Author Topic: Howto for Zentyal Thin Client Module  (Read 11688 times)

ira

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +1/-0
    • View Profile
Howto for Zentyal Thin Client Module
« on: September 14, 2012, 04:23:33 am »
Hi there. I've been working with the thin client module (LTSP) for a while now so I thought it would be helpful to make a post of my findings. I've tried this module in two following ways - With Zentyal 3.0 as the main DHCP Server in a network and as also a stand-alone thin client server in a network that already has a DHCP server (dnsmasq).

Kerberos is the authentication method for users in 3.0 so your kerberos realm needs to be setup correctly. In the DNS module your realm (e.g. EXAMPLE.COM) needs to be set resolve to the ip of the interface that the kerberos server (kdc) is listening on (ports 8880 and 8464). If it is an external interface that you want to use then you will need to add a firewall rule.

If your network interface gets an ip address via DHCP then the DHCP server usually provides the client with a DNS server to use. If this happens then the zentyal realm will need to be in DNS records of the DNS server and resolve to the zentyal ip.


Setup steps for Zentyal 3.0 as DHCP and Thin Client Server:

  • Install Zentyal 3.0 with 'DHCP' , 'Users and Groups' and 'Thin Client' modules. The others that you need will be automatically included.

  • Initial Configuration:

    a) Since this is a stand-alone server it will probably need two network interfaces. Setup your external and internal nics to have a static ip.
    b) Setup your domain name. This is also your realm. The DNS Module will set this domain to both static ips you just gave above.

  • If you need to, do a system update in Software Management >> System Updates.

  • If you want clients to have a fancy desktop like Unity then you will need to open a terminal and do 'sudo apt-get install ubuntu-desktop network-manager-'. That network-manager will mess with everything so you leave it out. You will also need to reboot for this to take effect on clients.

  • Go to thin clients module and build an image for the client CPU architecture. As this can sometimes take hours depending on your connection you will want to see the progress of this with 'tail -f /var/log/zentyal/ltsp.log'. Maybe if you had an apt-cacher then this would be much quicker? While this is going you can do all the steps below.

  • Go to Users and Groups >> LDAP Settings, tick the 'enable PAM' box, click change and then save changes.

  • [Optional] To test that kerberos is working make a test user under Users and Groups >> Users. Opening a shell and do:

    su test
    kinit test
    ls -la /tmp


    You should see the kerberos ticket in /tmp. It will look something like this: krb5cc_[UID]_[string]

  • Enable the DHCP Module as this is should be disabled with a new installation.

  • Go to the DHCP module settings. By default DHCP is enabled on both interfaces. Disable it on the external interface (probably eth0) if you aren't going to use it. Go to your internal interfaces DHCP configuration page by clicking on the cog icon.

    Make the following changes:

    a) Set 'Search domain' to 'Zentyal domain'
    b) Set 'NTP Server' to 'local Zentyal NTP'
    c) Create new DHCP range for thinclients
    d) Click on 'Advanced options' tab and change 'Next Server' to 'Zentyal LTSP'
    d) Save changes

  • 13. Boot your client and login. All should be well.

Setup steps for zentyal as stand-alone thin client server with only one network card:

Same as above but..
  • You don't need the DHCP module so don't install it and ignore steps 8 and 9.

  • In Network >> DNS 127.0.0.1 must be at the top.

  • Your DHCP server must have the right settings. Usually these are quite simple to change. My dnsmasq settings are two lines:
     
    dhcp-boot=/ltsp/i386/pxelinux.0,zentyal3,192.168.20.33
    dhcp-option=17,192.168.20.33:/opt/ltsp/i386


    For dhcpd I think you need something like this in your subnet:

    filename "pxelinux.0";
    next-server 192.168.0.100;


  • You will need to add the Thin Clients, SSH and TFTP firewall rules to External networks to Zentyal. If you want to use any other services like kerberos authentication you will need to add those rules as well.


Troubleshooting:

  • If the build image fails for some reason then you will need to do one of the following. I've found it's best to start from scratch and delete the chroot with 'rm -r /opt/ltsp/[whatever arch you are using]:

    ltsp-build-client [add '--arch i386' if using 32bit]
    ltsp-update-image [add '--arch i386' if using 32bit]

  • I've also found that if you change your ip you need to do 'ltsp-update-sshkeys'.
  • For debugging authentication issues use 'ssh -vv user@yourdomain.com'. It will tell you which PAM modules are being problematic.
  • If you are using virtualbox and you have issues pxebooting then I recommend setting the network adapter type to 'Intel PRO/1000 MT Server' on both the client and the server. I've got multiple physical machines booting quite happily from a vbox zentyal vm and it's what I'll use in production.
  • Use nmap to checking what services are accessible and netstat -apn | grep LISTEN to see what ports they are using and if they are actually running on the Zentyal Server.



Hope this guide helps someone out. If anyone needs help with this module I'll try to give a hand. Now I'm off to try and bulk import users to in LDAP  ;D[/list]

Escorpiom

  • Zen Hero
  • *****
  • Posts: 897
  • Karma: +25/-1
    • View Profile
Re: Howto for Zentyal Thin Client Module
« Reply #1 on: September 14, 2012, 05:21:43 am »
Excellent work ira!
This will enable pxe booting from Zentyal server, may I add - You can use grub4dos as a bootfile and boot a whole range of images right from the server.
It will take some time before I can test this, but once tested I'll give some feedback.

Cheers.
 
Marcus' Rule:
Blanks & capitals = avoid it and you'll avoid problems...

yura.syrov

  • Zen Warrior
  • ***
  • Posts: 138
  • Karma: +5/-12
    • View Profile
Re: Howto for Zentyal Thin Client Module
« Reply #2 on: September 23, 2012, 06:38:15 am »
Troubleshooting:
...

I will fill up the list of problems:
if you have local a repository, you should edit 2 files, having specified in them the address of your repository.
/usr/share/ltsp/plugins/ltsp-build-client/Ubuntu/000-basic-configuration
/usr/share/ltsp/plugins/ltsp-build-client/Ubuntu/010-updates-mirrors

jsalamero

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1419
  • Karma: +45/-1
    • View Profile
Re: Howto for Zentyal Thin Client Module
« Reply #3 on: September 30, 2012, 10:55:16 am »
Cool! What about moving this Howto to the wiki?

FarquahrWindsor

  • Guest
Re: Howto for Zentyal Thin Client Module
« Reply #4 on: September 30, 2012, 05:56:48 pm »
http://forum.zentyal.org/index.php/topic,12176.msg50293.html#msg50293

I just wondered if you any idea's on how sessions and ltsp's impact on a server.

christian

  • Guest
Re: Howto for Zentyal Thin Client Module
« Reply #5 on: September 30, 2012, 06:03:53 pm »
Stuart, please trust me  ;)
Stop posting everywhere tons of messages that are only post to other of your own messages.
I acknowledge that sometime it helps, avoiding to repeat same thing but, if you look at your stats, you will notice that more than 40% of your messages are redirect toward... your messages  ::)  ::)
Try to refrain yourself  ;D  of add some comment to your link, at least to make it clearer  8)

FarquahrWindsor

  • Guest
Re: Howto for Zentyal Thin Client Module
« Reply #6 on: September 30, 2012, 07:04:27 pm »
Just trying to get a response chris. Was trying to lump all us LTSP adventurers together.

I often just post the link rather than just repeat the same stuff. It would be great to be able to lump similar together so we are all not repeating stuff.

I think you know I am really interested in LTSP but hitting a few problems and one of how to employ it.

How about you giving me a break on this one but offering your broad knowledge on the topic?

PS I think you will find that a lot of it is because I make a reply to one of my own messages so I can work with the upload limitation.
 
« Last Edit: September 30, 2012, 08:01:47 pm by FarquahrWindsor »

FarquahrWindsor

  • Guest
Re: Howto for Zentyal Thin Client Module
« Reply #7 on: October 07, 2012, 02:08:32 pm »
Troubleshooting:
...

I will fill up the list of problems:
if you have local a repository, you should edit 2 files, having specified in them the address of your repository.
/usr/share/ltsp/plugins/ltsp-build-client/Ubuntu/000-basic-configuration
/usr/share/ltsp/plugins/ltsp-build-client/Ubuntu/010-updates-mirrors

Yuri if LTSP included --copy-sourceslist --apt-keys then the current sources.list and keys would be pulled into ltsp.

Would you generally like to see more options here?
http://pastebin.com/mSXnxCTv
http://pastebin.com/Zq9iJzzR
« Last Edit: October 07, 2012, 05:22:08 pm by FarquahrWindsor »

vpetcu

  • Zen Apprentice
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Howto for Zentyal Thin Client Module
« Reply #8 on: October 14, 2012, 11:59:56 am »
Hello everyone.

I tried to follow this how to, but after I have installed

Code: [Select]
sudo apt-get install ubuntu-desktop network-manager-
I'm not able to login with ldap users on the GUI(LightDM).

With ssh, I'm still able to authenticate.
kinit command is giving the expected results

Before this command, I was able to authenticate with the default desktop gui.

Thank you

[MODERATOR]
You already posted same question here.
Please do not cross-post, it doesn't help getting answer faster but makes things confusing instead  :-[
[/MODERATOR]


« Last Edit: October 14, 2012, 12:11:51 pm by christian »

nalare

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Howto for Zentyal Thin Client Module
« Reply #9 on: October 17, 2012, 01:00:28 pm »
I would like to ask if there is any problem if I install Lubuntu/LXDE instead of ubuntu/unity as the desktop manager for thin clients

vpetcu

  • Zen Apprentice
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Howto for Zentyal Thin Client Module
« Reply #10 on: October 17, 2012, 11:08:04 pm »
From my experience, thin client woks with LXDE(which is the default DE on Zentyal )

nalare

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Howto for Zentyal Thin Client Module
« Reply #11 on: October 28, 2012, 11:42:53 am »
thanks for your answer, I'm gonna try it

nalare

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Howto for Zentyal Thin Client Module
« Reply #12 on: October 28, 2012, 01:02:12 pm »
I've just made it at home. I'm pretty newbie with this kind of things: I'm using zentyal for school (I'm studying to become a server administator/network technician) and I'd like to know if its possible to run my thinclients from outside my home LAN

  thanks for you time & help..this guide is quite helpful for noobs like me

PD: my zentyal server is already configured to be accesible from outside my LAN, I use the cloud module for dynamicDNS and I can access zentyal webmin interface and ssh (and the users I've created too) but I'd like to know:
1- what should I configure in the server
2-and where do I have to point the client to access the thinclients images hosted in my zentyal server from outside my homeLAN
« Last Edit: October 28, 2012, 01:34:59 pm by nalare »

lrrps

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: Howto for Zentyal Thin Client Module
« Reply #13 on: December 23, 2012, 06:17:11 am »
Steup Thin Client and created image. Logged in via VirtualBox and everything worked -- Until I tried to login to the thin client from the Ubuntu default login screen. I enter valid username and password and it just recycles to the login screen.

Has anybody else experienced this? If so, is there a post with a soultion?

Thanks

lrrps

nalare

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Howto for Zentyal Thin Client Module
« Reply #14 on: January 07, 2013, 12:39:19 pm »
I just want to ask if it is "safe" to erase the thinclient image to build a new one..

I've got a new zentyal deployment, and after building the thinclient image I've added some new apps that I'm gonna need in the thinclients (no fat clients) and now I don't know how to add those apps to the thinclient image, so I've thought the only solution is to build a new one, but I dont see any gui option for that, so...

..should I use the command line to erase my image?  will I have any problem later to build a new one with zentyal gui?

thanks..this topic has been really useful for me while Ive been installing and configuring the thinclients module..

PD: I still don't know how to access my thinclients from outside my home LAN..where can I find some documentation for that?
« Last Edit: January 08, 2013, 01:45:38 am by nalare »