Switch SunRay2 between Solaris 10x86 and Linux

You should configure the Solaris machine and the Linux machine into separate Sun Ray host groups and then automate the switching by using the Advanced Multi-Group Hotdesking feature described under the "Regional Hotdesking" heading in Chapter 5 of the Sun Ray Administrator's Guide.

The Linux version of that guide is at <http://docs.sun.com/app/docs/doc/819-6686>. The Solaris version is at <http://docs.sun.com/app/docs/doc/819-2384> and you'll notice that its Chapter 5 is quite a bit bigger because it talks about the Non-Smartcard Mobility feature too. NSCM is not yet available on Linux. These docs are delivered as PDFs in /opt/SUNWut/doc/en_US/pdf on your Sun Ray server.

Bob Doolittle's blog at <http://blogs.sun.com/bobd> contains some additional information on AMGH. <http://blogs.sun.com/bobd/entry/another_update_to_the_amgh> is the most recent relevant article there.

ottomeistera at 2007-7-9 5:11:20 >

The 'while read A' loop in that script reads from the script's standard input until it encounters end-of-file. It's expecting to see at least one input line of the form "token=<NameOfSunRayToken>" and/or an input line of the form "username=<NameOfUser>". In practice it will always be fed a token line because the Sun Ray token ID is always available but it will only be fed a username line if the user's name has been provided or discovered at that point in the login process.

If you want to base your redirections purely on the ID of a smartcard then you only need to worry about the token derived from the card, you won't care about usernames. (At least not to begin with. Once you have some experience you might want to use AMGH to automatically provide the username for a given card. But let's not run before we can walk.)

To see how the script works start by creating a sample database for it. The reference script expects to find its database in a file named /opt/SUNWutref/amgh/back_end_db. (That's arguably a bug, or at least a bad example. Config files like this would usually reside in /etc.) But anyway, create a sample database with three token records by doing this:

$ echo 'token=Abc.123 host=solaris' >> /opt/SUNWutref/amgh/back_end_db

$ echo 'token=Def.456 host=linux' >> /opt/SUNWutref/amgh/back_end_db

$ echo 'token=Ghi.789 host=solaris' >> /opt/SUNWutref/amgh/back_end_db

Then invoke the script and feed it one of those token names on its standard input:

$ echo token=Abc.123 | /opt/SUNWutref/amgh/utamghref_script

The result, written to the script's standard output (your terminal) should be:

host=solaris

If you had activated AMGH and configured it to run the reference script then the input to the script would have been provided by AMGH and the 'host=solaris' result would have been captured and interpreted by AMGH. The outcome would be that if someone really had presented a smartcard whose ID was "Abc.123" then their session would have been redirected automatically to the host named "solaris". If someone had presented a card whose ID was "Def.456" then that person's session would have been automatically redirected to a machine named "linux". (Try it: 'echo token=Def.456 | /opt/SUNWutref/amgh/utamghref_script') In real life your smartcard ID tokens will look more like MicroPayflex.12345678 or JavaBadge.MegaCorp-bugjuice, depending on the type of smartcards you're using.

That's all there is to it. Of course this is the simplest possible example, you can make things more complex (and more robust) if you wish. But this will work.

ottomeistera at 2007-7-9 5:11:20 >

> 1) will host= accept more than one host?

A 'host=...' statement can carry only one hostname on its right hand side. However, your script can specify multiple target hosts by emitting multiple 'host=...' statements. This is mentioned in 'man -M /opt/SUNWut/man ut_amgh_script_interface'. The AMGH implementation will try to contact the hosts in the same order as they're emitted by the script.

> If i have 2 hosts per FOG, should i return both?

Yes. You could also randomise the order of the host statements. The sample script will emit multiple 'host=...' lines if the back_end_db file contains them but it won't randomise their order. The sample script is just a simple straightforward example.

If you want something to happen when the user removes their card then you need to configure an AMGH target host for the token that the Sun Ray unit will present when no card is inserted. That token will be 'pseudo.<ethernetAddress>'.

ottomeistera at 2007-7-9 5:11:20 >