {forceInsert=true,
redirectProps=null username=dmarkey subcause=amgh doamgh=false,
authport=7009, authipa=xxxxx, roamInitiated=true}
Mar 5 18:12:58 sunray-test.cs.dit.ie dtlogin[13310]: [ID 118685
user.info] pam_sunray_amgh::[DPY=2] AMGH_SUMMARY:
token=Payflex.xxxxxxxxxxxxxxxxx, username=dmarkey, AMGH_Done?=YES,
Details=AMGH Completed successfully, AMGH_Target=147.x.x.x
At this stage DTU gets redirected.
For this im using a smartcard, NSCM works flawlessly.
Looks like amgh gets called but doesnt think it should do anything.
"Details=AMGH is not required"
hmm..
Any ideas?
Bob Doolittle wrote:
> David Markey wrote:
>> I'm using use_firstserver=true to make my DTU's go back to their first
>> Sunray server after the user has logged out of any other sunray server.
>>
>> I've noticed that AMGH seems to only be fired off when the user enters
>> their username into dtlogin, i.e. if a user logs in to dtlogin and then
>> logs out, AMGH wont redirect the DTU back to their first server until
>> the user has entered their username into dtlogin.
>>
>> Is there any way to change this behavior so that as soon as the user
>> logs out of their session, AMGH is fired off, instead of the user having
>> to enter their username before being redirected?
>>
>
> Actually this should work without having to enter a username.
> Is this in an NSCM or smartcard environment?
>
> For smartcards, look at the dtlogin/gdm PAM stacks, for NSCM, look at
> the utgulogin PAM stack.
> You'll see that pam_sunray_amgh comes both before *and* after
> sunray_get_user prompt, which is where the username is acquired.
>
> You should find an AMGH_SUMMARY line in /var/opt/SUNWut/log/messages for
> every pass through pam_sunray_amgh. Do you see it for the pre-prompt
> pass? (log out of a session, then from a different rlogin/ssh/SRSS
> session look at the last AMGH_SUMMARY line in the log for that MAC
> address). What does it report?
>
> -Bob
>
> _______________________________________________
> SunRay-Users mailing list
> [email protected]
> http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
