“UbuntuHelp:Updated Version For Feisty”的版本间的差异
来自Ubuntu中文
小 |
小 |
||
| 第1行: | 第1行: | ||
| − | {{From|https://help.ubuntu.com/community/ | + | {{From|https://help.ubuntu.com/community/Updated_Version_For_Feisty}} |
| − | {{Languages|UbuntuHelp: | + | {{Languages|UbuntuHelp:Updated_Version_For_Feisty}} |
| − | + | This page is a re-creation of the LTSP trouble-shooting page specifically aimed at the Feisty release. According to the maintainers some of these fixes are not required and should be treated as "dubious", however they work for us. | |
| − | < | + | == Introduction == |
| − | < | + | We've found some bugs in a number of components in the Ubuntu LTSP kit, hopefully some of the developers will take a look at this page at some point and possibly integrate some of our fixes back into the mix. Until then however, below we detail how we got around some of the more interesting issues. |
| − | + | We have tried to post fix requests where possible, however a number relate to "work in progress" and "fixes available in gutsy". | |
| − | < | + | == Getting Started == |
| − | < | + | First you need to edit your /etc/default/syslogd on the your server, make sure the "-r" option is listed in options. This will allow thin clients to send their syslog information to your server, this making it visible. Be warned, multiple thin clients booting at the same time can get interesting. |
| − | < | + | == Getting set up with GDM == |
| − | < | + | Then you need to set up an environment for your thin clients, try the following; |
| − | // | + | <pre><nowiki> |
| − | + | ltsp-build-client # this can take a while | |
| − | + | cd /opt/ltsp/i386 | |
| − | // | + | chroot . /bin/bash |
| − | // | + | apt-get install gdm # a real login manager |
| − | + | apt-get install nvidia-glx # | |
| − | if | + | apt-get install .. # any other drivers required by thin client HW |
| − | + | vi /etc/lts.conf # add "XSERVER=nvidia" or similar as appropriate | |
| − | + | update-initramfs -c -k all # rebuild your ramfs with the new drivers | |
| − | + | </nowiki></pre> | |
| + | Now check that /opt/ltsp/i386/etc/X11/default-display-manager contains; | ||
| + | <pre><nowiki> | ||
| + | /usr/sbin/gdm | ||
| + | </nowiki></pre> | ||
| + | Then you will need some manual fixes; | ||
| + | <pre><nowiki> | ||
| + | chown root:gdm /var/lib/gdm | ||
| + | chmod 1770 /var/lib/gdm | ||
| + | </nowiki></pre> | ||
| + | Then edit /etc/default/ltsp-client-setup and add the following; | ||
| + | <pre><nowiki> | ||
| + | rw_dirs="$rw_dirs /var/lib/gdm /var/run/network" | ||
| + | copy_dirs="$copy_dirs /home" | ||
| + | </nowiki></pre> | ||
| + | Then edit /etc/X11/gdm/gdm.conf, comment out the "0=Standard" and uncomment the "0=Chooser". | ||
| + | You should be pretty much good to go with gdm as your login manager. Why do we do this when there's the wonderful ldm login server which apparently we should be using instead? | ||
| + | * LDM is generally 'rubbish' when compared to GDM | ||
| + | * LDM does not let you select which server you connect to, critical if your allocated server is dead | ||
| + | * LDM does not currently report "incorrect password", it just refreshes the screen with no error report | ||
| + | * LDM does not follow the system themes, so your login screen does not match your user's theme | ||
| + | == DHCP == | ||
| + | The DHCP setup can sometime become confusing as you can end up with more than one dhcpd.conf file. Make sure you have no duplicates lying around otherwise you could end up spending hours changing your dhcpd.conf and wondering what's wrong with the syntax, only to find it's not using the file you thought it was. Here's a working sample; | ||
| + | <pre><nowiki> | ||
| + | ddns-update-style none; | ||
| + | ignore client-updates; | ||
| + | default-lease-time 86400; | ||
| + | max-lease-time 86400; | ||
| + | subnet 10.1.0.0 netmask 255.255.255.0 { | ||
| + | interface eth1; | ||
| + | range 10.1.0.100 10.1.0.199; | ||
| + | option domain-name "mydomain.co.uk"; | ||
| + | option domain-name-servers 10.1.0.1; | ||
| + | option broadcast-address 10.1.0.255; | ||
| + | option routers 10.1.0.4; | ||
| + | option subnet-mask 255.255.255.0; | ||
| + | filename "/ltsp/pxelinux.0"; | ||
| + | option root-path "/opt/ltsp/i386"; | ||
} | } | ||
| + | </nowiki></pre> | ||
| + | == Sound Configuration == | ||
| + | This is now working (by default) on Feisty with both LDM and GDM (Apparently XDMCP is unsupported by LTSP5, which is why sound doesn't work .. but it works for us!) | ||
| + | Don't spend too much time trying to get your desktop volume control working - it won't. Use application specific volume controls instead, or the volume knob on your speaker. | ||
| + | == USB Client Printers == | ||
| + | (not worked on this yet - see previous version of document if you have a problem) | ||
| + | == Graphics Problems == | ||
| + | (not worked on this yet - see previous version of document if you have a problem) | ||
| + | == Failure to Launch == | ||
| + | There's a new problem of Feisty, people who've been running quite happily now find that when they run rdesktop and get a windows 2000 login, as soon as they click on anything interesting, their application (rdesktop) SEGV's. This is a REALLY NASTY bug to track down, so if your windows / rdesktop applications start falling over - start here! | ||
| + | For some reason, it's caused by lack of bitmap depth on the client's X display. To fix, inside your chroot ltsp filesystem (/opt/ltsp/i386) edit /etc/lts.conf and add a section for your work station (or add to your default section; | ||
| + | <pre><nowiki> | ||
| + | X_COLOR_DEPTH = 24 | ||
| + | </nowiki></pre> | ||
| + | Then reboot and see what happens .. 100% success rate here. | ||
| + | If anyone has any more tips - please add them here! | ||
| + | == Local Storage Devices == | ||
| + | Ok, we now have this working with GDM. (at this point we're way beyond worrying about LDM) | ||
| + | This is what you need to do, on your server, edit /etc/X11/gdm/PreSession/Default | ||
| + | <pre><nowiki> | ||
| + | +CLIENT=`echo $DISPLAY | cut -d: -f1 ` | ||
| + | +LOCATION="/mnt/localdev/$CLIENT" | ||
| + | +LOCALDEV="/var/lib/localdev" | ||
| + | +mkdir -p ${LOCATION} && chown $USER ${LOCATION} && echo $USER > ${LOCALDEV}/${CLIENT} | ||
| + | SESSREG=`gdmwhich sessreg` | ||
| + | .. | ||
| + | </nowiki></pre> | ||
| + | Then edit /etc/X11/gdm/PostSession/Default | ||
| + | <pre><nowiki> | ||
| + | +CLIENT=`echo $DISPLAY | cut -d: -f1 ` | ||
| + | +LOCATION="/mnt/localdev/$CLIENT" | ||
| + | +LOCALDEV="/var/lib/localdev" | ||
| + | +umount ${LOCATION} | ||
| + | +killall -u ${USER} ltspfs | ||
| + | +rm ${LOCALDEV}/${CLIENT} | ||
| + | +rmdir ${LOCATION} | ||
| + | exit 0 | ||
| + | </nowiki></pre> | ||
| + | Then edit /usr/share/gnome/default.session | ||
| + | <pre><nowiki> | ||
| + | 7,RestartStyleHint=3 | ||
| + | 7,Priority=52 | ||
| + | 7,RestartCommand=/usr/local/bin/LDA-nautilus.sh | ||
| + | </nowiki></pre> | ||
| + | Then add LDA-nautilus.sh to your /usr/local/bin, here's my slightly modified version | ||
| + | <pre><nowiki> | ||
| + | #!/bin/bash | ||
| + | # Copyright Henry Burroughs/ Hilton Head Preparatory School | ||
| + | |||
| + | # This program is free software; you can redistribute it and/or modify | ||
| + | # it under the terms of the GNU General Public License as published by | ||
| + | # the Free Software Foundation; either version 2 of the License, or | ||
| + | # (at your option) any later version. | ||
| + | # This program is distributed in the hope that it will be useful, | ||
| + | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| + | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| + | # GNU General Public License for more details. | ||
| + | # You should have received a copy of the GNU General Public License | ||
| + | # along with this program; if not, write to the Free Software | ||
| + | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | ||
| + | #----------Script Setup & Functions | ||
| + | find_key() { | ||
| + | OUTPUT="" | ||
| + | for DIR in `gconftool-2 --all-dirs /desktop/gnome/connected_servers` | ||
| + | do | ||
| + | $GCONF -a $DIR | grep "$DISPLAY_NAME" > /dev/null | ||
| + | if [ $? == 0 ] | ||
| + | then | ||
| + | OUTPUT="$DIR" | ||
| + | fi | ||
| + | done | ||
| + | echo $OUTPUT | ||
} | } | ||
| − | + | find_last_server() { | |
| − | // | + | LASTONE=`$GCONF --all-dirs /desktop/gnome/connected_servers | sort --reverse |cut -d'/' -f 5 | head -n 1` |
| − | + | if [ "$LASTONE" != "" ] | |
| − | + | then | |
| + | NEWONE=`expr $LASTONE + 1` | ||
| + | else | ||
| + | NEWONE=1 | ||
| + | fi | ||
| + | echo $NEWONE | ||
} | } | ||
| − | + | delete_key() { | |
| − | + | KEY=`find_key` | |
| − | + | $GCONF --recursive-unset $KEY | |
| − | + | ||
| − | + | ||
| − | + | ||
} | } | ||
| − | + | CLIENT=`echo $DISPLAY | cut -d: -f1 ` | |
| − | + | #----------End Script Setup & Functions | |
| − | + | #-----------User Configurable Variables | |
| − | + | DISPLAY_NAME="My Disks" | |
| − | + | LOCATION="/mnt/localdev/$CLIENT" | |
| − | + | LOCALDEV="/var/lib/localdev" | |
| − | + | #----------End User Configurable Variables | |
| − | + | #----------Begin Main part of script---------------------- | |
| − | + | GCONFOPTS="" | |
| − | + | #This part is under construction... in case it runs before gconfd is up and going | |
| − | + | #gconftool-2 -p || GCONFOPTS="--direct --config-source=" | |
| − | + | GCONF="gconftool-2 $GCONFOPTS" | |
| − | + | #See if there is a host access file for this client, and if not, we delete any existing keys and stop here | |
| − | + | # This takes care of ssh, vnc, etc...mainly we let the LDA-automount-login.sh script handle it | |
| − | + | if [ ! -e $LOCALDEV/$CLIENT ] | |
| − | + | then | |
| − | + | echo "Delete key: $LOCALDEV/$CLIENT" | |
| − | if | + | delete_key |
| − | + | exit 0; | |
| − | + | fi | |
| − | + | ltspfs ${CLIENT}:/var/run/drives ${LOCATION} & | |
| − | + | if [ "`find_key`" != "" ] | |
| − | / | + | then |
| − | + | $GCONF --type string --set `find_key`/uri "file://$LOCATION" | |
| − | + | exit 0; | |
| − | + | fi | |
| − | + | #Otherwise, we need to create that key under the next newest one.... | |
| − | + | LASTNUM=`find_last_server` | |
| − | + | $GCONF --type string --set /desktop/gnome/connected_servers/$LASTNUM/display_name "$DISPLAY_NAME" | |
| − | } | + | $GCONF --type string --set /desktop/gnome/connected_servers/$LASTNUM/icon "gnome-dev-removable" |
| − | + | $GCONF --type string --set /desktop/gnome/connected_servers/$LASTNUM/uri "file://$LOCATION" | |
| − | + | echo "Connected Server Update Done" | |
| − | + | </nowiki></pre> | |
| − | // | + | And you should be ready to rock and roll, with ONE main gotcha. You **need** to have entries in your hosts file on both the thin client environment and on the server for each of your clients. (if you don't already, you should!) If you don't do this, ltspfsd won't start on the client and you'll get nowhere. |
| − | + | === Security Warning === | |
| − | + | By default, ltspfsd is started with a "-a" which means that anything you insert into a client USB socket or CD drive will be mountable by anyone on the network with enough knowledge. Bug #133635. | |
| − | + | == How to secure XDMCP == | |
| − | + | The comment I hear is "we need LDM for security", my answer is "no you don't". Here's why; | |
| − | + | If you run your sessions over OpenVPN, they are inherently secure, AND you get a proper login manager. The process goes something like this, on the server | |
| − | + | <pre><nowiki> | |
| − | + | apt-get install openvpn | |
| − | + | mv /usr/share/doc/examples/easy-rsa /usr/share/openvpn | |
| − | + | cd /usr/share/openvpn/easy-rsa | |
| − | + | (read docs, create keys etc) | |
| − | < | + | cd /etc/openvpn |
| − | < | + | mkdir gdm |
| − | + | vi gdm.conf | |
| − | + | --- | |
| − | + | port 1194 | |
| − | + | proto udp | |
| − | + | dev tun0 | |
| − | + | ca gdm/ca.crt | |
| − | + | cert gdm/server.crt | |
| − | + | key gdm/server.key | |
| − | + | dh gdm/dh1024.pem | |
| − | + | server 10.99.0.0 255.255.255.0 | |
| − | + | push "route 10.99.0.0 255.255.255.0" | |
| − | + | ifconfig-pool-persist gdm/ipp.txt | |
| − | + | status gdm/status.log | |
| − | + | keepalive 10 50 | |
| − | + | comp-lzo | |
| − | + | persist-key | |
| − | + | persist-tun | |
| − | + | verb 3 | |
| − | < | + | tran-window 3600 |
| − | + | tls-server | |
| − | < | + | passtos |
| − | + | duplicate-cn | |
| − | + | --- | |
| − | + | cp /usr/share/openvpn/easy-rsa/keys/{appropriate keys} gdm | |
| − | + | /etc/init.d/openvpn start | |
| − | + | </nowiki></pre> | |
| − | + | You should now have a tun0 interface on 10.99.0.1. Now a similar operation for the thin client's environment. On the server, generate a key called "workstation", then do | |
| − | + | <pre><nowiki> | |
| − | + | mkdir /opt/ltsp/i386/etc/openvpn/gdm | |
| − | + | cp /usr/share/openvpn/easy-rsa/keys/{ca.crt,workstation.key,workstation.crt} /opt/ltsp/i386/etc/openvpn/gdm | |
| − | + | chroot /opt/ltsp/i386 /bin/bash --login | |
| − | + | apt-get install openvpn | |
| − | + | vi /etc/openvpn/gdm.conf | |
| − | + | --- | |
| − | + | client | |
| − | + | dev tun | |
| − | + | proto udp | |
| − | + | remote <raw IP of server> 1194 | |
| − | + | resolv-retry infinite | |
| − | + | nobind | |
| − | + | persist-key | |
| − | + | persist-tun | |
| − | + | ca gdm/ca.crt | |
| − | + | cert gdm/workstation.crt | |
| − | + | key gdm/workstation.key | |
| − | + | ns-cert-type server | |
| − | + | comp-lzo | |
| − | + | verb 3 | |
| − | + | --- | |
| − | + | /etc/init.d/openvpn start | |
| − | + | </nowiki></pre> | |
| − | + | To cap it off, to make sure that the client accesses the server via the VPN, edit /etc/X11/gdm/gdm.conf (this is still in the thin client's virtual environment) and set chooser/Broadcast to false and Hosts=10.99.0.1. And you're away ... | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | < | + | |
| − | + | ||
| − | + | ||
| − | < | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | < | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | < | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
[[category:UbuntuHelp]] | [[category:UbuntuHelp]] | ||
2007年12月3日 (一) 18:17的版本
 |
点击翻译: |
English |
This page is a re-creation of the LTSP trouble-shooting page specifically aimed at the Feisty release. According to the maintainers some of these fixes are not required and should be treated as "dubious", however they work for us.
目录
Introduction
We've found some bugs in a number of components in the Ubuntu LTSP kit, hopefully some of the developers will take a look at this page at some point and possibly integrate some of our fixes back into the mix. Until then however, below we detail how we got around some of the more interesting issues. We have tried to post fix requests where possible, however a number relate to "work in progress" and "fixes available in gutsy".
Getting Started
First you need to edit your /etc/default/syslogd on the your server, make sure the "-r" option is listed in options. This will allow thin clients to send their syslog information to your server, this making it visible. Be warned, multiple thin clients booting at the same time can get interesting.
Getting set up with GDM
Then you need to set up an environment for your thin clients, try the following;
ltsp-build-client # this can take a while cd /opt/ltsp/i386 chroot . /bin/bash apt-get install gdm # a real login manager apt-get install nvidia-glx # apt-get install .. # any other drivers required by thin client HW vi /etc/lts.conf # add "XSERVER=nvidia" or similar as appropriate update-initramfs -c -k all # rebuild your ramfs with the new drivers
Now check that /opt/ltsp/i386/etc/X11/default-display-manager contains;
/usr/sbin/gdm
Then you will need some manual fixes;
chown root:gdm /var/lib/gdm chmod 1770 /var/lib/gdm
Then edit /etc/default/ltsp-client-setup and add the following;
rw_dirs="$rw_dirs /var/lib/gdm /var/run/network" copy_dirs="$copy_dirs /home"
Then edit /etc/X11/gdm/gdm.conf, comment out the "0=Standard" and uncomment the "0=Chooser". You should be pretty much good to go with gdm as your login manager. Why do we do this when there's the wonderful ldm login server which apparently we should be using instead?
- LDM is generally 'rubbish' when compared to GDM
- LDM does not let you select which server you connect to, critical if your allocated server is dead
- LDM does not currently report "incorrect password", it just refreshes the screen with no error report
- LDM does not follow the system themes, so your login screen does not match your user's theme
DHCP
The DHCP setup can sometime become confusing as you can end up with more than one dhcpd.conf file. Make sure you have no duplicates lying around otherwise you could end up spending hours changing your dhcpd.conf and wondering what's wrong with the syntax, only to find it's not using the file you thought it was. Here's a working sample;
ddns-update-style none;
ignore client-updates;
default-lease-time 86400;
max-lease-time 86400;
subnet 10.1.0.0 netmask 255.255.255.0 {
interface eth1;
range 10.1.0.100 10.1.0.199;
option domain-name "mydomain.co.uk";
option domain-name-servers 10.1.0.1;
option broadcast-address 10.1.0.255;
option routers 10.1.0.4;
option subnet-mask 255.255.255.0;
filename "/ltsp/pxelinux.0";
option root-path "/opt/ltsp/i386";
}
Sound Configuration
This is now working (by default) on Feisty with both LDM and GDM (Apparently XDMCP is unsupported by LTSP5, which is why sound doesn't work .. but it works for us!) Don't spend too much time trying to get your desktop volume control working - it won't. Use application specific volume controls instead, or the volume knob on your speaker.
USB Client Printers
(not worked on this yet - see previous version of document if you have a problem)
Graphics Problems
(not worked on this yet - see previous version of document if you have a problem)
Failure to Launch
There's a new problem of Feisty, people who've been running quite happily now find that when they run rdesktop and get a windows 2000 login, as soon as they click on anything interesting, their application (rdesktop) SEGV's. This is a REALLY NASTY bug to track down, so if your windows / rdesktop applications start falling over - start here! For some reason, it's caused by lack of bitmap depth on the client's X display. To fix, inside your chroot ltsp filesystem (/opt/ltsp/i386) edit /etc/lts.conf and add a section for your work station (or add to your default section;
X_COLOR_DEPTH = 24
Then reboot and see what happens .. 100% success rate here. If anyone has any more tips - please add them here!
Local Storage Devices
Ok, we now have this working with GDM. (at this point we're way beyond worrying about LDM) This is what you need to do, on your server, edit /etc/X11/gdm/PreSession/Default
+CLIENT=`echo $DISPLAY | cut -d: -f1 `
+LOCATION="/mnt/localdev/$CLIENT"
+LOCALDEV="/var/lib/localdev"
+mkdir -p ${LOCATION} && chown $USER ${LOCATION} && echo $USER > ${LOCALDEV}/${CLIENT}
SESSREG=`gdmwhich sessreg`
..
Then edit /etc/X11/gdm/PostSession/Default
+CLIENT=`echo $DISPLAY | cut -d: -f1 `
+LOCATION="/mnt/localdev/$CLIENT"
+LOCALDEV="/var/lib/localdev"
+umount ${LOCATION}
+killall -u ${USER} ltspfs
+rm ${LOCALDEV}/${CLIENT}
+rmdir ${LOCATION}
exit 0
Then edit /usr/share/gnome/default.session
7,RestartStyleHint=3 7,Priority=52 7,RestartCommand=/usr/local/bin/LDA-nautilus.sh
Then add LDA-nautilus.sh to your /usr/local/bin, here's my slightly modified version
#!/bin/bash # Copyright Henry Burroughs/ Hilton Head Preparatory School # [email protected] # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #----------Script Setup & Functions find_key() { OUTPUT="" for DIR in `gconftool-2 --all-dirs /desktop/gnome/connected_servers` do $GCONF -a $DIR | grep "$DISPLAY_NAME" > /dev/null if [ $? == 0 ] then OUTPUT="$DIR" fi done echo $OUTPUT } find_last_server() { LASTONE=`$GCONF --all-dirs /desktop/gnome/connected_servers | sort --reverse |cut -d'/' -f 5 | head -n 1` if [ "$LASTONE" != "" ] then NEWONE=`expr $LASTONE + 1` else NEWONE=1 fi echo $NEWONE } delete_key() { KEY=`find_key` $GCONF --recursive-unset $KEY } CLIENT=`echo $DISPLAY | cut -d: -f1 ` #----------End Script Setup & Functions #-----------User Configurable Variables DISPLAY_NAME="My Disks" LOCATION="/mnt/localdev/$CLIENT" LOCALDEV="/var/lib/localdev" #----------End User Configurable Variables #----------Begin Main part of script---------------------- GCONFOPTS="" #This part is under construction... in case it runs before gconfd is up and going #gconftool-2 -p || GCONFOPTS="--direct --config-source=" GCONF="gconftool-2 $GCONFOPTS" #See if there is a host access file for this client, and if not, we delete any existing keys and stop here # This takes care of ssh, vnc, etc...mainly we let the LDA-automount-login.sh script handle it if [ ! -e $LOCALDEV/$CLIENT ] then echo "Delete key: $LOCALDEV/$CLIENT" delete_key exit 0; fi ltspfs ${CLIENT}:/var/run/drives ${LOCATION} & if [ "`find_key`" != "" ] then $GCONF --type string --set `find_key`/uri "file://$LOCATION" exit 0; fi #Otherwise, we need to create that key under the next newest one.... LASTNUM=`find_last_server` $GCONF --type string --set /desktop/gnome/connected_servers/$LASTNUM/display_name "$DISPLAY_NAME" $GCONF --type string --set /desktop/gnome/connected_servers/$LASTNUM/icon "gnome-dev-removable" $GCONF --type string --set /desktop/gnome/connected_servers/$LASTNUM/uri "file://$LOCATION" echo "Connected Server Update Done"
And you should be ready to rock and roll, with ONE main gotcha. You **need** to have entries in your hosts file on both the thin client environment and on the server for each of your clients. (if you don't already, you should!) If you don't do this, ltspfsd won't start on the client and you'll get nowhere.
Security Warning
By default, ltspfsd is started with a "-a" which means that anything you insert into a client USB socket or CD drive will be mountable by anyone on the network with enough knowledge. Bug #133635.
How to secure XDMCP
The comment I hear is "we need LDM for security", my answer is "no you don't". Here's why; If you run your sessions over OpenVPN, they are inherently secure, AND you get a proper login manager. The process goes something like this, on the server
apt-get install openvpn
mv /usr/share/doc/examples/easy-rsa /usr/share/openvpn
cd /usr/share/openvpn/easy-rsa
(read docs, create keys etc)
cd /etc/openvpn
mkdir gdm
vi gdm.conf
---
port 1194
proto udp
dev tun0
ca gdm/ca.crt
cert gdm/server.crt
key gdm/server.key
dh gdm/dh1024.pem
server 10.99.0.0 255.255.255.0
push "route 10.99.0.0 255.255.255.0"
ifconfig-pool-persist gdm/ipp.txt
status gdm/status.log
keepalive 10 50
comp-lzo
persist-key
persist-tun
verb 3
tran-window 3600
tls-server
passtos
duplicate-cn
---
cp /usr/share/openvpn/easy-rsa/keys/{appropriate keys} gdm
/etc/init.d/openvpn start
You should now have a tun0 interface on 10.99.0.1. Now a similar operation for the thin client's environment. On the server, generate a key called "workstation", then do
mkdir /opt/ltsp/i386/etc/openvpn/gdm
cp /usr/share/openvpn/easy-rsa/keys/{ca.crt,workstation.key,workstation.crt} /opt/ltsp/i386/etc/openvpn/gdm
chroot /opt/ltsp/i386 /bin/bash --login
apt-get install openvpn
vi /etc/openvpn/gdm.conf
---
client
dev tun
proto udp
remote <raw IP of server> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca gdm/ca.crt
cert gdm/workstation.crt
key gdm/workstation.key
ns-cert-type server
comp-lzo
verb 3
---
/etc/init.d/openvpn start
To cap it off, to make sure that the client accesses the server via the VPN, edit /etc/X11/gdm/gdm.conf (this is still in the thin client's virtual environment) and set chooser/Broadcast to false and Hosts=10.99.0.1. And you're away ...
