Re: [Ltsp-discuss] LDAP/AD user can log into shell at client but not at the splash screen. Local user, neither.

[David Groos]

Makes sense, thanks again.

Sounding like time to do a fresh install. I poked around in the logs as to
why this happens:

sudo ltsp-update-image --cleanup /
[sudo] password for xyz:
^Crmdir: failed to remove '/tmp/tmp.f6EaWaAzef': No such file or directory

and nothing sticks out.

David

On Wed, Aug 31, 2016 at 11:31 PM, Alkis Georgopoulos 
wrote:

> X01-localapps is a client-side script, so if you didn't run
> ltsp-update-image, you didn't change anything at all.
>
>
> On 01/09/2016 07:19 πμ, David Groos wrote:
> > Hi again,
> >
> > After patching (https://bugs.launchpad.net/ltsp/+bug/1610304
> > ) as described in my
> > just-posted forum e-mail, I got some interesting results with the logins.
> >
> >  1. I applied patch and rebooted the server (though didn't try to update
> > ltsp image)
> >  2. Booted a fat client, then tried to login w/admin user account,
> > didn't work.
> >  3. Returned to server, Right-clicked on client "2A" icon in Epoptes
> window:
> >  a) execute --> open terminal --> Root, locally.
> >  4. In client "local, root terminal": cat /var/log/auth.log (sorry,
> > can't copy/paste): https://ibin.co/2tX7YbEdWtpR.png
> >  5. Repeated with an LDAP/AD user and got exactly same results (nothing
> > extra printed to log)
> >  6. At client pressed "Ctrl + Alt + F2" and dropped me into a login shell
> >  7. Tried to login w/the admin account but said, "login incorrect " and
> > in the log added these 3 lines (also same results for attempt with
> > normal local user): https://ibin.co/2tX8IBQtevmL.png
> >  8. at client tried to login with LDAP user and it works! log added
> > these 3 lines: https://ibin.co/2tX8n5pLa5RR.png
> >
> > *Summary*: Neither local nor LDAP user can log in at client. When
> > dropping into shell, however, LDAP user can log in but local can not.
> >
> > Any ideas?
> >
> > Thanks,
> > David
> >
> >
>
> 
> --
> _
> Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
>   https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
> For additional LTSP help,   try #ltsp channel on irc.freenode.net
>
--
_
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
  https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net

Re: [Ltsp-discuss] Patching /usr/share/ldm/rc.d/X01-localapps gives unanticipated results

[David]

That's very helpful to know, thanks Alkis! 
David


Sent from my T-Mobile 4G LTE Device

 Original message From: Alkis Georgopoulos 
 Date:08/31/2016  11:29 PM  (GMT-06:00) 
To: ltsp-discuss@lists.sourceforge.net Subject: Re: 
[Ltsp-discuss] Patching /usr/share/ldm/rc.d/X01-localapps gives
  unanticipated results 
Hi David,

Both (1) and (2) are completely unrelated to the X01-localapps patch.
X01-localapps never gets executed on the server, neither on login nor
when ltsp-update-image runs, so its contents cannot cause the issues
you're mentioning. Look elsewhere.

Cheers,
Alkis

On 01/09/2016 05:54 πμ, David Groos wrote:
> Hi Folks,
> 
> -- I'm using ltsp-pnp Ubuntu 16.01.
> -- Just joined the server to the district  AD server Using Open
> PowerBroker (formerly Likewise Open--been doing this since 2010)
> -- can no longer log into clients with local clients either.
> 
> To begin to address this problem I patched
> /usr/share/ldm/rc.d/X01-localapps using the patch from here
> https://bugs.launchpad.net/ltsp/+bug/1610304.
> 
> 
> There seem to be 2 unintended consequences:
> 
>  1. When I log in on the server (via regular gui) I get Image shown
> here: https://imagebin.ca/v/2tWrqAQ2Ee2y. After entering the
> password it says "Access denied" twice and doesn't log in. But, when
> I then click into the "log In" box, it logs me in!
>  2. When sitting  at the server or remotely sshed into the server, I try
> to "sudo ltsp-update-image --cleanup / "and it just hangs. When I
> Control + C, I get the following error message: ^Crmdir: failed to
> remove '/tmp/tmp.6nLBVnjB0z': No such file or directory.
> 
> Any ideas?
> 
> Thanks,
> David G


--
_
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
  https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net
--
_
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
  https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net

Re: [Ltsp-discuss] LDAP/AD user can log into shell at client but not at the splash screen. Local user, neither.

[Alkis Georgopoulos]

X01-localapps is a client-side script, so if you didn't run
ltsp-update-image, you didn't change anything at all.


On 01/09/2016 07:19 πμ, David Groos wrote:
> Hi again,
> 
> After patching (https://bugs.launchpad.net/ltsp/+bug/1610304
> ) as described in my
> just-posted forum e-mail, I got some interesting results with the logins.
> 
>  1. I applied patch and rebooted the server (though didn't try to update
> ltsp image)
>  2. Booted a fat client, then tried to login w/admin user account,
> didn't work.
>  3. Returned to server, Right-clicked on client "2A" icon in Epoptes window:
>  a) execute --> open terminal --> Root, locally.
>  4. In client "local, root terminal": cat /var/log/auth.log (sorry,
> can't copy/paste): https://ibin.co/2tX7YbEdWtpR.png
>  5. Repeated with an LDAP/AD user and got exactly same results (nothing
> extra printed to log)
>  6. At client pressed "Ctrl + Alt + F2" and dropped me into a login shell
>  7. Tried to login w/the admin account but said, "login incorrect " and
> in the log added these 3 lines (also same results for attempt with
> normal local user): https://ibin.co/2tX8IBQtevmL.png
>  8. at client tried to login with LDAP user and it works! log added
> these 3 lines: https://ibin.co/2tX8n5pLa5RR.png
> 
> *Summary*: Neither local nor LDAP user can log in at client. When
> dropping into shell, however, LDAP user can log in but local can not.
> 
> Any ideas?
> 
> Thanks,
> David
> 
> 

--
_
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
  https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net

Re: [Ltsp-discuss] Patching /usr/share/ldm/rc.d/X01-localapps gives unanticipated results

[Alkis Georgopoulos]

Hi David,

Both (1) and (2) are completely unrelated to the X01-localapps patch.
X01-localapps never gets executed on the server, neither on login nor
when ltsp-update-image runs, so its contents cannot cause the issues
you're mentioning. Look elsewhere.

Cheers,
Alkis

On 01/09/2016 05:54 πμ, David Groos wrote:
> Hi Folks,
> 
> -- I'm using ltsp-pnp Ubuntu 16.01.
> -- Just joined the server to the district  AD server Using Open
> PowerBroker (formerly Likewise Open--been doing this since 2010)
> -- can no longer log into clients with local clients either.
> 
> To begin to address this problem I patched
> /usr/share/ldm/rc.d/X01-localapps using the patch from here
> https://bugs.launchpad.net/ltsp/+bug/1610304.
> 
> 
> There seem to be 2 unintended consequences:
> 
>  1. When I log in on the server (via regular gui) I get Image shown
> here: https://imagebin.ca/v/2tWrqAQ2Ee2y. After entering the
> password it says "Access denied" twice and doesn't log in. But, when
> I then click into the "log In" box, it logs me in!
>  2. When sitting  at the server or remotely sshed into the server, I try
> to "sudo ltsp-update-image --cleanup / "and it just hangs. When I
> Control + C, I get the following error message: ^Crmdir: failed to
> remove '/tmp/tmp.6nLBVnjB0z': No such file or directory.
> 
> Any ideas?
> 
> Thanks,
> David G


--
_
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
  https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net

[Ltsp-discuss] LDAP/AD user can log into shell at client but not at the splash screen. Local user, neither.

[David Groos]

Hi again,

After patching (https://bugs.launchpad.net/ltsp/+bug/1610304) as described
in my just-posted forum e-mail, I got some interesting results with the
logins.

   1. I applied patch and rebooted the server (though didn't try to update
   ltsp image)
   2. Booted a fat client, then tried to login w/admin user account, didn't
   work.
   3. Returned to server, Right-clicked on client "2A" icon in Epoptes
   window:
a) execute --> open terminal --> Root, locally.
   4. In client "local, root terminal": cat /var/log/auth.log (sorry, can't
   copy/paste): https://ibin.co/2tX7YbEdWtpR.png
   5. Repeated with an LDAP/AD user and got exactly same results (nothing
   extra printed to log)
   6. At client pressed "Ctrl + Alt + F2" and dropped me into a login shell
   7. Tried to login w/the admin account but said, "login incorrect " and
   in the log added these 3 lines (also same results for attempt with normal
   local user): https://ibin.co/2tX8IBQtevmL.png
   8. at client tried to login with LDAP user and it works! log added these
   3 lines: https://ibin.co/2tX8n5pLa5RR.png

*Summary*: Neither local nor LDAP user can log in at client. When dropping
into shell, however, LDAP user can log in but local can not.

Any ideas?

Thanks,
David
--
_
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
  https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net

[Ltsp-discuss] Patching /usr/share/ldm/rc.d/X01-localapps gives unanticipated results

[David Groos]

Hi Folks,

-- I'm using ltsp-pnp Ubuntu 16.01.
-- Just joined the server to the district  AD server Using Open PowerBroker
(formerly Likewise Open--been doing this since 2010)
-- can no longer log into clients with local clients either.

To begin to address this problem I patched /usr/share/ldm/rc.d/X01-localapps
using the patch from here https://bugs.launchpad.net/ltsp/+bug/1610304.


There seem to be 2 unintended consequences:

   1. When I log in on the server (via regular gui) I get Image shown here:
   https://imagebin.ca/v/2tWrqAQ2Ee2y. After entering the password it says
   "Access denied" twice and doesn't log in. But, when I then click into the
   "log In" box, it logs me in!
   2. When sitting  at the server or remotely sshed into the server, I try
   to "sudo ltsp-update-image --cleanup / "and it just hangs. When I Control +
   C, I get the following error message: ^Crmdir: failed to remove
   '/tmp/tmp.6nLBVnjB0z': No such file or directory.

Any ideas?

Thanks,
David G

https://imagebin.ca/v/2tWrqAQ2Ee2y

*Here's auth.log results from trying to log log into server via splash page
(and more)*
Aug31 19:17:20 south-sci-1 systemd-logind[2302]: New seat seat0.
Aug 31 19:17:20 south-sci-1 systemd-logind[2302]: Watching system buttons
on /dev/input/event1 (Power Button)
Aug 31 19:17:20 south-sci-1 systemd-logind[2302]: Watching system buttons
on /dev/input/event0 (Power Button)
Aug 31 19:17:20 south-sci-1 systemd-logind[2302]: Watching system buttons
on /dev/input/event10 (HP WMI hotkeys)
Aug 31 19:17:20 south-sci-1 systemd-logind[2302]: Watching system buttons
on /dev/input/event10 (HP WMI hotkeys)
Aug 31 19:17:20 south-sci-1 sshd[2445]: Server listening on 0.0.0.0 port 22.
Aug 31 19:17:20 south-sci-1 sshd[2445]: Server listening on :: port 22.
Aug 31 19:17:20 south-sci-1 lightdm: PAM unable to dlopen(pam_kwallet.so):
/lib/security/pam_kwallet.so: cannot open shared object file: No such file
or directory
Aug 31 19:17:20 south-sci-1 lightdm: PAM adding faulty module:
pam_kwallet.so
Aug 31 19:17:20 south-sci-1 lightdm: PAM unable to dlopen(pam_kwallet5.so):
/lib/security/pam_kwallet5.so: cannot open shared object file: No such file
or directory
Aug 31 19:17:20 south-sci-1 lightdm: PAM adding faulty module:
pam_kwallet5.so
Aug 31 19:17:20 south-sci-1 lightdm: [lsass-pam]
[module:pam_lsass]pam_sm_open_session failed [login:lightdm][error code: 2]
Aug 31 19:17:20 south-sci-1 lightdm: pam_unix(lightdm-greeter:session):
session opened for user lightdm by (uid=0)
Aug 31 19:17:20 south-sci-1 systemd: [lsass-pam]
[module:pam_lsass]pam_sm_acct_mgmt failed [login:lightdm][error code:2]
Aug 31 19:17:20 south-sci-1 systemd: [lsass-pam]
[module:pam_lsass]pam_sm_acct_mgmt failed [login:lightdm][error code:2]
Aug 31 19:17:20 south-sci-1 systemd: [lsass-pam]
[module:pam_lsass]pam_sm_open_session failed [login:lightdm][error code: 2]
Aug 31 19:17:20 south-sci-1 systemd: pam_unix(systemd-user:session):
session opened for user lightdm by (uid=0)
Aug 31 19:17:20 south-sci-1 systemd-logind[2302]: New session c1 of user
lightdm.
Aug 31 19:17:20 south-sci-1 lightdm: PAM unable to dlopen(pam_kwallet.so):
/lib/security/pam_kwallet.so: cannot open shared object file: No such file
or directory
Aug 31 19:17:20 south-sci-1 lightdm: PAM adding faulty module:
pam_kwallet.so
Aug 31 19:17:20 south-sci-1 lightdm: PAM unable to dlopen(pam_kwallet5.so):
/lib/security/pam_kwallet5.so: cannot open shared object file: No such file
or directory
Aug 31 19:17:20 south-sci-1 lightdm: PAM adding faulty module:
pam_kwallet5.so
Aug 31 19:17:20 south-sci-1 lightdm: pam_succeed_if(lightdm:auth):
requirement "user ingroup nopasswdlogin" not met by user "dgroos"
Aug 31 19:17:23 south-sci-1 sshd[2445]: Received SIGHUP; restarting.
Aug 31 19:17:23 south-sci-1 sshd[2445]: Server listening on 0.0.0.0 port 22.
Aug 31 19:17:23 south-sci-1 sshd[2445]: Server listening on :: port 22.
Aug 31 19:17:23 south-sci-1 sshd[2445]: Received SIGHUP; restarting.
Aug 31 19:17:23 south-sci-1 sshd[2445]: Server listening on 0.0.0.0 port 22.
Aug 31 19:17:23 south-sci-1 sshd[2445]: Server listening on :: port 22.
Aug 31 19:17:29 south-sci-1 sshd[2445]: Received SIGHUP; restarting.
Aug 31 19:17:29 south-sci-1 sshd[2445]: Server listening on 0.0.0.0 port 22.
Aug 31 19:17:29 south-sci-1 sshd[2445]: Server listening on :: port 22.
Aug 31 19:17:29 south-sci-1 sshd[2445]: Received SIGHUP; restarting.
Aug 31 19:17:29 south-sci-1 sshd[2445]: Server listening on 0.0.0.0 port 22.
Aug 31 19:17:29 south-sci-1 sshd[2445]: Server listening on :: port 22.
Aug 31 19:17:34 south-sci-1 lightdm: [lsass-pam] [module:pam_lsass]User
dgroos is denied access because they are not in the 'require membership of'
list
Aug 31 19:17:34 south-sci-1 lightdm: [lsass-pam] [module:pam_lsass]User
dgroos is denied access because they are not in the 'require membership of'
list
Aug 31 19:17:45 south-sci-1 dbus[2271]: [system] Failed to activate service
'org.bluez': 

Re: [Ltsp-discuss] LTSP FatClient - make home directory not persistent

[Chris D]

Hello all,

just for record, here is how I was able to solve this issue:

in script /usr/share/ldm/rc.d/X01-localapps

I replaced this line:

sshfs -o
"${follow_home_symlinks}${disable_hardlink}allow_other,nonempty,ControlPath=$LDM_SOCKET"
"$LDM_SERVER:$LDM_HOME" "$LDM_HOME"

whit this piece of code:

HOME_TEMP_DIR="$LDM_HOME"-template

if [ "$LOCK_HOME" = true ] ; then
mkdir "$HOME_TEMP_DIR"
sshfs -o
"${follow_home_symlinks}${disable_hardlink}allow_other,nonempty,ro,ControlPath=$LDM_SOCKET"
"$LDM_SERVER:$LDM_HOME" "$HOME_TEMP_DIR"
mkdir /cow/home-up
mkdir /cow/home-work
mount -t overlay overlay "$LDM_HOME" -o
lowerdir="$HOME_TEMP_DIR",upperdir=/cow/home-up,workdir=/cow/home-work
else
sshfs -o
"${follow_home_symlinks}${disable_hardlink}allow_other,nonempty,ControlPath=$LDM_SOCKET"
"$LDM_SERVER:$LDM_HOME" "$LDM_HOME"
fi


so now I can control if the home directory should be mounted with overlayfs
using LOCK_HOME in lts.conf file
you can notice that upperdir is located in /cow directory, which is tmpfs
mounted by default in LTSP

so sample config might look like this one:

[master-client]
LOCK_HOME = false


[Default]
LOCK_HOME = true
LTSP_FATCLIENT = true
LDM_AUTOLOGIN = true
LDM_USERNAME = user
LDM_PASSWORD = 
LOCAL_APPS = true
SCREEN_07="ldm"

In this scenario only master-client is able to do changes in home directory
on the server. Al other client changes are local and will vanish after
reboot of the client.

One more time thanks for help to you all!

Best,
Chris




On Tue, Aug 23, 2016 at 6:32 PM, Chris Ditrich 
wrote:

> Hi Valtteri,
>
> yes, I've been thinking about using 'kiosk' but it not exactly matches my
> profile
> to be honest my configuration is a little bit weird ;)
> the idea is to have configuration on the server and manage it from the
> server (using puppet maybe) so I will not have to rebuild ltsp image each
> time it changes
>
> but with the hints from Alkis I think I will be able to achieve what I want
>
> best,
> Chris
>
>
>
>
>
> On 23.08.2016 14:34, Valtteri Suojanen wrote:
>
> Hi
>
> You did not mention your users or anything about how they use the client
> devices .
>
> Autlogin on 100 device sounds like a kiosk environment to me. And
> preventing changes sounds like a read only filesystem. There is a screen
> script in ltsp package called 'kiosk' that creates a temporary session for
> each login but you need to configure it to run  a specific program or task.
>
> And there are propably hundred others  kiosk setups in the internet you
> can apply with or without ltsp
>
> "Kiosk" means that clients should have same service and taste every time.
> So you create session on the client environment  first as a template and
> then you configure it to be used (copied) and mounted on tmpfs and cleanup
> it on logout or reboot.
>
> first describe what applications  your clients use?
>
> Valtteri
>
> 23.8.2016 14.35 "Chris D"  kirjoitti:
>
>> Hello *
>>
>> I have about 100 fat clients in production environment which have the
>> same configuration
>> The configuration is made with one user account and I auto-login each fat
>> client to this account
>>
>> but I want to prevent users from making changes to configuration,
>> because now home directory is mounted via sshfs from the server by each
>> fat client
>> and each change in user config/files is visible on each fat client
>>
>> I've been thinking about using overlayfs and ram/tmpfs to save basic
>> configuration
>> so that all local changes will disappear after the reboot
>>
>> as far as I've learned LTSP don't support such functionality
>> but is it possible to achieve such scenario with some hacks?
>> or could you please tell me which script is responsible for
>> mounting home directories over sshfs?
>>
>> best,
>> Chris
>>
>> 
>> --
>>
>> _
>> Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
>>   https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
>> For additional LTSP help,   try #ltsp channel on irc.freenode.net
>>
>>
>
> --
>
>
>
> _
> Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
>   https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
> For additional LTSP help,   try #ltsp channel on irc.freenode.net
>
>
>
--
_
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
  

Re: [Ltsp-discuss] Install local video drivers

[Michael Pope]

For youtube performance on thin clients I've installed a copy of
chromium in the thin client chroot section and tell people to use
chromium for youtube. This way it uses the power of the thin clients
video card instead of the servers.

Regards,

Michael Pope

On 31/08/16 03:29, Luis Roberto Romano wrote:

> Hi.
>
> I've installed a LTSP server. I'm having some issues about the video
> performance in youtube,
> Is there any way to install locally the video driver in order to get a
> better performance?
>
> Regards.
>
> -- 
> --
> Luis R. Romano
>
>
> Twitter: @luirro777
> Facebook: www.facebook.com/luisromano84
> 
> Blog: luisrobertoromano.wordpress.com
> 
> Linkedin: http://ar.linkedin.com/pub/romano-luis/9/265/848
>
>
>
> --
>
>
> _
> Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
>   https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
> For additional LTSP help,   try #ltsp channel on irc.freenode.net

--
_
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
  https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net