mplona

sun desktop


« Secure Global Deskto... | Main
Wednesday Sep 03, 2008

Customized Sun Ray kiosk sessions

Have you ever tried to customize your Sun Ray installation to display different 'things' for different Sun Rays and users' cards?
Yeah, it's not so complicated if you know shell, SRSS commands and have some time.

Some people don't have above or just are to lazy (as me;-] - different configs for every PoC) to do that over and over again.
So I have created some scripts which allow to easily define/change what should be displayed on:
- each Sun Ray without card
- each card inserted into any Sun Ray.
To make it not so complicated all configuration is done via Sun Ray Server Administration GUI.

So, in general, what can be displayed? Almost anything you would want;):
- full Windows/Solaris session
- single Windows/Solaris application
- menu with some Windows/Solaris applications
- wallpaper - ie. to see your girlfriend photo if card is not inserted
- images slideshow - ie. reception desk or tradeshow.

Additionally You can control (via GUI too) if USB storage, Serial devices or printers directly (network printers too) connected to particular Sun Ray should be visible in users' Windows session.

All info what and how is described HERE.
Generally at mediacast.sun.com there are some more files (install guide, Sun Ray configs for Win and Linux DHCP servers, recommended patches, etc.). I change/upgrade them from time to time, so RSS just can't stand to automatically notify You about changes ;)

Comment, question, need some other function? Fell free to email me.

Have fun!

Posted at 01:02PM Sep 03, 2008 by mplona in Sun  |  Comments[54]

Comments:

Very nice ! Tnx a lot ! Some of this things we already used on customer production side , but you give some nice ideas about usage of well-known-features !

Posted by Ilya Tyshchenko on September 03, 2008 at 01:50 PM CEST #

Ilya,
I'm happy that can help;). Feel free to use/change/develop.

Posted by mplona on September 03, 2008 at 02:19 PM CEST #

This is great. What are the chances this functionality will be built-in to SRSS in a future release? I would like to see slideshow, logo, fullscreen, and menu functions as first class citizens in SRSS. Enhancing the Sun Ray Administration to include the proper fields for each function with validation when possible instead of using the "Other Information" field would be wonderful. Much appreciated!

Posted by Patrick L Archibald on September 10, 2008 at 12:38 AM CEST #

Patrick,
With SRSS 4.1 one can be able to use different kiosk sessions for different tokens. Then You could create your own kiosk sessions (your own versions of logo,slide,etc).
"Other Info" - its just a place to put an info what to do for particular token. It might be there, in flat file, LDAP, Active Directory or wherever. Don't think that there will be 'special config place' in SRSS 4.1 GUI.

Posted by mplona on September 11, 2008 at 10:27 AM CEST #

Great tips! I just need a little clarification as I start to play with this. My plan is to use "menu2" and let the user choose between a Windows (uttsc) or Linux (xnest) desktop. Am I assuming correctly that adding "usb" to the other info for a DTU, that's doing the same thing as explicitly adding "-r disk:USBDRVS=$HOME/USBDRVS" to the commandline for uttsc? And to call uttsc from menu2, do I need to do anything special if I want additional cli options? Also, when using menu[2-8], you say to put a custom background file in /background.jpg. Is that the actual filesystem root, or somewhere else? Thanks for the concise guide. It is extremely helpful.

Posted by Seth Galitzer on September 12, 2008 at 12:23 AM CEST #

Seth,
USB - yes it just adds "-r disk..." to `uttsc`
menu2 additional options-feel free to check - should work;). Do You want to run full screen Win or just some application?
/background.jpg - yes it's in the root filesystem (/) of Sun Ray server

Posted by mplona on September 14, 2008 at 06:44 PM CEST #

Hi! Thanks a lot. I actually tried out your package esp the USB flashdrive part. It worked well in Windows (uttsc).

I also tried using the USBDRIVED daemon (v2) found somewhere else and it worked well with it showing only 1 object/folder in the folder redirected path in windows per USB object.

Posted by James Tan on September 15, 2008 at 04:22 PM CEST #

James,
Yes, those 2 dirs are known issue but (as of now) its the way `uttsc` works. I'm going to fix it soon anyway. Keep watching;)

Posted by mplona on September 17, 2008 at 09:19 AM CEST #

Great Work,

I wonder if it´s possible to include the use of the utresadm in your script, for changing the user resolution on the SR where he is connected.

Thanks for all.

Posted by Gopar on September 18, 2008 at 02:28 PM CEST #

Gopar,
What do You want to achieve? If something like-some people have to have different screen resolutions use "utxconfig -r 800x600 -t TOKEN" when assigning them cards. Keep in mind that TOKEN for 'registered cards' is a 'logical token' - `utwho -a` vs. `utsession -p`.
If it doesn't answer your question - mail me off-blog;)

Posted by mplona on September 18, 2008 at 02:56 PM CEST #

I have six Sun Ray servers serving 175 DTU's, all configured for failover and each configured to serve 35 kiosk sessions, but some DTU's display error (Kiosk session error) while trying to connect a Server which has already served 35 clients, while as the sessions on the other servers are available.
How can I solve this issue., I think the failover is not working properly.
Thanks

Posted by Sadiq on December 14, 2008 at 07:55 PM CET #

Sadiq,
'kiosk error' - what the log files say
'failover' - what 'utreplica' and logs say?
Mail me off-blog

Posted by mplona on December 15, 2008 at 09:43 AM CET #

Do you have a script to call Citrix wfica client instead of the uttsc?
The RDP protocol is just not good enough to display Adobe PDF and play Flash content.
Do you have a Citrix kiosk script that I can use? I have asked ThinkThin and he doesn't have anything.
I am puzzled why no-one is doing this, RDP is not good enough over Sun Ray until basic PDF and Flash viewing is as good as viewing it on a PC.
Thanks to anyone who has a solution to the issues I'm having running RDP over Sun Ray.
Many more thanks to someone who has a working kiosk script for Citrix ICA.

Posted by Green Data Centre on December 29, 2008 at 03:14 AM CET #

i try to do windows autologon.

I have follow your guide in "http://mediacast.sun.com/users/mplona/media/srs4_usage.pdf" where i put full,hendro,userpasswd,local,192.168.1.20 on the token properties where 192.168.1.20 is my windows server i like to connect to. After that i do a cold restart on the sunray server.

Unfortunately i still get the windows server login screen. please help.

my configuration as follows:

sun ray software 4.1
windows connector version 2.1
dtu is sun ray 270 without using any card

Posted by hendro on January 13, 2009 at 11:40 AM CET #

GDC,
I dont have Citrix version. However feel free to exchange in skrypt.sh `uttsc` with `wfica`. Of course you'd have to tune options for command too. ;(

Hendro,
Are you sure there are no spaced between words and you are editing pseudo. token, not for card (Payflex.)?
You dont have to cold restart. Restart token session is enough.

Posted by mplona on January 14, 2009 at 04:09 PM CET #

Thanks for the great kiosk session. It has saved me lots of time.

There is one issue that I'm having which is related to DTU resets. I'm noticing that the DTU is being reset every minute when there is no one logged in. Do you know what might be causing this?

Posted by Victor on February 02, 2009 at 10:35 PM CET #

The timeout is exactly 30 seconds between resets. Is there a way to increase this timeout? The -t option available to uttsc is not affecting the reset. The timeout should be set by the session script before launching uttsc.

The uttsc session script launches the uttsc program inside of a while loop and checks that the session hasn't been idle for a specified amount of time. I could transfer this logic to your script but if you've already done this I'd rather not re-invent the wheel.

Posted by Victor on February 03, 2009 at 10:47 PM CET #

Victor,
The only timeout which I remind is 3 minutes when displaying Windows login screen. Without logging into Win, Win itself (we cant change it) resets that connection after 3 minutes of inactivity. It a way to protect Win against DOS attacks.
Does it happen for all Sun Rays? If not, what is written in "other info"? What version of OS, SRS and SRS' patches?

Posted by mplona on February 04, 2009 at 08:30 AM CET #

It happens for Sun Ray 170, 1G, and 2FS. So yes, it seems to be happening for all of the Sun Rays we have in the office.

The OS is OpenSolaris 11 svn_104 and the SRS version is 4.1 with no patches.

The other info looks like this:

full,,,SCALAR,10.39.64.50

Thanks for the help!

Posted by Victor on February 04, 2009 at 04:11 PM CET #

Victor,
It wasn't tested agains OpenSol (only 'regular' Solaris), however should work.
Have you followed http://blogs.sun.com/ThinkThin/entry/srss_4_1_on_opensolaris ?
What about setting user name in 'other info'?

Posted by mplona on February 04, 2009 at 04:16 PM CET #

Setting the user name did not fix the reset issue but it did solve another problem I had. I noticed that without setting the user name in "other info", a logged in user which had locked their session would prevent another user from logging on. Only the original user whose session was locked could unlock the screen. When I added a user name to "other info" there appeared a second button on the screen to log on as another user when the Sun Ray initially boots up and also when the session is locked by a logged in user. At least that's fixed. :)

Any other ideas on the reset issue? Thanks for the URL to SRSS on OpenSolaris.

Posted by Victor on February 04, 2009 at 05:50 PM CET #

Sorry, part of my last post is incorrect. I didn't test it thoroughly. In fact, if a logged in user locks his session, he is the only one that can unlock the screen. Is there a way to allow another user to log into the same Sun Ray DTU which has been locked?

Posted by Victor on February 04, 2009 at 05:55 PM CET #

Victor,
reset issue - no idea. Pls try to install demo_kiosk on some 'regular' Solaris (might be virtual machine of any kind) and test. You'll know if thats OpenSol or something else.

Other user logging in - of course, give second user a card.;-)

Posted by mplona on February 05, 2009 at 09:23 AM CET #

Hello there. First, thanks for an incredibly useful script! It works flawlessly on my Sol10U6. However, I'm trying to use it with a RHEL 5.2 install and it's not working for me. I have a simple app,/usr/bin/firefox (same as my Sol install) and I keep getting an error about an invalid kiosk session. Has anyone been able to get this to work under RHEL?

Thanks!

Posted by Gerard Martin on February 23, 2009 at 09:45 PM CET #

It was checked against Solaris only.
Linux will work (all commands are in Linux too) but AFTER some script adjustments (ie. different commands arguments, commands output formatting and so on).

I propose to install Solaris (ie with virtualbox), install demo_kiosk, check abilities, decide which part of configuration is exactly needed. Then I can point You which part of scripts is needed to 'check' against Linux.

Posted by mplona on February 23, 2009 at 10:04 PM CET #

Thanks for the quick reply. I have a RHEL install that I'm trying to force Firefox to all users. The exact error I'm getting is: "Error starting Kiosk Session: Invalid Kiosk Session Configuration". This is after a clean install of demo_kiosk. The only ability I need is to force Firefox to all users. Thanks!

Posted by Gerard Martin on February 23, 2009 at 10:18 PM CET #

Gerard,
Why don't you use 'regular' kiosk then?
http://docs.sun.com/source/820-3769/cam.html#50544683_73892

Posted by mplona on February 24, 2009 at 10:26 AM CET #

Thank you very much for the "demo" is very good, and we are using is going very well.
Only two requests.
In Windows. Redirection with usb pendrive not work for me.
It is possible to place the screen resolution is at a "full" for Windows?.
Thank you very much.
And sorry for my english.

Posted by Luis on April 06, 2009 at 05:23 PM CEST #

Luis,
USB-after plugging in does your Solaris see a pendrive(`mount` command)? If YES check all spaces and commas in www interface where you put your USB keyword, and log out/in from Windows. There should be new network drive in 'My Computer'.
RES - YES, look in comments above. Seek for "utxconfig".

Posted by mplona on April 07, 2009 at 10:36 AM CEST #

Thank you very much for reply.
Pendrive and function. In some cases I had, first, put the pen on the server, and then directly in the sunrays.
On the subject of the resolution standing for what I got here: http://www.sun-rays.org/lib/sunsolve/22076.htm
mplona. thank you very much.

Posted by Luis on April 23, 2009 at 04:39 PM CEST #

How do we remove the "PL" logo from the windows screen? Also, is there any way to have specific DTU's directed to a different TS server 'only after' the Payflex card has been inserted without having to register the payflex card and assign it to the TS server directly?

Posted by costa on May 11, 2009 at 09:06 PM CEST #

hi,
pls help me, my boss bought a sun ray 270(5pcs) and two ultra 20 to be a sun ray server.
here is my scenario.....

i have 2 server. one is solaris server that holds/installed the sun ray software. and the other server is windows 2003 server.(these 2 servers are the ultra 20).
my problem is i cannot see my usb thumbdrive when i inserted at the sun ray 270 client. but i already tried to insert at the windows 2003 server and it was detected.
my client os running in vmware in my win 2003 server are win xp,win vista, ubuntu.

badly needed your help..hope you will enlighten me..

thanks,
del

Posted by del narud on May 12, 2009 at 03:13 PM CEST #

Hi,
Has anyone experienced issues when the username (under "Owner" in token registration) has a space, hence; "lastname firstname". It fails to pass the full information to the VMView server on logon. Hence when that user inserts the smartcard, it displays only LASTNAME in the User Name field.

Posted by Eduardo on May 19, 2009 at 02:15 PM CEST #

Costa,
PL keyboard-in /etc/opt/SUNWkio/sessions/demo/skrypt.sh change all references to "pl-PL" in lines with $UTTSC according to your language.
Other TS server-yes its possible, but in some time you must decide to which TS server (IP address) you'd like to direct your DTU to. I decided to have all info in one place (Sun Ray datastore) before(!) first connection.

Del,
Have you followed my instructions in srs4_usage.pdf? First try with Win Server, then with XP or Vista. USB drive forwarding works only with RDP connections so it's Microsoft only solutions (however haven't tried VirtualRDP under VirtualBox).

Eduardo,
My scripts work directly(!) with Windows OSes. If you'd like to use VMware View - pls refer to sun.com/vdi product.

Posted by mplona on May 19, 2009 at 03:19 PM CEST #

thanks for the localization information on the script. Also, the USB printer redirection does not seem to work. I created the print queue on the solaris server and then followed the driver instructions on the windows side. I also checked all the spellings on the Desktop screen 'other information' and all seems to be correct. When i log into windows, there is no printer being mapped. Any help would be appreciated. thanks!

Posted by costa on May 19, 2009 at 10:49 PM CEST #

Costa,
Strange... My shots below:
1.Try generic Windows driver - 'HP Color LaserJet 8500 PS'. Pls mind spaces and capital letters in driver name.
2.In 'other info' for particular SR try to change order of keywords 'usb', 'serial', etc. or try deleting everything except one print driver above.
Pls post results. Thanks!

Posted by mplona on May 21, 2009 at 08:43 AM CEST #

I have been suing this script in SRSS 4 and 4.1 but now we have upgraded to VDI.

I think the installation needs to be changed, which is not difficult and use it with the override command. Is there any information for any known issues.

Thanks again for all your your help as always.

Posted by Imran Khan on August 09, 2009 at 05:07 PM CEST #

Imran,
Haven't tried but dont think there should be any issues with that. If you 'kioskoverride' you still change only Sun Ray Server Software configuration (and only for particular cards), no VDI, VirtualBox or VMware.

Posted by mplona on August 11, 2009 at 03:29 PM CEST #

I'd like to include a firefox browser as well. I've come close, but still continue to have issues getting it to work inside of your demo. I've found the following helpful, but not complete for the implementation I'm attempting. http://blogs.sun.com/ThinkThin/entry/kiosk_mode_browser, http://web.mac.com/davekoelmeyer/Dave_Koelmeyer/Dave_Koelmeyer_-_Sun_Ray_Server_Software_v4.0_-_Creating_a_Customized_Firefox_Kiosk_Session.html, http://blogs.edgehill.ac.uk/coreservices/2008/03/10/edge-hill-universitys-open-access-sunray-implementation/

Would it be possible for you to update your notes to discuss how to do this within your demo?

Posted by David Cox on October 08, 2009 at 01:45 AM CEST #

Still would be nice to have in a formal write-up, but I got it working with a little more wiki reading and the links added in comment before. Thanks again. Hopefully we'll be using all aspect of your demo. I've got slide show photos for the lobby, kiosk Firefox/card firefox for limited access, Regular access cards, security is now more locked down, terminal server access to MS terminal server and Sun access, Will probably go production soon with 30 ish Sun Ray's to start, then 60, then as many more as I can make a case. May be part of our disaster recovery solution as well. Many thanks again, this is a well kept secret that all this works so well. We'll save tons on maintenance, can't wait to see it all in place.We're also looking at this as a possible network at events where renting/setting up many kiosks is so costly.

Posted by David Cox on October 09, 2009 at 05:29 PM CEST #

Dave,
Sorry for delay-conferences... Firefox-from which OS you wanted to run it from? What have you seen(some error, just doesnt start)? Which keyword you wanted to use? Each year I prepare config for some big TV event with 50 kiosked, Solaris Firefoxes - works flawless (with Adblock, FlashBlock and R-kiosk). Give some more details and will try to help.

Posted by mplona on October 14, 2009 at 10:41 AM CEST #

Is there are way to have a default terminal server configured when no iformation is put in the 'Other Information' section for the tokens? We want the users to self register when they log in for the first time, but we also want the majority of them to connect to the same TS farm. the exceptions would be configured via the other information field when needed.

thanks!

Posted by Costa on October 14, 2009 at 04:20 PM CEST #

David,
To set OFF screensaving for ALL SLIDE sessions place a line:
/usr/openwin/bin/xset -dpms -fbpm s off
in skrypt.sh just before line
IMAGEDIR="$USERN"
Costa,
Out of the box-not, but it could be configurable.Is that a problem to place (by you) each card and register it before giving to the user?;)

Posted by mplona on October 15, 2009 at 09:41 AM CEST #

I already have alot of users 400+ with unregistered cards being used and in order to implement your script, i would have to have them self register each card the next time they log in. but once they do that, i will then have to manually fill in the "other information" field with the TS environment that they need to conncect to or else they will get the 'missing token' error. It is more of a transition/migration problem than anything else. Going forward we would do each card individually.

Posted by Costa on October 15, 2009 at 04:14 PM CEST #

Costa, place a line below
*) $UTTSC -m -b -n "$NAME" 10.10.10.10 ;;
instead of
*) $ZENITY --error --text="Wrong token's description in Tokens tab!" ;;
in skrypt.sh. If "Other Info" will be empty or contain not recognized string a Win login screen will be shown. Pls post an info if helped.

Posted by mplona on October 19, 2009 at 09:54 AM CEST #

Thanks! that worked like a charm.

Posted by Costa on October 19, 2009 at 07:13 PM CEST #

I've got this working fine on a Solaris 10 Sparc installation, but doesn't seem to work on Solaris 10 x86. Any ideas (Sun Ray 5 EA 2)?

Posted by David Cox on October 19, 2009 at 09:00 PM CEST #

David,
To check - publish 1 app - 'app,/usr/bin/gnome-terminal', when terminal is run type in its window '/usr/openwin/bin/xset -dpms -fbpm s off' and check if the screensaver is off, if not-modify arguments. First try to set it to 2seconds-youll see if it works in general (man xset).When you'll finish copy that line to skrypt.sh

Posted by mplona on October 20, 2009 at 10:00 AM CEST #

Hi mplona

I need urgent your scripts from the "demo_kiosk" package.
i'd like to do Autologin into an MS Windows Terminalsserver attached to an Payflex-Token.

Posted by Nic on October 28, 2009 at 05:06 PM CET #

Nic,
Have you read post at the top of that page? ;-)
In short-RTFM;-))))) and especially mediacast.sun.com

Posted by mplona on October 28, 2009 at 08:30 PM CET #

Hi mplona

Sorry the links was wrong on this page. but yet I found everything ... thanx.

... Nic

Posted by Nic on October 29, 2009 at 09:41 AM CET #

Hi mplona

Everything works fine also unter srs 4.2. Now the problem is I need this solution „Autologin“ for VDI 3.1. There are already approaches for ?
It‘s urgent because I have a cutomer with over 1000 users on the hook.

Another question from my customer is, if we can set a PIN on the Smartcard without to setup a PKI-Infrastruktur in the domain.

Thanx for your help.

Posted by Nic on November 02, 2009 at 01:45 PM CET #

Nic,
If you need VDI just for creating virtual machines, you could access those machines via my scripts with autologin built-in:
- install my scripts after installing VDI
- set `full` keyword with users passwds for everybody
PKI - if you need to use PKI from card you need PKI infrastructure installed somewhere. Qustion is - do you really need PKI? Pls explain what do you want to achieve?

Posted by mplona on November 03, 2009 at 03:33 PM CET #

I setup the print queue in Solaris and followed the instruntions for windows and the printer maps into the windows environment without a problem. But when we print, we get the following error in Solaris:

"Failed to open printer port. (Permission denied) <EOT>

the message keeps repeating until i issue the 'cancel' command.

Any help would be greatly appreciated.

Posted by Costa on November 10, 2009 at 04:54 PM CET #

Post a Comment:
  • HTML Syntax: NOT allowed

Today's Page Hits: 7