This chapter describes how to run the configuration script or use the detailed instructions to configure SunDS 3.1, Sun WebServer 2.1, and the Sun Ray server software.
Note - If you do not configure SunDS and the Sun Ray server software, the Sun Ray administration application and other Sun Ray services will not work. The web-based interface of the Sun Ray administration application additionally requires a configured web server.
This chapter is organized as follows:
A 10,000 entry limit exists with the SunDS 3.1 datastore license shipped with the Sun Ray server. If a very large number of registered users or desktops is anticipated, the system administrator should use the formula shown below to determine whether an unlimited SunDS license should be purchased and installed.
Note - If more than 10,000 licenses are required, information on purchasing an unlimited SunDS license can be provided by your Sun Sales representative.
LDAP Entry Formula
For Sun Ray server 1.1 release datastore, apply the following:
11 + (desktops * 2) + (users * 3) + (smart cards) < 10000
|
For example:
3000 users, 490 desktops, and 8 types of smart card, translates into:
11 + (490 * 2) + (3000 * 3) + (8) = 9999
Note - The above information represents one maximum configuration that could be used without purchasing an unlimited license.
Before configuring the Sun Ray server software and supporting software, you need to choose some important parameters to use throughout the configuration. If you use the automated configuration script, you are asked for these values and they are substituted in the appropriate places. If you choose to do the configuration by hand, you are instructed where to place the substitutions as you work on the files.
Please read the worksheet below; fill it out with your choices and keep it on hand as you use the automated configuration script or perform the manual configuration steps.
Many of these parameters are related to the operation of the SunDS LDAP server that stores administration data for the Sun Ray server. It is strongly recommended that you use the suggested default values (where given) unless you are experienced with LDAP data design and administration.
Fill out this worksheet before proceeding to either the configuration script or manual configuration steps.
Note - Many of the variables associated with the Sun Ray product have a prefix of `ut'.
@(HOSTNAME)
- Name: Hostname
- Description: Hostname of the Sun Ray server.
- Note: If you use the automated configuration script, this parameter is filled in for you.
- Example: sunray1
- My value: _______________________________________
-
@(ROOTENTRY)
- Name: UT root entry
- Description: This entry is created to serve as the top-level Sun Ray entry in the LDAP data hierarchy. All Sun Ray administration data is located beneath this entry. Since the Sun Ray administration data is kept in its own data store, this is also the root entry for the data store.
- Note: This value must be of the object class type "organization." Unless you have an existing LDAP hierarchy and are experienced with LDAP data design and administration, use the default value.
- Default value: o=utdata
- Example: o=utdata
- My value: _______________________________________
Note - If the server is intended to be part of a failover group, then the value entered for @(ROOTENTRY) must be the same as used for all other servers in the group.
@(ROOTNAME)
- Name: UT root name
- Description: The portion of the @(ROOTENTRY) variable defined above that is after the equals sign (=). If you use the automated configuration script, this parameter is filled in for you.
- Default value: utdata
- Example: utdata
- My value: _______________________________________
Note - In a failover configuration, the value entered for @(ROOTNAME) while running utconfig, must be the same as used for all other servers (secondary servers) in the group.
@(UTPASSWD)
- Name: UT administration password
- Description: Password for an entry that is created within the Sun Ray LDAP data hierarchy that LDAP client-server connections use for authentication. With this password, clients such as the Sun Ray command-line and web-based administration application can access and change Sun Ray administration data. Without this password, clients can access, but can not change the Sun Ray administration data. This is the same password that you use when you enter the web-based administration application (the UT administrator's name is "admin").
- My value: _______________________________________
Note - If the server is intended to be part of a failover group, then the value entered for @(UTPASSWD) must be the same as used for all other servers in the group.
@(WEBSERVER_NAME)
- Name: UT administration web server instance name
- Description: This is the name of the Sun WebServer instance that is created to display the web-based administration application. The Sun WebServer supports multiple instances: each can display a different site or serve a different purpose.
- Default value: utadmin
- My value: _______________________________________
-
@(WEBSERVER_PORT)
- Name: UT administration web sever port number
- Description: The web server that displays the web-based administration application runs on this port. For example, if you select port 1660, the URL you enter into your browser to use the administration application is
http://localhost:1660.
- Note: Public web servers generally use port 80 or port 8080, so avoid using either of these or anything similar for the administration server.
- Default value: 1660
- My value: _______________________________________
-
@(CGI_USER)
- Name: CGI username
- Description: Unique UNIX username that the web-based administration application will be run as. The configuration script and instructions below prompt you to create this user, if it does not already exist.
- Note: For security reasons, this should not be the standard root or nobody UNIX user. This should be an isolated user account that is not used by an existing user. If you already have such a user for administering web servers, you can use it here.
- Default value: www
- My value: _______________________________________
-
The configuration script configures all of the supporting software products. Use this script unless you are an experienced system administrator and need to customize the configuration.
 |
To Run the Configuration Script
|
| |
1. |
As superuser, type:
# cd /opt/SUNWut/sbin
# ./utconfig
|
|
Note - Fill out the configuration worksheet before continuing.
| |
2. |
Answer the continuation prompt: Continue ([y]/n)? |
| |
|
The configuration script prompts you for values (default values in brackets). For example:
Using hostname: sunray1
Enter UT root entry [o=utdata]:
Using UT root name: utdata (derived from UT root entry)
Enter UT admin password: <value>
Re-enter UT admin password: <value>
Enter SunDS 'rootdn' [cn=admin,o=utdata]:
|
|
| |
3. |
Answer the prompt to use Remote Access. |
| |
|
If you answer n, the script will skip to Step 5. |
| |
|
If you answer y, the utconfig script asks if you want enable secure socket layer (SSL). SSL makes remote access of the Administration application more secure. |
| |
4. |
Answer the prompt for Secure Socket Layer (SSL). |
| |
|
If you answer n, the script will skip to Step 5. |
Note - If you choose to use Remote Access with the Administration application, and choose not to enable SSL, you create a security risk.
| |
|
If you answer y, you will need to configure an SSL certificate. |
Note - The SSL certificate must be configured before any remote access can be performed. You should configure the SSL certificate after finishing this chapter. Chapter 4 provides instructions how to configure a basic SSL certificate.
| |
5. |
Answer the prompt for Sun WebServer. |
| |
|
Type n if you do not want to configure the Sun WebServer. |
| |
|
Type y if you want to configure the Sun WebServer. The configuration script prompts you for values (default values in brackets). For example:
Enter UT admin web server instance name [utadmin]:
Enter UT admin web server port number [1660]:
Enter CGI username [www]:
|
|
| |
|
The values you have entered are shown. For example:
About to configure the following software products:
Sun Directory Services 3.1
Hostname: sunray1
UT root entry: o=utdata
UT root name: utdata
UT utdata admin password: (not shown)
SunDS 'rootdn': cn=admin,o=utdata
Sun Web Server 2.1
UT admin web server instance name: utadmin
UT admin web server port number: 1660
CGI username: www
Sun Ray enterprise server 1.1
|
|
| |
6. |
Answer the continuation prompt.
|
| |
|
Once you confirm, the script begins configuring the products and outputs to the screen the various operations it performs. |
| |
7. |
Answer the prompt for groupSignature. |
| |
|
If you are in a group environment then the groupSignature must be the same for all group members. A group of 1 is valid. This prevents unintended results when additional browsers are brought online. |
| |
8. |
After the script has completed, check in /var/tmp/utconfig.xxx.log to see if there were any errors. (xxx is the process id of the script). |
To test your installation and configuration, try running the administration application using both the command-line and web-based interfaces.
| |
To Test the Command-Line Interface of the Administration Application
|
| |
1. |
Log into the Sun Ray server. |
| |
2. |
Run the following command:
% /opt/SUNWut/sbin/utuser -l
|
|
| |
|
If the command shows a list of users, or shows 0 users, the software is installed correctly. If the command responds with any errors, a configuration error has occurred and should be corrected. Usually, you can find informative messages detailing the problem in the /var/adm/messages file. |
| |
To Test the Web-Based Interface of the Administration Application
|
| |
1. |
Log into the Sun Ray server. |
Note - If you have configured for SSL then you must install the appropriate certificates for your system and access the URL http://<hostname>:1660.
| |
2. |
Start up a web browser and access the URL http://localhost:1660. You should see the web-based administration application's login page. |
| |
|
If you specified a different port number when you configured the web server, use it here. |
If you get a message that says you do not have permission to access a document, the web server is indicating that you tried to connect from a remote machine. Make sure that:
- You are running a browser on the Sun Ray server or one of its appliances
- The browser is not using a different machine as an HTTP Proxy Server to proxy the connection to the web server.
Note - If you are trying to connect from a remote server and you enabled SSL in the utconfig script, you must first configure an SSL certificate. Chapter 4 provides instructions for configuring an SSL certificate.
| |
3. |
Enter the administrator username (admin) and Sun Ray password (this is the UTPASSWD from the worksheet) and click on Log In. |
| |
4. |
Click on the Users link. |
| |
5. |
Click on the List All Users (by ID) link. |
| |
|
If you get a result page or "No Users Found" message, the software is installed correctly. If the command responds with any errors, a configuration error has occurred and should be corrected. Usually, you can find informative messages detailing the problem in the /var/adm/messages file. |
Copyright © 2000 Sun Microsystems, Inc. All Rights Reserved.