Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-30 Thread David C. Rankin 
On 07/30/2018 02:32 AM, Ralph Corderoy wrote:
>> I am totally confused as to what and why you are wanting to put your
>> Arch server between the employees and the RDP session to the windows
>> server?? Where is the code they produce stored? Windows? Arch Server?
> Mike didn't mention an Arch server.  He has a Windows server and ten
> PCs.  He wants each PC to be a dumb RDP terminal to the server.  He is
> considering running `the Arch system' on each dumb PC to provide the
> RDP-terminal functionality, e.g. an X server and RDP client.

Ralph,

  Oh, oh, that makes sense. Yes, just load arch, load whatever lightweight
desktop you like. I like both i3 and fluxbox, but prefer fluxbox. A lightdm
type DM is fine. With fluxbox, I would just configure the autologin to the
windows RDP session via the ~/.fluxbox/startup file. I don't use AD/kerbose,
etc.., but I see no reason you couldn't do something similar. As long as you
can invoke the RDP session from the command line -- you can put it in a
startup file. I've always just used the rdesktop package from the community
repository. Always worked fine.

FM

  Good luck on the project and sorry for the confusion.

-- 
David C. Rankin, J.D.,P.E.

Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-30 Thread Chris Warrick via arch-general 
On Mon, 30 Jul 2018 at 16:00, Ralph Corderoy  wrote:
>
> Hi Mike,
>
> > How can I automatically detect that FreeRDP session has been closed so
> > that I can run a small Zenity script?
>
> Well, a script is probably being run, just like a .xinitrc might be,
> and instead of its normal
>
> xclock &
> xbiff &
> xterm &
> exec twm
>
> to start a bunch of X clients in the background and then replace xinit
> with the window manager, ending the session when the WM quits, you could
>
> twm &
> rdp-client
> timeout 30 zenity ...
> # ...conditionally reboot, shutdown, or just re-start X server when
> # it exits to get a fresh rdp-client.
>
> so sh(1) waits for rdp-client to exit before executing further commands.

One issue here: it’s possible that the RDP client returns control to
the shell immediately (as some GUI apps will do). In that case, you’ll
need a different solution.

-- 
Chris Warrick 
PGP: 5EAAEA16

Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-30 Thread Ralph Corderoy 
Hi Mike,

> How can I automatically detect that FreeRDP session has been closed so
> that I can run a small Zenity script?

Well, a script is probably being run, just like a .xinitrc might be,
and instead of its normal

xclock &
xbiff &
xterm &
exec twm

to start a bunch of X clients in the background and then replace xinit
with the window manager, ending the session when the WM quits, you could

twm &
rdp-client
timeout 30 zenity ...
# ...conditionally reboot, shutdown, or just re-start X server when
# it exits to get a fresh rdp-client.

so sh(1) waits for rdp-client to exit before executing further commands.

-- 
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy

Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-30 Thread Foxtrot Mike via arch-general 
On 07/30/2018 12:32 PM, Ralph Corderoy wrote:
> Hi David,
>
>> Foxtrot Mike wrote:
>>> I want to use the Arch system as a Remote Desktop node. The Arch
>>> system would use a login manager (such as lightdm) to authenticate
>>> users from Windows Domain. Once the user has been authenticated, the
>>> system is supposed to automatically open a RDP connection (using
>>> freerdp) to the Windows Server (if possible, using the credentials
>>> provided to lightdm so the user doesn't have to enter his password
>>> twice). As soon as the user quits the RDP session, his X-session
>>> should also be closed automatically.
>> I am totally confused as to what and why you are wanting to put your
>> Arch server between the employees and the RDP session to the windows
>> server?? Where is the code they produce stored? Windows? Arch Server?
> Mike didn't mention an Arch server.  He has a Windows server and ten
> PCs.  He wants each PC to be a dumb RDP terminal to the server.  He is
> considering running `the Arch system' on each dumb PC to provide the
> RDP-terminal functionality, e.g. an X server and RDP client.
>
Thanks for summarizing it so elegantly.

Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-30 Thread Foxtrot Mike via arch-general 
On 07/29/2018 10:01 PM, Chris Warrick via arch-general wrote:
> On Fri, 27 Jul 2018 at 19:07, Foxtrot Mike via arch-general
>  wrote:
>> Hi all,
>>
>> Currently we have around 10 employees who develop software using Visual
>> Studio. The idea is to install the development tools on the Windows
>> Server system, and to have all the developers connect to the server over
>> RDP using low-end low-power computers. The server is pretty beefy
>> though. The low end client PCs will save up-front cost as well as power
>> bills. The network backend will not have any issue with the increased
>> RDP traffic.
> If I were one of the employees, I wouldn’t be very happy about the
> idea. RDP will never be as reliable and snappy as working on a
> physical machine, even if the server was more powerful. Developers
> aren’t the best employees to make savings on. Do note that the savings
> will be limited due to eg. Windows Server licensing. Also, have you
> tested it and made sure that all the software is compatible with
> concurrent use via RDP?

Well, the decision to use RDP comes from higher management. There was a 
suggestion to use proprietary thin clients (such as from HP), but I 
thought I could make the 'system' myself with some tinkering. The 
network backend is enough for these RDP sessions. May be the lag won't 
be that bad. If the worst happens,  I'll write all this effort and time 
off as 'experience'.

> But if you have to, here’s an idea:
>
> One Linux user account, auto-login into X. That user account runs
> Openbox (as something more user-friendly), which auto-starts a RDP
> client.
> After the user ends their Windows session, a dialog box (eg. from
> Zenity) appears, asking to restart the Windows session or shut down
> the computer, perhaps with a timeout.
>

Thanks. That's the approach I have decided would be the best, based on 
the  very helpful comments from other users.
One thing though. How can I automatically detect that FreeRDP session 
has been closed so that I can run a small Zenity script?

Regards.

Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-30 Thread Ralph Corderoy 
Hi David,

> Foxtrot Mike wrote:
> > I want to use the Arch system as a Remote Desktop node. The Arch
> > system would use a login manager (such as lightdm) to authenticate
> > users from Windows Domain. Once the user has been authenticated, the
> > system is supposed to automatically open a RDP connection (using
> > freerdp) to the Windows Server (if possible, using the credentials
> > provided to lightdm so the user doesn't have to enter his password
> > twice). As soon as the user quits the RDP session, his X-session
> > should also be closed automatically.
>
> I am totally confused as to what and why you are wanting to put your
> Arch server between the employees and the RDP session to the windows
> server?? Where is the code they produce stored? Windows? Arch Server?

Mike didn't mention an Arch server.  He has a Windows server and ten
PCs.  He wants each PC to be a dumb RDP terminal to the server.  He is
considering running `the Arch system' on each dumb PC to provide the
RDP-terminal functionality, e.g. an X server and RDP client.

-- 
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy

Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-29 Thread David C. Rankin 
On 07/27/2018 12:07 PM, Foxtrot Mike via arch-general wrote:
> I  want to use the Arch system as a Remote Desktop 
> node. The Arch system would use a login manager (such as lightdm) to 
> authenticate users from Windows Domain. Once the user has been 
> authenticated, the system is supposed to automatically open a RDP 
> connection (using freerdp) to the Windows Server (if possible, using the 
> credentials provided to lightdm so the user doesn't have to enter his 
> password twice). As soon as the user quits the RDP session, his 
> X-session should also be closed automatically.

FM,

  I am totally confused as to what and why you are wanting to put your Arch
server between the employees and the RDP session to the windows server?? Where
is the code they produce stored? Windows? Arch Server?

  Why not just have them open a single RDP session to the windows server
directly? Are they actually using something from the Linux box?

  If there is a reason why they need the Arch server, do they each have a
Linux user account there? If they do, why not use vncserver (TigerVNC) to
provide a Linux desktop to them using ssh tunneling. The vncserver can handle
the X startup (it provides a nice short configuration file you can tweak to
start whatever desktop you like. I3 is fine, fluxbox is another excellent
choice). You likely could launch the additional RDP session there, or have the
desktop startup file do it for you.

  Sorry for the additional questions, but I am not clear on what you are
trying to achieve and there may be simpler ways of doing it -- if I understood
what you were trying to do.

  I use RDP to both Linux and Windows, but each are virtualized with
VirtualBox and made available over the network. That would be a bit resource
intensive for the server depending on your RAM -- I run guests with 2G.

  If both the all employees and both the Arch and Windows servers are being a
secure firewall, then XDMCP is another option for providing a remote Xsession
to your employees. It has its valid uses, but is generally frowned upon from a
security standpoint.

  If all your employees need is the VS install on the windows server -- then I
don't see how the Arch server would be a benefit to have in the middle. (of
course I don't see the benefit of coding in VS... but to each his own...)

-- 
David C. Rankin, J.D.,P.E.

Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-29 Thread Chris Warrick via arch-general 
On Fri, 27 Jul 2018 at 19:07, Foxtrot Mike via arch-general
 wrote:
>
> Hi all,
>
> Currently we have around 10 employees who develop software using Visual
> Studio. The idea is to install the development tools on the Windows
> Server system, and to have all the developers connect to the server over
> RDP using low-end low-power computers. The server is pretty beefy
> though. The low end client PCs will save up-front cost as well as power
> bills. The network backend will not have any issue with the increased
> RDP traffic.

If I were one of the employees, I wouldn’t be very happy about the
idea. RDP will never be as reliable and snappy as working on a
physical machine, even if the server was more powerful. Developers
aren’t the best employees to make savings on. Do note that the savings
will be limited due to eg. Windows Server licensing. Also, have you
tested it and made sure that all the software is compatible with
concurrent use via RDP?

But if you have to, here’s an idea:

One Linux user account, auto-login into X. That user account runs
Openbox (as something more user-friendly), which auto-starts a RDP
client.
After the user ends their Windows session, a dialog box (eg. from
Zenity) appears, asking to restart the Windows session or shut down
the computer, perhaps with a timeout.

-- 
Chris Warrick 
PGP: 5EAAEA16

Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-29 Thread Foxtrot Mike via arch-general 


On 07/28/2018 02:52 AM, cyelae via arch-general wrote:
> On 2018-07-27 19:07, Foxtrot Mike via arch-general wrote:
>> Hi all,
>>
>> Currently we have around 10 employees who develop software using Visual
>> Studio. The idea is to install the development tools on the Windows
>> Server system, and to have all the developers connect to the server over
>> RDP using low-end low-power computers. The server is pretty beefy
>> though. The low end client PCs will save up-front cost as well as power
>> bills. The network backend will not have any issue with the increased
>> RDP traffic.
>
> I'm not sure about the auth part given my little experience with it, 
> but if you're going to log into a server via RDP, can't you simply 
> have your lightweight machine automatically open a default session 
> [1], connect to the windows server, and authenticate users there?
You mean I should have something like a guest account on Linux for 
opening an X session, and then the RDP application would connect to the 
Windows Server and ask for Windows Domain password? I think it could be 
done, but I'll have to severely limit the guest account from security 
point of view.
>
> If you're going to only have one app running on the client machines, 
> you don't need a window manager; xinit do that [2] [3]
I tried opening Firefox using init, without any window manager. Firefox 
did open but there were some issues with graphics. Such as upon right 
clicking, the options menu wouldn't show. Also, youtube for some reason 
didn't show any thumbnail. After some research it seemed that directly 
running an application from xinit without a window manager is not a good 
idea if the application is graphically complex.
>
> [1] https://wiki.archlinux.org/index.php/Xinit#Autostart_X_at_login
> [2] 
> https://wiki.archlinux.org/index.php/Xinit#Starting_applications_without_a_window_manager
> [3] https://bbs.archlinux.org/viewtopic.php?id=107319

Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-29 Thread Foxtrot Mike via arch-general 


On 07/27/2018 11:17 PM, Giancarlo Razzolini wrote:
> Em julho 27, 2018 14:46 Foxtrot Mike via arch-general escreveu:
>>
>> The issue with x2go and ltsp is that I'll have to separately manage 
>> username and passwords for local Linux login. The solution that I'd 
>> rather prefer would use Active directory authentication so the 
>> current system administrator won't have to do anything extra. The 
>> group policies are already there. Once the Arch system is properly 
>> configured, I'd disable local logins so there will be very limited 
>> chance for a user to corrupt/modify Arch system. And ideally, the 
>> user would have no way to interact with the local system. Thats why I 
>> want to limit the user to freeRDP. Anything else, and the X-session 
>> expires.
>
> You have more than one option to authenticate to windows AD servers 
> [0] . You
> have PAM Ldap, winbind, making a samba server the secondary 
> controller, etc.
I thought these options worked together, i.e, I'd to use samba PAM and 
winbing all together. Thanks for the info. I'll look deeper into it.
>
> You will probably need a local home dir for storing session data, but 
> this can
> be created/destroyed on demand.
>
>>
>> Plus, I am very much into embedded linux systems (routers, SBCs, 
>> etc). I think putting the various pieces together would be give me a 
>> lot more to learn as compared to using a third party specialized 
>> software such as a kiosk script.
>>
>
> Why reinvent the wheel here? I understand the need for learning, but I 
> wouldn't
> do this on something that is intended as a production system. Again, 
> don't use
> plain X protocol over the network, it's very wasteful.

I plan to use RDP. I think it's not the same as using 'plain X protocol 
over the network' since RDP includes encryption and compression, afaik. 
Please correct me if I'm wrong.
>
> Regards,
> Giancarlo Razzolini
>
> [0] https://wiki.archlinux.org/index.php/Active_Directory_Integration

Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-28 Thread Ralph Corderoy 
Hi Mike,

cyelae wrote:
> I'm not sure about the auth part given my little experience with it,
> but if you're going to log into a server via RDP, can't you simply
> have your lightweight machine automatically open a default session
> [1], connect to the windows server, and authenticate users there?

That would be my suggestion.  It sounds like you don't want the local
user to be able to access anything but the remote Windows server anyway.
I realise you want to know how to fit the parts together yourself,
but it would still be worth a look at existing solutions for ideas,
e.g. should a user be able to shutdown the PC?

https://thinstation.github.io/thinstation/
http://porteus-kiosk.org/
http://users.telenet.be/mydotcom/howto/linuxkiosk/rdpterm.html

-- 
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy

Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-27 Thread cyelae via arch-general 

On 2018-07-27 19:07, Foxtrot Mike via arch-general wrote:

Hi all,

Currently we have around 10 employees who develop software using Visual
Studio. The idea is to install the development tools on the Windows
Server system, and to have all the developers connect to the server 
over

RDP using low-end low-power computers. The server is pretty beefy
though. The low end client PCs will save up-front cost as well as power
bills. The network backend will not have any issue with the increased
RDP traffic.


I'm not sure about the auth part given my little experience with it, but 
if you're going to log into a server via RDP, can't you simply have your 
lightweight machine automatically open a default session [1], connect to 
the windows server, and authenticate users there?


If you're going to only have one app running on the client machines, you 
don't need a window manager; xinit do that [2] [3]


[1] https://wiki.archlinux.org/index.php/Xinit#Autostart_X_at_login
[2] 
https://wiki.archlinux.org/index.php/Xinit#Starting_applications_without_a_window_manager

[3] https://bbs.archlinux.org/viewtopic.php?id=107319

Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-27 Thread Giancarlo Razzolini via arch-general 

Em julho 27, 2018 16:24 ProgAndy escreveu:


The Arctica Project seems to be in the process of implementing exactly 
what you want.


https://arctica-project.org/

https://github.com/ArcticaProject/remote-logon-service




It looks they are using Nomachine's nx libraries, the same x2go uses. And, the 
fact
the transport is over SSH, makes it look a lot like x2go. But, it seems to me 
that the
project is very much on the beginning, I wouldn't use it also for production.

Regards,
Giancarlo Razzolini

pgpkJSEb_PTmJ.pgp
Description: PGP signature

Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-27 Thread ProgAndy 

Am 27.07.2018 um 19:46 schrieb Foxtrot Mike via arch-general:


On 07/27/2018 10:16 PM, Giancarlo Razzolini wrote:

Em julho 27, 2018 14:07 Foxtrot Mike via arch-general escreveu:

Here are the major tasks:

1- Ask LightDM to use Windows Domain (Kerberos) authentication. I am
a little confused. There are supposedly many different ways with
little changes to do this. [1] is one solution. LDAP is also a
possibility. I need advice from someone who knows this field better
than me :p

2- How to ask i3-wm (my default wm) to run freerdp at login? I guess
[2] will get this done.

3- How to ask freerdp to authenticate using the ticket received from
TGT during LightDM Domain authentication? If I could somehow
configure freerdp to use Kerberos Tickets then the user won't have to
enter his Domain password again.

4- How to ask i3-wm to close the X-session when freeRDP quits? I read
something a while ago about .xsession files to achieve this
functionality, but can't find it now.


Hi Mike,

You have some options here. I suggest you look into x2go and ltsp for
starters.
I don't suggest you use plain X over the network.

With those 2 options you can have this kiosk mode you want, for the
users to only
be able to access windows.

Regards,
Giancarlo Razzolini

Thanks for the reply.

The issue with x2go and ltsp is that I'll have to separately manage
username and passwords for local Linux login. The solution that I'd
rather prefer would use Active directory authentication so the current
system administrator won't have to do anything extra. The group policies
are already there. Once the Arch system is properly configured, I'd
disable local logins so there will be very limited chance for a user to
corrupt/modify Arch system. And ideally, the user would have no way to
interact with the local system. Thats why I want to limit the user to
freeRDP. Anything else, and the X-session expires.

Plus, I am very much into embedded linux systems (routers, SBCs, etc). I
think putting the various pieces together would be give me a lot more to
learn as compared to using a third party specialized software such as a
kiosk script.

Regards.


The Arctica Project seems to be in the process of implementing exactly 
what you want.


https://arctica-project.org/

https://github.com/ArcticaProject/remote-logon-service


Regards,
Andy

Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-27 Thread Giancarlo Razzolini via arch-general 

Em julho 27, 2018 14:46 Foxtrot Mike via arch-general escreveu:


The issue with x2go and ltsp is that I'll have to separately manage 
username and passwords for local Linux login. The solution that I'd 
rather prefer would use Active directory authentication so the current 
system administrator won't have to do anything extra. The group policies 
are already there. Once the Arch system is properly configured, I'd 
disable local logins so there will be very limited chance for a user to 
corrupt/modify Arch system. And ideally, the user would have no way to 
interact with the local system. Thats why I want to limit the user to 
freeRDP. Anything else, and the X-session expires.


You have more than one option to authenticate to windows AD servers [0] . You
have PAM Ldap, winbind, making a samba server the secondary controller, etc.

You will probably need a local home dir for storing session data, but this can
be created/destroyed on demand.



Plus, I am very much into embedded linux systems (routers, SBCs, etc). I 
think putting the various pieces together would be give me a lot more to 
learn as compared to using a third party specialized software such as a 
kiosk script.




Why reinvent the wheel here? I understand the need for learning, but I wouldn't
do this on something that is intended as a production system. Again, don't use
plain X protocol over the network, it's very wasteful.

Regards,
Giancarlo Razzolini

[0] https://wiki.archlinux.org/index.php/Active_Directory_Integration

pgpO1oJ1yeqzb.pgp
Description: PGP signature

Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-27 Thread Bardur Arantsson 
On 2018-07-27 19:46, Foxtrot Mike via arch-general wrote:
> 
> The issue with x2go and ltsp is that I'll have to separately manage 
> username and passwords for local Linux login. The solution that I'd 
> rather prefer would use Active directory authentication so the current 
> system administrator won't have to do anything extra. The group policies 
> are already there. Once the Arch system is properly configured, I'd 
> disable local logins so there will be very limited chance for a user to 
> corrupt/modify Arch system. And ideally, the user would have no way to 
> interact with the local system. Thats why I want to limit the user to 
> freeRDP. Anything else, and the X-session expires.

I'm not up to speed on the windows world, but could PAM LDAP
authentication perhaps be of help here?

Regards,

Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-27 Thread Foxtrot Mike via arch-general 


On 07/27/2018 10:16 PM, Giancarlo Razzolini wrote:
> Em julho 27, 2018 14:07 Foxtrot Mike via arch-general escreveu:
>>
>> Here are the major tasks:
>>
>> 1- Ask LightDM to use Windows Domain (Kerberos) authentication. I am 
>> a little confused. There are supposedly many different ways with 
>> little changes to do this. [1] is one solution. LDAP is also a 
>> possibility. I need advice from someone who knows this field better 
>> than me :p
>>
>> 2- How to ask i3-wm (my default wm) to run freerdp at login? I guess 
>> [2] will get this done.
>>
>> 3- How to ask freerdp to authenticate using the ticket received from 
>> TGT during LightDM Domain authentication? If I could somehow 
>> configure freerdp to use Kerberos Tickets then the user won't have to 
>> enter his Domain password again.
>>
>> 4- How to ask i3-wm to close the X-session when freeRDP quits? I read 
>> something a while ago about .xsession files to achieve this 
>> functionality, but can't find it now.
>>
> Hi Mike,
>
> You have some options here. I suggest you look into x2go and ltsp for 
> starters.
> I don't suggest you use plain X over the network.
>
> With those 2 options you can have this kiosk mode you want, for the 
> users to only
> be able to access windows.
>
> Regards,
> Giancarlo Razzolini

Thanks for the reply.

The issue with x2go and ltsp is that I'll have to separately manage 
username and passwords for local Linux login. The solution that I'd 
rather prefer would use Active directory authentication so the current 
system administrator won't have to do anything extra. The group policies 
are already there. Once the Arch system is properly configured, I'd 
disable local logins so there will be very limited chance for a user to 
corrupt/modify Arch system. And ideally, the user would have no way to 
interact with the local system. Thats why I want to limit the user to 
freeRDP. Anything else, and the X-session expires.

Plus, I am very much into embedded linux systems (routers, SBCs, etc). I 
think putting the various pieces together would be give me a lot more to 
learn as compared to using a third party specialized software such as a 
kiosk script.

Regards.

Re: [arch-general] Arch Linux PC as a Remote Desktop Node

2018-07-27 Thread Giancarlo Razzolini via arch-general 

Em julho 27, 2018 14:07 Foxtrot Mike via arch-general escreveu:


Here are the major tasks:

1- Ask LightDM to use Windows Domain (Kerberos) authentication. I am a 
little confused. There are supposedly many different ways with little 
changes to do this. [1] is one solution. LDAP is also a possibility. I 
need advice from someone who knows this field better than me :p


2- How to ask i3-wm (my default wm) to run freerdp at login? I guess [2] 
will get this done.


3- How to ask freerdp to authenticate using the ticket received from TGT 
during LightDM Domain authentication? If I could somehow configure 
freerdp to use Kerberos Tickets then the user won't have to enter his 
Domain password again.


4- How to ask i3-wm to close the X-session when freeRDP quits? I read 
something a while ago about .xsession files to achieve this 
functionality, but can't find it now.



Hi Mike,

You have some options here. I suggest you look into x2go and ltsp for starters.
I don't suggest you use plain X over the network.

With those 2 options you can have this kiosk mode you want, for the users to 
only
be able to access windows.

Regards,
Giancarlo Razzolini

pgpuzLJY49WNT.pgp
Description: PGP signature