We are running SRSS4.1 with patch 139549-01 on Solaris 10 10/08 using Sun
x86 hardware.
I am attempting to setup AMGH between two FOGs (the simplest
implementation). We do not use smartcards, only NSCM. I have tested AMGH
using the included library username reference
(/opt/SUNWutref/amgh/lib/libutamghref_username.so) as well as my own simple
perl script. The issue I am having occurs after a user has entered his
username and is redirected. The sunray will flash the 25B redirection
screen and hang there. The server it is attempting to redirect to is a
server in the appropriate FOG. This only happens when the username is
present. If the script is setup to redirect login sessions (aka no
username), it redirects every time as expected and presents the login screen
in the appropriate FOG.
To troubleshoot the problem I compared the log messages from amgh and
utswitch (which works fine). Using utswitch the sunray successfully
redirected to the server and initiated the session as expected. The
different logs can be seen below:
AMGH REDIRECT:
LOG messages on initial host:
Mar 5 18:33:30 blaze guloginGUI: [ID 118685 user.info]
pam_sunray_amgh::[DPY=2] AMGH_SUMMARY: token=pseudo.00144f3ba4b0,
username=*NONE*, AMGH_Done?=NO(Local Session), Details=AMGH lookup library
did not provide any target AMGH hosts, AMGH_Target=*NONE*
Mar 5 18:33:36 blaze utauthd: [ID 175182 user.info] Worker1 NOTICE:
AuthRecord:redirect:: Redirecting terminal IEEE802.00144f3ba4b0 to a
non-trusted host abf2d1b
Mar 5 18:33:36 blaze utauthd: [ID 938778 user.info] Worker1 NOTICE:
Redirecting with params: {forceInsert=true, redirectProps=null
username=kurtzy subcause=amgh doamgh=false, authport=7009, authipa=abf2d1b,
roamInitiated=true}
Mar 5 18:33:36 blaze guloginGUI: [ID 118685 user.info]
pam_sunray_amgh::[DPY=2] AMGH_SUMMARY: token=pseudo.00144f3ba4b0,
username=kurtzy, AMGH_Done?=YES, Details=AMGH Completed successfully,
AMGH_Target=desert
LOG messages on target host:
Mar 5 18:33:35 desert utauthd: [ID 838875 user.info] Worker3 NOTICE:
tokenStatus pseudo.00144f3ba4b0 null null
UTSWITCH REDIRECT
LOG messages on initial host:
Mar 5 18:39:02 blaze utauthd: [ID 175182 user.info] Worker1 NOTICE:
AuthRecord:redirect:: Redirecting terminal IEEE802.00144f3ba4b0 to a
non-trusted host abf2d1b
Mar 5 18:39:02 blaze utauthd: [ID 528963 user.info] Worker1 NOTICE:
Redirecting with params: {redirectProps=null username=mdkurtz
quicklogin=true subcause=utswitch doamgh=false, authport=7009,
authipa=abf2d1b, roamInitiated=true}
Mar 5 18:39:02 blaze utauthd: [ID 794687 user.info] Worker4 NOTICE:
DISCONNECT IEEE802.00144f3ba4b0, auth.mdkurtz discReq-or-terminated
Mar 5 18:39:02 blaze utauthd: [ID 500006 user.info] Worker4 NOTICE: DESTROY
auth.mdkurtz lifetime=60753
LOG messages on target host:
Mar 5 18:39:06 desert utauthd: [ID 540429 user.info] Worker0 NOTICE:
CLAIMED by StartxlationSession.m5 NAME: mobile.IEEE802-00144f3ba4b0
PARAMETERS: {savedType=auth, terminalIPA=10.191.42.141, type=mobile,
fw=GUI4.1_139548-01_2008.12.08.15.16, username=mdkurtz, state=disconnected,
cause=redirect, doamgh=false, barrierLevel=325, rawId=00144f3ba4b0,
terminalCID=IEEE802.00144f3ba4b0, MTU=1366, tokenSeq=1,
firstServer=0abf2d2a, namespace=IEEE802, null=true, ddcconfig=1:1,
subcause=utswitch, id=IEEE802-00144f3ba4b0,
clientRand=PuJCD/jXGVZNarPWE5c1xauWIkAEEhE5Waben1mEOi0, realIP=0abf2a8d,
startRes=3840x1200:1920x1200:1920x1200, useReal=true, quicklogin=true,
event=insert, roamInitiated=false, pn=49227, sn=00144f3ba4b0,
savedId=mdkurtz, rawType=pseudo, hw=SunRayP8-FS, initState=0, _=1}
Mar 5 18:39:06 desert utauthd: [ID 472828 user.info] Worker0 NOTICE:
CONNECT IEEE802.00144f3ba4b0, mobile.IEEE802-00144f3ba4b0, all connections
allowed
Mar 5 18:39:06 desert utauthd: [ID 553372 user.info] Worker2 NOTICE: MTU =
1366
Mar 5 18:39:06 desert utauthd: [ID 236513 user.info] Worker2 NOTICE:
SessionManager.getSessionManager: Initiate callback to utsessiond at
localhost:7007
Mar 5 18:39:06 desert utauthd: [ID 222903 user.info] Worker2 NOTICE:
SessionManager.initiateCallback localhost:7010 established communication
Mar 5 18:39:06 desert utdtsession: [ID 702911 user.info] Add
(2,mobile.IEEE802-00144f3ba4b0,special)
Mar 5 18:39:07 desert kiosk:utkioskconfig:configure[6029]: [ID 702911
user.info] Disabled Kiosk Mode for display ':2'
Mar 5 18:39:07 desert utauthd: [ID 148238 user.info] Worker2 NOTICE:
SESSION_OK mobile.IEEE802-00144f3ba4b0
Mar 5 18:39:08 desert loginGUI.start: [ID 702911 user.warning] Cannot find
X11 tools
Mar 5 18:39:08 desert nscloginGUI: [ID 118685 user.info]
pam_sunray_amgh::[DPY=2] AMGH_SUMMARY: token=mobile.IEEE802-00144f3ba4b0,
username=mdkurtz, AMGH_Done?=NO(Local Session), Details=AMGH is not
required-explicit redirect, AMGH_Target=*NONE*
In the end I was unable to determine why the sunray hangs at 25b during a
username amgh redirect. It is more confusing that it works using the
utswitch command. As stated above amgh works fine (using either script) to
redirect all nscm login screens to one particular FOG (that way all users
initially log into FOG A and some are redirected to FOG B, after
closing/disconnecting their session on FOG B the sunray redirects back to
FOG A). However, it fails every time when a user logs in and he/she is
redirected (as intended) to the second FOG. Finally their seems to be a
lack of error messages since when it fails, making troubleshooting more
difficult. Any ideas or possible configuration settings that may be
preventing the sunray from completing its amgh redirect (when the username
is present)?
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
