Karl Rossing | 3 Oct 21:48 2011

vda-client -a query -u USERNAME Authentication failed.

Hi,

I have been running into a problem where certain accounts were not able to login to our vdi 3.1.1 server.

The users would get User name of Password Incorrect.

It did not happen on all user accounts. It seems to have happened with accounts created recently.

We are using a ds 6.3.1. SR 5 users can authenticate without a problem.

As per this wiki page, i'm getting

bash-3.00# /opt/SUNWvda/lib/vda-client -a query -u user1
Password:
Authentication failed.

bash-3.00# /opt/SUNWvda/lib/vda-client -a query -u  user2
Password:
No desktops assigned to user2

Mirroring the ldap attributes between the working account (user2) and the non working account(user1) has not worked.

I have looked at the ldap server error and access logs trying to figure out what's missing from either account but so far, I havn't seen anything.

The cacao.0 log file doesn't give much information
FINEST: thr#33 start loginHelper.authenticate for username=user1
WARNING: thr#33 Failed executing vda-client request: query(user=user1, token=Payflex.50143c2000130100): Authentication failed.[ExitCode=20]
FINEST: thr#33 Received request from vda-client (127.0.0.1): query(user=user1)
FINEST: thr#33 start loginHelper.authenticate for username=user1
WARNING: thr#33 Failed executing vda-client request: query(user=user1): Authentication failed.[ExitCode=20]

I don't have the available hardware, VDI is on sparc now, to to move to vdi 3.2.1

If someone has a suggestion, I'm all ears.

Thanks

Karl











CONFIDENTIALITY NOTICE: This communication (including all attachments) is confidential and is intended for the use of the named addressee(s) only and may contain information that is private, confidential, privileged, and exempt from disclosure under law. All rights to privilege are expressly claimed and reserved and are not waived. Any use, dissemination, distribution, copying or disclosure of this message and any attachments, in whole or in part, by anyone other than the intended recipient(s) is strictly prohibited. If you have received this communication in error, please notify the sender immediately, delete this communication from all data storage devices and destroy all hard copies.
_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
Thierry Delaitre | 4 Oct 21:17 2011
Picon

gnome-session & users over quota

Hello,

 

SunRay users who are over quota can’t login to the system if they have not got an existing session.

 

I suppose this is due to the fact that /usr/dt/config/Xinitrc.jds which executes the gnome-session fails as it cannot write the gnome files into the users home directory.

 

I’m looking for a solution to at least warn the users they are over quota when they login so that they can clean their files and know about it.

 

Is there a way to turn their session automatically into a fail safe session by maybe setting some environment variable in a script in /usr/dt/config/Xsession.d ?

 

If not, do i need to hack the following ?

 

/usr/dt/config/Xinitrc.jds

 

Thanks

 

Thierry.

_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
Paul Whitener | 5 Oct 17:46 2011
Picon
Picon

Re: RHEL5 rdesktop issues

So a follow up to our lockup issue.  We added an iptable rule to RHEL5 and it seems to have cleared things up.

-A RH-Firewall-1-INPUT -s xxx.xxx.xxx.xxx -p tcp -m tcp --sport 3389 -j ACCEPT

where xxx.xxx.xxx.xxx is the IP of the Win2008r2 remote server.  We added this after the rule that allows related/established connections.  This effectively works as a keep-alive.  Which prompts me to ask if keepalive was changed in rdesktop 1.7?

Since this has only been in about a week, I am still monitoring.  We have not replaced rdesktop 1.6 with 1.7 yet.  We are going one thing at a time.

thanks for the input!

/paul



On Tue, Sep 27, 2011 at 11:04 PM, Craig Bender <Craig.Bender <at> oracle.com> wrote:
Mud, yeah.  Still not clear where the portmapper runs.  There's no reason for the printer name as mapped to windows should ever change. You should have a utaction set to update the default printer for the user on the Sun Ray session.  The name should never change as far the user or Windows is concerned as it's just a pass-through.  This is really just follow-me printing that's been done forever.



On 9/27/11 6:29 PM, Paul Whitener wrote:
Hi Craig,

Our print setup is simply a function of the rdesktop command line.  When
you login to Rhel5, we use an .Xclient script to launch rdesktop in full
screen with printers being passed on the command line.  Every user gets
the same command line.  They login to Win2008 and it then launches the
medical application the doctors use.

We noticed that when we tried to use uttsc and kiosk mode, the
portmapper file would have the printers set on one set of ports.  When a
card was pulled and reinserted on a different DTU, the ports in the file
changed, causing the printers to have different numbers associated with
them.  So for example, on first card insert a printer in the list may
look like  laserjet(3).  When the card is moved to a different DTU and
the user prints again, the printer may say laserjet(7).  It also would
not always print.  We do not see this behavior with rdesktop.

But now we see occasional lockups as I mentioned.

Clear as mud huh?

/paul

On Tue, Sep 27, 2011 at 9:46 AM, Craig Bender <Craig.Bender <at> oracle.com
<mailto:Craig.Bender <at> oracle.com>> wrote:

   Can you clarify what you mean by port mapper?  Are you talking about
   follow me printing?


   On 9/27/11 6:43 AM, Paul Whitener wrote:

       Thanks Peter!  I will check it out!

       On Tue, Sep 27, 2011 at 8:31 AM, Peter Åstrand
       <astrand <at> cendio.se <mailto:astrand <at> cendio.se>
       <mailto:astrand <at> cendio.se <mailto:astrand <at> cendio.se>>> wrote:


               I have a RHEL5 server with 4GB ram running SRSS 5.1.  We
       have
               about 10 users across 15 DTUs.    We "were" using uttsc to
               connect to a remote (states
               away) Win2008R2 termserver that once logged in pushes a
       single
               app.  We
               found that when a user pulled their card to move to
       another DTU, the
               portmapper in RHEL5 changed the printer ports from the
       original
               session used to new ports.  This caused printers not to
       redirect
               to the new session
               correctly and caused all kind of print fun for the
       users!  If
               they did
               redirect, the "printer number" changed and the this
       confused the
               users.

               So we moved to using RHEL5's rdesktop implementation.
         It does
               not seem to
               have issues with the mapper and the session and printers
       stay
               statefull.
               Printers work great.  However, as DTU usage has
       increased with
               students in
               full session, we are seeing lockups on the DTUs.  The
       lockups
               seem to be
               random.  We can not pin it to any one operation done on the
               Win2008R2
               server.  Interestingly enough, if the user goes to a
       laptop and
               pulls the
               rdesktop session to  it, the session unfreezes and they can
               work.  They then pull it back to the DTUs and continue.


           Are you running rdesktop in full screen mode, or in a
       window? RHEL5
           ships with rdesktop 1.6.0, which does not work very well
       with 2008
           R2. I suggest that you try rdesktop 1.7.0 instead. If the
       problem
           persists, try a "strace" on the rdesktop process. That
       should give you
           a clue about what's going on.

           Best regards, ---
           Peter Åstrand           ThinLinc Chief Developer
           Cendio AB http://www.cendio.com
           Wallenbergs gata 4
           583 30 Linköping        Phone: +46-13-21 46 00
       <tel:%2B46-13-21%2046%2000>
       <tel:%2B46-13-21%2046%2000>




       _________________________________________________
       SunRay-Users mailing list
       SunRay-Users <at> filibeto.org <mailto:SunRay-Users <at> filibeto.org>
       http://www.filibeto.org/__mailman/listinfo/sunray-users
       <http://www.filibeto.org/mailman/listinfo/sunray-users>

   _________________________________________________
   SunRay-Users mailing list
   SunRay-Users <at> filibeto.org <mailto:SunRay-Users <at> filibeto.org>
   http://www.filibeto.org/__mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users

_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
Phares, Scott (IS | 5 Oct 20:07 2011
Picon

SRSS 4.2 Ubuntu 10.04

I have installed all software and required software packages (following the wiki.sunray instructions for Ubuntu).  I can start the utadm and the utconfig and get all of the SRS information input properly, yet my DTU still sits at the 22B error.  All services are online, I did by-pass the DHCP setup and I am using STATIC IP’s only for the Server and DTU.  I do this in my lab development machines frequently and have never seen any problems.   However, those system are backboned on Solaris systems not Ubuntu.  Could that be the problem?  Any other ideas why the DTU is sitting waiting for a session server?

 

Scott

 

_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
Craig Bender | 5 Oct 20:25 2011
Picon

Re: SRSS 4.2 Ubuntu 10.04

Firewall running?

On 10/5/11 11:07 AM, Phares, Scott (IS) wrote:
> I have installed all software and required software packages (following
> the wiki.sunray instructions for Ubuntu). I can start the utadm and the
> utconfig and get all of the SRS information input properly, yet my DTU
> still sits at the 22B error. All services are online, I did by-pass the
> DHCP setup and I am using STATIC IP’s only for the Server and DTU. I do
> this in my lab development machines frequently and have never seen any
> problems. However, those system are backboned on Solaris systems not
> Ubuntu. Could that be the problem? Any other ideas why the DTU is
> sitting waiting for a session server?
>
> Scott
>
>
>
> _______________________________________________
> SunRay-Users mailing list
> SunRay-Users <at> filibeto.org
> http://www.filibeto.org/mailman/listinfo/sunray-users
Phares, Scott (IS | 6 Oct 15:41 2011
Picon

Re: EXT :Re: SRSS 4.2 Ubuntu 10.04

Firewall is disabled (at least as far as I can tell).  I have the following

# sudo iptables -L -n

Chain INPUT (policy ACCEPT)
Target	prot opt source	destination

Chain FORWARD (policy ACCEPT)
Target 	prot opt source	destination

Chain OUTPUT (policy ACCEPT)
Target	prot opt source	destination
	
Does that not appear to be a disabled firewall?

Thanks for the help.

Scott

-----Original Message-----
From: sunray-users-bounces <at> filibeto.org [mailto:sunray-users-bounces <at> filibeto.org] On Behalf Of
Craig Bender
Sent: Wednesday, October 05, 2011 1:25 PM
To: SunRay-Users mailing list
Subject: EXT :Re: [SunRay-Users] SRSS 4.2 Ubuntu 10.04

Firewall running?

On 10/5/11 11:07 AM, Phares, Scott (IS) wrote:
> I have installed all software and required software packages (following
> the wiki.sunray instructions for Ubuntu). I can start the utadm and the
> utconfig and get all of the SRS information input properly, yet my DTU
> still sits at the 22B error. All services are online, I did by-pass the
> DHCP setup and I am using STATIC IP's only for the Server and DTU. I do
> this in my lab development machines frequently and have never seen any
> problems. However, those system are backboned on Solaris systems not
> Ubuntu. Could that be the problem? Any other ideas why the DTU is
> sitting waiting for a session server?
>
> Scott
>
>
>
> _______________________________________________
> SunRay-Users mailing list
> SunRay-Users <at> filibeto.org
> http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
Phares, Scott (IS | 6 Oct 17:03 2011
Picon

Re: EXT :Re: SRSS 4.2 Ubuntu 10.04

Could this possible be related to LDAP issues?  I have tried numerous times to get a LDAP server running but am
having problems with the admin LDAP password authentication.  I continually receive the ldap_bind:
Invalid Credentials (49) even though I am using the proper password.

-----Original Message-----
From: sunray-users-bounces <at> filibeto.org [mailto:sunray-users-bounces <at> filibeto.org] On Behalf Of
Phares, Scott (IS)
Sent: Thursday, October 06, 2011 8:41 AM
To: SunRay-Users mailing list
Subject: Re: [SunRay-Users] EXT :Re: SRSS 4.2 Ubuntu 10.04

Firewall is disabled (at least as far as I can tell).  I have the following

# sudo iptables -L -n

Chain INPUT (policy ACCEPT)
Target	prot opt source	destination

Chain FORWARD (policy ACCEPT)
Target 	prot opt source	destination

Chain OUTPUT (policy ACCEPT)
Target	prot opt source	destination
	
Does that not appear to be a disabled firewall?

Thanks for the help.

Scott

-----Original Message-----
From: sunray-users-bounces <at> filibeto.org [mailto:sunray-users-bounces <at> filibeto.org] On Behalf Of
Craig Bender
Sent: Wednesday, October 05, 2011 1:25 PM
To: SunRay-Users mailing list
Subject: EXT :Re: [SunRay-Users] SRSS 4.2 Ubuntu 10.04

Firewall running?

On 10/5/11 11:07 AM, Phares, Scott (IS) wrote:
> I have installed all software and required software packages (following
> the wiki.sunray instructions for Ubuntu). I can start the utadm and the
> utconfig and get all of the SRS information input properly, yet my DTU
> still sits at the 22B error. All services are online, I did by-pass the
> DHCP setup and I am using STATIC IP's only for the Server and DTU. I do
> this in my lab development machines frequently and have never seen any
> problems. However, those system are backboned on Solaris systems not
> Ubuntu. Could that be the problem? Any other ideas why the DTU is
> sitting waiting for a session server?
>
> Scott
>
>
>
> _______________________________________________
> SunRay-Users mailing list
> SunRay-Users <at> filibeto.org
> http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
Jim Klimov | 6 Oct 17:35 2011
Picon

Re: EXT :Re: SRSS 4.2 Ubuntu 10.04

2011-10-06 19:03, Phares, Scott (IS) пишет:
> Could this possible be related to LDAP issues?  I have tried numerous times to get a LDAP server running but
am having problems with the admin LDAP password authentication.  I continually receive the ldap_bind:
Invalid Credentials (49) even though I am using the proper password.

Which LDAP would that be? There is a configuration datastore which under 
the hood may be an LDAP server, but you don't use it directly (for 
logins etc.) anyway...

Regarding the error, I've recently hit it while using an assortment of 
Sun and Linux tools like ldapsearch, etc. They do have different 
command-line keys for specification of command-line password or a 
password file (like -w, -j and so on). So see if this may be your error?

But it shound not relate to DTUs not working.

//Jim

_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
Phares, Scott (IS | 6 Oct 18:45 2011
Picon

Re: EXT :Re: SRSS 4.2 Ubuntu 10.04

Guess I am having 2 separate issues here.  One related to the DTU and the other to LDAP.  
I am still digging for a solution to the DTU problem, but on the LDAP issue:


I am getting the errors noted when I try the following on my LDAP server running on Ubuntu 10.04:

# ldapadd -x -D cn=admin,dc=demo,dc=com -W -f frontend.ldif
Enter LDAP Password: xxxxxxx
Ldap_bind: Invalid credentials (49)

I am following the install guide at this location:
http://www.server-world.info/en/note?os=Ubuntu_10.04&p=ldap&f=1


I am also getting this when I try:

# ldapsearch
SASL/DIGEST-MD5 authentication started
Please enter your password: xxxxxx
Ldap_sasl_interactive_bind_s: Invalid credentials (49)
	Additional info: SASL(-13): user not found: no secret in database

Scott

-----Original Message-----
From: sunray-users-bounces <at> filibeto.org [mailto:sunray-users-bounces <at> filibeto.org] On Behalf Of
Jim Klimov
Sent: Thursday, October 06, 2011 10:36 AM
To: SunRay-Users mailing list
Subject: Re: [SunRay-Users] EXT :Re: SRSS 4.2 Ubuntu 10.04

2011-10-06 19:03, Phares, Scott (IS) пишет:
> Could this possible be related to LDAP issues?  I have tried numerous times to get a LDAP server running but
am having problems with the admin LDAP password authentication.  I continually receive the ldap_bind:
Invalid Credentials (49) even though I am using the proper password.

Which LDAP would that be? There is a configuration datastore which under 
the hood may be an LDAP server, but you don't use it directly (for 
logins etc.) anyway...

Regarding the error, I've recently hit it while using an assortment of 
Sun and Linux tools like ldapsearch, etc. They do have different 
command-line keys for specification of command-line password or a 
password file (like -w, -j and so on). So see if this may be your error?

But it shound not relate to DTUs not working.

//Jim


_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users

_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
Adams, Clifford B | 11 Oct 20:43 2011
Picon

Re: Sun Ray 3FS shutdown issue

Thanks we've made the changes to the power off feature and it's now working like a champ.
Clifford B. Adams Jr.

The Boeing Company
Phone: 719-567-5556, 719-572-8114
Cell: 719-351-4344
clifford.b.adams <at> boeing.com
clifford.adams.ctr <at> schriever.af.mil
________________________________________
From: sunray-users-bounces <at> filibeto.org [sunray-users-bounces <at> filibeto.org] On Behalf Of Phares,
Scott (IS) [scott.phares <at> ngc.com]
Sent: Thursday, September 22, 2011 08:23
To: SunRay-Users mailing list
Subject: Re: [SunRay-Users] Sun Ray 3FS shutdown issue

If you are running with the GUI based firmware on the SunRay 3, you can disable the power off feature through
the menu options.  STOP+M, Advanced, Power Off timer (Set this to 0).

Scott

-----Original Message-----
From: sunray-users-bounces <at> filibeto.org [mailto:sunray-users-bounces <at> filibeto.org] On Behalf Of
Adams, Clifford B
Sent: Wednesday, September 21, 2011 6:24 PM
To: SunRay-Users mailing list
Subject: EXT :[SunRay-Users] Sun Ray 3FS shutdown issue

All,

We've just installed Sun Ray 3FSs and have noticed a problem with them powering down after not being in use
for a while.  Once the power button is pressed, it takes a minute or so for the system to become accessible
again.  This is not normally an issue unless when it comes to the end of the day and systems have to be checked
to ensure that all users have logged off.  Is there any way to prohibit this behavior or lessen the amount of
time that it takes for the system to become active again?

Clifford B. "Goose" Adams Jr.
SBSS Systems Administrator
Inverness: 719-572-8114 (P),
Schriever AFB: 719-567-5556 (A)
Cell: 719-351-4344
Fax: 719-572-8101

_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users

Gmane