Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Enabling XDMCP in Solaris 10

News Recommended Links X Window System protocols and architecture X display manager Configuration Fonts in X windows
Enabling XDMCP in Solaris 10 Troubleshooting XDMCP Connections to UNIX and Linux Hosts - Tech Note 1229 Fonts in the X Window System X11 security X11 forwaring over ssh IPTables
Exporting_display vnc Xdefaults Useful X Tips Humor Etc
Starting with Solaris 10 11/06 (Update 3) SUN introduced a security feature called Secure by default (SBD). This feature caused much headache when trying to remote desktop into one of our solaris LDOM instances. Explanation and fix follows.

During a Solaris 10 graphical installation the SBD network profile is controlled by options in the Remote Services window. Setting Remote Services enabled to no will load generic_limited_net.xml limiting all remote networking services to the localhost except for secure shell.

Enabling SBD breaks xdmcp connections such as those used by Hummingbird Exceed to establish remote desktop login sessions.

 Xdmcp uses UDP port 177 by default.

When SBD is enabled the cde-login services dtlogin/arg property -udpPort is set to 0 which restricts remote access to the service:

# ps -ef | grep dtlogin
root 2494 1 0 18:05:35 ? 0:00 /usr/dt/bin/dtlogin -daemon

Use the following commands to add the assigned property value (thus enabling the default port 177), and restart the login service.

svccfg -s cde-login setprop 'dtlogin/args=""' 
svcadm restart cde-login 
(this will kill any current login session)
Now you will havew
 root 2494 1 0 18:05:35 ? 0:00 /usr/dt/bin/dtlogin -daemon -udpPort 177

 

Configure XDMCP on the Solaris server:

Using the console:

  1. export terminal to your deasktop
  2. Run Exceed or Cygwin
  3. Type gdmsetup
  4. A dialog box will appear, go to the XDMCP tab and click the box that says “Enable XDMCP
  5. Optional: Configure all the relevant options like maximum number of connections, time limit, etc.

 

Top Visited
 Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

Cannot login to Solaris 10 with Hummingbird Exceed xdmcp.

August 30th, 2009 | Aetmir.com

Starting with Solaris 10 11/06 (Update 3) SUN introduced a security feature called Secure by default (SBD). This feature caused much headache when trying to remote desktop into one of our solaris LDOM instances. Explanation and fix follows.

During a Solaris 10 graphical installation the SBD network profile is controlled by options in the Remote Services window. Setting Remote Services enabled to no will load generic_limited_net.xml limiting all remote networking services to the localhost except for secure shell.

Enabling SBD breaks xdmcp connections such as those used by Hummingbird Exceed to establish remote desktop login sessions. Xdmcp uses UDP port 177 by default. When SBD is enabled the cde-login services dtlogin/arg property -udpPort is set to 0 which restricts remote access to the service. Use the following commands to clear the assigned property value (thus enabling the default port 177), and restart the login service.

svccfg -s cde-login setprop 'dtlogin/args=""'
svcadm restart cde-login (this will kill any current login session)

| Tags: solaris 10 | Category: solaris

Solaris sun cluster & SAN Storage Fixing XDMCP logins on Solaris

Fixing XDMCP logins on Solaris

I use XDMCP logins via Xnest quite frequently with X Window to get graphical console on another machine, mostly to do an install that requires a graphical environment (Oracle quickly comes to mind) or launch an application from the point of view of a different machine. With the Solaris Nevada (Solaris Excepress or SXDE/SXCE) builds on x86 I noticed that the XDMCP logins no longer work and when using Xnest querying the other host I end up with an empty window -- in other words the machine is not accepting the XDMCP requests. Scratching my head I decided to poke around the to see if dtlogin process responsible for accepting the XDMCP requests runs with any special arguments. Sure enough for some reason the Nevada builds have "-udpPort 0" argument passed to dtlogin process:

# ps -ef | grep dtlogin
root 4919 4838 0 12:37:58 ? 0:00 /usr/dt/bin/dtlogin -daemon -udpPort 0
root 4838 1 0 12:36:50 ? 0:00 /usr/dt/bin/dtlogin -daemon -udpPort 0

The XDMCP requests are usually accepted on udp port 177, so udp port set to 0 would surely remove the dtlogin's ability to accept the requests. I'm not sure why the Solaris developers decided to do that, but I'm guess it was done to improve the security of the installation out of the box. Knowing this fact it is easy to fix this pesky problem. All I had to do is to change the udpPort property value for cde-login service in SMF repository:

# svccfg
svc:> select cde-login
svc:/application/graphical-login/cde-login> listprop *arg*dtlogin/args astring " -udpPort 0"

So here we go, all we need to do is to set the dtlogin/args property to " -udpPort 177" and we should be in business as usual:

svc:/application/graphical-login/cde-login> setprop
dtlogin/args=astring:" -udpPort 177"
svc:/application/graphical-login/cde-login> quit
#

Now we can just restart the cde-login service and XDMCP login should work (Note: if you're doing this in an X Window session, the session will be restarted):
# svcadm restart cde-login

As a configmation, lets see if the dtlogin process is running with correct arguments:
# ps -ef grep dtlogin
root 4919 4838 0 12:37:58 ? 0:00 /usr/dt/bin/dtlogin -daemon -udpPort 177
root 4838 1 0 12:36:50 ? 0:00 /usr/dt/bin/dtlogin -daemon -udpPort 177

Sure enough, we've got the dtlogin process listening on the correct port. We should now be in business as usual:
# /usr/openwin/bin/Xnest :1 -query nevada

gives me a nice login as it should have in the very beginning

Aleem Khan's Blog

SUMMARY How to re-enable remote Gnome login on Solaris 10 8-07 withSecureBy Default Network

We share !! How To Take Remote of Solaris 10 Box from Window Box

Hi All,

Today I came to an strange situation, I need to take remote desktop of Solaris 10 machine but the question is HOW? Here, I found interesting fact to take remote of Solaris 10 machine.

First of all you need XMing freeware which is an open source software and a Solaris 10 machine. Before taking the remote of Solaris machine you need to configure the XDMCP. So lets start:

Configure XDMCP on the Solaris server:

There are many ways of doing it (both GUI and console). Its so much simpler than doing the same thing on Linux (no painful textfile manipulation!). Make sure you are logged in as root.

Using the console:

  1. Open a terminal
  2. Type gdmsetup
  3. A dialog box will appear, go to the XDMCP tab and click the box that says "Enable XDMCP"
  4. Configure all the relevant options like maximum number of connections, time limit, etc.

Using GUI (Java Desktop System):

  1. Launch -> Applications -> Utilities -> Administration -> Login Screen Setup
  2. Go to the XDMCP tab and click the box that says "Enable XDMCP".
  3. Configure all the relevant options like maximum number of connections, time limit, etc.Note: Please remember the XDMCP port you set here (default is 177) and make sure it is not blocked by the firewall on the client systems.

Finally, restart your system (in this case the virtual machine) for the settings to take effect.

User Creation in Solaris:

If you are planning to login as root then there is no need to perform this step else you need to create a user id by which you can take remote of Solaris 10 machine.

Following are the steps:

  1. Make sure you are logged in as Root.
  2. Open a terminal and run the command 'smc' to open the Sun Management Console.

SUMMARY How to re-enable remote Gnome login on Solaris 10 8-07 with Secure By Default Network Profile ON.

Loris.Serena at pfpc.ie Loris.Serena at pfpc.ie
Thu Sep 13 07:02:38 EDT 2007 

Thanks a mill to Greg Marsh, whose solution (below) worked perfectly fine 
for me.

Loris
=====================================================================
As a security measure dtlogin is disabled by running it on port 0 
instead of the default port 177
   milly / # ps -ef | grep dtlogin
       root   530     1   0   Aug 06 ?           0:00 
/usr/dt/bin/dtlogin -daemon -udpPort 0

To remove the port argument run,
   svccfg -s cde-login setprop dtlogin/args=\"\"
   svcadm restart cde-login
NB If cde-login enters maintenance state run,
   svcadm clear cde-login

Remote graphical login still not working also had to,
   svccfg -s x11-server setprop options/tcp_listen=true     # false by 
default
   svcadm restart cde-login
   svcadm enable svc:/application/x11/xfs:default           # disabled 
by default

CDE now working but not Java desktop system!
Modified the /etc/X11/gdm/gdm.conf file,
   [xdmcp]
   #Enable=false
   Enable=true
and restarted gdm login service,
   svcadm restart svc:/application/gdm2-login:default
=====================================================================
 
Loris.Serena at pfpc.ie 
Sent by: sunmanagers-bounces at sunmanagers.org
13/09/2007 10:50

To
sunmanagers at sunmanagers.org
 
Guys, 
I've just installed Solaris 10 8/07 on a SPARC SunBlade 2500 enabling the 
"Secure By Default Network Profile".
Remote SSH login works fine and Gnome graphical login only works locally.
How do I re-enable (and then restrict per user and/or per host) remote 
graphical login?
Running, "netservices open" is not an option, that will open far too much!
Thanks in advance
 
Loris



# svcs -a
STATE          STIME    FMRI
legacy_run     18:42:28 lrc:/etc/rc2_d/S00set-tmp-permissions
legacy_run     18:42:29 lrc:/etc/rc2_d/S07set-tmp-permissions
legacy_run     18:42:31 lrc:/etc/rc2_d/S10lu
legacy_run     18:42:31 lrc:/etc/rc2_d/S20sysetup
legacy_run     18:42:32 lrc:/etc/rc2_d/S40llc2
legacy_run     18:42:32 lrc:/etc/rc2_d/S42ncakmod
legacy_run     18:42:34 lrc:/etc/rc2_d/S70nddconfig
legacy_run     18:42:34 lrc:/etc/rc2_d/S73cachefs_daemon
legacy_run     18:42:34 lrc:/etc/rc2_d/S81dodatadm_udaplt
legacy_run     18:42:34 lrc:/etc/rc2_d/S89bdconfig
legacy_run     18:42:34 lrc:/etc/rc2_d/S91ifbinit
legacy_run     18:42:35 lrc:/etc/rc2_d/S91jfbinit
legacy_run     18:42:35 lrc:/etc/rc2_d/S94ncalogd
legacy_run     18:42:35 lrc:/etc/rc2_d/S98deallocate
legacy_run     18:42:35 lrc:/etc/rc3_d/S16boot_server
legacy_run     18:42:37 lrc:/etc/rc3_d/S22acct
legacy_run     18:42:37 lrc:/etc/rc3_d/S52imq
disabled       18:42:08 svc:/network/iscsi_initiator:default
disabled       18:42:08 svc:/system/metainit:default
disabled       18:42:08 svc:/system/device/mpxio-upgrade:default
disabled       18:42:08 svc:/network/rpc/keyserv:default
disabled       18:42:08 svc:/network/rpc/nisplus:default
disabled       18:42:08 svc:/network/nis/server:default
disabled       18:42:09 svc:/network/nis/client:default
disabled       18:42:09 svc:/network/dns/client:default
disabled       18:42:09 svc:/network/ldap/client:default
disabled       18:42:09 svc:/network/nfs/status:default
disabled       18:42:09 svc:/network/nfs/nlockmgr:default
disabled       18:42:09 svc:/network/nfs/cbd:default
disabled       18:42:09 svc:/network/nfs/mapid:default
disabled       18:42:09 svc:/network/inetd-upgrade:default
disabled       18:42:09 svc:/network/nfs/client:default
disabled       18:42:09 svc:/application/print/server:default
disabled       18:42:09 svc:/network/smtp:sendmail
disabled       18:42:09 svc:/system/auditd:default
disabled       18:42:09 svc:/system/patch-finish:delete
disabled       18:42:09 svc:/system/mdmonitor:default
disabled       18:42:09 svc:/system/pools:default
disabled       18:42:09 svc:/system/rcap:default
disabled       18:42:10 svc:/application/management/seaport:default
disabled       18:42:10 svc:/application/management/snmpdx:default
disabled       18:42:10 svc:/application/management/dmi:default
disabled       18:42:10 svc:/network/rpc/bootparams:default
disabled       18:42:10 svc:/network/samba:default
disabled       18:42:10 svc:/network/winbind:default
disabled       18:42:10 svc:/network/wins:default
disabled       18:42:10 svc:/network/nfs/server:default
disabled       18:42:10 svc:/network/rarp:default
disabled       18:42:10 svc:/network/dhcp-server:default
disabled       18:42:10 svc:/application/management/webmin:default
disabled       18:42:11 svc:/application/management/sma:default
disabled       18:42:11 svc:/application/print/ipp-listener:default
disabled       18:42:11 svc:/application/database/postgresql:version_81
disabled       18:42:11 svc:/application/database/postgresql:version_82
disabled       18:42:11 svc:/application/gdm2-login:default
disabled       18:42:11 svc:/network/dns/server:default
disabled       18:42:11 svc:/network/routing/legacy-routing:ipv4
disabled       18:42:11 svc:/network/routing/legacy-routing:ipv6
disabled       18:42:11 svc:/network/routing/ndp:default
disabled       18:42:11 svc:/network/routing/rdisc:default
disabled       18:42:11 svc:/network/ipv6-forwarding:default
disabled       18:42:11 svc:/network/routing/ripng:default
disabled       18:42:11 svc:/network/routing/ripng:quagga
disabled       18:42:11 svc:/network/routing/zebra:quagga
disabled       18:42:11 svc:/network/routing/route:default
disabled       18:42:11 svc:/network/ipv4-forwarding:default
disabled       18:42:11 svc:/network/routing/rip:quagga
disabled       18:42:11 svc:/network/routing/ospf:quagga
disabled       18:42:11 svc:/network/routing/ospf6:quagga
disabled       18:42:11 svc:/network/routing/bgp:quagga
disabled       18:42:12 svc:/network/security/kadmin:default
disabled       18:42:12 svc:/network/security/krb5kdc:default
disabled       18:42:12 svc:/network/ipmievd:default
disabled       18:42:12 svc:/network/nis/passwd:default
disabled       18:42:12 svc:/network/nis/update:default
disabled       18:42:13 svc:/network/nis/xfr:default
disabled       18:42:14 svc:/network/http:apache2
disabled       18:42:14 svc:/network/apocd/udp:default
disabled       18:42:14 svc:/network/slp:default
disabled       18:42:15 svc:/system/consadm:default
disabled       18:42:16 svc:/system/pools/dynamic:default
disabled       18:42:16 svc:/system/iscsitgt:default
disabled       18:42:16 svc:/system/sar:default
disabled       18:42:16 
svc:/application/management/common-agent-container-1:default
disabled       18:42:18 svc:/system/filesystem/autofs:default
disabled       18:42:18 svc:/system/power:default
disabled       18:42:18 svc:/network/rpc/bind:default
disabled       18:42:19 svc:/application/print/cleanup:default
disabled       18:42:27 svc:/network/rpc/meta:default
disabled       18:42:27 svc:/application/x11/xfs:default
disabled       18:42:28 svc:/network/rpc/rstat:default
disabled       18:42:28 svc:/application/print/rfc1179:default
disabled       18:42:31 svc:/network/rpc/cde-ttdbserver:tcp
disabled       18:42:31 svc:/network/rpc/ocfserv:default
disabled       18:42:33 svc:/network/rpc/mdcomm:default
disabled       18:42:33 svc:/network/rpc/metamed:default
disabled       18:42:33 svc:/network/rpc/metamh:default
disabled       18:42:33 svc:/network/rpc/rex:default
disabled       18:42:33 svc:/network/rpc/rusers:default
disabled       18:42:34 svc:/network/rpc/spray:default
disabled       18:42:34 svc:/network/rpc/wall:default
disabled       18:42:34 svc:/network/security/krb5_prop:default
disabled       18:42:34 svc:/network/swat:default
disabled       18:42:34 svc:/network/cde-spc:default
disabled       18:42:35 svc:/network/tname:default
disabled       18:42:35 svc:/network/telnet:default
disabled       18:42:35 svc:/network/nfs/rquota:default
disabled       18:42:35 svc:/network/uucp:default
disabled       18:42:35 svc:/network/chargen:dgram
disabled       18:42:35 svc:/network/chargen:stream
disabled       18:42:35 svc:/network/daytime:dgram
disabled       18:42:35 svc:/network/daytime:stream
disabled       18:42:35 svc:/network/discard:dgram
disabled       18:42:35 svc:/network/discard:stream
disabled       18:42:35 svc:/network/echo:dgram
disabled       18:42:35 svc:/network/echo:stream
disabled       18:42:35 svc:/network/time:dgram
disabled       18:42:35 svc:/network/time:stream
disabled       18:42:36 svc:/network/ftp:default
disabled       18:42:36 svc:/network/comsat:default
disabled       18:42:36 svc:/network/finger:default
disabled       18:42:37 svc:/network/login:eklogin
disabled       18:42:37 svc:/network/login:klogin
disabled       18:42:37 svc:/network/login:rlogin
disabled       18:42:39 svc:/network/rexec:default
disabled       18:42:39 svc:/network/shell:default
disabled       18:42:39 svc:/network/shell:kshell
disabled       18:42:39 svc:/network/talk:default
disabled       18:42:39 svc:/network/stdiscover:default
disabled       18:42:39 svc:/network/stlisten:default
disabled       18:42:39 svc:/application/font/stfsloader:default
disabled       18:42:40 svc:/network/security/ktkt_warn:default
disabled       18:42:40 svc:/network/rpc-100235_1/rpc_ticotsord:default
disabled       18:42:40 svc:/network/rpc/smserver:default
disabled       18:42:40 svc:/network/rpc/gss:default
online         18:42:07 svc:/system/svc/restarter:default
online         18:42:08 svc:/network/pfil:default
online         18:42:09 svc:/network/loopback:default
online         18:42:09 svc:/system/filesystem/root:default
online         18:42:10 svc:/system/installupdates:default
online         18:42:10 svc:/milestone/name-services:default
online         18:42:11 svc:/system/boot-archive:default
online         18:42:11 svc:/system/scheduler:default
online         18:42:12 svc:/network/physical:default
online         18:42:12 svc:/system/filesystem/usr:default
online         18:42:13 svc:/milestone/network:default
online         18:42:13 svc:/system/identity:node
online         18:42:13 svc:/system/keymap:default
online         18:42:14 svc:/system/device/local:default
online         18:42:14 svc:/system/filesystem/minimal:default
online         18:42:15 svc:/system/identity:domain
online         18:42:16 svc:/system/cryptosvc:default
online         18:42:16 svc:/system/name-service-cache:default
online         18:42:16 svc:/system/resource-mgmt:default
online         18:42:16 svc:/system/rmtmpfiles:default
online         18:42:16 svc:/system/sysevent:default
online         18:42:16 svc:/system/device/fc-fabric:default
online         18:42:16 svc:/system/coreadm:default
online         18:42:17 svc:/milestone/devices:default
online         18:42:17 svc:/system/picl:default
online         18:42:17 svc:/network/initial:default
online         18:42:18 svc:/network/service:default
online         18:42:20 svc:/network/ipfilter:default
online         18:42:21 svc:/system/manifest-import:default
online         18:42:21 svc:/milestone/single-user:default
online         18:42:22 svc:/system/filesystem/local:default
online         18:42:22 svc:/system/cron:default
online         18:42:22 svc:/system/sysidtool:net
online         18:42:23 svc:/network/ntp:default
online         18:42:23 svc:/application/stosreg:default
online         18:42:23 svc:/system/sysidtool:system
online         18:42:23 svc:/system/dumpadm:default
online         18:42:24 svc:/milestone/sysconfig:default
online         18:42:25 svc:/system/sac:default
online         18:42:25 svc:/system/utmp:default
online         18:42:25 svc:/network/inetd:default
online         18:42:25 svc:/application/management/wbem:default
online         18:42:26 svc:/application/font/fc-cache:default
online         18:42:26 svc:/system/system-log:default
online         18:42:26 svc:/system/fmd:default
online         18:42:27 svc:/system/console-login:default
online         18:42:29 svc:/network/ssh:default
online         18:42:34 svc:/network/routing-setup:default
online         18:42:35 svc:/milestone/multi-user:default
online         18:42:37 svc:/application/graphical-login/cde-login:default
online         18:42:37 svc:/application/cde-printinfo:default
online         18:42:37 svc:/milestone/multi-user-server:default
online         18:42:39 svc:/system/zones:default
online         18:42:39 svc:/system/basicreg:default
online         18:43:11 svc:/system/webconsole:console
offline        18:42:14 svc:/system/filesystem/volfs:default
offline        18:42:29 svc:/network/rpc/cde-calendar-manager:default
# 
--
Loris Serena | Senior Unix Systems Specialist | PFPC International Ltd.
Phone: +353-1-7903697 | mailto:loris.serena at pfpc.ie | http://www.pfpc.com
_______________________________________________
sunmanagers mailing list
sunmanagers at sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

Enabling XDMCP in Solaris 10 by Gopi Desaboyina

October 7, 2009 | Gopi Desaboyina Solaris Blogs

Solaris 10 is secure by default and starts services on localhost instead of system name or all hosts(*) .

Due to that if you try to connect to server over xdmcp using exceed on demand or something you won't get connection. For that we need to use following method to fix it.

If you issue ps on dtlogin. It might come up like this and listens on udp port 0 instead of 177.

#ps –ef |grep –i dtlogin

/usr/dt/bin/dtlogin -daemon -udpPort 0
You can change the above behaviour by using svccfg and change the properties.
#svccfg -s cde-login setprop 'dtlogin/args=""'

#svcadm restart cde-login # or #svcadm enable -r cde-login


After these system should respond to xdmcp broadcast queries. Also if you want to disable the default security option you could give a try with netservices { open | limited }

enable remote xdmpc

Solaris 10's desktop environment is JDS which is based off of GNOME.

Log in as root
Open a terminal
Type gdmsetup (a dialog box will appear)
Click on the XDMCP tab
Check the Enable XDMCP box
Press Close

To get a full screen login from a Leopard

open terminal

xephyr -query ipaddress -scren 1280x1024 (adjust for desired screen size)

Unix Forum How to configure XDMCP in solaris-Suse-Fedora

Solaris 10's desktop environment is JDS which is basedoff of GNOME.
1. Log in as root2. Open a terminal3. type gdmsetup (a dialog box will appear)4 Click on the XDMCP tab5. Check the Enable XDMCP box6. Press Close
XDMCP: General Instructions
Here are general instructions to enable XDMCP manually editing files on unix systems.
1. Log in as root.2. From /etc/X11/xdm/Xaccess file, uncomment the line "# * #any host can get a login window".3. From /etc/X11/xdm/xdm-config file, comment out the line "DisplayManager.RequestPort: 0".4. From /etc/X11/gdm/gdm.conf file, set the enable status to True (or 1) in [xdmcp] section.5. From /etc/kde/kdm/kdmrc file, set the enable status to True (or 1) in [xdmcp] section.6. The system needs to run in init level 5 (/etc/inittab).7. Reboot the Linux system after modification. Log in as root to the Linux machine again. Go to system settings, security level. Reduce the firewall security so that you can connect remotely. Do this only until able to connect with X-Win32, then you can properly reconfigure the firewall to accept XDMCP connections.
Don't forget to open up your Firewall ports. For help configuring your firewall

What ports need to be opened for XDMCP


X-Win32 can connect to linux hosts even behind a firewall.
Open up TCP port 6000-6005 (plus X-Win32's base display number) in both directionsOpen up UDP port 177 to accept incomming connections from any port.
If you are using Gnome open up TCP ports 16001 and TCP 35091 in both directions.
If you are behind a router using NAT, map those ports to the IP address of your local computer on your LAN. The only other thing is make sure on the Network tab under the X-Config menu, that your display is the correct IP address. This is the address you are telling the host to send the session back to.

If you are using SuSE linux firewall, edit /etc/sysconfig/SuSEfirewall2 changing the default options to the following

FW_SERVICES_EXT_UDP="177 bootpc"FW_ALLOW_FW_BROADCAST_EXT="yes"

OpenSolaris Desktop Community

how to login solaris 11 GUI remotely

XIAO-SONG ZHU <xiao-song.zhu@...>
2011-10-20 02:55:30 GMT

Hi all,

There's a problem raised from ISVs about solaris 11 desktop. The ISV who used to use the windows client to login to solaris now can't login to solaris 11 by XManager, it seems X has changed a lot in Solaris 11, and we have following questions about remote GUI login:
1)Now we can't find remote login option in the login GUI, does it mean remote login by other machines with solaris installed is not supported
2)How can we login solaris by windows client, such as XManager, xwin32. BTW VNC works well, but it's just a good tool for co-working, and not commonly used by ISV.

Regards & Thanks
Chris 

<div>
    Hi all,<br><br>
    There's a problem raised from ISVs about solaris 11 desktop. The ISV
    who used to use the windows client to login to solaris now can't
    login to solaris 11 by <a href="http://www.netsarang.com/download/main.html">XManager</a>,
    it seems X has changed a lot in Solaris 11, and we have following
    questions about remote GUI login:<br>
    1)Now we can't find remote login option in the login GUI, does it
    mean remote login by other machines with solaris installed is not
    supported&nbsp; <br>
    2)How can we login solaris by windows client, such as XManager,
    xwin32. BTW VNC works well, but it's just a good tool for
    co-working, and not commonly used by ISV. <br><br>
    Regards &amp; Thanks<br>
    Chris
  </div>
Permalink | Reply |
headers

Brian Cameron | 20 Oct 2011 18:03

Picon
Favicon

Re: how to login solaris 11 GUI remotely

Brian Cameron <brian.cameron@...>
2011-10-20 16:03:29 GMT
Chris:

Note that Solaris 11 uses GDM as the login (or display manager) program
by default while Solaris 10 and earlier used CDE login.  So the way to
configure/enable XDMCP is different.

GDM does support running as an XDMCP server, though this feature is off
by default.  You need to enable it in the GDM configuration file.  The
GDM manpage, yelp manual,  and online documentation should explain how
to do this.

   http://library.gnome.org/admin/gdm/2.32/gdm.html

Also, note that X11 TCP features are off by default.  If you want to
use TCP/IP connections to the Xserver (which are used by XDMCP), then
you may need to familiarize yourself with this.  To enable it refer
to "man Xserver" and look for "options/tcp_listen".

These features are off by default because XDMCP is known to not be a
very secure protocol, unless run in a tightly controlled environment
(e.g. in a LAN behind a firewall or with proper libwrap configuration
to only allow connections from particular machines).

It is true that the GDM login screen does not offer a chooser screen
by default like CDE login screen did.  GDM does provide an XDMCP
client, but it only works when you configure your system to run X11
with the --indirect option if you wish to setup a Solaris client to
run as an XDMCP client.  But, it sounds like you are using a Windows
XDMCP client, so this is probably not an issue or concern for you.
It just sounds like you need to configure GDM to be an XDMCP server.

If you are having trouble getting things working, turn on GDM debug.
When turned on, the GDM debug output to syslog contains verbose details
about XDMCP issues to help you identify the nature of a problem you
might be seeing.  GDM does support numerous XDMCP options, as you can
see in the manual, and you may need to tune some of them for a given
network.  For example, you may need to use a higher "PingInterval"
setting if your network has particularly high latency.

Brian

> There's a problem raised from ISVs about solaris 11 desktop. The ISV who
> used to use the windows client to login to solaris now can't login to
> solaris 11 by XManager <http://www.netsarang.com/download/main.html>, it
> seems X has changed a lot in Solaris 11, and we have following questions
> about remote GUI login:
> 1)Now we can't find remote login option in the login GUI, does it mean
> remote login by other machines with solaris installed is not supported
> 2)How can we login solaris by windows client, such as XManager, xwin32.
> BTW VNC works well, but it's just a good tool for co-working, and not
> commonly used by ISV.
>
> Regards & Thanks
> Chris
Permalink | Reply |
headers

Alan Coopersmith | 20 Oct 2011 23:09

Picon
Favicon
Gravatar

Re: how to login solaris 11 GUI remotely

Alan Coopersmith <alan.coopersmith@...>
2011-10-20 21:09:28 GMT
On 10/20/11 09:03, Brian Cameron wrote:
> Also, note that X11 TCP features are off by default. If you want to
> use TCP/IP connections to the Xserver (which are used by XDMCP), then
> you may need to familiarize yourself with this. To enable it refer
> to "man Xserver" and look for "options/tcp_listen".

That of course is only needed on the Xserver you're connecting to, and
since X is backwards of what everyone thinks, probably doesn't apply to
you.   (You would need it to make windows from another machine appear
on the Solaris desktop, but don't need it to make windows from the
Solaris machine appear on your Windows PC which would be running it's
own X server from XManager,)

What ports need to be opened for XDMCP


Posted |
Solaris | xdmcp solaris 10


4 Comments "
[...] Enabling XDMCP in Solaris 10 October 2009 3 [...]

Pingback by My Blog gdesaboyina.wordpress.com 2010 in review " Gopi Desaboyina Solaris Blogs | January 2, 2011 | Reply

Right on!!! This is the exact solution for our problem, thanks!

Comment by B Chang | March 7, 2011 | Reply

Hi Gopi,

I have installed Solaris 10 on T2000 Sunfire Server but I was not able to get the Solaris 10 desktop using Cygwin on Windows XP.
Your article enabling XDMCP on Solaris 10 has fixed our issue.
Thank you very much for posting this article which will help many systems administrators.

Thanks and regards,
Manjunath Mariyappa

Rajeev Ranjan's - Life Runs on Code- CDE Login Problem, Remote X11, X-Server, XDMCP login problem

CDE Login Problem, Remote X11, X-Server, XDMCP login problem

Sometimes I got an error after finishing on Solaris 10 box installation. After make some configuration then suddenly I can't access my Solaris XDMCP remote session on my laptop.. Usually, I use XManager Enterprise to get Solaris GUI remote session XDMCP. here the step-by-step to troubleshoot if you got the same problem:

{Make sure that svc:/application/graphical-login/cde-login is enabled and online.

root@solaris10 # svcs cde-login
STATE STIME FMRI
online Mar_02 svc:/application/graphical-login/cde-login:default

root@solaris10 #netservices limited

restarting syslogd
restarting sendmail
dtlogin needs to be restarted. Restart now? [Y] y
restarting dtlogin
{Check dtlogin process:

root@solaris10 # ps -ef | grep dtlogin

root 29384 1 0 Mar 02 ? 0:00 /usr/dt/bin/dtlogin -daemon -udpPort 0 [should be TCP, not UDP]

{Modify the x11-server service:

-–>Show properties:
#svcprop svc:/application/x11/x11-server

-->Turn on tcp listen:
#svccfg -s svc:/application/x11/x11-server setprop options/tcp_listen=true

{Modify the dtlogin service:

-–>Show properties:
#svcprop svc:/application/graphical-login/cde-login:default
#svccfg -s svc:/application/graphical-login/cde-login setprop dtlogin/args=\"\"

-–>Then restart the X server:
#svcadm refresh svc:/application/graphical-login/cde-login:default;
#svcprop -p dtlogin svc:/application/graphical-login/cde-login:default

root@solaris10 #netservices open

restarting syslogd
restarting sendmail

root@solaris10# svcadm restart cde-login
root@solaris10# ps -ef |grep dtlogin
root 27722 1 0 15:08:37 ? 0:00 /usr/dt/bin/dtlogin -daemon
root 27724 26297 0 15:08:43 pts/3 0:00 grep dtlogin

Posted by at

Recommended Links

Google matched content

Softpanorama Recommended

Top articles

Sites

tldp.org

XDM and X Terminal mini−HOWTO

Troubleshooting XDMCP

Connections to UNIX and Linux Hosts - Tech Note 1229