Re: [Ltsp-discuss] ltsp 5 login weirdness
Vagrant.
Thanks for the reply. In due course, I might get the updated Ubuntu
package. For the moment, I hacked up the scripts in
/opt/ltsp5/i386/usr/share/ltsp/screen.d/
to get the desired result. At least telnet and startx suffer from
the same problem. Arguments not passed properly.
This release:
ltsp-server-standalone5.5.1-1ubuntu2
is not a happy or auspicious release. The star feature, ldm doesn't
work for me. It has the dreaded Server not Responding bug, for which
Google doesn't have an answer, that I can find, and none of the other
screen.d scripts work out of the box, either.
It would be fantastic to see ltsp project doing better than this.
regards, Tim Johnston.
On 03/03/15 09:06, Vagrant Cascadian wrote:
On 2015-02-12, Tim Johnston wrote:
ltsp-server-standalone 5.5.1-1ubuntu2
...
I have /var/lib/tftpboot/ltsp5/i386/lts.conf as:
[default]
SERVER=192.168.10.1
SCREEN_01=shell
SCREEN_02=telnet
SCREEN_03=kiosk
...
TELNET_HOST=192.168.10.1
...
screen_02 says press any key to connect. But it doesn't connect, it
drops to a telnet prompt. But can then open 192.168.10.1 to connect
to the server works fine.
That sounds odd.
Yes. This particular terminal is intended as a telnet text terminal, so
it would be good if I could get this to work properly.
There was a fix committed upstream in the telnet screen script that
isn't present until ltsp 5.5.4:
https://bazaar.launchpad.net/~ltsp-upstream/ltsp/ltsp-trunk/revision/2599/client/share/ltsp/screen.d/telnet
Ubuntu trusty only has 5.5.1...
It's a simple patch:
--- a/client/share/ltsp/screen.d/telnet
+++ b/client/share/ltsp/screen.d/telnet
@@ -22,7 +22,7 @@
# the default of '192.168.67.1'
#
-if [ $# -ge 1 ]; then
+if [ -n $1 ]; then
TELNET_ARGS=$*
else
TELNET_HOST=${TELNET_HOST:-${SERVER}}
That may fix your issue with telnet.
ldm and startx don't work at all, nothing logged.
By not work at all, you mean nothing shows on the screen at all? Or a
login screen shows but doesn't successfully login?
They're not configured to run in your above setup. You'd typically add
them as SCREEN_07=ldm or SCREEN_07=startx in lts.conf. If you can get
the shell working on one of the other ttys, that would be your best
avenue for debugging...
startx: blank screen, nothing logged that I can see.
BUT, from shell X -query 192.168.10.1 works fine.
I think this essentially the same issue to the telnet one, fixed in:
https://bazaar.launchpad.net/~ltsp-upstream/ltsp/ltsp-trunk/revision/2598
ldm: starts, but can't log in no response from server, restarting.
That's typically the result of outdated ssh keys, which should be fixed
on Ubuntu (or other systems using NBD) by:
ltsp-update-sshkeys
ltsp-update-image
Either that, or it's trying to connect to some other server...
live well,
vagrant
--
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
--
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp 5 login weirdness
On 2015-02-12, Tim Johnston wrote:
ltsp-server-standalone 5.5.1-1ubuntu2
...
I have /var/lib/tftpboot/ltsp5/i386/lts.conf as:
[default]
SERVER=192.168.10.1
SCREEN_01=shell
SCREEN_02=telnet
SCREEN_03=kiosk
...
TELNET_HOST=192.168.10.1
...
screen_02 says press any key to connect. But it doesn't connect, it
drops to a telnet prompt. But can then open 192.168.10.1 to connect
to the server works fine.
That sounds odd.
Yes. This particular terminal is intended as a telnet text terminal, so
it would be good if I could get this to work properly.
There was a fix committed upstream in the telnet screen script that
isn't present until ltsp 5.5.4:
https://bazaar.launchpad.net/~ltsp-upstream/ltsp/ltsp-trunk/revision/2599/client/share/ltsp/screen.d/telnet
Ubuntu trusty only has 5.5.1...
It's a simple patch:
--- a/client/share/ltsp/screen.d/telnet
+++ b/client/share/ltsp/screen.d/telnet
@@ -22,7 +22,7 @@
# the default of '192.168.67.1'
#
-if [ $# -ge 1 ]; then
+if [ -n $1 ]; then
TELNET_ARGS=$*
else
TELNET_HOST=${TELNET_HOST:-${SERVER}}
That may fix your issue with telnet.
ldm and startx don't work at all, nothing logged.
By not work at all, you mean nothing shows on the screen at all? Or a
login screen shows but doesn't successfully login?
They're not configured to run in your above setup. You'd typically add
them as SCREEN_07=ldm or SCREEN_07=startx in lts.conf. If you can get
the shell working on one of the other ttys, that would be your best
avenue for debugging...
startx: blank screen, nothing logged that I can see.
BUT, from shell X -query 192.168.10.1 works fine.
I think this essentially the same issue to the telnet one, fixed in:
https://bazaar.launchpad.net/~ltsp-upstream/ltsp/ltsp-trunk/revision/2598
ldm: starts, but can't log in no response from server, restarting.
That's typically the result of outdated ssh keys, which should be fixed
on Ubuntu (or other systems using NBD) by:
ltsp-update-sshkeys
ltsp-update-image
Either that, or it's trying to connect to some other server...
live well,
vagrant
signature.asc
Description: PGP signature
--
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/_
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp 5 login weirdness
On 2015-02-12, Tim Johnston wrote: On recently upgraded Ubuntu 14.04 (trusty). I've installed ltsp-server-standalone 5.5.1-1ubuntu2 and done the ltsp-build client. I have /var/lib/tftpboot/ltsp5/i386/lts.conf as: [default] SERVER=192.168.10.1 SCREEN_01=shell SCREEN_02=telnet SCREEN_03=kiosk ... TELNET_HOST=192.168.10.1 Specifying SERVER should be redundant if your NBD/NFS server is the same as your LTSP server. My pxe terminal boots OK, nothing unusual in syslog that I can see. With screen_01 shell, it does this weird thing where the console flops back and forth between a Login:, and what appears to be a # root prompt. If you respond to the Login:, it flops to #, and says command not found if you type a command in response to #, it says Login incorrect. After an extended, variable time, it sometimes becomes possible to log in (I've created an account in chrooted /opt/ltsp5/i386). Then everything appears normal. It shows proper netstat -nr, everything seems to be mounted OK. You should probably stick to SCREEN_02 and higher. tty1 (a.k.a. SCREEN_01) usually has a traditional login getty running on it, and it's probably fighting with the shell screen script. Normally, tty2 through tty6 also have login gettys running on them, but LTSP clears those out at boot. screen_02 says press any key to connect. But it doesn't connect, it drops to a telnet prompt. But can then open 192.168.10.1 to connect to the server works fine. That sounds odd. ldm and startx don't work at all, nothing logged. By not work at all, you mean nothing shows on the screen at all? Or a login screen shows but doesn't successfully login? They're not configured to run in your above setup. You'd typically add them as SCREEN_07=ldm or SCREEN_07=startx in lts.conf. If you can get the shell working on one of the other ttys, that would be your best avenue for debugging... live well, vagrant signature.asc Description: PGP signature -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/_ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp 5 login weirdness
vagrant Thanks for the reply. ltsp-server-standalone 5.5.1-1ubuntu2 and done the ltsp-build client. I have /var/lib/tftpboot/ltsp5/i386/lts.conf as: [default] SERVER=192.168.10.1 SCREEN_01=shell SCREEN_02=telnet SCREEN_03=kiosk ... TELNET_HOST=192.168.10.1 Specifying SERVER should be redundant if your NBD/NFS server is the same as your LTSP server. OK, I've taken that out. My pxe terminal boots OK, nothing unusual in syslog that I can see. With screen_01 shell, it does this weird thing where the console flops back and forth between a Login:, and what appears to be a # root prompt. If you respond to the Login:, it flops to #, and says command not found if you type a command in response to #, it says Login incorrect. After an extended, variable time, it sometimes becomes possible to log in (I've created an account in chrooted /opt/ltsp5/i386). Then everything appears normal. It shows proper netstat -nr, everything seems to be mounted OK. You should probably stick to SCREEN_02 and higher. tty1 (a.k.a. SCREEN_01) usually has a traditional login getty running on it, and it's probably fighting with the shell screen script. Normally, tty2 through tty6 also have login gettys running on them, but LTSP clears those out at boot. Yes, that's it! If I change to SCREEN_02, shell works fine. Bizarre. It was not thus in previous versions of ltsp. screen_02 says press any key to connect. But it doesn't connect, it drops to a telnet prompt. But can then open 192.168.10.1 to connect to the server works fine. That sounds odd. Yes. This particular terminal is intended as a telnet text terminal, so it would be good if I could get this to work properly. ldm and startx don't work at all, nothing logged. By not work at all, you mean nothing shows on the screen at all? Or a login screen shows but doesn't successfully login? They're not configured to run in your above setup. You'd typically add them as SCREEN_07=ldm or SCREEN_07=startx in lts.conf. If you can get the shell working on one of the other ttys, that would be your best avenue for debugging... startx: blank screen, nothing logged that I can see. BUT, from shell X -query 192.168.10.1 works fine. ldm: starts, but can't log in no response from server, restarting. Syslog says: Feb 13 10:36:21 ltsp12 ldm[1730]: calling rc.d pressh scripts Feb 13 10:36:26 ltsp12 ldm[1730]: no response, restarting Feb 13 10:39:11 server ldminfod[3875]: connect from 192.168.10.12 (192.168.10.12) Feb 13 10:36:28 ltsp12 ldm[1953]: started on client with IP address: 192.168.10.12 Feb 13 10:36:28 ltsp12 ldm[1953]: calling rc.d init scripts Feb 13 10:39:12 server nbd_server[16218]: Spawned a child process Feb 13 10:39:12 server nbd_server[3882]: virststyle ipliteral Feb 13 10:39:12 server nbd_server[3882]: connect from 192.168.10.12, assigned file is /opt/ltsp5/images/i386.img Feb 13 10:39:12 server nbd_server[3882]: Can't open authorization file /etc/ltsp/nbd-server.allow (No such file or directory). Feb 13 10:39:12 server nbd_server[3882]: Starting to serve Feb 13 10:39:12 server nbd_server[3882]: Size of exported file/device is 363274240 Feb 13 10:36:28 ltsp12 kernel: [ 61.425635] nbd9: unknown partition table Feb 13 10:39:12 server nbd_server[3882]: Disconnect request received. Feb 13 10:39:12 server nbd_server[16218]: Child exited with 0 Feb 13 10:36:28 ltsp12 kernel: [ 61.430425] block nbd9: NBD_DISCONNECT Feb 13 10:36:28 ltsp12 kernel: [ 61.430989] block nbd9: Receive control failed (result -32) Feb 13 10:36:28 ltsp12 kernel: [ 61.431073] block nbd9: queue cleared Feb 13 10:36:28 ltsp12 ldm[1953]: authenticating with backend: ssh regards, Tim Johnston live well, vagrant -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
Re: [Ltsp-discuss] LTSP 5 LocalMedia for terminals with LDAP users
Loose notes of mine. It's been a while since I set these up. Once done you forget because it just works. I go to slap for LDAP though, so it may be a bit different to a Domain Controller. Make sure /etc/nsswitch.conf has: passwd: compat ldap group: compat ldap shadow: compat ldap :# apt-get install nscd nslcd libpam-ldap libnss-ldap In the /etc/pam.d/common-* files make sure [type]sufficientpam_ldap.so are in the first line. Edit the /etc/pam_ldap.conf, /etc/pam_ldap.secret as required to connect to the LDAP server. Edit /etc/nscd.conf /etc/nslcd.conf to configure the caches. They can be troublesome if you try and restart services that rely on users and groups. You may need to restart these at those times too. Occasionally my root turns into Administrator because of the ldap UID 0 of Administrator. Restarting nscd usually fixes it, if not blowing out /var/cache/nscd/* will. Define a fuse group in ldap with the student usernames as members. You will want to make the GID the same as the existing Unix one, or you'll have trouble w/ permission issues of the fuse binaries and /dev/fuse. Use # getent group fuse to verify. When you see the ldap groups/users, you've won. Double check the LTSP servers fuse binaries and /dev/fuse files with -n to verify the GID numbers are the same if you have issues. Cheers, lance On 10/12/2012 4:49 PM, Edgar Kogler wrote: I'm running LTSP5 on Debian squeeze in a school-network. As terminals I use some old Compaq Evo Computers, and they work fine. I managed to activate ldap-authentication on the terminals from our domain controller. I want our users to have access to their local media on the terminals. What I found in the docs is that with LTSP5 the user logging in on the terminal only has to be member of the group fuse to have local media automatically mounted. Since we use SAMBA and LDAP for the rest of the network I added a group fuse to my LDAP-Server, became a member of it on LDAP plugged my USB stick to the terminal but it didn't mount automatically. I understand that the group fuse mentioned in the docs is a simple UNIX group but I can't figure out how to bridge the gap between LDAP and UNIX groups and membership therein. It is no option to have all users on any server as UNIX users being members of fuse since we have a large fluctuation of users (~300) every year and I don't believe that this should be necessary. Any help appreciated :-) Edgar -- Lance Levsen, Catprint Computing C: 306-230-8783 P: 306-493-2278 PO Box 579 Delisle, SK, S0L 0P0 Canada -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 LocalMedia for terminals with LDAP users
Hallo Edgar, Edgar Kogler schrieb am 10.12.2012 23:49: I managed to activate ldap-authentication on the terminals from our domain controller. I want our users to have access to their local media on the terminals. What I found in the docs is that with LTSP5 the user logging in on the terminal only has to be member of the group fuse to have local media automatically mounted. Since we use SAMBA and LDAP for the rest of the network I added a group fuse to my LDAP-Server, became a member of it on LDAP plugged my USB stick to the terminal but it didn't mount automatically. I understand that the group fuse mentioned in the docs is a simple UNIX group but I can't figure out how to bridge the gap between LDAP and UNIX groups and membership therein. It is no option to have all users on any server as UNIX users being members of fuse since we have a large fluctuation of users (~300) every year and I don't believe that this should be necessary. concerning group membership I use the libpam-modules (Debian) package. It contains a file /etc/security/group.conf. In there I have the entry line: *;*;*;Al-2400;fuse,audio,cdrom,scanner This means, all users, who log in, are member of the groups fuse, audio cdrom, scanner. This module should get installed in the chroot environment of the thin client. I think, this is the easiest way. Greetings Helmut PS: An welcher Schule bist du? -- - Helmut Lichtenberg helmut.lichtenb...@fli.bund.de Tel.: 05034/871-128 Institut für Nutztiergenetik (FLI) 31535 Neustadt Germany - -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5, Gentoo, Dell Optiplex
Am 2010-01-26 12:20, schrieb Michael George: I'm trying to move to LTSP 5 on my Gentoo system. I have the client system built, the TFTP (tftp-hpa) and DHCP (dhcp) working to provide the necessary files, but the terminal hits a kernel panic when it tries to mount / over NFS. It says that there's no network available. I know the connection is good, because it pulled the kernel and initramfs. It looks like it picks the tg3 NIC driver to use for network- ing, but the system uses the 3C950 chipset and would need the 3C95x driver. I'm wondering if anyone here uses LTSP much and might be successfully using old Dell Optiplex GX1's and could perhaps give me some insight. I think i use one, and that it needed IPAPPEND 3 to boot because it couldn't get an IP after the PXE boot (IPAPPEND explained here: https://help.ubuntu.com/community/UbuntuLTSP/ProxyDHCP#Adjusting ). If this does not help, posting a screenshot of the kernel messages wouldn't be bad. Jakob -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5, Gentoo, Dell Optiplex
On Wed, Jan 27, 2010 at 06:07:19PM -0500, Eric Thibodeau wrote: For the most part, LTSP does a very good job of detecting what hardware???s on your thin client. However, it???s possible that you may want to manually specify a kernel module to load after boot. _after boot_ ...which implies you got past the NFSroot mounting...which he can't since he doesn't have the correct NIC driver from what I can read. Correct. PXE and DHCP get the kernel and initramfs to the system. From there it tries to detect hardware and then loads modules from initramfs. But since it (appears to -- I could be wrong) pick the tg3 driver over the 3Com driver, it's halted at the network mount of /. ET On 2010-01-27, at 5:57 PM, Xavier Brochard wrote: Le mercredi 27 janvier 2010 18:44:40, Michael George a ??crit : On Tue, Jan 26, 2010 at 06:20:38AM -0500, Michael George wrote: I'm trying to move to LTSP 5 on my Gentoo system. I have the client system built, the TFTP (tftp-hpa) and DHCP (dhcp) working to provide the necessary files, but the terminal hits a kernel panic when it tries to mount / over NFS. It says that there's no network available. I know the connection is good, because it pulled the kernel and initramfs. It looks like it picks the tg3 NIC driver to use for network- ing, but the system uses the 3C950 chipset and would need the 3C95x driver. I'm wondering if anyone here uses LTSP much and might be successfully using old Dell Optiplex GX1's and could perhaps give me some insight. Is there a way I can force specific modules to be loaded by LTSP clients? That would at least allow me to test whether that it the only problem I have. See chapter 12 of the documentation: http://sourceforge.net/apps/mediawiki/ltsp/index.php?title=Ltsp_LtspDocumentationUpstream Some extract below: Modules and startup scripts == For the most part, LTSP does a very good job of detecting what hardware???s on your thin client. However, it???s possible that you may want to manually specify a kernel module to load after boot. Alternatively, you may have a script you???ve written that you???ve put in the chroot, and want to make sure gets run at startup. LTSP provides some hooks to allow you to do this. MODULE_01...MODULE_10 string, default unset Up to 10 kernel modules can be loaded by using these con???guration entries. The entire command line that you would use when running insmod can be speci???ed here. For example: MODULE_01 = uart401.o MODULE_02 = sb.o io=0x220 irq=5 dma=1 MODULE_03 = opl3.o If the value of this parameter is an absolute path name, then insmod will be used to load the module. Otherwise, modprobe will be used. In normal circumstances, you shouldn???t need to specify anything here, as most hardware will be auto-detected. Xavier xav...@alternatif.org - 09 54 06 16 26 -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- -M There are 10 kinds of people in this world: Those who can count in binary and those who cannot. -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _ Ltsp-discuss mailing list. To
Re: [Ltsp-discuss] LTSP 5, Gentoo, Dell Optiplex
On Thu, Jan 28, 2010 at 10:39:13AM +0100, Jakob Unterwurzacher wrote: Am 2010-01-26 12:20, schrieb Michael George: I'm trying to move to LTSP 5 on my Gentoo system. I have the client system built, the TFTP (tftp-hpa) and DHCP (dhcp) working to provide the necessary files, but the terminal hits a kernel panic when it tries to mount / over NFS. It says that there's no network available. I know the connection is good, because it pulled the kernel and initramfs. It looks like it picks the tg3 NIC driver to use for network- ing, but the system uses the 3C950 chipset and would need the 3C95x driver. I'm wondering if anyone here uses LTSP much and might be successfully using old Dell Optiplex GX1's and could perhaps give me some insight. I think i use one, and that it needed IPAPPEND 3 to boot because it couldn't get an IP after the PXE boot (IPAPPEND explained here: https://help.ubuntu.com/community/UbuntuLTSP/ProxyDHCP#Adjusting ). If this does not help, posting a screenshot of the kernel messages wouldn't be bad. Did you need this even without a proxy DHCP server? Most of the docs I find on setting up LTSP 5 use a different DHCP server (dnsmasq) and TFTP server (atftp) than I am using (dhcpd and tftp-hpa). However, they should function similarly. I have LTSP 4 working and I am hoping to avoid making lots of changes in trying to go to 5 -- in case I have to fall back to 4 for the summer. I'll try the IPAPPEND 3 option and see what that does for me. Then I think I'll try different hardware and see if it behaves the same way. -- -M There are 10 kinds of people in this world: Those who can count in binary and those who cannot. -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5, Gentoo, Dell Optiplex
Le jeudi 28 janvier 2010 12:19:16, Michael George a écrit : On Wed, Jan 27, 2010 at 06:07:19PM -0500, Eric Thibodeau wrote: For the most part, LTSP does a very good job of detecting what hardware???s on your thin client. However, it???s possible that you may want to manually specify a kernel module to load after boot. _after boot_ ...which implies you got past the NFSroot mounting...which he can't since he doesn't have the correct NIC driver from what I can read. Correct. PXE and DHCP get the kernel and initramfs to the system. From there it tries to detect hardware and then loads modules from initramfs. But since it (appears to -- I could be wrong) pick the tg3 driver over the 3Com driver, it's halted at the network mount of /. Did you checked the content of your (chroot)/etc/initramfs-tools/ directory ? You can try to configure mkinitramfs (see man initramfs.conf) You can pass boot options to the kernel on the fly, boot options apply to network card, using the MAC adress. See http://sourceforge.net/apps/mediawiki/ltsp/index.php?title=Ltsp_KernelOptions It can also be a bug in your current running kernel (try another one). Xavier xav...@alternatif.org - 09 54 06 16 26 -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5, Gentoo, Dell Optiplex
Am 2010-01-28 14:57, schrieb Michael George: On Thu, Jan 28, 2010 at 10:39:13AM +0100, Jakob Unterwurzacher wrote: Am 2010-01-26 12:20, schrieb Michael George: I'm trying to move to LTSP 5 on my Gentoo system. I have the client system built, the TFTP (tftp-hpa) and DHCP (dhcp) working to provide the necessary files, but the terminal hits a kernel panic when it tries to mount / over NFS. It says that there's no network available. I know the connection is good, because it pulled the kernel and initramfs. It looks like it picks the tg3 NIC driver to use for network- ing, but the system uses the 3C950 chipset and would need the 3C95x driver. I'm wondering if anyone here uses LTSP much and might be successfully using old Dell Optiplex GX1's and could perhaps give me some insight. I think i use one, and that it needed IPAPPEND 3 to boot because it couldn't get an IP after the PXE boot (IPAPPEND explained here: https://help.ubuntu.com/community/UbuntuLTSP/ProxyDHCP#Adjusting ). Uh, the full Link is https://help.ubuntu.com/community/UbuntuLTSP/ProxyDHCP#Adjusting pxelinux.cfg/default but i'm afraid it's killed by the space in the anchor. If this does not help, posting a screenshot of the kernel messages wouldn't be bad. Did you need this even without a proxy DHCP server? Well, my setup is a little strange. I have the LTSP DHCP server (not dnsmasq, the regular dhcpd) and also one in a router that i cannot turn off. They hand out different ranges so this should be fine. PXE worked well from the start, but the kernel (or the dhcp client) on some machines failed to get a IP adress afterwards and paniced. IPAPPEND 3 fixed that, everything works fine now. Most of the docs I find on setting up LTSP 5 use a different DHCP server (dnsmasq) and TFTP server (atftp) than I am using (dhcpd and tftp-hpa). However, they should function similarly. I have LTSP 4 working and I am hoping to avoid making lots of changes in trying to go to 5 -- in case I have to fall back to 4 for the summer. I'll try the IPAPPEND 3 option and see what that does for me. Then I think I'll try different hardware and see if it behaves the same way. Good luck! -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5, Gentoo, Dell Optiplex
On Tue, Jan 26, 2010 at 06:20:38AM -0500, Michael George wrote: I'm trying to move to LTSP 5 on my Gentoo system. I have the client system built, the TFTP (tftp-hpa) and DHCP (dhcp) working to provide the necessary files, but the terminal hits a kernel panic when it tries to mount / over NFS. It says that there's no network available. I know the connection is good, because it pulled the kernel and initramfs. It looks like it picks the tg3 NIC driver to use for network- ing, but the system uses the 3C950 chipset and would need the 3C95x driver. I'm wondering if anyone here uses LTSP much and might be successfully using old Dell Optiplex GX1's and could perhaps give me some insight. Is there a way I can force specific modules to be loaded by LTSP clients? That would at least allow me to test whether that it the only problem I have. Thanks! -- -M There are 10 kinds of people in this world: Those who can count in binary and those who cannot. -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5, Gentoo, Dell Optiplex
Le mercredi 27 janvier 2010 18:44:40, Michael George a écrit : On Tue, Jan 26, 2010 at 06:20:38AM -0500, Michael George wrote: I'm trying to move to LTSP 5 on my Gentoo system. I have the client system built, the TFTP (tftp-hpa) and DHCP (dhcp) working to provide the necessary files, but the terminal hits a kernel panic when it tries to mount / over NFS. It says that there's no network available. I know the connection is good, because it pulled the kernel and initramfs. It looks like it picks the tg3 NIC driver to use for network- ing, but the system uses the 3C950 chipset and would need the 3C95x driver. I'm wondering if anyone here uses LTSP much and might be successfully using old Dell Optiplex GX1's and could perhaps give me some insight. Is there a way I can force specific modules to be loaded by LTSP clients? That would at least allow me to test whether that it the only problem I have. See chapter 12 of the documentation: http://sourceforge.net/apps/mediawiki/ltsp/index.php?title=Ltsp_LtspDocumentationUpstream Some extract below: Modules and startup scripts == For the most part, LTSP does a very good job of detecting what hardware’s on your thin client. However, it’s possible that you may want to manually specify a kernel module to load after boot. Alternatively, you may have a script you’ve written that you’ve put in the chroot, and want to make sure gets run at startup. LTSP provides some hooks to allow you to do this. MODULE_01...MODULE_10 string, default unset Up to 10 kernel modules can be loaded by using these configuration entries. The entire command line that you would use when running insmod can be specified here. For example: MODULE_01 = uart401.o MODULE_02 = sb.o io=0x220 irq=5 dma=1 MODULE_03 = opl3.o If the value of this parameter is an absolute path name, then insmod will be used to load the module. Otherwise, modprobe will be used. In normal circumstances, you shouldn’t need to specify anything here, as most hardware will be auto-detected. Xavier xav...@alternatif.org - 09 54 06 16 26 -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5, Gentoo, Dell Optiplex
For the most part, LTSP does a very good job of detecting what hardware’s on your thin client. However, it’s possible that you may want to manually specify a kernel module to load after boot. _after boot_ ...which implies you got past the NFSroot mounting...which he can't since he doesn't have the correct NIC driver from what I can read. ET On 2010-01-27, at 5:57 PM, Xavier Brochard wrote: Le mercredi 27 janvier 2010 18:44:40, Michael George a écrit : On Tue, Jan 26, 2010 at 06:20:38AM -0500, Michael George wrote: I'm trying to move to LTSP 5 on my Gentoo system. I have the client system built, the TFTP (tftp-hpa) and DHCP (dhcp) working to provide the necessary files, but the terminal hits a kernel panic when it tries to mount / over NFS. It says that there's no network available. I know the connection is good, because it pulled the kernel and initramfs. It looks like it picks the tg3 NIC driver to use for network- ing, but the system uses the 3C950 chipset and would need the 3C95x driver. I'm wondering if anyone here uses LTSP much and might be successfully using old Dell Optiplex GX1's and could perhaps give me some insight. Is there a way I can force specific modules to be loaded by LTSP clients? That would at least allow me to test whether that it the only problem I have. See chapter 12 of the documentation: http://sourceforge.net/apps/mediawiki/ltsp/index.php?title=Ltsp_LtspDocumentationUpstream Some extract below: Modules and startup scripts == For the most part, LTSP does a very good job of detecting what hardware’s on your thin client. However, it’s possible that you may want to manually specify a kernel module to load after boot. Alternatively, you may have a script you’ve written that you’ve put in the chroot, and want to make sure gets run at startup. LTSP provides some hooks to allow you to do this. MODULE_01...MODULE_10 string, default unset Up to 10 kernel modules can be loaded by using these configuration entries. The entire command line that you would use when running insmod can be specified here. For example: MODULE_01 = uart401.o MODULE_02 = sb.o io=0x220 irq=5 dma=1 MODULE_03 = opl3.o If the value of this parameter is an absolute path name, then insmod will be used to load the module. Otherwise, modprobe will be used. In normal circumstances, you shouldn’t need to specify anything here, as most hardware will be auto-detected. Xavier xav...@alternatif.org - 09 54 06 16 26 -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp 5 localdev and icons on the desktop
Jeff Siddall wrote: Lars Madsen wrote: (2) RHEL 5.3 uses Gnome 2.16, it will automatically detect the two floppy mounts, place them on the desktop and in the Places menu, but USB and CDROM are not picked up. Any idea on how to fix this? I've seen a patch for ltspfsmounter that will add the icons for USB ad CDROM, but it IS working correctly if I connect to an Ubuntu server instead of RHEL, and floppies only appears once on the desktop. Any idea what it is Gnome 2.16 is missing that the Gnome in Ubuntu 9.04 has such that the icons work. any ideas for this? USB sticks does get mounted under /media/user/..., but nothing appears on the desktop or in the Places menu. Floppies ARE mounted under /media/user/... and DOES appear under Places, but USB sticks and CDROMs does not. Has anyone gotten this to work with Gnome 2.16 (I suspect Gnome or Nautilus for this problem) I think it is something below the desktop environment as KDE 4.2 in K12Linux has the same issues with USB drives (no notification when new media is inserted on the thin client). I cannot test floppies or CDROMs as none of my clients have them. If you find a fix please post it to the list! Jeff does your USB sticks appear under /media/user ? floppy and Data CDs appear on the desktop and in Places just fine. It is only USB sticks that causes problems. At the moment I suspect the naming convention (and perhaps a bug in Gnome/Nautilus 2.16) /media/user/flopp0 /media/user/cdrom gets picked up just fine, but /media/user/usbdisk-sda1 does not, will try to figure out what is handling the device mounting -- /daleif -- Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp 5 localdev and icons on the desktop
Lars Madsen wrote: does your USB sticks appear under /media/user ? Yes floppy and Data CDs appear on the desktop and in Places just fine. It is only USB sticks that causes problems. Like I said I have no way to test floppies and CDs so they _might_ work in KDE also. Maybe someone else can confirm that. At the moment I suspect the naming convention (and perhaps a bug in Gnome/Nautilus 2.16) /media/user/flopp0 /media/user/cdrom gets picked up just fine, but /media/user/usbdisk-sda1 does not, will try to figure out what is handling the device mounting Let us know what you find out. Thanks, Jeff -- Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp 5 localdev and icons on the desktop
Lars Madsen wrote: (2) RHEL 5.3 uses Gnome 2.16, it will automatically detect the two floppy mounts, place them on the desktop and in the Places menu, but USB and CDROM are not picked up. Any idea on how to fix this? I've seen a patch for ltspfsmounter that will add the icons for USB ad CDROM, but it IS working correctly if I connect to an Ubuntu server instead of RHEL, and floppies only appears once on the desktop. Any idea what it is Gnome 2.16 is missing that the Gnome in Ubuntu 9.04 has such that the icons work. any ideas for this? USB sticks does get mounted under /media/user/..., but nothing appears on the desktop or in the Places menu. Floppies ARE mounted under /media/user/... and DOES appear under Places, but USB sticks and CDROMs does not. Has anyone gotten this to work with Gnome 2.16 (I suspect Gnome or Nautilus for this problem) I think it is something below the desktop environment as KDE 4.2 in K12Linux has the same issues with USB drives (no notification when new media is inserted on the thin client). I cannot test floppies or CDROMs as none of my clients have them. If you find a fix please post it to the list! Jeff -- Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp 5 localdev and icons on the desktop
(2) RHEL 5.3 uses Gnome 2.16, it will automatically detect the two floppy mounts, place them on the desktop and in the Places menu, but USB and CDROM are not picked up. Any idea on how to fix this? I've seen a patch for ltspfsmounter that will add the icons for USB ad CDROM, but it IS working correctly if I connect to an Ubuntu server instead of RHEL, and floppies only appears once on the desktop. Any idea what it is Gnome 2.16 is missing that the Gnome in Ubuntu 9.04 has such that the icons work. any ideas for this? USB sticks does get mounted under /media/user/..., but nothing appears on the desktop or in the Places menu. Floppies ARE mounted under /media/user/... and DOES appear under Places, but USB sticks and CDROMs does not. Has anyone gotten this to work with Gnome 2.16 (I suspect Gnome or Nautilus for this problem) -- /daleif -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp 5 localdev and icons on the desktop
Lars Madsen wrote: Lars Madsen wrote: Hi, I've finally managed to get LTSP 5 working with RHEL 5, by using an Ubuntu based client, and some extensive script modifications. I still have a few problems though, that I hope you could help me fix. (1) the mounted local devices appear twice on the server, once under /media/user/device and once under /tmp/.user/device, why? as far as I can see it comes from ltspfsmounter on the server the /tmp/.user apparently comes after the user logs out, and then in again looks like some cleanup that does not run correctly (may be another SSH issue) it is actually ltspfsmounter, in the mounts on RHEL 5.3 the ltspfs mounted devices does not show up as ltspfs at the start of the lines in /proc/mounts but rather as fuse so the matching in ltspfsmounter is wrong and things does not get cleaned up correctly. does anyone know why those lines start with fuse and not ltspfs? (2) RHEL 5.3 uses Gnome 2.16, it will automatically detect the two floppy mounts, place them on the desktop and in the Places menu, but USB and CDROM are not picked up. Any idea on how to fix this? I've seen a patch for ltspfsmounter that will add the icons for USB ad CDROM, but it IS working correctly if I connect to an Ubuntu server instead of RHEL, and floppies only appears once on the desktop. Any idea what it is Gnome 2.16 is missing that the Gnome in Ubuntu 9.04 has such that the icons work. (3) does anyone know whether it is possible to instruct SSH to NOT use the shell specified in the remote users passwd entry? Because otherwise I'll have to go through all ltsp shell scripts on the client to specify that it need to run bash. -- /daleif -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp-5 on fedora 10
I should have begun there: here is my network config - - 2 ethernet devices eth0 an eth1: eth0 is the internet interface, associated to an ADSL connection, and eth1 is plugged to a switch providing a private network for computers and thin client (which used to connect the server with ltsp 4.2). eth1 has IP 192.168.1.1 - - an iptables config allows computrs on the private network to access the Internet, using masquerade - - a dhcp server is set to provide IP numbers to computers on the private lan. for testing ltsp-5, I disabled the dhcp server, emptying the dhcpd.conf file and, after brigging up ltspbr0, I enabled ltsp-dhcpd server with the default config file. then I set up the bridge: brctl addif ltspbr0 eth1 but I did not change anything to the ifcfg-eth1 which still have IP 192.168.1.1 This is likely the issue. I don't believe that eth1 should have an IP address explicitly defined at all. It should be slaved to ltspbr0 instead. So, if you delete the IP address, subnet mask, network information from ifcfg-eth1 (NETWORK, NETMASK, IPADDR) or using the GUI tool for network clear all the entries for ip address, subnet mask and gateway for that device. It should still be selected in the network GUI but those fields should be blank. Then, add the BRIDGE=ltspbr0 (or brctl addif ltspbr0 eth1) it should work. Sincerely, Dave Hopkins -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp-5 on fedora 10[in way to be solved]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le 12/03/2009 14:50, David Hopkins a écrit : I should have begun there: here is my network config - - 2 ethernet devices eth0 an eth1: eth0 is the internet interface, associated to an ADSL connection, and eth1 is plugged to a switch providing a private network for computers and thin client (which used to connect the server with ltsp 4.2). eth1 has IP 192.168.1.1 - - an iptables config allows computrs on the private network to access the Internet, using masquerade - - a dhcp server is set to provide IP numbers to computers on the private lan. for testing ltsp-5, I disabled the dhcp server, emptying the dhcpd.conf file and, after brigging up ltspbr0, I enabled ltsp-dhcpd server with the default config file. then I set up the bridge: brctl addif ltspbr0 eth1 but I did not change anything to the ifcfg-eth1 which still have IP 192.168.1.1 This is likely the issue. I don't believe that eth1 should have an IP address explicitly defined at all. It should be slaved to ltspbr0 instead. So, if you delete the IP address, subnet mask, network information from ifcfg-eth1 (NETWORK, NETMASK, IPADDR) or using the GUI tool for network clear all the entries for ip address, subnet mask and gateway for that device. It should still be selected in the network GUI but those fields should be blank. Then, add the BRIDGE=ltspbr0 (or brctl addif ltspbr0 eth1) it should work. I worked! *But* the main problem was the connection between the TC and the monitor: the connection was a DVI one and in spite of all change I made to eth1, ltspbr0, dhcpd the TC did not boot in ldm mode (and still this message in the logs: START: ldminfod pid=22507 from=:::172.31.100.100 EXIT: ldminfod status=0 pid=22507 duration=0(sec) I changed the connection: from digital to analogic and... I got the login screen of K12 Linux. Moreover I could log in! Thanks for your help. I now trying to have the TC and the other computers on the same dhcpd server; according to: https://fedorahosted.org/k12linux/wiki/AdvancedNetworkSetup It is not straightforward. Best regards. - -- François Patte UFR de mathématiques et informatique Université Paris Descartes 45, rue des Saints Pères F-75270 Paris Cedex 06 Tél. +33 (0)1 4286 2413 http://www.math-info.univ-paris5.fr/~patte -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkm5geQACgkQdE6C2dhV2JV/bgCgtYQcnAALCMrxLRLelWNMZinV rN8An0wk7yn42D2Aa4NaV0E0x+uOfLvG =Gjs5 -END PGP SIGNATURE- -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp-5 on fedora 10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le 10/03/2009 18:44, David Hopkins a écrit : I try to install an ltsp-server to boot thin clients on my f10 box. I followed instructions there: https://fedorahosted.org/k12linux/wiki/InstallGuide But failed Make sure you follow them exactly up to the point that you have to enable the network for real thin clients (Step 11). At that point I had to follow the installation instructions that were found in root's Desktop on the live DVD to associate ethN (eth0 for me) with ltspbr0 Is it different from: brctl addif ltspbr0 eth1 (it is eth1 for me) That seems right. Have you tried a different thin client? masquerading (nat? between the thin client address 172.x and the wan) seems to be needed on the ltsp server to allow local apps to work (dns resolution issue for me with local apps like FF), or at least, I needed it to get local apps working. But you're saying the boot process is hanging. I'd just try a different thin client (even a desktop system that supports PXE) to confirm that it is a server-side issue. I could narrow down the problem: I think that it is an ldm problem. I changed SCREEN_01=ldm to SCREEN_01=shell in /var/lib/tftpboot/ltsp/i386/lts.conf And I could boot the TC. Also, I got a log file from ldm, in /opt/ltsp/i386/var/log/ldm.log: LDM2 fonctionne sur l'adresse ip 192.168.1.1 rc_files: /bin/sh /usr/share/ldm/ldm-script init ldm_spawn: pid = 20477 Processus 20477 terminé avec le statut 0 Génération du message d'accueil : /usr/libexec/ldm/ldmgtkgreet ldm_spawn: pid = 20496 ERREUR : échec de l'appel à get_userid depuis l'invite LDM2 fonctionne sur l'adresse ip 192.168.1.1 rc_files: /bin/sh /usr/share/ldm/ldm-script init ldm_spawn: pid = 20500 Processus 20500 terminé avec le statut 0 Génération du message d'accueil : /usr/libexec/ldm/ldmgtkgreet ldm_spawn: pid = 20519 ERREUR : échec de l'appel à get_userid depuis l'invite (log in French, sorry!) I don't how I got this log file, because I could not get a new one. I am wondering if there is not an IP issue because the boot server has default IP 172.31.100.254 and ldm seems to answer on 192.168.1.1 which is the eth1 IP on which my lan is connected. In the instructions on https://fedorahosted.org/k12linux/wiki/InstallGuide there are no information on what should be the default configuration of the device ethN on which the lan is connected Thank you for giving some clue to go further. Best regards - -- François Patte UFR de mathématiques et informatique Université Paris Descartes 45, rue des Saints Pères F-75270 Paris Cedex 06 Tél. +33 (0)1 4286 2413 http://www.math-info.univ-paris5.fr/~patte -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkm38pUACgkQdE6C2dhV2JW0LwCguwp+VFA1NzJrqXtSpVIQpwws LHUAoMHWNZ9GHOAwv2qZRyRQto2ZPWGl =+0FY -END PGP SIGNATURE- -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp-5 on fedora 10
I am wondering if there is not an IP issue because the boot server has default IP 172.31.100.254 and ldm seems to answer on 192.168.1.1 which is the eth1 IP on which my lan is connected. In the instructions on https://fedorahosted.org/k12linux/wiki/InstallGuide there are no information on what should be the default configuration of the device ethN on which the lan is connected First, I've managed to confuse myself by what you mean by lan as opposed to wan. So, to be clear, the interface that connects with the main network is what you are calling the lan and that is interface eth1? Assuming that is the case, I'd take a step back at this point and verify, 1) Which interface is on the main network. It seems to be eth1 and has an IP address of 192.168.x.y? 2) That eth0 is connected to the switch to which the thin client is connected. 2) Verify that only eth0 in this case is associated the ltspbr0 e.g. the ifcfg-eth0 file has the BRIDGE=ltspbr0 and ifcfg-eth1 does not. 3) Verify that the dhcpd-ltsp.conf file in /etc (I think I have that name correct) is assigning IP addresses for the 172.31 network. 4) and finally, check that iptables is running and that masquerading is set up properly. If that is all correct, then as a sanity check, try running the server off the live DVD? I'm not at a system where I can pull up the config files I use but I can try to do later tonight and email them to you for comparison if you want. Sincerely, Dave Hopkins -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp-5 on fedora 10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le 11/03/2009 19:41, David Hopkins a écrit : I am wondering if there is not an IP issue because the boot server has default IP 172.31.100.254 and ldm seems to answer on 192.168.1.1 which is the eth1 IP on which my lan is connected. In the instructions on https://fedorahosted.org/k12linux/wiki/InstallGuide there are no information on what should be the default configuration of the device ethN on which the lan is connected First, I've managed to confuse myself by what you mean by lan as opposed to wan. So, to be clear, the interface that connects with the main network is what you are calling the lan and that is interface eth1? I should have begun there: here is my network config - - 2 ethernet devices eth0 an eth1: eth0 is the internet interface, associated to an ADSL connection, and eth1 is plugged to a switch providing a private network for computers and thin client (which used to connect the server with ltsp 4.2). eth1 has IP 192.168.1.1 - - an iptables config allows computrs on the private network to access the Internet, using masquerade - - a dhcp server is set to provide IP numbers to computers on the private lan. for testing ltsp-5, I disabled the dhcp server, emptying the dhcpd.conf file and, after brigging up ltspbr0, I enabled ltsp-dhcpd server with the default config file. then I set up the bridge: brctl addif ltspbr0 eth1 but I did not change anything to the ifcfg-eth1 which still have IP 192.168.1.1 As I previously said, with this config I could boot the TC with SCREEN_0=shell (but failed with SCREEN_0=ldm) Things are quite confuse for me about the bridge and the config file to be set for eth1. - -- François Patte UFR de mathématiques et informatique Université Paris Descartes 45, rue des Saints Pères F-75270 Paris Cedex 06 Tél. +33 (0)1 4286 2413 http://www.math-info.univ-paris5.fr/~patte -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkm4UVEACgkQdE6C2dhV2JVjIQCgiPdQa9uh3Vwn2IOHFxMFJseR 6+4An1Icm0Ozkpdqa3bEaJgt/HXUUgw/ =wVWd -END PGP SIGNATURE- -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp-5 on fedora 10
Bonjour, I try to install an ltsp-server to boot thin clients on my f10 box. I followed instructions there: https://fedorahosted.org/k12linux/wiki/InstallGuide But failed Make sure you follow them exactly up to the point that you have to enable the network for real thin clients (Step 11). At that point I had to follow the installation instructions that were found in root's Desktop on the live DVD to associate ethN (eth0 for me) with ltspbr0 properly and make sure that NetworkManager didn't try to manage that device. I also had to reenable iptables and set up masquerading as well so that local apps like Firefox would work. Sincerely, Dave Hopkins -- _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp-5 on fedora 10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Hopkins a écrit : Bonjour, I try to install an ltsp-server to boot thin clients on my f10 box. I followed instructions there: https://fedorahosted.org/k12linux/wiki/InstallGuide But failed Make sure you follow them exactly up to the point that you have to enable the network for real thin clients (Step 11). At that point I had to follow the installation instructions that were found in root's Desktop on the live DVD to associate ethN (eth0 for me) with ltspbr0 Is it different from: brctl addif ltspbr0 eth1 (it is eth1 for me) ? properly and make sure that NetworkManager didn't try to manage that device. NetworkManager is not running I also had to reenable iptables and set up masquerading as well so that local apps like Firefox would work. masquerading? On the local network? I have masquerading set up for the internet connections of machines from the lan. Is iptables mandatory to only boot up the TC? It is the first step I try to achieve Boot hangs, as I said, and I cannot figure out why. Thanks for helping. Best regards. - -- François Patte UFR de mathématiques et informatique Université Paris Descartes Tél. +33 (0)1 4286 2145 http://www.math-info.univ-paris5.fr/~patte -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkm2m9QACgkQdE6C2dhV2JWlFwCfXAMS/aGUZGcAJgL5mK9jBhmc co8An3YePm5uwlsl0y4d9t3T877Nxq/b =6GXr -END PGP SIGNATURE- -- _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp-5 on fedora 10
I try to install an ltsp-server to boot thin clients on my f10 box. I followed instructions there: https://fedorahosted.org/k12linux/wiki/InstallGuide But failed Make sure you follow them exactly up to the point that you have to enable the network for real thin clients (Step 11). At that point I had to follow the installation instructions that were found in root's Desktop on the live DVD to associate ethN (eth0 for me) with ltspbr0 Is it different from: brctl addif ltspbr0 eth1 (it is eth1 for me) That seems right. properly and make sure that NetworkManager didn't try to manage that device. NetworkManager is not running Ok ... so my issue of NM taking control of ethN isn't your issue. I also had to reenable iptables and set up masquerading as well so that local apps like Firefox would work. masquerading? On the local network? I have masquerading set up for the internet connections of machines from the lan. Is iptables mandatory to only boot up the TC? It is the first step I try to achieve Boot hangs, as I said, and I cannot figure out why. Have you tried a different thin client? masquerading (nat? between the thin client address 172.x and the wan) seems to be needed on the ltsp server to allow local apps to work (dns resolution issue for me with local apps like FF), or at least, I needed it to get local apps working. But you're saying the boot process is hanging. I'd just try a different thin client (even a desktop system that supports PXE) to confirm that it is a server-side issue. Sincerely, Dave Hopkins -- _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp 5 - lts.conf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Rob you are right. that depends mainly on the distribution. In lenny you find it in the [chroot]/etc. but that was not the question. The other configurations at my site work fine (using multiple autologins and so on). Also rebooting the thin clients via local cron job once a day do well. The only trouble was Adobe Flash. I made further tests and found out that it is some strange mem porlbem with flash. I also tried other implementations but flash always ran out of mem. I'm now able to kill this processes so the trouble is not so big. But implementing flash persists the only issue at the moment. I'm now thinking about using anouther desktop manager than IceWM but that could lead into other mem porblems also. Looking through the logs I came to the opinion that LDM could cause some of the troubles.. reegards - -- - Helmut Dier email: he...@gmx.at - -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJs/NfUtXZVM4b3+YRAo97AJwKvfQyMncI9/mxP4QwBlOg9REo/gCfSrDt 9OC/uubJVzERVVvDumFUEfI= =9pqQ -END PGP SIGNATURE- -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp 5 - lts.conf
I'd just like to point out that LTSP 5 on Debian puts lts.conf in /opt/ltsp/i386/etc. I think the location is related to whether NFS or NBD is used for the root image. If NBD is used, then lts.conf must not be in /opt/ltsp/i386, so it gets put in /var/lib/tftpboot/i386. Somebody correct me if I'm wrong. -Rob On Mon, Feb 23, 2009 at 09:20:21PM -0300, José Queiroz wrote: Hi Helmut, LTSP 5 uses lts.conf in /var/lib/tftpboot/i386, as stated by Keith. The file in /opt/ltsp/i386/etc is just a dummy file, and there's a lot of problems you have if you try using it. PS: Antonio, evite postar em português na lista internacional, nem sempre você vai ter sorte de encontrar alguém que entenda sua pergunta. 2009/2/23 Helmut Dier he...@gmx.at -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Supposing you use a standardinstallation the lts.conf file is in yout chroot (as you mentionend /opt/ltsp/i386/etc). reagrads Helmut - -- - Helmut Dier, SysAdmin at ]a[, Vienna email: he...@gmx.at - -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJozbMUtXZVM4b3+YRAm4VAJ9RehdNWygUcO/bsPDuot0yTEpbiQCffowz mV0h0xvbpCToa/dETGZ1MPw= =wEMv -END PGP SIGNATURE- -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp 5 - lts.conf
Hi Helmut, LTSP 5 uses lts.conf in /var/lib/tftpboot/i386, as stated by Keith. The file in /opt/ltsp/i386/etc is just a dummy file, and there's a lot of problems you have if you try using it. PS: Antonio, evite postar em português na lista internacional, nem sempre você vai ter sorte de encontrar alguém que entenda sua pergunta. 2009/2/23 Helmut Dier he...@gmx.at -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Supposing you use a standardinstallation the lts.conf file is in yout chroot (as you mentionend /opt/ltsp/i386/etc). reagrads Helmut - -- - Helmut Dier, SysAdmin at ]a[, Vienna email: he...@gmx.at - -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJozbMUtXZVM4b3+YRAm4VAJ9RehdNWygUcO/bsPDuot0yTEpbiQCffowz mV0h0xvbpCToa/dETGZ1MPw= =wEMv -END PGP SIGNATURE- -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H_ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp-5 problem on Etch : showing initramfs prompt
At least switching to nfs booted for me except that i am having issues with gdm not starting properly. SB Nataraj S Narayan wrote: Hi Vagrant Please help me with this. I am trying out a normal debian Ltsp-5. Loading, please wait... IP-Config: eth0 hardware address xx:xx:xx:xx:xx:xx mtu 1500 DHCP RARP IP-Config: eth0 complete (from 192.168.0.254): address: 192.168.0.250broadcast: 192.168.0.255netmask: 255.255.255.0 gateway: 192.168.0.1dns0 : 192.168.0.1dns1 : 0.0.0.0 domain: example.com rootserver: 192.168.0.254 rootpath: /opt/ltsp/i386 filename : /ltsp/i386/nbi.img Error: Connect: Connection refused mount: Mounting /dev/nbd0 on /root/ failed: No such interface mount: Mounting /dev on /root/dev/ failed: No such file o or directory mount: Mounting /sys on /root/sys failed: No such file or directory mount: Mounting /proc on /root/proc failed: No such file or directory Target filesystem doesn't have /sbin/init No init found. try passing init = bootarg Showing busy box and initramfs prompt. Is it a problem with nbd-server configuration? Can substitute nbd with nfs server? Please help regards Nataraj -- _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- Shrenik Bhura IntelliAnt: Consulting and Development of Free / Open Source Software -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp-5 problem on Etch : showing initramfs prompt
On Thursday 25 December 2008 02:09:02 ltsp-discuss- requ...@lists.sourceforge.net wrote: It seems I need a different 'pxelinux.cfg/default' for nfs mounting, currently it is for using nbd-server. Please help me to change to nfs. https://help.ubuntu.com/community/UbuntuLTSP/LTSPWithoutNFS look for Reverting to NFS if you want to polite and not hostile rant a) You say you want to do something daft, like run LTSP on windows, to help a mate who works at microsoft defeat the licence issues. b) You ignore the advice of people who say This Will be Very Messy c) You do not start playing with the most used and easiest installation which is ubuntu d) You waste the time of all the kind folk who try to help you, when they could be wasting their time helping some deserving soal who is ligitamitly struggling. /rant James -- _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp-5 problem on Etch : showing initramfs prompt
On Mon, Dec 22, 2008 at 01:59:11PM +0530, Nataraj S Narayan wrote: It seems I need a different 'pxelinux.cfg/default' for nfs mounting, currently it is for using nbd-server. Please help me to change to nfs. you should just ensure that boot=nfs is in /var/lib/tftpboot/ltsp/i386/pxelinux.cfg/default i don't think any other changes should be needed, though it depends on what all you did to create the chroot or customize it, etc... if that doesn't work, i'd recommend re-installing and using the defaults, which will create a chroot the uses NFS. this page gives instructions for installing on Debian Lenny, with links for installing on Etch or Etch-With-Backports: http://wiki.debian.org/LTSP/Howto/ live well, vagrant -- _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp-5 problem on Etch : showing initramfs prompt
Hi It seems I need a different 'pxelinux.cfg/default' for nfs mounting, currently it is for using nbd-server. Please help me to change to nfs. Nataraj S Narayan On Sun, Dec 21, 2008 at 4:50 AM, Vagrant Cascadian vagr...@freegeek.org wrote: On Sat, Dec 20, 2008 at 06:42:43AM -0800, Nataraj S Narayan wrote: Please help me with this. I am trying out a normal debian Ltsp-5. ..snip... rootserver: 192.168.0.254 rootpath: /opt/ltsp/i386 filename : /ltsp/i386/nbi.img Error: Connect: Connection refused mount: Mounting /dev/nbd0 on /root/ failed: No such interface mount: Mounting /dev on /root/dev/ failed: No such file o or directory mount: Mounting /sys on /root/sys failed: No such file or directory mount: Mounting /proc on /root/proc failed: No such file or directory Target filesystem doesn't have /sbin/init No init found. try passing init = bootarg Showing busy box and initramfs prompt. Is it a problem with nbd-server configuration? Can substitute nbd with nfs server? nbd is broken in debian etch, at least for use with ltsp. if you really need to use nbd, you'll have to use lenny. defaults for etch or lenny is to use NFS. live well, vagrant -- _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp-5 problem on Etch : showing initramfs prompt
Le lundi 22 décembre 2008 09:29:11 Nataraj S Narayan, vous avez écrit : It seems I need a different 'pxelinux.cfg/default' for nfs mounting, currently it is for using nbd-server. Please help me to change to nfs. https://help.ubuntu.com/community/UbuntuLTSP/LTSPWithoutNFS look for Reverting to NFS if you want to -- Xavier xav...@alternatif.org 09 54 06 16 26 -- _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
Linux termial server client for windows caveat emptor http://sourceforge.net/projects/linuxts/ -- _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp-5 problem on Etch : showing initramfs prompt
On Sat, Dec 20, 2008 at 06:42:43AM -0800, Nataraj S Narayan wrote: Please help me with this. I am trying out a normal debian Ltsp-5. ..snip... rootserver: 192.168.0.254 rootpath: /opt/ltsp/i386 filename : /ltsp/i386/nbi.img Error: Connect: Connection refused mount: Mounting /dev/nbd0 on /root/ failed: No such interface mount: Mounting /dev on /root/dev/ failed: No such file o or directory mount: Mounting /sys on /root/sys failed: No such file or directory mount: Mounting /proc on /root/proc failed: No such file or directory Target filesystem doesn't have /sbin/init No init found. try passing init = bootarg Showing busy box and initramfs prompt. Is it a problem with nbd-server configuration? Can substitute nbd with nfs server? nbd is broken in debian etch, at least for use with ltsp. if you really need to use nbd, you'll have to use lenny. defaults for etch or lenny is to use NFS. live well, vagrant -- _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp-5 over Grub
On Fri, Dec 19, 2008 at 04:13:42PM +0530, Nataraj S Narayan wrote: This is some where in the middle of my Ltsp server on XP experiment. that doesn't sound very fun... :) I finally managed to get vmlinuz -2.6.26-1-486, initrd.img-2.6.26-1-486 and a i386.img (file system). For this I used Debian Lenny and installed ltsp-server package, and then ltsp-build-client --create-ext2-image. i haven't really tested this much since i wrote that feature... note that the --create-ext2-image option is a little different than the NBD image that ltsp-update-image creates (or --sqaushfs-image). it uses nbd-client's initramfs-tools hooks, and a plain ext2 filesystem, which can be tweaked by mounting the image. it was noticeably faster than NFS, too... I wish to boot the ltsp-kernel using grub and load the file system (i386.img) over the network from a server (which ever). I have copied the said files except i386.img to another debian lenny's /boot, and modified the menu.lst in /boot/grub and created a new title. But how do i specify the root fs? why not just network boot them? Normally it is 'root (hd0,0)' . How do i change it so that the i386.img gets loaded from 192.168.0.196:/opt/ltsp/image/ ? you'll need nbdrootd configured in /etc/inetd.conf: update-inetd --group LTSP --add 2000 stream tcp nowait nobody /usr/sbin/tcpd /usr/sbin/nbdrootd the commandline arguments you'll need to pass, which should already be configured in /var/lib/tftpboot/ltsp/i386/pxelinux.cfg/default if you're using the typical network booting: root=/dev/nbd0 ip=dhcp boot=local nbdroot=192.168.0.196,2000 live well, vagrant -- _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp-5 over Grub
For some reason this does not sound like LTSP. Might be just me.? On Fri, Dec 19, 2008 at 6:08 PM, Vagrant Cascadian vagr...@freegeek.orgwrote: On Fri, Dec 19, 2008 at 04:13:42PM +0530, Nataraj S Narayan wrote: This is some where in the middle of my Ltsp server on XP experiment. that doesn't sound very fun... :) I finally managed to get vmlinuz -2.6.26-1-486, initrd.img-2.6.26-1-486 and a i386.img (file system). For this I used Debian Lenny and installed ltsp-server package, and then ltsp-build-client --create-ext2-image. i haven't really tested this much since i wrote that feature... note that the --create-ext2-image option is a little different than the NBD image that ltsp-update-image creates (or --sqaushfs-image). it uses nbd-client's initramfs-tools hooks, and a plain ext2 filesystem, which can be tweaked by mounting the image. it was noticeably faster than NFS, too... I wish to boot the ltsp-kernel using grub and load the file system (i386.img) over the network from a server (which ever). I have copied the said files except i386.img to another debian lenny's /boot, and modified the menu.lst in /boot/grub and created a new title. But how do i specify the root fs? why not just network boot them? Normally it is 'root (hd0,0)' . How do i change it so that the i386.img gets loaded from 192.168.0.196:/opt/ltsp/image/ ? you'll need nbdrootd configured in /etc/inetd.conf: update-inetd --group LTSP --add 2000 stream tcp nowait nobody /usr/sbin/tcpd /usr/sbin/nbdrootd the commandline arguments you'll need to pass, which should already be configured in /var/lib/tftpboot/ltsp/i386/pxelinux.cfg/default if you're using the typical network booting: root=/dev/nbd0 ip=dhcp boot=local nbdroot=192.168.0.196,2000 live well, vagrant -- _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- -- Michael H. Collins http://linuxlink.org -- _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
Le jeudi 18 décembre 2008 12:41:11 Nataraj S Narayan, vous avez écrit : The situation is like this. A guy who was a techie at Microsoft wants to have RDP from thin clients without the license restrictions. This person is a client of a personal friend of mine, so I am being forced to help him. If the cost of license is a problem, you could also try the 2X product. There is a free (as in beer) edition of 2X which allow 5 simultaneous connection. See http://2x.com/ There is also the free (as in speech: GPL) 2X ThinClientServer PXES Edition that you can download here http://www.2x.com/downloads/#tcs_old -- Xavier xav...@alternatif.org 09 54 06 16 26 -- _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
On Thursday 18 Dec 2008, Nataraj S Narayan wrote: I need to use Ltsp linux clients, but they tftp server, dhcp server and nfs server are hosted on a Windows XP machine. Can I have the pxelinux.0 ,ltsp kernel and file system Image on an XP machine? I struggle to understand, perhaps this makes more sense to others? Running these services from Windows, is like trying to fit a square peg in a round hole; do enough hammering and you might succeed, but why make your life so difficult? Stick to Linux for tftp, dhcp and nfs, it'll be easier in the long run. If you are simply wanting to connect from a Windows XP Client to Linux, then there are several options, which are listed on the following page: http://wiki.ltsp.org/twiki/bin/view/Ltsp/Clients#Microsoft_Windows_to_LTSP_server Personally my preferred solution is to install freenx on the server and use NX Client to connect. I read that LTSP-5 uses the kernel of the host linux machine. It uses /a/ kernel installed on the server in a chroot at /opt/ltsp/i386, not the kernel of the server. ITC, I will I be able to use LTSP-5 for the said situation? Or should I switch to LTSP-4.2, where the kernel is separate? Stick to LTSP5. Is it true that Ltsp client files are stored in /opt/ltsp/i386 ? Yes. Also, how is it possible to have .img file containing all files in /opt/ltsp/i386 ? If I make an image of the File system and put it along with kernel and pxelinux.0 in the Windows tftp server, will the ltsp client machine extract the .img to a full RFS? What are the instructions to be given? Is it there in linuxrc file? I suspect that what you're suggesting is technically possible, but I doubt it has ever been done, and why go to such a huge effort to end up with a solution that will be less reliable than a normal LTSP installation. If you really really need to run LTSP from a Windows box (which I struggle to understand) you'd probably be better off installing a Linux LTSP Server into a virtual machine. I think you should take a step back and explain in more general terms what you are hoping to accomplish by this tortuous solution, because I would almost guarantee that there is a much simpler way of accomplishing this. -- Chris Roberts LTSP Version: 5.1.10-1~40 Windows Manager : KDE 3.5.5 Distribution: Debian Etch Kernel : 2.6.22-3-k7 -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
Hi The situation is like this. A guy who was a techie at Microsoft wants to have RDP from thin clients without the license restrictions. This person is a client of a personal friend of mine, so I am being forced to help him. The plan is to boot Linux over network and use RDP client in Linux to connect to Windows Terminal service. I am not exactly sure why this ex-Microsoft guy wants only WIndows XP as server, not Linux server. This guy has somehow got a pxelinuix.0 , a third party Linux kernel and a file system image, which he is able to boot over LAN, and boot into Linux, from a Windows XP machine. The XP machine ,of course , has dhcp, nfs and tftp services. This kernel and file system rolled into one file, from some vendor, which loads RDP client automatically and then connects to XP Terminal service. But the problem is that he isn't able to get this working on latest Intel Atom boards and Amd Sempron machines, due to the fact that the kernel doesn't have neccessy drivers for NICs on these boards. So, what he wants from me is a kernel that can be loaded by PXE boot and a file system that gives an rdesktop. Is it feasible at this point? regards Nataraj On Thu, Dec 18, 2008 at 3:31 PM, Chris Roberts c...@tridentgarages.co.uk wrote: On Thursday 18 Dec 2008, Nataraj S Narayan wrote: I need to use Ltsp linux clients, but they tftp server, dhcp server and nfs server are hosted on a Windows XP machine. Can I have the pxelinux.0 ,ltsp kernel and file system Image on an XP machine? I struggle to understand, perhaps this makes more sense to others? Running these services from Windows, is like trying to fit a square peg in a round hole; do enough hammering and you might succeed, but why make your life so difficult? Stick to Linux for tftp, dhcp and nfs, it'll be easier in the long run. If you are simply wanting to connect from a Windows XP Client to Linux, then there are several options, which are listed on the following page: http://wiki.ltsp.org/twiki/bin/view/Ltsp/Clients#Microsoft_Windows_to_LTSP_server Personally my preferred solution is to install freenx on the server and use NX Client to connect. I read that LTSP-5 uses the kernel of the host linux machine. It uses /a/ kernel installed on the server in a chroot at /opt/ltsp/i386, not the kernel of the server. ITC, I will I be able to use LTSP-5 for the said situation? Or should I switch to LTSP-4.2, where the kernel is separate? Stick to LTSP5. Is it true that Ltsp client files are stored in /opt/ltsp/i386 ? Yes. Also, how is it possible to have .img file containing all files in /opt/ltsp/i386 ? If I make an image of the File system and put it along with kernel and pxelinux.0 in the Windows tftp server, will the ltsp client machine extract the .img to a full RFS? What are the instructions to be given? Is it there in linuxrc file? I suspect that what you're suggesting is technically possible, but I doubt it has ever been done, and why go to such a huge effort to end up with a solution that will be less reliable than a normal LTSP installation. If you really really need to run LTSP from a Windows box (which I struggle to understand) you'd probably be better off installing a Linux LTSP Server into a virtual machine. I think you should take a step back and explain in more general terms what you are hoping to accomplish by this tortuous solution, because I would almost guarantee that there is a much simpler way of accomplishing this. -- Chris Roberts LTSP Version: 5.1.10-1~40 Windows Manager : KDE 3.5.5 Distribution: Debian Etch Kernel : 2.6.22-3-k7 -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
Yes you can have something of this sort. But you have to enable Terminal server on XP. There was some workaround for that. You can have DHCP,TFTP running on XP. there is one free utility available for it. I am forgetting this name as I have done this 3-4 years back. Once you make your thinclients boot, You can make them run rdesktop directly and specify the terminal server name in boot config file thinclients doenload thry TFTP while booting. Ashish Nabira nab...@sun.com http://sun.com Work is worship. On 18-Dec-08, at 5:11 PM, Nataraj S Narayan wrote: Hi The situation is like this. A guy who was a techie at Microsoft wants to have RDP from thin clients without the license restrictions. This person is a client of a personal friend of mine, so I am being forced to help him. The plan is to boot Linux over network and use RDP client in Linux to connect to Windows Terminal service. I am not exactly sure why this ex-Microsoft guy wants only WIndows XP as server, not Linux server. This guy has somehow got a pxelinuix.0 , a third party Linux kernel and a file system image, which he is able to boot over LAN, and boot into Linux, from a Windows XP machine. The XP machine ,of course , has dhcp, nfs and tftp services. This kernel and file system rolled into one file, from some vendor, which loads RDP client automatically and then connects to XP Terminal service. But the problem is that he isn't able to get this working on latest Intel Atom boards and Amd Sempron machines, due to the fact that the kernel doesn't have neccessy drivers for NICs on these boards. So, what he wants from me is a kernel that can be loaded by PXE boot and a file system that gives an rdesktop. Is it feasible at this point? regards Nataraj On Thu, Dec 18, 2008 at 3:31 PM, Chris Roberts c...@tridentgarages.co.uk wrote: On Thursday 18 Dec 2008, Nataraj S Narayan wrote: I need to use Ltsp linux clients, but they tftp server, dhcp server and nfs server are hosted on a Windows XP machine. Can I have the pxelinux.0 ,ltsp kernel and file system Image on an XP machine? I struggle to understand, perhaps this makes more sense to others? Running these services from Windows, is like trying to fit a square peg in a round hole; do enough hammering and you might succeed, but why make your life so difficult? Stick to Linux for tftp, dhcp and nfs, it'll be easier in the long run. If you are simply wanting to connect from a Windows XP Client to Linux, then there are several options, which are listed on the following page: http://wiki.ltsp.org/twiki/bin/view/Ltsp/Clients#Microsoft_Windows_to_LTSP_server Personally my preferred solution is to install freenx on the server and use NX Client to connect. I read that LTSP-5 uses the kernel of the host linux machine. It uses /a/ kernel installed on the server in a chroot at /opt/ltsp/ i386, not the kernel of the server. ITC, I will I be able to use LTSP-5 for the said situation? Or should I switch to LTSP-4.2, where the kernel is separate? Stick to LTSP5. Is it true that Ltsp client files are stored in /opt/ltsp/i386 ? Yes. Also, how is it possible to have .img file containing all files in /opt/ltsp/i386 ? If I make an image of the File system and put it along with kernel and pxelinux.0 in the Windows tftp server, will the ltsp client machine extract the .img to a full RFS? What are the instructions to be given? Is it there in linuxrc file? I suspect that what you're suggesting is technically possible, but I doubt it has ever been done, and why go to such a huge effort to end up with a solution that will be less reliable than a normal LTSP installation. If you really really need to run LTSP from a Windows box (which I struggle to understand) you'd probably be better off installing a Linux LTSP Server into a virtual machine. I think you should take a step back and explain in more general terms what you are hoping to accomplish by this tortuous solution, because I would almost guarantee that there is a much simpler way of accomplishing this. -- Chris Roberts LTSP Version: 5.1.10-1~40 Windows Manager : KDE 3.5.5 Distribution: Debian Etch Kernel : 2.6.22-3-k7 -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
Nataraj S Narayan wrote: The situation is like this. A guy who was a techie at Microsoft wants to have RDP from thin clients without the license restrictions. This person is a client of a personal friend of mine, so I am being forced to help him. Nonsense. A real friend won't ask you to help a client do something illegal. -Jonathan -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
Well, I think the guy needs RDP as just one of the Apps, while he can use all other Linux apps. Come on, at least we give credit for an M$ guy is trying out Linux. He might switch over fully soon enough. regards Nataraj On Thu, Dec 18, 2008 at 6:27 PM, Jonathan Carter (highvoltage) jonat...@ubuntu.com wrote: Nataraj S Narayan wrote: The situation is like this. A guy who was a techie at Microsoft wants to have RDP from thin clients without the license restrictions. This person is a client of a personal friend of mine, so I am being forced to help him. Nonsense. A real friend won't ask you to help a client do something illegal. -Jonathan -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
Maybe these links will be of interest: http://www.ncomputing.com/ http://www.xpunlimited.com/ Sounds like what you really want to do is run a regular LTSP server and RDP to a Windows Terminal Server and/or Windows XP machine. I suggest you use LTSP 5, and forget about putting tftp, etc on the Windows machine. The standard LTSP 5 server will boot most thin clients, and those thin clients can then RDP to whatever machine you want. Unless this guy thinks that by running tftp, etc on the Windows machine will somehow get around the license issues. But that is probably illegal and probably a lot of work. Besides, why steal Windows when there are better alternatives available for free? Tell us why this guy thinks he needs Windows, and maybe somebody can suggest alternative free software for him to try. -Rob Nataraj S Narayan wrote: Hi The situation is like this. A guy who was a techie at Microsoft wants to have RDP from thin clients without the license restrictions. This person is a client of a personal friend of mine, so I am being forced to help him. The plan is to boot Linux over network and use RDP client in Linux to connect to Windows Terminal service. I am not exactly sure why this ex-Microsoft guy wants only WIndows XP as server, not Linux server. This guy has somehow got a pxelinuix.0 , a third party Linux kernel and a file system image, which he is able to boot over LAN, and boot into Linux, from a Windows XP machine. The XP machine ,of course , has dhcp, nfs and tftp services. This kernel and file system rolled into one file, from some vendor, which loads RDP client automatically and then connects to XP Terminal service. But the problem is that he isn't able to get this working on latest Intel Atom boards and Amd Sempron machines, due to the fact that the kernel doesn't have neccessy drivers for NICs on these boards. So, what he wants from me is a kernel that can be loaded by PXE boot and a file system that gives an rdesktop. Is it feasible at this point? regards Nataraj On Thu, Dec 18, 2008 at 3:31 PM, Chris Roberts c...@tridentgarages.co.uk wrote: On Thursday 18 Dec 2008, Nataraj S Narayan wrote: I need to use Ltsp linux clients, but they tftp server, dhcp server and nfs server are hosted on a Windows XP machine. Can I have the pxelinux.0 ,ltsp kernel and file system Image on an XP machine? I struggle to understand, perhaps this makes more sense to others? Running these services from Windows, is like trying to fit a square peg in a round hole; do enough hammering and you might succeed, but why make your life so difficult? Stick to Linux for tftp, dhcp and nfs, it'll be easier in the long run. If you are simply wanting to connect from a Windows XP Client to Linux, then there are several options, which are listed on the following page: http://wiki.ltsp.org/twiki/bin/view/Ltsp/Clients#Microsoft_Windows_to_LTSP_server Personally my preferred solution is to install freenx on the server and use NX Client to connect. I read that LTSP-5 uses the kernel of the host linux machine. It uses /a/ kernel installed on the server in a chroot at /opt/ltsp/i386, not the kernel of the server. ITC, I will I be able to use LTSP-5 for the said situation? Or should I switch to LTSP-4.2, where the kernel is separate? Stick to LTSP5. Is it true that Ltsp client files are stored in /opt/ltsp/i386 ? Yes. Also, how is it possible to have .img file containing all files in /opt/ltsp/i386 ? If I make an image of the File system and put it along with kernel and pxelinux.0 in the Windows tftp server, will the ltsp client machine extract the .img to a full RFS? What are the instructions to be given? Is it there in linuxrc file? I suspect that what you're suggesting is technically possible, but I doubt it has ever been done, and why go to such a huge effort to end up with a solution that will be less reliable than a normal LTSP installation. If you really really need to run LTSP from a Windows box (which I struggle to understand) you'd probably be better off installing a Linux LTSP Server into a virtual machine. I think you should take a step back and explain in more general terms what you are hoping to accomplish by this tortuous solution, because I would almost guarantee that there is a much simpler way of accomplishing this. -- Chris Roberts LTSP Version: 5.1.10-1~40 Windows Manager : KDE 3.5.5 Distribution: Debian Etch Kernel : 2.6.22-3-k7 -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
On Thursday 18 Dec 2008, Nataraj S Narayan wrote: The situation is like this. A guy who was a techie at Microsoft wants to have RDP from thin clients without the license restrictions. This person is a client of a personal friend of mine, so I am being forced to help him. Licence restrictions are more than just a technical limitation - they are a legal restriction, which cannot be circumvented by using Linux. The plan is to boot Linux over network and use RDP client in Linux to connect to Windows Terminal service. I am not exactly sure why this ex-Microsoft guy wants only WIndows XP as server, not Linux server. Worth finding out - you could have this working using a traditional LTSP set-up in an hour or so, including having clients booting rdesktop automatically. But the problem is that he isn't able to get this working on latest Intel Atom boards and Amd Sempron machines, due to the fact that the kernel doesn't have neccessy drivers for NICs on these boards. So, what he wants from me is a kernel that can be loaded by PXE boot and a file system that gives an rdesktop. Is it feasible at this point? I would say so, but it makes my head hurt - it's probably the most convuluted method of connecting to a Windows machine imaginable, and does nothing to avoid the licensing costs. -- Chris Roberts LTSP Version: 5.1.10-1~40 Windows Manager : KDE 3.5.5 Distribution: Debian Etch Kernel : 2.6.22-3-k7 -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
Chris Roberts wrote: I would say so, but it makes my head hurt - it's probably the most convuluted method of connecting to a Windows machine imaginable, and does nothing to avoid the licensing costs. I guess running an LTSP server inside a virtual machine inside of Windows would probably be a bit better. -Jonathan -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
Jonathan Carter (highvoltage) kirjoitti: I guess running an LTSP server inside a virtual machine inside of Windows would probably be a bit better. Something like this ;-) Ubuntu 7.10 Desktop (Virtualbox XP (Ubuntu 7.10 Server KVM (Fedora 10 (Fedora 10 Thin Client http://www.arkki.info/howto/Fedora10/KVM_Virtualbox_01.png More seriously. We have a windows dhcpd server for LTSP5 clients (Ubuntu 8.04.1). XP's uses that same windows server as a dhcpd server, and LTSP5 clients and Ubuntu desktops/laptops uses that windows server as a file server. https://help.ubuntu.com/community/UbuntuLTSP/LTSPWindowsDHCP http://www.arkki.info/howto/Wiki/LTSP5-Kokkola/Windows_dhcpd.png 10.38.8.6 - Windows Server 10.38.8.8 - LTSP5 Server (Ubuntu 8.04.1) One windows server, XP's, LTSP5 clients and Ubuntu desktops/laptops are happy together, don't make things more difficult than they already are. Best Regards Asmo Koskinen. -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
Asmo Koskinen kirjoitti: Ubuntu 7.10 Desktop (Virtualbox XP (Ubuntu 7.10 Server KVM (Fedora 10 (Fedora 10 Thin Client http://www.arkki.info/howto/Fedora10/KVM_Virtualbox_01.png Krhm... Ubuntu 8.10 Desktop (Virtualbox XP (Ubuntu 8.10 Server KVM (Fedora 10 Fedora 10 Thin Client Best Regards Asmo Koskinen. -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
I believe the answer to your woes lies here: http://www.thinstation.net/ Keep it simple dude. ;-) Hope I haven't over-simplified your need. SB -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
On Thu, Dec 18, 2008 at 05:11:11PM +0530, Nataraj S Narayan wrote: Hi The situation is like this. A guy who was a techie at Microsoft wants to have RDP from thin clients without the license restrictions. Although, by using LTSP thin clients for access, he won't have to buy the client side of the license, he'll still be liable for the server side of the license which, last time I checked (4+ years ago) was the expensive bit. Could someone else update us with the latest CAL pricing structure? Cheers, Scott -- Scott L. Balneaves | There are many causes I am prepared to die for, Systems Department | but no causes I am prepared to kill for. Legal Aid Manitoba |-- Mohandas Karamchand Gandhi -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
Scott Balneaves wrote: On Thu, Dec 18, 2008 at 05:11:11PM +0530, Nataraj S Narayan wrote: Hi The situation is like this. A guy who was a techie at Microsoft wants to have RDP from thin clients without the license restrictions. Although, by using LTSP thin clients for access, he won't have to buy the client side of the license, he'll still be liable for the server side of the license which, last time I checked (4+ years ago) was the expensive bit. Could someone else update us with the latest CAL pricing structure? I was recently quoted $75 US per server-side license for a Windows 2003 terminal server. -Rob The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the addressee, any disclosure, reproduction, copying, distribution, or other dissemination or use of this transmission in error please notify the sender immediately and then delete this e-mail. E-mail transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard copy version. -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
Scott Balneaves skrev: On Thu, Dec 18, 2008 at 05:11:11PM +0530, Nataraj S Narayan wrote: Hi The situation is like this. A guy who was a techie at Microsoft wants to have RDP from thin clients without the license restrictions. Although, by using LTSP thin clients for access, he won't have to buy the client side of the license, he'll still be liable for the server side of the license which, last time I checked (4+ years ago) was the expensive bit. Could someone else update us with the latest CAL pricing structure? Last I checked here in Sweden, neither Microsoft nor any of their vendors that I could contact were able to give coherent licensing or license cost info. The span between the different offers the school got was large enough to buy a small LTSP server for alone. The time wasted in finding that out would have bought a very good LTSP server indeed, had it been paid for in a decent (normal for Sweden) hourly fee. Mostly when it comes to the Windows admins I've seen, the reason for not switching is either that the organization is stuck neck deep in MS Office macros, or that it's the beast they know. BR, Gudmund -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
On Thursday 18 Dec 2008, Scott Balneaves wrote: Although, by using LTSP thin clients for access, he won't have to buy the client side of the license, he'll still be liable for the server side of the license which, last time I checked (4+ years ago) was the expensive bit. Could someone else update us with the latest CAL pricing structure? I don't believe that there is any such licensing structure for Windows XP, so your best bet is probably to buy retail licences for every user (ouch!) and even then I'm not sure that it would strictly adhere to the eula. For Windows Server 2003 I was told that I did need the terminal services CALs. UK prices six months ago were 22 GBP for the server CALs and 64 GBP for the terminal services CALs. I will be sick as a parrot if I've been wrongly advised. As I understand it, it is critical to opt for user-based licensing rather than device based licensing, and (at least when I last looked into it) it's best to downgrade to Windows Server 2003 rather than the current version which uses RDP v6. That might well be out-of-date now, depending on the state of play with rdesktop. -- Chris Roberts LTSP Version: 5.1.10-1~40 Windows Manager : KDE 3.5.5 Distribution: Debian Etch Kernel : 2.6.22-3-k7 -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ltsp 5 files on Windows XP
On Thursday 18 December 2008 23:20:51 ltsp-discuss- requ...@lists.sourceforge.net wrote: I need to use Ltsp linux clients, but they tftp server, dhcp server and nfs server are hosted on a Windows XP machine. Can I have the pxelinux.0 ,ltsp kernel and file system Image on an XP machine? I read that LTSP-5 uses the kernel of the host linux machine. ITC, I will I be able to use LTSP-5 for the said situation? Or should I switch to LTSP-4.2, where the kernel is separate? Is it true that Ltsp client files are stored in /opt/ltsp/i386 ? Also, how is it possible to have .img file containing all files in /opt/ltsp/i386 ? If I make an image of the File system and put it along with kernel and pxelinux.0 in the Windows tftp server, will the ltsp client machine extract the .img to a full RFS? What are the instructions to be given? Is it there in linuxrc file? Why not have your tftp server for the thin clients on the LTSP server. Then Your win server needs only handle dhcp. Depending on your distro NFS is not used, the LTSP server is also the NBD server. Your win dhcp needs to say 'next-server' if it can't you can put the LTSP dhcp server on the LTSP server and have it respond ONLY to mac addresses. The thin client won't boot on the wrong DHCP servers info, but I saw it boot by the second try. If you are trying to run LTSP without a LTSP srver, he he forget it James -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp-5 on Ubuntu
You might want to take a look there: https://help.ubuntu.com/community/UbuntuLTSP/LTSPQuickInstall Marc On Wed, Nov 12, 2008 at 4:41 AM, Varun Pabrai [EMAIL PROTECTED]wrote: Hello, I have installed Ubuntu-8.04. I want to setup ltsp-server. I have never done ltsp on Ubuntu. I have never done ltsp-5. apt-get showed me the following packages : ltsp-client ltsp-client - core ltspfs ltspfsd ltsp - manager ltsp - server ltsp - server - standalone Please explain me the individual packages and Which of the following packages I need to install. Thanks Varun - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- Marc Cyr - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/_ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp-5 on Ubuntu
Varun, See the Ubuntu LTSP documentation - https://help.ubuntu.com/community/UbuntuLTSP Cheers, Jordan/Lns Varun Pabrai wrote: Hello, I have installed Ubuntu-8.04. I want to setup ltsp-server. I have never done ltsp on Ubuntu. I have never done ltsp-5. apt-get showed me the following packages : ltsp-client ltsp-client - core ltspfs ltspfsd ltsp - manager ltsp - server ltsp - server - standalone Please explain me the individual packages and Which of the following packages I need to install. Thanks Varun - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- Jordan Erickson Owner, Logical Networking Solutions http://www.logicalnetworking.net 707-636-5678 Latest LNS Blogs - http://blogs.logicalnetworking.net Intel and HP team up to roll out Green PCs for the enterprise Mozilla Thunderbird Add-on Signature Switch Will Windows 7 be another Mojave Experiment? - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp-5 on Ubuntu
On Thursday 13 November 2008 07:20:41 ltsp-discuss- [EMAIL PROTECTED] wrote: I have installed Ubuntu-8.04. I want to setup ltsp-server. apt-get showed me the following packages : ltsp-client ltsp-client - core ltspfs ltspfsd ltsp - manager ltsp - server ltsp - server - standalone Please explain me the individual packages and Which of the following packages I need to install. Would suggest a test install first. Or better still try ltsp 4 series first. https://help.ubuntu.com/community/UbuntuLTSP/LTSPQuickInstall James - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp-5 on Ubuntu
2008/11/12 Varun Pabrai [EMAIL PROTECTED]: I have installed Ubuntu-8.04. I want to setup ltsp-server. apt-get showed me the following packages : ltsp-client ltsp-client - core ltspfs ltspfsd ltsp - manager ltsp - server ltsp - server - standalone Please explain me the individual packages and Which of the following packages I need to install. Would suggest a test install first. Or better still try ltsp 4 series first. -- Regards, Sudev Barar Read http://blog.sudev.in for topics ranging from here to there. PS: I know most of people do not follow email niceties (mostly they are not aware) but if you follow bottom post/in-line post style of email conversations it becomes a whole lot easier to carry on meaningful dialogue and you can snip out what is not meaningful too. Most people just hit reply button and top post leaving prior message appended uselessly at bottom. See if you can adopt this style and persuade others. In case you are already doing this . great, spread the message. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp-5 on Ubuntu
Hi Varun i have installed Ubuntu 8.04 with LTSP5 for a School Project i cannot explain all the packages but i can say to you which package i have used! ltsp-server-standalone -- this package is the hole ltsp environment (standalone means that you use the ltsp server as dhcp server too) ltsp-server -- same packages as above but with a external dhcp server... openssh-server -- this is needed because the thin clients use a ssh tunnel to communicate with the server install the two packages with apt: apt-get install ltsp-server-standalone openssh-server after the installation just run this command to build the chroot environment for the thin clients: ltsp-build-client --arch i386 (the --arch i386 is only to ensure that the build command downloads the i386 packages and not this for amd64) you chroot directory is now located in /opt/ltsp/i368 configure your dhcpd.conf file ( the file is located in /etc/ltsp/dhcpd.conf) and restart the deamon witch: /etc/init.d/dhcp3-server restart after that restart the tftp deamon with this command: invoke-rc.d openbsd-inetd restart thats all boot your thin client regards, Ivan Varun Pabrai wrote: Hello, I have installed Ubuntu-8.04. I want to setup ltsp-server. I have never done ltsp on Ubuntu. I have never done ltsp-5. apt-get showed me the following packages : ltsp-client ltsp-client - core ltspfs ltspfsd ltsp - manager ltsp - server ltsp - server - standalone Please explain me the individual packages and Which of the following packages I need to install. Thanks Varun - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp-5 on Ubuntu
Varun Pabrai kirjoitti: I have installed Ubuntu-8.04. I want to setup ltsp-server. Please explain me the individual packages and Which of the following packages I need to install. Please, please - Use Ubuntu 8.04.1 Alternate (i386), it has everything you need out-of-box. The installer will set up an out of the box working LTSP install for you if your server has two network cards built in. If that is not the case it will tell you what to modify to run with a single network card. Once you boot up the CD, hit F4. The Modes menu will pop up. Select Install an LTSP Server. Now just move on with the install. https://help.ubuntu.com/community/UbuntuLTSP/LTSPQuickInstall http://releases.ubuntu.com/releases/hardy/ After installation read all these fine manuals. https://help.ubuntu.com/community/UbuntuLTSP Best Regards Asmo Koskinen. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp-5 on Ubuntu
Hi Asmo yes sure this is the easiest way to install ltsp on a ubuntu... but the learn effect is very poor regards Ivan Asmo Koskinen wrote: Varun Pabrai kirjoitti: I have installed Ubuntu-8.04. I want to setup ltsp-server. Please explain me the individual packages and Which of the following packages I need to install. Please, please - Use Ubuntu 8.04.1 Alternate (i386), it has everything you need out-of-box. The installer will set up an out of the box working LTSP install for you if your server has two network cards built in. If that is not the case it will tell you what to modify to run with a single network card. Once you boot up the CD, hit F4. The Modes menu will pop up. Select Install an LTSP Server. Now just move on with the install. https://help.ubuntu.com/community/UbuntuLTSP/LTSPQuickInstall http://releases.ubuntu.com/releases/hardy/ After installation read all these fine manuals. https://help.ubuntu.com/community/UbuntuLTSP Best Regards Asmo Koskinen. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp-5 on Ubuntu
Hi Varun Varun Pabrai wrote: I have installed Ubuntu-8.04. I want to setup ltsp-server. From a command line, do a sudo apt-get install ltsp-server. If you want to run a DHCP server from the same machine, do a sudo apt-get install ltsp-server-standalone. If your server IP is not on a 192.168.0.0 network, you'll have to modify /etc/ltsp/dhcpd.conf file a bit of a tweak. Then all you need to do is do a ltsp-build-client, and then you can boot up your clients from that server. Don't install the ltsp-client packages on your server, those get installed in your client chroot. If you manage to install it on your server, it will break your server (luckily debconf prevents you from doing that these days). -Jonathan - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] ltsp-5 on Ubuntu
Ivan Torretti - Sun Microsystems Schweiz AG kirjoitti: yes sure this is the easiest way to install ltsp on a ubuntu... but the learn effect is very poor Ok. You can read these pages about theory first and then install the way you like most. http://doc.ubuntu.com/edubuntu/edubuntu/handbook/C/ltsp-theory.html http://www.ltsp.org/~sbalneav/LTSPManual.html#AEN278 Best Regards Asmo Koskinen. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5, LDM Autologin and poweroff
hi, Am Montag, den 03.11.2008, 11:14 -0500 schrieb Gideon Romm: acpid is not installed in a default chroot. it definately is in ubuntu, not sure what chroot you look at though, but ltsp-client depends on it since hardy (i'm not sure, but i think it was like that even in gutsy) ciao oli signature.asc Description: Dies ist ein digital signierter Nachrichtenteil - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/_ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5, LDM Autologin and poweroff
Il giorno 01/nov/08, alle ore 12:00, SZABO Zsolt ha scritto: On Sat, 1 Nov 2008, Francesco D'Offizi wrote: If user logout then client log in again, no way to tell the client to poweroff. Is there any solution to this task? The power(off) button on the box of the client? ;-) Great, but only pushing it doesn't work... it should be there some script to power off the machine or I must keep pressed power button for 4 sec til machine shutdowns, that works but it's not as clean as I'd like... Must I put some acpi stuff in ltsp environment? Hmmm... of course the client must be acpi capable. On older hardware you may need apm as well, but I cannot remember that someone would have needed such setup. Here it works out of the box, i.e. I did not have to tweak the kernel setup... (ltsp5, debian etch, setup date Nov 2007) Anyway you should check on the clients whether the acpi modules are loaded... (or compiled in the kernel). -- Zsolt The client is acpi capable (HP T5135) cause it natively runs on a linux based image provided by hp and power off button starts shutdown routine. How can I check that acpi is loaded in my ltsp client image? I'm using default edubuntu 8.04 ltsp environment... thanks -- PClinic di Francesco D'Offizi via Tembien 15 - 00199 Roma P.IVA: 09294391009 CCIAA RM: 1156920 CF: DFFFNC81D14G702N e-mail: [EMAIL PROTECTED] telefono: 0692963084 - mobile: 3295465113 - fax: 0697252583 - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5, LDM Autologin and poweroff
acpid is not installed in a default chroot. If you want to force Instant Off capabilities, you can either: 1. Go into the thin client BIOS and *disable* ACPI and set the Power button from 4 secs to Instant Off (on most BIOSes); or 2. install acpid into your chroot and reroll the image -Gadi On Mon, 2008-11-03 at 11:57 +0100, Francesco D'Offizi wrote: Il giorno 01/nov/08, alle ore 12:00, SZABO Zsolt ha scritto: On Sat, 1 Nov 2008, Francesco D'Offizi wrote: If user logout then client log in again, no way to tell the client to poweroff. Is there any solution to this task? The power(off) button on the box of the client? ;-) Great, but only pushing it doesn't work... it should be there some script to power off the machine or I must keep pressed power button for 4 sec til machine shutdowns, that works but it's not as clean as I'd like... Must I put some acpi stuff in ltsp environment? Hmmm... of course the client must be acpi capable. On older hardware you may need apm as well, but I cannot remember that someone would have needed such setup. Here it works out of the box, i.e. I did not have to tweak the kernel setup... (ltsp5, debian etch, setup date Nov 2007) Anyway you should check on the clients whether the acpi modules are loaded... (or compiled in the kernel). -- Zsolt The client is acpi capable (HP T5135) cause it natively runs on a linux based image provided by hp and power off button starts shutdown routine. How can I check that acpi is loaded in my ltsp client image? I'm using default edubuntu 8.04 ltsp environment... thanks -- PClinic di Francesco D'Offizi via Tembien 15 - 00199 Roma P.IVA: 09294391009 CCIAA RM: 1156920 CF: DFFFNC81D14G702N e-mail: [EMAIL PROTECTED] telefono: 0692963084 - mobile: 3295465113 - fax: 0697252583 - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- Gideon Romm | Proud LTSP Developer [EMAIL PROTECTED] Support LTSP! Buy your hardware at: www.DisklessWorkstations.com www.DisklessThinClients.com (use coupon code: LTSP5P for 5% off thin clients from DisklessThinClients.com) - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5, LDM Autologin and poweroff
On Sat, 1 Nov 2008, Francesco D'Offizi wrote: If user logout then client log in again, no way to tell the client to poweroff. Is there any solution to this task? The power(off) button on the box of the client? ;-) Great, but only pushing it doesn't work... it should be there some script to power off the machine or I must keep pressed power button for 4 sec til machine shutdowns, that works but it's not as clean as I'd like... Must I put some acpi stuff in ltsp environment? Hmmm... of course the client must be acpi capable. On older hardware you may need apm as well, but I cannot remember that someone would have needed such setup. Here it works out of the box, i.e. I did not have to tweak the kernel setup... (ltsp5, debian etch, setup date Nov 2007) Anyway you should check on the clients whether the acpi modules are loaded... (or compiled in the kernel). -- Zsolt - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5, LDM Autologin and poweroff
Il giorno 31/ott/08, alle ore 21:00, SZABO Zsolt ha scritto: On Fri, 31 Oct 2008, Francesco D'Offizi wrote: I set up some LTSP clients with autologin but I need to even to poweroff clients when users finish working but with this configuration it seems to be not possible at all. If user logout then client log in again, no way to tell the client to poweroff. Is there any solution to this task? The power(off) button on the box of the client? ;-) Great, but only pushing it doesn't work... it should be there some script to power off the machine or I must keep pressed power button for 4 sec til machine shutdowns, that works but it's not as clean as I'd like... Must I put some acpi stuff in ltsp environment? -- PClinic di Francesco D'Offizi via Tembien 15 - 00199 Roma P.IVA: 09294391009 CCIAA RM: 1156920 CF: DFFFNC81D14G702N e-mail: [EMAIL PROTECTED] telefono: 0692963084 - mobile: 3295465113 - fax: 0697252583 - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5, LDM Autologin and poweroff
On Fri, 31 Oct 2008, Francesco D'Offizi wrote: I set up some LTSP clients with autologin but I need to even to poweroff clients when users finish working but with this configuration it seems to be not possible at all. If user logout then client log in again, no way to tell the client to poweroff. Is there any solution to this task? The power(off) button on the box of the client? ;-) -- Zsolt - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5, LDM Autologin and poweroff
On Saturday 01 November 2008 07:55:29 ltsp-discuss- [EMAIL PROTECTED] wrote: I set up some LTSP clients with autologin but I need to even to poweroff clients when users finish working but with this configuration it seems to be not possible at all. If user logout then client log in again, no way to tell the client to poweroff. Is there any solution to this task? Logout - wait ... reset Not had any problems, but it's really rather horrid Mostly I just shutdown the server and power off James - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
On Tue, Oct 14, 2008 at 9:18 AM, Timothy Legge [EMAIL PROTECTED] wrote: Hi Just a couple of notes on my recent implementation of Ubuntu with LTSP 5. The progress on sound, local devices etc is amazing compared to my first FC1 based install. Most things just work in initial testing but I am sure the users will find issues when they start looking. I did run into a few gotchas for server hardening though: 1) Clients run over ssh so the typical things that I configure caused issues, notably: a) AllowUsers b) Changing the default port from 22 to something else I run 2 ssh servers, one on port 22 for the thin clients and all users (except root) allowed, another on an alternate port with only administrators allowed. It takes a few minutes of work to get a second server running if you know what you're doing. I don't have a link handy, but search the archives for my posts on the topic from within the last year for instructions. db - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/_ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
On Tue, Oct 14, 2008 at 9:18 AM, Timothy Legge [EMAIL PROTECTED] wrote: Hi Just a couple of notes on my recent implementation of Ubuntu with LTSP 5. The progress on sound, local devices etc is amazing compared to my first FC1 based install. Most things just work in initial testing but I am sure the users will find issues when they start looking. I did run into a few gotchas for server hardening though: 1) Clients run over ssh so the typical things that I configure caused issues, notably: a) AllowUsers b) Changing the default port from 22 to something else I run 2 ssh servers, one on port 22 for the thin clients and all users (except root) allowed, another on an alternate port with only administrators allowed. It takes a few minutes of work to get a second server running if you know what you're doing. I don't have a link handy, but search the archives for my posts on the topic from within the last year for instructions. db - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/_ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
jam wrote: On Friday 17 October 2008 05:01:51 [EMAIL PROTECTED] wrote: [snip] As I've pointed out, ltsp is an alternate use of ssh, and as Rob pointed out, ltsp requires that ssh be configured in a way that is simply unacceptable for traditional use, i.e., remote (open) access. [snip] No it simply means YOU don't know how to do it. Making LTSP more complicated to solve THAT problem is silly. I don't understand why people keep claiming that anybody is trying to make LTSP more complicated. This all started with somebody donating documentation in order to explain to users how to run sshd on 2 ports with 2 config files. The discussion then turned to creating a package that would do all the dirty work for you. Nobody is attempting to make LTSP more complicated. -Rob The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the addressee, any disclosure, reproduction, copying, distribution, or other dissemination or use of this transmission in error please notify the sender immediately and then delete this e-mail. E-mail transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard copy version. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
jam wrote: On Friday 17 October 2008 01:47:37 [EMAIL PROTECTED] wrote: Personally I don't see the benefit to have an additional SSH server by default running... if your network isn't firewalled, you've got a lot more to worry about than an open SSH port. It's common network administration practice to have a firewall in place - and who gives their LTSP server a public IP address, anyway? My ltsp server is firewalled _and_ I need to access it via ssh on the internet. Therefore it makes perfect sense to have a daemon on a firewalled port taking connections from the tc, and a second daemon on a NATed port accepting connections from whitelisted administrators I've resisted adding my $.02 three times in this digest, finally succomed :-) Security through complexity is dumb and ends up biting you: My server is on a 192.168. From the WORLD it is only available via a non standard port, internally 22 and ltsp is bog standard. Port forwarding done by a Dlink 604T, cost 1 hour labour. Me too--server runs single sshd on port 22, router forwards nonstandard port to port 22 on server. As previous digest-mail said ssh on 2 ports is trivial After having done it on 3 different machines, I'm pretty comfortable with it now but I still wouldn't call it trivial. Regardless, I had to do some research and made some mistakes before I got it right the first time. Since then, I've seen at least 3 others on this list ask how to do it. This indicates to me that there is a need for this. -Rob The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the addressee, any disclosure, reproduction, copying, distribution, or other dissemination or use of this transmission in error please notify the sender immediately and then delete this e-mail. E-mail transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard copy version. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
Scott Balneaves wrote: On Thu, Oct 16, 2008 at 01:51:45PM -0600, David Burgess wrote: I'm not criticising the ltsp team. I love what they provide. And I'm not asking anybody--I hope--to change the way your ssh server or ltsp server operates. I simply think it would be a boon to the project to remove some of the pain in creating what I suspect would be a fairly popular scenario among ltsp admins and facilitate the ability to access the server remotely without compromising the very good security provided by the OpenSSH server. Two things I'd like to point out: 1) LTSP doesn't modify the ssh server configs in any way. It's not like sshd installs with only rsa-key methods enabled, and LTSP twiddles with the sshd configs to reduce security by enabling password access: password access to ssh comes enabled by default. In fact, due to packaging policies on Debian, Ubuntu, and (I suspect) Fedora, our package would be forbidden to twiddle with the config. This is not a feature request, simply brainstorming: What if you left the standard config file alone, but added /etc/ltsp/sshd_config and configured a daemon to run using that config file (not on port 22). Would that be forbidden? I think what would be ideal (for me anyway, possibly for others) is if LTSP used an ssh daemon that was only available to LTSP clients. For instance, if the ssh server (on an alternate port) could be configured to only talk to the chroot. I'm imagining something similar to the way NX Client works. It can only connect to the NX Server if it has the proper keyfile installed. Once it connects with the key, the user can authenticate using a password. For LTSP, the private key would be installed in the chroot and the public key would be installed on the server. 2) I think the simplest is, if someone wants to write a script to do this, and test it throuoghly, it could simply be added to the /usr/share/docs/ltsp/examples directory, when an admin would have it to ready access if needed. Thanks for bringing some sanity to this discussion. That's all the original poster was looking for -- a way to share his learning experience with others. -Rob The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the addressee, any disclosure, reproduction, copying, distribution, or other dissemination or use of this transmission in error please notify the sender immediately and then delete this e-mail. E-mail transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard copy version. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
On Friday 17 October 2008 21:10:26 [EMAIL PROTECTED] wrote: No it simply means YOU don't know how to do it. Making LTSP more complicated to solve THAT problem is silly. My previous mail shows 2 ways to achieve bog-standard-ltsp AND administrator access without passwd access from the internet If I understood your post, you're describing a server between the ltsp server and all incoming connections from the internet. There's nothing wrong with that, but if you call that simpler than running a second instance of sshd on a single machine, then you and I have different perspectives on simple. Ouch - let them eat cake!, I'd never considered a site with a single server only So you're correct and I'm sorry :-) James PS Mari Antonette, during French revolution, when told the poor could not buy bread :-) - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
On Fri, Oct 17, 2008 at 10:24 AM, Rob Owens [EMAIL PROTECTED] wrote: Thanks for bringing some sanity to this discussion. That's all the original poster was looking for -- a way to share his learning experience with others. Exactly. My original post listed a couple of the issues I ran into when attempting to lock down a LTSP 5 server. Some of the points were just different than what I ran into with older versions of LTSP. The use of ssh for the terminals means that some adjustments to my normal lock down procedures are necessary. Making ssh available to the Internet from a default LTSP 5 server is not secure (even on a non standard port) unless you trust your users to create good passwords (or you use keys) and if you trust your users, you have already lost ;-). That is not to say that LTSP 5 is not secure, but the use of ssh in its default configuration makes your server vulnerable to your users ability to create a decent password. Until I get around to configuring the second ssh daemon I will simply connect to the LTSP 5 server through a different server... Tim - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
Frank Bergmann wrote: Timothy Legge schrieb: Hi Just a couple of notes on my recent implementation of Ubuntu with LTSP 5. The progress on sound, local devices etc is amazing compared to my first FC1 based install. Most things just work in initial testing but I am sure the users will find issues when they start looking. I did run into a few gotchas for server hardening though: 1) Clients run over ssh so the typical things that I configure caused issues, notably: a) AllowUsers b) Changing the default port from 22 to something else 2) Running Bastille Unix to lock down the server disabled tftp and changed the permissions on tcpd changing them bak to the original with all other settings 3) denyhosts with LTSP is problematic because incorrect passwords on the terminals will cause them to be locked out 4) Locking down FireFox 3 proxy settings is a little annoying. The script I normally use works but I need to manually copy a firefox.cfg to the firefox directory. I need to look to see if there is a newer version. 5) I have one client that seems to rev up when using flash that I need to look at (the fans kick in and it makes a heck of a noise) I will probably look into whether denyhosts can ignore the terminal network and whether it makes sense to run two ssh daemons one internal and one external. Does anyone else have server hardening processes that you use for LTSP? Tim - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net A simple solution is running sshd on two ports simultaniously: Port 22 Port 22022 It's a bit dirty because it runs with the same configuration, but it's easy and quick. Enable port forwarding in your router and disable port 22 and you get the brute force attacks out. Note that I found my home router would not forward a port as high as 22022. When I changed it to a 4-digit port (starting with 2) it worked. -Rob The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the addressee, any disclosure, reproduction, copying, distribution, or other dissemination or use of this transmission in error please notify the sender immediately and then delete this e-mail. E-mail transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard copy version. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
jam wrote: On Thursday 16 October 2008 07:19:04 ltsp-discuss- [EMAIL PROTECTED] wrote: Personally I don't see the benefit to have an additional SSH server by default running... if your network isn't firewalled, you've got a lot more to worry about than an open SSH port. It's common network administration practice to have a firewall in place - and who gives their LTSP server a public IP address, anyway? My ltsp server is firewalled _and_ I need to access it via ssh on the internet. Therefore it makes perfect sense to have a daemon on a firewalled port taking connections from the tc, and a second daemon on a NATed port accepting connections from whitelisted administrators I've resisted adding my $.02 three times in this digest, finally succomed :-) Security through complexity is dumb and ends up biting you: My server is on a 192.168. From the WORLD it is only available via a non standard port, internally 22 and ltsp is bog standard. This means that you must be accepting password authentication from the internet, which I personally don't want to do for security reasons. Therefore running 2 daemons with 2 config files makes perfect sense and is exactly what I need. -Rob Port forwarding done by a Dlink 604T, cost 1 hour labour. So if you are playing, then a really scrappy implementation like this is fun to do, but for real systems KISS (Keep It Simple ...) James - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the addressee, any disclosure, reproduction, copying, distribution, or other dissemination or use of this transmission in error please notify the sender immediately and then delete this e-mail. E-mail transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard copy version. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
Hi, On Thu, 16 Oct 2008, jam wrote: Security through complexity is dumb and ends up biting you: Security by obscurity will probably work against brute force ssh worms, but is less likely to work where there is a determined attack. My server is on a 192.168. From the WORLD it is only available via a non standard port, internally 22 and ltsp is bog standard. A portscan and telnet to each open port will quickly reveal your open sshd to someone who actually wants to get into _your_ system. Perhaps that will never happen to you? Fair enough then. Gavin - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
Le Thursday 16 October 2008 11:58:33 Gavin McCullagh, vous avez écrit : On Thu, 16 Oct 2008, jam wrote: Security through complexity is dumb and ends up biting you: Security by obscurity will probably work against brute force ssh worms, but is less likely to work where there is a determined attack. There is also security against stupididity: Setup an old computer, older as you can, with small amount of ram and little hardrive. If possible, use something other than i386 (amiga, atari, ppc, sparc...). Put on it a minimal Linux, ssh server, and one user account. Set the hardrive readonly. Setup your router to redirect ssh port on it. If someone hack the computer and try to hack the network behind, he will be very annoying: no gcc, little amount of ram (computer will crash quickly), etc. Best if its not i386, because he can't copy a compiled program. -- à bientôt, Xavier [EMAIL PROTECTED] - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
On Thu, 2008-10-16 at 10:58 +0100, Gavin McCullagh wrote: Hi, On Thu, 16 Oct 2008, jam wrote: Security through complexity is dumb and ends up biting you: Security by obscurity will probably work against brute force ssh worms, but is less likely to work where there is a determined attack. My server is on a 192.168. From the WORLD it is only available via a non standard port, internally 22 and ltsp is bog standard. A portscan and telnet to each open port will quickly reveal your open sshd to someone who actually wants to get into _your_ system. Perhaps that will never happen to you? Fair enough then. You are right, of course. Thanks for the nudge. Nobody needs to access out classroom network from outside except me, and I use a secure tunnel (OpenVPN) for that purpose. The router was configured to forward a high port to port 22 on the server to help with initial configuration, but that isn't necessary any more, and I've inactivated it. Don't need no stinking open ports! Gavin - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
Xavier Brochard wrote: Le Thursday 16 October 2008 11:58:33 Gavin McCullagh, vous avez écrit : On Thu, 16 Oct 2008, jam wrote: Security through complexity is dumb and ends up biting you: Security by obscurity will probably work against brute force ssh worms, but is less likely to work where there is a determined attack. There is also security against stupididity: Setup an old computer, older as you can, with small amount of ram and little hardrive. If possible, use something other than i386 (amiga, atari, ppc, sparc...). Put on it a minimal Linux, ssh server, and one user account. Set the hardrive readonly. Setup your router to redirect ssh port on it. If someone hack the computer and try to hack the network behind, he will be very annoying: no gcc, little amount of ram (computer will crash quickly), etc. Best if its not i386, because he can't copy a compiled program. -- à bientôt, Xavier [EMAIL PROTECTED] /me wonders if sticking a rotten banana in the port will keep the evil hackers away... Seriously, this conversation is getting kind of silly. I seriously see no need to launch a completely separate sshd just for administrators on a different port. There are plenty of network-layer utils available to secure a port from the outside world. There is no need to make LTSP/Edubuntu setups more complex for this purpose. If you need access to ssh from any IP on the net to your internal LTSP server, set it up - but I really don't think this is a common enough scenario to warrant a default secondary sshd for everyone. You're gonna get tons of admins asking why do I have an open port ? Why the hell is ssh running on ?? Again, just my ever-declining-in-value $0.02. - Jordan/Lns - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
Glad to hear it. The documentation, however, seems to be written the other way: The solution is to create 2 instances ssh, one serving the internal ip on port 22 and one serving the wan interface on port . David Van Assche wrote: If you read the script, that's the what its doing, it makes a copy of itself to ltsp-ssh and then ltsp-ssh switches to using port . David Van Assche www.nubae.com On Wed, Oct 15, 2008 at 7:23 PM, Kenneth Tanzer [EMAIL PROTECTED] wrote: Wouldn't it be better to have the sshd serving the LTSP connections run on the nonstandard port, and have the wan-facing one run on port 22? Just curious. Thanks. David Van Assche wrote: I'm putting this into documentation:- Hardening server by adding 2 ssh sessions The way LTSP works right now, makes the ssh handling vulnerable to the outside world if you don't block access to port 22 from the wan interface entirely. The solution is to create 2 instances ssh, one serving the internal ip on port 22 and one serving the wan interface on port . If you only have one interface, then both ssh sessions would serve the same interface, but one would serve port 22, and the other . This is how to set this up: sudo cp /etc/init.d/ssh /etc/init.d/ltsp-ssh sudo cp /etc/default/ssh /etc/default/ltsp-ssh sudo cp /etc/ssh/sshd_config /etc/ltsp/ltsp-sshd_config sudo cp /var/run/sshd /var/run/ltsp-ssh sudo sed -ie 's/Port 22/Port /' /etc/ltsp/ltsp-sshd_config If you are using 2 interfaces also do: sudo sed -ie 's/#ListenAddress 0.0.0.0/ListenAddress 192.168.0.1/' /etc/ltsp/ltsp-sshd_config sudo sed -ie 's/#ListenAddress 0.0.0.0/ListenAddress 10.0.0.42/' /etc/ssh/sshd_config Change 10.0.0.42 with the address of your wan facing interface. You will also need to change the .pid of the new ssh instance: sudo tee -a PidFile /var/run/ltsp-sshd.pid /etc/ltsp/ltsp-sshd_config sudo sed -ie 's/SSHD_OPTS=/SSHD_OPTS=\-f /etc/ltsp/ltsp-sshd_config\' /etc/default/ltsp-ssh sudo sed -ie 's/AllowUsers/AllowUsers [EMAIL PROTECTED]/24/' /etc/ltsp/ltsp-sshd_config This look about right? On Wed, Oct 15, 2008 at 3:56 PM, Gavin McCullagh [EMAIL PROTECTED] wrote: Hi, On Wed, 15 Oct 2008, Oliver Grawert wrote: https://blueprints.launchpad.net/ltsp/+spec/dedicated-ltsp-sshd As it's low priority, it hasn't really happened though. note that SSH_OVERRIDE_PORT in lts.conf is supported since a while (pre-hardy even i think) so all thats left is a way to set up the server side more easily Great. I hadn't realised that. If anyone's interested in getting the server side done, it's relatively straightforward, I had it working for a while. I'm happy to lend a hand or help write the config files. I did it on ubuntu before (the blueprint instructions are derived from what I did) but I amn't certain how easily one could do it for all platforms. The ltsp I work on is now not exposed to the net in the same way so it's not such an issue to me, but I still think it would be a good step for ltsp. Gavin - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
Seriously, this conversation is getting kind of silly. I seriously see no need to launch a completely separate sshd just for administrators on a different port. There are plenty of network-layer utils available to secure a port from the outside world. There is no need to make LTSP/Edubuntu setups more complex for this purpose. If you need access to ssh from any IP on the net to your internal LTSP server, set it up - but I really don't think this is a common enough scenario to warrant a default secondary sshd for everyone. You're gonna get tons of admins asking why do I have an open port ? Why the hell is ssh running on ?? I have such a setup, and I agree that a second ssh should not run by default. Indeed, most modern distros run with no server listening on any port by default. Nevertheless I would advocate for making things a little easier to get a second ssh running for those who need it. I, for one, need it, and it took me quite some time searching and then some hand-holding from the list to get it going. Perhaps a new optional package could be made available for this purpose. For example, right now on ubuntu if I want to install and run an ssh server I just use my package manager to install the openssh-server package. Why not have an openssh-alternate-server or ltsp-ssh-server package that is not a dependency of ltsp-server, openssh-server, or any other package, but could be listed as Recommends or Suggests by those packages. It would run be default on an alternate port and could perhaps even ask the user, during configuration, which port and interface to listen on. Personally, I run my client-side ssh server on port 22 and my internet-accessible ssh server on an alternate port. This way I don't have to make yet another customisation to lts.conf and remote login attempts from unknown users are virtually non-existant. If one was to create a package for a second server and minimise setup headaches for the user, one would have to choose between a) altering lts.conf so the clients would connect to the second server on an alternate port, b) altering sshd_config so the primary ssh server listens on an alternate port, or c) prompting the user to make one of the above changes. I'm not really aware of the etiquette/implications of a package messing with the config files of another package. I really do think that creating a package, or through some other means, streamlining for the user the process of setting up a second ssh server would be a big step toward making ltsp simpler to administer, at least for the administrator that needs remote access. db - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
Ooops, youre right, nice catch... David Van Assche www.nubae.com On Thu, Oct 16, 2008 at 6:54 PM, Kenneth Tanzer [EMAIL PROTECTED] wrote: Glad to hear it. The documentation, however, seems to be written the other way: The solution is to create 2 instances ssh, one serving the internal ip on port 22 and one serving the wan interface on port . David Van Assche wrote: If you read the script, that's the what its doing, it makes a copy of itself to ltsp-ssh and then ltsp-ssh switches to using port . David Van Assche www.nubae.com On Wed, Oct 15, 2008 at 7:23 PM, Kenneth Tanzer [EMAIL PROTECTED] wrote: Wouldn't it be better to have the sshd serving the LTSP connections run on the nonstandard port, and have the wan-facing one run on port 22? Just curious. Thanks. David Van Assche wrote: I'm putting this into documentation:- Hardening server by adding 2 ssh sessions The way LTSP works right now, makes the ssh handling vulnerable to the outside world if you don't block access to port 22 from the wan interface entirely. The solution is to create 2 instances ssh, one serving the internal ip on port 22 and one serving the wan interface on port . If you only have one interface, then both ssh sessions would serve the same interface, but one would serve port 22, and the other . This is how to set this up: sudo cp /etc/init.d/ssh /etc/init.d/ltsp-ssh sudo cp /etc/default/ssh /etc/default/ltsp-ssh sudo cp /etc/ssh/sshd_config /etc/ltsp/ltsp-sshd_config sudo cp /var/run/sshd /var/run/ltsp-ssh sudo sed -ie 's/Port 22/Port /' /etc/ltsp/ltsp-sshd_config If you are using 2 interfaces also do: sudo sed -ie 's/#ListenAddress 0.0.0.0/ListenAddress 192.168.0.1/' /etc/ltsp/ltsp-sshd_config sudo sed -ie 's/#ListenAddress 0.0.0.0/ListenAddress 10.0.0.42/' /etc/ssh/sshd_config Change 10.0.0.42 with the address of your wan facing interface. You will also need to change the .pid of the new ssh instance: sudo tee -a PidFile /var/run/ltsp-sshd.pid /etc/ltsp/ltsp-sshd_config sudo sed -ie 's/SSHD_OPTS=/SSHD_OPTS=\-f /etc/ltsp/ltsp-sshd_config\' /etc/default/ltsp-ssh sudo sed -ie 's/AllowUsers/AllowUsers [EMAIL PROTECTED]/24/' /etc/ltsp/ltsp-sshd_config This look about right? On Wed, Oct 15, 2008 at 3:56 PM, Gavin McCullagh [EMAIL PROTECTED] wrote: Hi, On Wed, 15 Oct 2008, Oliver Grawert wrote: https://blueprints.launchpad.net/ltsp/+spec/dedicated-ltsp-sshd As it's low priority, it hasn't really happened though. note that SSH_OVERRIDE_PORT in lts.conf is supported since a while (pre-hardy even i think) so all thats left is a way to set up the server side more easily Great. I hadn't realised that. If anyone's interested in getting the server side done, it's relatively straightforward, I had it working for a while. I'm happy to lend a hand or help write the config files. I did it on ubuntu before (the blueprint instructions are derived from what I did) but I amn't certain how easily one could do it for all platforms. The ltsp I work on is now not exposed to the net in the same way so it's not such an issue to me, but I still think it would be a good step for ltsp. Gavin - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
I think the main issue here is that LTSP 5 requires the use of ssh, and it requires some relatively relaxed security settings -- in particular, it requires that you allow password authentication. Jordan, I don't understand why you're so hell-bent on preventing an easy fix for this. That's all these guys are trying to do. How's this for a fix: have LTSP use ssh on an alternate port (and alternate pid, alternate config file, etc) *by default*. That way it does not interfere with the way admins configure their administrative purposes ssh daemon. There's no good reason that I can see that LTSP needs to use port 22. -Rob Jordan Erickson wrote: David Burgess wrote: Seriously, this conversation is getting kind of silly. I seriously see no need to launch a completely separate sshd just for administrators on a different port. There are plenty of network-layer utils available to secure a port from the outside world. There is no need to make LTSP/Edubuntu setups more complex for this purpose. If you need access to ssh from any IP on the net to your internal LTSP server, set it up - but I really don't think this is a common enough scenario to warrant a default secondary sshd for everyone. You're gonna get tons of admins asking why do I have an open port ? Why the hell is ssh running on ?? I have such a setup, and I agree that a second ssh should not run by default. Indeed, most modern distros run with no server listening on any port by default. Nevertheless I would advocate for making things a little easier to get a second ssh running for those who need it. No offense, but this is what learning how openssh-server works is all about. I, for one, need it, and it took me quite some time searching and then some hand-holding from the list to get it going. Perhaps a new optional package could be made available for this purpose. For example, right now on ubuntu if I want to install and run an ssh server I just use my package manager to install the openssh-server package. Why not have an openssh-alternate-server or ltsp-ssh-server package that is not a dependency of ltsp-server, openssh-server, or any other package, but could be listed as Recommends or Suggests by those packages. It would run be default on an alternate port and could perhaps even ask the user, during configuration, which port and interface to listen on. Creating and having to maintain a completely separate package for simply running an alternate configuration is absurd. Again, no offense, but seriously. Here, I'll even show you how to get sshd to listen on 2 ports: /etc/ssh/sshd_config: Port 22 Port You don't need 2 packages to have sshd listen on 2 different ports. Think about these things: - Any flaws/exploits in openssh-server will affect BOTH instances, which means it doesn't matter who you whitelist. Exploiting a flaw doesn't require credentials. - Running on an alternate, non-standard port for obscurity will foil only the most naive hackers/portscanners. Take a look at any sophisticated port scanner and it will connect to the port to see which service is running on it. Only the n00biest of n00bie hackers will assume that a non-standard open port is something non-important. What will attract their attention is that *there is an open port*. All you have to do is poke at it and it'll gladly give you enough information to figure out what's running on it. - Creating a new package and maintaining it for simply offering a default alternate configuration wouldn't fly with any sane maintainer. Personally, I run my client-side ssh server on port 22 and my internet-accessible ssh server on an alternate port. This way I don't have to make yet another customisation to lts.conf and remote login attempts from unknown users are virtually non-existant. If one was to create a package for a second server and minimise setup headaches for the user, one would have to choose between a) altering lts.conf so the clients would connect to the second server on an alternate port, b) altering sshd_config so the primary ssh server listens on an alternate port, or c) prompting the user to make one of the above changes. I'm not really aware of the etiquette/implications of a package messing with the config files of another package. I really do think that creating a package, or through some other means, streamlining for the user the process of setting up a second ssh server would be a big step toward making ltsp simpler to administer, at least for the administrator that needs remote access. What you're talking about really has nothing to do with LTSP, it has to do with openssh-server. And actually, it doesn't really even have much to do with that. You're talking about running a service on 2 ports at the same time, with alternate configurations on each. There's nothing holding you back from using the same daemon to run 2 different
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
David Burgess wrote: Seriously, this conversation is getting kind of silly. I seriously see no need to launch a completely separate sshd just for administrators on a different port. There are plenty of network-layer utils available to secure a port from the outside world. There is no need to make LTSP/Edubuntu setups more complex for this purpose. If you need access to ssh from any IP on the net to your internal LTSP server, set it up - but I really don't think this is a common enough scenario to warrant a default secondary sshd for everyone. You're gonna get tons of admins asking why do I have an open port ? Why the hell is ssh running on ?? I have such a setup, and I agree that a second ssh should not run by default. Indeed, most modern distros run with no server listening on any port by default. Nevertheless I would advocate for making things a little easier to get a second ssh running for those who need it. No offense, but this is what learning how openssh-server works is all about. I, for one, need it, and it took me quite some time searching and then some hand-holding from the list to get it going. Perhaps a new optional package could be made available for this purpose. For example, right now on ubuntu if I want to install and run an ssh server I just use my package manager to install the openssh-server package. Why not have an openssh-alternate-server or ltsp-ssh-server package that is not a dependency of ltsp-server, openssh-server, or any other package, but could be listed as Recommends or Suggests by those packages. It would run be default on an alternate port and could perhaps even ask the user, during configuration, which port and interface to listen on. Creating and having to maintain a completely separate package for simply running an alternate configuration is absurd. Again, no offense, but seriously. Here, I'll even show you how to get sshd to listen on 2 ports: /etc/ssh/sshd_config: Port 22 Port You don't need 2 packages to have sshd listen on 2 different ports. Think about these things: - Any flaws/exploits in openssh-server will affect BOTH instances, which means it doesn't matter who you whitelist. Exploiting a flaw doesn't require credentials. - Running on an alternate, non-standard port for obscurity will foil only the most naive hackers/portscanners. Take a look at any sophisticated port scanner and it will connect to the port to see which service is running on it. Only the n00biest of n00bie hackers will assume that a non-standard open port is something non-important. What will attract their attention is that *there is an open port*. All you have to do is poke at it and it'll gladly give you enough information to figure out what's running on it. - Creating a new package and maintaining it for simply offering a default alternate configuration wouldn't fly with any sane maintainer. Personally, I run my client-side ssh server on port 22 and my internet-accessible ssh server on an alternate port. This way I don't have to make yet another customisation to lts.conf and remote login attempts from unknown users are virtually non-existant. If one was to create a package for a second server and minimise setup headaches for the user, one would have to choose between a) altering lts.conf so the clients would connect to the second server on an alternate port, b) altering sshd_config so the primary ssh server listens on an alternate port, or c) prompting the user to make one of the above changes. I'm not really aware of the etiquette/implications of a package messing with the config files of another package. I really do think that creating a package, or through some other means, streamlining for the user the process of setting up a second ssh server would be a big step toward making ltsp simpler to administer, at least for the administrator that needs remote access. What you're talking about really has nothing to do with LTSP, it has to do with openssh-server. And actually, it doesn't really even have much to do with that. You're talking about running a service on 2 ports at the same time, with alternate configurations on each. There's nothing holding you back from using the same daemon to run 2 different instances, and calling 2 different configuration files even, if you're really stuck on doing that. One stock for LTSP, and another to do whatever else you want. That's what the -f flag is for in sshd - to run an alternate config. Cheers, Jordan/Lns - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
Rob Owens wrote: I think the main issue here is that LTSP 5 requires the use of ssh, and it requires some relatively relaxed security settings -- in particular, it requires that you allow password authentication. Jordan, I don't understand why you're so hell-bent on preventing an easy fix for this. That's all these guys are trying to do. Rob, to be honest I'm not sure why I'm so hellbent on this either. ;) I guess I just am. In my eyes, the easy fix is only easy for the admins who want it. If you really want a unique configuration, then whip it up. There's no need to spend time modifying what WORKS (LTSP) when all you really need to do is configure your services according to your specific needs, yourself. How's this for a fix: have LTSP use ssh on an alternate port (and alternate pid, alternate config file, etc) *by default*. That way it does not interfere with the way admins configure their administrative purposes ssh daemon. There's no good reason that I can see that LTSP needs to use port 22. Well, I say there's no good reason NOT to run LTSP's sshd on port 22. I'm guessing that LTSP uses port 22 because port 22 is sshd's default port. People know it is. I don't know about you, but I'm happy that I get sshd on port 22 for my LTSP servers - that means I don't have to spend time configuring ssh to ALSO listen on port 22, or every time I ssh into a server to use the -p switch. Stick with the defaults whenever you can, because it avoids unnecessary complexity with the system as a whole. If you're so set on providing an alternate ssh daemon, just for administrators (which I think is really unnecessary to begin with since you can have any router portforward an alternate port to LTSP's 22), then by all means, set it up. All you have to do is create a secondary configuration file, edit it to your liking, and launch the daemon with -f /path/to/config. In all of my years administrating Linux/*nix servers, I've never heard of such a solution such as what's been proposed. It just doesn't make sense on a fundamental level. There are too many other options that make more sense and require very little effort on the part of the administrator. Besides, why bother the LTSP maintainers with this when their plates are already more than full? I really hope I don't come across as being a jerk here. I know there are a lot of admins out there that just aren't informed as to their options. I'm simply trying to provide them with what I think is the best solution, without modifying how LTSP already works. Cheers, Jordan/Lns Jordan Erickson wrote: David Burgess wrote: Seriously, this conversation is getting kind of silly. I seriously see no need to launch a completely separate sshd just for administrators on a different port. There are plenty of network-layer utils available to secure a port from the outside world. There is no need to make LTSP/Edubuntu setups more complex for this purpose. If you need access to ssh from any IP on the net to your internal LTSP server, set it up - but I really don't think this is a common enough scenario to warrant a default secondary sshd for everyone. You're gonna get tons of admins asking why do I have an open port ? Why the hell is ssh running on ?? I have such a setup, and I agree that a second ssh should not run by default. Indeed, most modern distros run with no server listening on any port by default. Nevertheless I would advocate for making things a little easier to get a second ssh running for those who need it. No offense, but this is what learning how openssh-server works is all about. I, for one, need it, and it took me quite some time searching and then some hand-holding from the list to get it going. Perhaps a new optional package could be made available for this purpose. For example, right now on ubuntu if I want to install and run an ssh server I just use my package manager to install the openssh-server package. Why not have an openssh-alternate-server or ltsp-ssh-server package that is not a dependency of ltsp-server, openssh-server, or any other package, but could be listed as Recommends or Suggests by those packages. It would run be default on an alternate port and could perhaps even ask the user, during configuration, which port and interface to listen on. Creating and having to maintain a completely separate package for simply running an alternate configuration is absurd. Again, no offense, but seriously. Here, I'll even show you how to get sshd to listen on 2 ports: /etc/ssh/sshd_config: Port 22 Port You don't need 2 packages to have sshd listen on 2 different ports. Think about these things: - Any flaws/exploits in openssh-server will affect BOTH instances, which means it doesn't matter who you whitelist. Exploiting a flaw doesn't require credentials. - Running on an alternate, non-standard port
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
No offense, but this is what learning how openssh-server works is all about. I'm not sure what you mean by that. Certainly not everyone enjoys seeing how every config file works. Some admins and I'd say the vast majority of users just want things to work. To repeat an analogy I heard recently, some people train horses and some people ride them. Maybe you do both, but not everybody does, and not everybody wants to. Here, I'll even show you how to get sshd to listen on 2 ports: /etc/ssh/sshd_config: Port 22 Port Sure, but this setup doesn't prevent h4xorz in the far east from breaking into my server on 13-year-old Kevin's account using his weak password. I really couldn't care less if my clients access the server on port 22 and my admins access it remotely on port 22, so long as my clients' access is limited to the local interface. Show me how to disable password authentication on the WAN interface, or how to apply the AllowUsers option to only the WAN interface and I'll drop my case. The fact remains, and I don't see you acknowledging this fact yet, that many ltsp admins need ssh for two very different things: thin client access and remote admin access. At present, the only way to provide for these two needs simultaneously and securely is to run 2 instances of ssh on 2 different ports using 2 different config files. This can be done, but frankly it's just not simple enough. - Creating a new package and maintaining it for simply offering a default alternate configuration wouldn't fly with any sane maintainer. As I've pointed out, ltsp is an alternate use of ssh, and as Rob pointed out, ltsp requires that ssh be configured in a way that is simply unacceptable for traditional use, i.e., remote (open) access. And I disagree with your argument that no sane maintainer would maintain an alternate configuration. Taken to its logical extreme, your argument says that no sane maintainer would work on Ubuntu when there is already Debian, or Debian when there is Red Hat, or Red Hat when there is Windows, or Windows when there is a typewriter and calculator. I appreciate what package maintainers do. Every time I install or upgrade Ubuntu at home I have to go to Brother's web site, download the (multiple) .deb drivers for my printer, install them with a bunch of command-line overrides, then run a bunch of other ubuntu-specific fixups to make said drivers work with my system. It's a pain in the arse, but I don't complain to Brother, because how many printer manufacturers provide GPL drivers? But thank heaven for Saïvann Carignan who created an ubuntu package called brother-cups-wrapper-extra. Thanks to his work and others, getting my printer to work on a fresh install now takes 30 seconds instead of 30 minutes. He didn't give my printer drivers any functionality that they didn't already have, he just gave me and every other Ubuntu-Brother owner an alternate configuration, a really handy time and sanity-saving tool for making them work. I'm not criticising the ltsp team. I love what they provide. And I'm not asking anybody--I hope--to change the way your ssh server or ltsp server operates. I simply think it would be a boon to the project to remove some of the pain in creating what I suspect would be a fairly popular scenario among ltsp admins and facilitate the ability to access the server remotely without compromising the very good security provided by the OpenSSH server. db - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
(I apologize in advance for my harsh tone, I truly mean no offense. I'm just, for whatever reason, pretty hell-bent as Rob says, about this. ;) ) David Burgess wrote: No offense, but this is what learning how openssh-server works is all about. I'm not sure what you mean by that. Certainly not everyone enjoys seeing how every config file works. Some admins and I'd say the vast majority of users just want things to work. To repeat an analogy I heard recently, some people train horses and some people ride them. Maybe you do both, but not everybody does, and not everybody wants to. IMHO, if you're competent enough to understand your own reasoning with wanting this specific configuration, you'll be competent enough to read a manpage and make some simple alterations to a config file. And, if you're not up to that, maybe you shouldn't be in the saddle in the first place. Sure, but this setup doesn't prevent h4xorz in the far east from breaking into my server on 13-year-old Kevin's account using his weak password. I really couldn't care less if my clients access the server on port 22 and my admins access it remotely on port 22, so long as my clients' access is limited to the local interface. Show me how to disable password authentication on the WAN interface, or how to apply the AllowUsers option to only the WAN interface and I'll drop my case. **Like I said, run 2 instances of sshd, the second being with a -f /path/to/secondary/config. Done. Problem solved. This is simple *nix sysadmin stuff here. The fact remains, and I don't see you acknowledging this fact yet, that many ltsp admins need ssh for two very different things: thin client access and remote admin access. At present, the only way to provide for these two needs simultaneously and securely is to run 2 instances of ssh on 2 different ports using 2 different config files. This can be done, but frankly it's just not simple enough. Not simple enough? You're installing and maintaining a Linux thin-client environment, using ssh for administration and you're complaining about editing a configuration file not being simple enough? As I've pointed out, ltsp is an alternate use of ssh, and as Rob pointed out, ltsp requires that ssh be configured in a way that is simply unacceptable for traditional use, i.e., remote (open) access. And I disagree with your argument that no sane maintainer would maintain an alternate configuration. Taken to its logical extreme, your argument says that no sane maintainer would work on Ubuntu when there is already Debian, or Debian when there is Red Hat, or Red Hat when there is Windows, or Windows when there is a typewriter and calculator. I'm not even sure how to respond to that. Seriously, I've sat here about 3 minutes trying to formulate a response, but...wow. I appreciate what package maintainers do. Every time I install or upgrade Ubuntu at home I have to go to Brother's web site, download the (multiple) .deb drivers for my printer, install them with a bunch of command-line overrides, then run a bunch of other ubuntu-specific fixups to make said drivers work with my system. It's a pain in the arse, but I don't complain to Brother, because how many printer manufacturers provide GPL drivers? But thank heaven for Saïvann Carignan who created an ubuntu package called brother-cups-wrapper-extra. Thanks to his work and others, getting my printer to work on a fresh install now takes 30 seconds instead of 30 minutes. He didn't give my printer drivers any functionality that they didn't already have, he just gave me and every other Ubuntu-Brother owner an alternate configuration, a really handy time and sanity-saving tool for making them work. So why bug LTSP developers about something you want in openssh-server ? I'm sure there are *plenty* of cases NOT involving LTSP that warrants people wanting multiple sshd configurations simultaneously. You're kinda barking up the wrong tree here. Why change the spark plugs when the carbs are clogged? I'm not criticising the ltsp team. I love what they provide. And I'm not asking anybody--I hope--to change the way your ssh server or ltsp server operates. I simply think it would be a boon to the project to remove some of the pain in creating what I suspect would be a fairly popular scenario among ltsp admins and facilitate the ability to access the server remotely without compromising the very good security provided by the OpenSSH server. LTSP doesn't compromise the security of openssh-server by simply utilizing its facilities for a specific purpose. You're compromising the security of openssh-server by: 1) Using weak passwords 2) Opening a remote login service to the Internet as a whole and not, at the very least, limiting access on a per-IP basis 3) Using an overly complex solution to a simple problem See ** for your solution. LTSP doesn't need a patch for this. - Jordan
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
On Thu, Oct 16, 2008 at 01:51:45PM -0600, David Burgess wrote: I'm not criticising the ltsp team. I love what they provide. And I'm not asking anybody--I hope--to change the way your ssh server or ltsp server operates. I simply think it would be a boon to the project to remove some of the pain in creating what I suspect would be a fairly popular scenario among ltsp admins and facilitate the ability to access the server remotely without compromising the very good security provided by the OpenSSH server. Two things I'd like to point out: 1) LTSP doesn't modify the ssh server configs in any way. It's not like sshd installs with only rsa-key methods enabled, and LTSP twiddles with the sshd configs to reduce security by enabling password access: password access to ssh comes enabled by default. In fact, due to packaging policies on Debian, Ubuntu, and (I suspect) Fedora, our package would be forbidden to twiddle with the config. 2) I think the simplest is, if someone wants to write a script to do this, and test it throuoghly, it could simply be added to the /usr/share/docs/ltsp/examples directory, when an admin would have it to ready access if needed. Cheers, Scott -- Scott L. Balneaves | There are many causes I am prepared to die for, Systems Department | but no causes I am prepared to kill for. Legal Aid Manitoba |-- Mohandas Karamchand Gandhi - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
On Thu, Oct 16, 2008 at 2:50 PM, Jordan Erickson [EMAIL PROTECTED] wrote: (I apologize in advance for my harsh tone, I truly mean no offense. I'm just, for whatever reason, pretty hell-bent as Rob says, about this. ;) ) Your tone doesn't bother me. I think it's been a good discussion. **Like I said, run 2 instances of sshd, the second being with a -f /path/to/secondary/config. Done. Problem solved. This is simple *nix sysadmin stuff here. It's been a while since I messed around with all this, but if memory serves, it's not that simple or I surely would be running that way right now. I'm pretty sure you can't start a second instance of sshd without digging into some of the other files mentioned earlier in this thread. Not simple enough? You're installing and maintaining a Linux thin-client environment, using ssh for administration and you're complaining about editing a configuration file not being simple enough? And I repeat, I don't think it's that simple, and maybe that's the crux of our debate. If it really is that simple then I must concede that no further changes are necessary, but I think if you tried it you would see that it's not as straightforward as you say, and you would modify your position. So why bug LTSP developers about something you want in openssh-server ? I'm sure there are *plenty* of cases NOT involving LTSP that warrants people wanting multiple sshd configurations simultaneously. You're kinda barking up the wrong tree here. Why change the spark plugs when the carbs are clogged? Perhaps you have a point here. I like Scott's suggestion of providing examples in the docs. This would be a time saver for people like me who don't know sshd and all its files inside and out, and a step in the right direction. db - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
On Wed, Oct 15, 2008 at 2:27 PM, Rob Owens [EMAIL PROTECTED] wrote: You should note that now is a good time to harden /etc/ssh/sshd_config -- otherwise there was no point in this whole excercise. For instance: PermitRootLogin no PasswordAuthentication no AllowUsers myadminuser mybackupuser myotheruser Those are the additional steps I normally take but I was only mentioning the things that cause ltsp issues. Tim - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
hi, Am Donnerstag, den 16.10.2008, 14:24 -0400 schrieb Rob Owens: I think the main issue here is that LTSP 5 requires the use of ssh, and it requires some relatively relaxed security settings -- in particular, it requires that you allow password authentication. thats a mis-assumption, there are plenty of sites that run with key auth ... ciao oli signature.asc Description: Dies ist ein digital signierter Nachrichtenteil - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/_ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
On Friday 17 October 2008 01:47:37 [EMAIL PROTECTED] wrote: Personally I don't see the benefit to have an additional SSH server by default running... if your network isn't firewalled, you've got a lot more to worry about than an open SSH port. It's common network administration practice to have a firewall in place - and who gives their LTSP server a public IP address, anyway? My ltsp server is firewalled _and_ I need to access it via ssh on the internet. Therefore it makes perfect sense to have a daemon on a firewalled port taking connections from the tc, and a second daemon on a NATed port accepting connections from whitelisted administrators I've resisted adding my $.02 three times in this digest, finally succomed :-) Security through complexity is dumb and ends up biting you: My server is on a 192.168. From the WORLD it is only available via a non standard port, internally 22 and ltsp is bog standard. Port forwarding done by a Dlink 604T, cost 1 hour labour. Me too--server runs single sshd on port 22, router forwards nonstandard port to port 22 on server. As previous digest-mail said ssh on 2 ports is trivial (why messy :-) Dlink will NOT forward 1234 to 22 AND 5678 to 22 on another machine So LTSP runs ssh on 1234 and 22 AnotherServer runs ssh on 5678 and 22 YetAnother runs ssh on 4567 and 22 Dlink forwards 1234 to LTSP server Dlink forwards 5678 to AnotherServer Dlink forwards 4567 to YetAnother No machine runs a firewall: A firewall closes ports, here nothing is open except the port forwards to each machine Simple, secure and easy to do. James So if you are playing, then a really scrappy implementation like this is fun to do, but for real systems KISS (Keep It Simple ...) - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
On Friday 17 October 2008 01:47:37 [EMAIL PROTECTED] wrote: Security through complexity is dumb and ends up biting you: Security by obscurity will probably work against brute force ssh worms, but is less likely to work where there is a determined attack. My server is on a 192.168. From the WORLD it is only available via a non standard port, internally 22 and ltsp is bog standard. A portscan and telnet to each open port will quickly reveal your open sshd to someone who actually wants to get into _your_ system. Perhaps that will never happen to you? Fair enough then. My logs for the last (time flies :-) 5 years shows NO login attempts. Before I used non standard port there were 100s to 1000s per week about 1/3 to root the rest random names. Root is WithOutPassword so even if you know my root passwd you can't get in :-) My passwords are secure (small pool of users), so I'm pretty comfortable. Now, say, a school LTSP server with internet (direct) access, now THATs silly. But behold ssh tunneling which makes any (legitimate) scenario feasible eg [internet]-[AnotherServer] | | [LTSP Server] From internet login to AnotherServer then login to LTSP Server From internet add port 1234 to 22 on LTSPServer via AnotherServer ssh -L 1234:LTSPServer:22 [EMAIL PROTECTED] ssh -p 1234 localhost gets the LTSPServer All of which says your orriginal need to access the LTSP machine from the internet is probably not what it was described as ie not needed as other ways are more secure and simpler. James - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening
On Friday 17 October 2008 05:01:51 [EMAIL PROTECTED] wrote: [snip] As I've pointed out, ltsp is an alternate use of ssh, and as Rob pointed out, ltsp requires that ssh be configured in a way that is simply unacceptable for traditional use, i.e., remote (open) access. [snip] No it simply means YOU don't know how to do it. Making LTSP more complicated to solve THAT problem is silly. My previous mail shows 2 ways to achieve bog-standard-ltsp AND administrator access without passwd access from the internet James - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
