5.4. How to Configure the Windows Connector on Solaris Trusted Extensions
Prev Chapter 5. Configuring Solaris Trusted Extensions Next

5.4. How to Configure the Windows Connector on Solaris Trusted Extensions

This procedure describes how to configure the Windows connector on Solaris Trusted Extensions.

For the Sun Ray Windows Connector to function properly on a Solaris Trusted Extensions server, the Windows terminal server must be made available at the desired level.

  1. As superuser, open a shell window on the Sun Ray server.

    To avoid script errors that can occur if user environment settings are carried forward, use the following command: 

    % su - root

  2. Make a Windows system available to the public template.

    1. Start the Solaris Management Console. 

      # smc &

    2. Make the following selections under Management Tools:

      1. Select hostname:Scope=Files, Policy=TSOL.

      2. Select System Configuration->Computers and Networks->Security Templates->public.

    3. Choose Action->Properties->Hosts Assigned to Template.

    4. Select Host.

    5. Type the IP Address of the Windows system, for example, 10.6.100.100.

    6. Click Add.

    7. Click OK.

  3. Configure port 7014 as a shared multilevel port for the uttscpd daemon.

    1. If the Solaris Management Console is not already running, start it: 

      # smc &

    2. Select hostname:Scope=Files, Policy=TSOL.

    3. Select System Configuration->Computers and Networks->Trusted Network Zones->global.

    4. Choose Action->Properties.

    5. Enable ports by clicking Add under Multilevel Ports for Shared IP Addresses.

    6. Add 7014 as Port Number, select TCP as the Protocol, and click OK.

    7. Restart network services. 

      # svcadm restart svc:/network/tnctl

    8. Verify that this port is listed as a shared port. 

      # /usr/sbin/tninfo -m global

  4. Create entries for the uttscpd daemon in each local zone.

    The /etc/services file entry for the SRWC proxy daemon is created automatically in the global zone at configuration time. Corresponding entries need to be created in the local zones.

    These entries can be created manually or by loopback-mounting the global zone /etc/services file into the local zones for read access.

    To create this entry manually, insert the following entry in the local zone file. 

    uttscpd 7014/tcp # SRWC proxy daemon

  5. Loopback mount the /etc/opt/SUNWuttsc directory in each local zone. The following example shows how to do this for a zone named public 

    # zoneadm -z public halt
# zonecfg -z public

zonecfg:public> add fs
zonecfg:public:fs> set dir=/etc/opt/SUNWuttsc
zonecfg:public:fs> set special=/etc/opt/SUNWuttsc
zonecfg:public:fs> set type=lofs
zonecfg:public:fs> end

# zoneadm -z public boot

  6. (Optional) For TLS peer verification to work, make sure the CA certificates to be trusted are available under the /etc/sfw/openssl/certs folder in each local zone.

  7. Reboot the Sun Ray server. 

    # /usr/sbin/reboot
Copyright © 2011, 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices
Prev Up Next
5.3. How to Increase the Number of X Server Ports Home Chapter 6. Upgrading