il giorno Fri, 18 Sep 2015 11:02:28 +0200 Johan Kragsterman <***@capvert.se> ha scritto:

> BUT: I do not want the /home directory to be mounted to the LTSP server, but to another (nfs) server. And I do not want users from the LTSP server, but from LDAP. I only want an admin user in the chroot/image as a root user, all other users should be picked up from ldap.

I have users from an LTSP server which is client of an LDAP server

Hi!


-----andrea biancalana <***@gmail.com> skrev: -----
Till: ltsp-***@lists.sourceforge.net
Från: andrea biancalana <***@gmail.com>
Datum: 2015-09-18 18:08
Ärende: Re: [Ltsp-discuss] altering some things in ltsp...

il giorno Fri, 18 Sep 2015 11:02:28 +0200  Johan Kragsterman <***@capvert.se> ha scritto:

> BUT: I do not want the /home directory to be mounted to the LTSP server, but to another (nfs) server. And I do not want users from the LTSP server, but from LDAP. I only want an admin user in the chroot/image as a root user, all other users should be picked up from ldap.

I have users from an LTSP server which is client of an LDAP server




But then I guess you provide the users to the LTSP server, right? And when you boot the clients, LDM finds them as users on the server?

I DO NOT WANT the users of my fat clients to be present on the server, I want them ONLY to be users in the fat client, DIRECTLY provided by LDAP.

Rgrds Johan

------------------------------------------------------------------------------
_____________________________________________________________________
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
      https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net

On 2015-09-18, Johan Kragsterman wrote:
> I want fat clients that boots the normal PXE/TFTP/initrd way.

> BUT: I do not want the /home directory to be mounted to the LTSP
> server, but to another (nfs) server.

Specify NFS_HOME=ip.of.server:/path/to/homedir in lts.conf.


> And I do not want users from the LTSP server, but from LDAP.

To add support to LDM you would basically need to rewrite it, as the
only authentication method uses ssh to the server (well, I guess it also
has an RDP plugin, so maybe you could write another plugin).

Instead, you'd want to switch to LightDM, GDM or KDM, and configure PAM
to authenticate against LDAP. Supporting a standard display manager by
using PAM is in the plans for LTSP6... but development on that is
largely stalled at the moment; hope to stir up some activity on that
soon.

On Debian/Ubuntu, Currently, you pretty much need some hackish
workarounds in lts.conf to support an alternate display manager:

KEEP_SYSTEM_SERVICES=lightdm
DEFAULT_DISPLAY_MANAGER=/usr/sbin/lightdm
SCREEN_06=noaction

And you need a simple script that does nothing on the client.
/etc/ltsp/screen.d/noaction:

#!/bin/sh
echo pausing
read pause


> Of coarse I need to install some PAM modules in the chroot, and change
> nsswitch.conf.

Yup. Since LDAP implementations vary greatly, just find documentation on
how to autenticate against LDAP for standalone disked workstations, and
mimic the instructions on your fat client installation. It should work
the same once you've gotten rid of LDM.


> (As a second step in this project, I'd like the whole image to be
> installed in a ram drive on the client, but that is something I can
> discuss in later stages)

That's trivial. I implemented a proof of concept in the Debian/Ubuntu's
ltsp initramfs-tools init-bottom/ltsp hook. The variable to set is
LTSP_NBD_TO_RAM=true. I don't think it can be set from lts.conf; might
need to hard-code it in the initramfs-tools configuration. It could use
some cleanup...


live well,
vagrant

Hi!

-----Vagrant Cascadian <***@debian.org> skrev: -----
Till: ltsp-***@lists.sourceforge.net
Från: Vagrant Cascadian <***@debian.org>
Datum: 2015-09-18 20:51
Ärende: Re: [Ltsp-discuss] altering some things in ltsp...

On 2015-09-18, Johan Kragsterman wrote:
> I want fat clients that boots the normal PXE/TFTP/initrd way.

> BUT: I do not want the /home directory to be mounted to the LTSP
> server, but to another (nfs) server.

Specify NFS_HOME=ip.of.server:/path/to/homedir in lts.conf.


> And I do not want users from the LTSP server, but from LDAP.

To add support to LDM you would basically need to rewrite it, as the
only authentication method uses ssh to the server (well, I guess it also
has an RDP plugin, so maybe you could write another plugin).

Instead, you'd want to switch to LightDM, GDM or KDM, and configure PAM
to authenticate against LDAP. Supporting a standard display manager by
using PAM is in the plans for LTSP6... but development on that is
largely stalled at the moment; hope to stir up some activity on that
soon.

On Debian/Ubuntu, Currently, you pretty much need some hackish
workarounds in lts.conf to support an alternate display manager:

 KEEP_SYSTEM_SERVICES=lightdm
 DEFAULT_DISPLAY_MANAGER=/usr/sbin/lightdm
 SCREEN_06=noaction

And you need a simple script that does nothing on the client.
/etc/ltsp/screen.d/noaction:

 #!/bin/sh
 echo pausing
 read pause


> Of coarse I need to install some PAM modules in the chroot, and change
> nsswitch.conf.

Yup. Since LDAP implementations vary greatly, just find documentation on
how to autenticate against LDAP for standalone disked workstations, and
mimic the instructions on your fat client installation. It should work
the same once you've gotten rid of LDM.


> (As a second step in this project, I'd like the whole image to be
> installed in a ram drive on the client, but that is something I can
> discuss in later stages)

That's trivial. I implemented a proof of concept in the Debian/Ubuntu's
ltsp initramfs-tools init-bottom/ltsp hook. The variable to set is
LTSP_NBD_TO_RAM=true. I don't think it can be set from lts.conf; might
need to hard-code it in the initramfs-tools configuration. It could use
some cleanup...


live well,
  vagrant



Thanks, Vagrant, that's EXACTLY what I wanted and needed to know!

Regards Johan
------------------------------------------------------------------------------
_____________________________________________________________________
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
      https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net


[bilagan "signature.asc" borttagen av Johan Kragsterman/Capvert]