“UbuntuHelp:Updated Version For Feisty”的版本间的差异

2009年5月12日 (二) 19:22的最新版本

文章出处:

https://help.ubuntu.com/community/Updated_Version_For_Feisty

点击翻译:

English

<<Include(Tag/Unsupported)>> <<Include(Tag/Deletion)>> This page is a re-creation of the LTSP trouble-shooting page specifically aimed at the Feisty release. According to the maintainers some of these fixes are not required and should be treated as "dubious", however they work for us.

Introduction

We've found some bugs in a number of components in the Ubuntu LTSP kit, hopefully some of the developers will take a look at this page at some point and possibly integrate some of our fixes back into the mix. Until then however, below we detail how we got around some of the more interesting issues. We have tried to post fix requests where possible, however a number relate to "work in progress" and "fixes available in gutsy".

Getting Started

First you need to edit your /etc/default/syslogd on the your server, make sure the "-r" option is listed in options. This will allow thin clients to send their syslog information to your server, this making it visible. Be warned, multiple thin clients booting at the same time can get interesting.

Getting set up with GDM

Then you need to set up an environment for your thin clients, try the following;

 ltsp-build-client            # this can take a while
 cd /opt/ltsp/i386
 chroot . /bin/bash
 apt-get install gdm          # a real login manager
 apt-get install nvidia-glx   #
 apt-get install ..           # any other drivers required by thin client HW
 vi /etc/lts.conf             # add "XSERVER=nvidia" or similar as appropriate
 update-initramfs -c -k all   # rebuild your ramfs with the new drivers

Now check that /opt/ltsp/i386/etc/X11/default-display-manager contains;

 /usr/sbin/gdm

Then you will need some manual fixes;

 chown root:gdm /var/lib/gdm
 chmod 1770 /var/lib/gdm

Then edit /etc/default/ltsp-client-setup and add the following;

 rw_dirs="$rw_dirs /var/lib/gdm /var/run/network"
 copy_dirs="$copy_dirs /home"

Then edit /etc/X11/gdm/gdm.conf, comment out the "0=Standard" and uncomment the "0=Chooser". You should be pretty much good to go with gdm as your login manager. Why do we do this when there's the wonderful ldm login server which apparently we should be using instead?

LDM is generally 'rubbish' when compared to GDM
LDM does not let you select which server you connect to, critical if your allocated server is dead
LDM does not currently report "incorrect password", it just refreshes the screen with no error report
LDM does not follow the system themes, so your login screen does not match your user's theme

DHCP

The DHCP setup can sometime become confusing as you can end up with more than one dhcpd.conf file. Make sure you have no duplicates lying around otherwise you could end up spending hours changing your dhcpd.conf and wondering what's wrong with the syntax, only to find it's not using the file you thought it was. Here's a working sample;

 ddns-update-style none;
 ignore client-updates;
 default-lease-time              86400;
 max-lease-time                  86400;

 subnet 10.1.0.0 netmask 255.255.255.0 {
   interface eth1;
   range 10.1.0.100 10.1.0.199;
   option domain-name "mydomain.co.uk";
   option domain-name-servers 10.1.0.1;
   option broadcast-address 10.1.0.255;
   option routers 10.1.0.4;
   option subnet-mask 255.255.255.0;
   filename "/ltsp/pxelinux.0";
   option root-path "/opt/ltsp/i386";
 }

Sound Configuration

This is now working (by default) on Feisty with both LDM and GDM (Apparently XDMCP is unsupported by LTSP5, which is why sound doesn't work .. but it works for us!) Don't spend too much time trying to get your desktop volume control working - it won't. Use application specific volume controls instead, or the volume knob on your speaker.

USB Client Printers

(not worked on this yet - see previous version of document if you have a problem)

Graphics Problems

(not worked on this yet - see previous version of document if you have a problem)

Failure to Launch

There's a new problem of Feisty, people who've been running quite happily now find that when they run rdesktop and get a windows 2000 login, as soon as they click on anything interesting, their application (rdesktop) SEGV's. This is a REALLY NASTY bug to track down, so if your windows / rdesktop applications start falling over - start here! For some reason, it's caused by lack of bitmap depth on the client's X display. To fix, inside your chroot ltsp filesystem (/opt/ltsp/i386) edit /etc/lts.conf and add a section for your work station (or add to your default section;

X_COLOR_DEPTH = 24

Then reboot and see what happens .. 100% success rate here. If anyone has any more tips - please add them here!

Local Storage Devices

Ok, we now have this working with GDM. (at this point we're way beyond worrying about LDM)

This is what you need to do, on your server, edit /etc/X11/gdm/PreSession/Default

+CLIENT=`echo $DISPLAY | cut -d: -f1 `
+LOCATION="/mnt/localdev/$CLIENT"
+LOCALDEV="/var/lib/localdev"
+mkdir -p ${LOCATION} && chown $USER ${LOCATION} && echo $USER > ${LOCALDEV}/${CLIENT}
SESSREG=`gdmwhich sessreg`
..

Then edit /etc/X11/gdm/PostSession/Default

+CLIENT=`echo $DISPLAY | cut -d: -f1 `
+LOCATION="/mnt/localdev/$CLIENT"
+LOCALDEV="/var/lib/localdev"

+umount ${LOCATION}
+killall -u ${USER} ltspfs
+rm ${LOCALDEV}/${CLIENT}
+rmdir ${LOCATION}

exit 0

Then edit /usr/share/gnome/default.session

7,RestartStyleHint=3
7,Priority=52
7,RestartCommand=/usr/local/bin/LDA-nautilus.sh

Then add LDA-nautilus.sh to your /usr/local/bin, here's my slightly modified version

#!/bin/bash
# Copyright Henry Burroughs/ Hilton Head Preparatory School
# [email protected]

#       This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2 of the License, or
#    (at your option) any later version.

#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.

#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA



#----------Script Setup & Functions
find_key() {
        OUTPUT=""
        for DIR in `gconftool-2 --all-dirs /desktop/gnome/connected_servers`
        do
                $GCONF -a $DIR | grep "$DISPLAY_NAME" > /dev/null
                if [ $? == 0 ]
                then
                        OUTPUT="$DIR"
                fi
        done
        echo $OUTPUT
}

find_last_server() {
        LASTONE=`$GCONF --all-dirs /desktop/gnome/connected_servers | sort --reverse |cut -d'/' -f 5 | head -n 1`
        if [ "$LASTONE" != "" ]
                then
                        NEWONE=`expr $LASTONE + 1`
                else
                        NEWONE=1
        fi


        echo $NEWONE
}

delete_key() {
        KEY=`find_key`
        $GCONF --recursive-unset $KEY
}

CLIENT=`echo $DISPLAY | cut -d: -f1 `
#----------End Script Setup & Functions

#-----------User Configurable Variables

DISPLAY_NAME="My Disks"
LOCATION="/mnt/localdev/$CLIENT"
LOCALDEV="/var/lib/localdev"

#----------End User Configurable Variables
#----------Begin Main part of script----------------------
GCONFOPTS=""
#This part is under construction... in case it runs before gconfd is up and going
#gconftool-2 -p || GCONFOPTS="--direct --config-source="
GCONF="gconftool-2 $GCONFOPTS"


#See if there is a host access file for this client, and if not, we delete any existing keys and stop here
# This takes care of ssh, vnc, etc...mainly we let the LDA-automount-login.sh script handle it
if [ ! -e $LOCALDEV/$CLIENT ]
then
        echo "Delete key: $LOCALDEV/$CLIENT"
        delete_key
        exit 0;
fi

ltspfs ${CLIENT}:/var/run/drives ${LOCATION} &

if [ "`find_key`" != "" ]
then
        $GCONF --type string --set `find_key`/uri "file://$LOCATION"
        exit 0;
fi

#Otherwise, we need to create that key under the next newest one....
LASTNUM=`find_last_server`
$GCONF --type string --set /desktop/gnome/connected_servers/$LASTNUM/display_name "$DISPLAY_NAME"
$GCONF --type string --set /desktop/gnome/connected_servers/$LASTNUM/icon "gnome-dev-removable"
$GCONF --type string --set /desktop/gnome/connected_servers/$LASTNUM/uri "file://$LOCATION"

echo "Connected Server Update Done"

And you should be ready to rock and roll, with ONE main gotcha. You **need** to have entries in your hosts file on both the thin client environment and on the server for each of your clients. (if you don't already, you should!) If you don't do this, ltspfsd won't start on the client and you'll get nowhere.

Security Warning

By default, ltspfsd is started with a "-a" which means that anything you insert into a client USB socket or CD drive will be mountable by anyone on the network with enough knowledge. Bug #133635.

How to secure XDMCP

The comment I hear is "we need LDM for security", my answer is "no you don't". Here's why;

If you run your sessions over OpenVPN, they are inherently secure, AND you get a proper login manager. The process goes something like this, on the server

apt-get install openvpn
mv /usr/share/doc/examples/easy-rsa /usr/share/openvpn
cd /usr/share/openvpn/easy-rsa
(read docs, create keys etc)
cd /etc/openvpn
mkdir gdm
vi gdm.conf
---
port 1194
proto udp
dev tun0
ca gdm/ca.crt
cert gdm/server.crt
key gdm/server.key
dh gdm/dh1024.pem
server 10.99.0.0 255.255.255.0
push "route 10.99.0.0 255.255.255.0"
ifconfig-pool-persist gdm/ipp.txt
status gdm/status.log
keepalive 10 50
comp-lzo
persist-key
persist-tun
verb 3
tran-window 3600
tls-server
passtos
duplicate-cn
---
cp /usr/share/openvpn/easy-rsa/keys/{appropriate keys} gdm
/etc/init.d/openvpn start

You should now have a tun0 interface on 10.99.0.1. Now a similar operation for the thin client's environment. On the server, generate a key called "workstation", then do

 mkdir /opt/ltsp/i386/etc/openvpn/gdm
 cp /usr/share/openvpn/easy-rsa/keys/{ca.crt,workstation.key,workstation.crt} /opt/ltsp/i386/etc/openvpn/gdm
 chroot /opt/ltsp/i386 /bin/bash --login
 apt-get install openvpn
 vi /etc/openvpn/gdm.conf
---
client
dev tun
proto udp
remote <raw IP of server> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca gdm/ca.crt
cert gdm/workstation.crt
key gdm/workstation.key
ns-cert-type server
comp-lzo
verb 3
---
 /etc/init.d/openvpn start

To cap it off, to make sure that the client accesses the server via the VPN, edit /etc/X11/gdm/gdm.conf (this is still in the thin client's virtual environment) and set chooser/Broadcast to false and Hosts=10.99.0.1. And you're away ...

个人工具

“UbuntuHelp:Updated Version For Feisty”的版本间的差异 - Ubuntu中文

搜索

导航

编辑

工具