9.2. Hotdesking Without Smart Cards

9.2.1. NSCM and Failover Groups
9.2.2. How to Enable NSCM Sessions
9.2.3. How to Log in to an NSCM Session

Configuring Sun Ray Software with non-smart card mobility (NSCM) sessions provides the benefits of hotdesking without the use of smart cards. This section explains NSCM sessions, how to configure them, and how to enable users to access their Sun Ray sessions across multiple failover groups.

NSCM can use regional hotdesking and it automatically provides similar protection as remote hotdesk authentication (RHA).

In an NSCM session, the user can:

If a user does not want to use the NSCM session, inserting a smart card causes the session to be disconnected and replaced by a smart card session.

9.2.1. NSCM and Failover Groups

The user login experience for NSCM sessions may be different than expected when systems are configured as part of a failover group.

The following situations might produce unfamiliar behavior:

  • Load Balancing Between Servers - If server A is heavily loaded when a user logs into it with the NSCM GUI, the server redirects the user to server B.

  • Switching Between Servers - A user with a session on server A who wants to switch to a session on server B invokes the utselect GUI to access the other session. In doing so, the user is required to log in with the NSCM GUI. Users familiar with the ease of the utselect GUI might be displeased that another login is necessary.

  • Escape Token Sessions - The user bypasses the NSCM GUI by clicking the Exit button and logs into server A using dtlogin. The user now has a standard escape token session and invokes the utselect GUI to switch to server B, causing the NSCM GUI to be presented again. The user must click Exit again to get to the escape token session on server B. Users accustomed to switching rapidly might find this behavior annoying.

9.2.2. How to Enable NSCM Sessions

This procedure describes how to enable NCSM sessions by using the Admin GUI or the utpolicy command.

Admin GUI Steps

  1. Use the utwall command to inform your users that all active and detached sessions will be lost.

    For example:

    # /opt/SUNWut/sbin/utwall -d -t 'System policy will change in 10 minutes.
    All active and detached sessions will be lost.
    Please save all data and terminate your session now.' ALL

    The following message is displayed in a pop-up window for all users:

    System policy will change in 10 minutes.
    All active and detached sessions will be lost.
    Please save all data and terminate your session now.
  2. Log in to the Admin GUI.

  3. Go to the System Policy tab.

  4. In the Non-Card Users panel, select the Enabled option next to Mobile Sessions.

  5. Go to the Servers tab.

  6. Click Cold Restart to restart Sun Ray services and terminate all users' sessions.

Command Line Steps

  1. Use the utwall command to inform your users that all active and detached sessions will be lost.

    For example:

    # /opt/SUNWut/sbin/utwall -d -t 'System policy will change in 10 minutes.
    All active and detached sessions will be lost.
    Please save all data and terminate your session now.' ALL

    The following message is displayed in a pop-up window for all users:

    System policy will change in 10 minutes.
    All active and detached sessions will be lost.
    Please save all data and terminate your session now.
  2. As superuser, type the utpolicy command with the -M argument for your authentication policy.

    For example:

    # /opt/SUNWut/sbin/utpolicy -a -M -s both -r both

    This example configures the Authentication Manager to allow self-registration of users both with or without smart cards, and NSCM sessions are enabled.

  3. Initialize Sun Ray services by restarting the Authentication Manager on the server, including each secondary Sun Ray server if in a failover group.

    # /opt/SUNWut/sbin/utstart -c

    This command clears all active and detached sessions.

9.2.3. How to Log in to an NSCM Session

  1. Type your user name into the user entry field.

    Figure 9.1. NSCM Login Dialog Box User Field

    A screenshot of the NSCM Login Dialog Box with the user field filled in.

  2. Type your password into the password field.

    Figure 9.2. NSCM Login Dialog Box Password Field

    A screenshot of the NSCM Login Dialog Box with the password field.

    An Options menu is available for Oracle Solaris. Right clicking the Options menu displays a panel with the following options:

    • QuickLogin - Applicable only to a new session only. Selecting Off enables the user to log in with the same options available through dtlogin. Selecting On enables the user to bypass the option selection phase. QuickLogin is on by default.

    • Exit - Selecting Exit temporarily disables the NSCM session. An escape token session is started, and the dialog box is replaced by the dtlogin screen. A user without a valid account in this server group can exit to the dtlogin dialog and attempt a remote X (XDMCP) login to some other server where that user has a valid account.

    Note

    When using Oracle Linux, the Oracle Linux login screen may briefly display before the desktop is presented. No action is necessary.

If no NSCM session exists for this user, the Authentication Manager creates an NSCM session token with the format: mobile.IEEE802-MACID.

9.2.3.1. Session Redirection

The user might be redirected to another server for the following reasons:

  • If the Sun Ray server is part of a failover group, the load-balancing algorithm might redirect the user to another Sun Ray server.

  • If the user has an NSCM session on a different Sun Ray server in a failover group, the user will be redirected to the server with the most current NSCM session.

The Sun Ray Mobile Session Login dialog box is redisplayed with the host name of the new Sun Ray server. The user must retype the user name and password.