IRC chat logs for #ltsp on irc.libera.chat (webchat)
Channel log from 24 September 2009 (all times are UTC)
| 09:07 | ltspbot has joined #ltsp | |
| 09:07 | sbalneav has joined #ltsp | |
| 09:08 | <sbalneav> Ugh. Morning all.
| |
| 09:08 | * sbalneav has been sick | |
| 09:09 | * ogra hopes there are no H's N's or 1's involved | |
| 09:09 | <nubae|work> hi Gadi
| |
| 09:10 | * nubae|work hopes sbalneav feels better | |
| 09:10 | <sbalneav> No, nothing so disasterous.
| |
| 09:11 | Just a common head cold.
| |
| 09:11 | Thanks nubae|work, otavio
| |
| 09:11 | err
| |
| 09:11 | ogra
| |
| 09:11 | <nubae|work> http://threads.rebelscum.com/showflat.php?Cat=&Number=2039728&page=0
| |
| 09:11 | <sbalneav> geez, o<tab> ususally picks you Ollie! :)
| |
| 09:12 | <ogra> heh
| |
| 09:12 | nubae|work, trying to make our FF pixmap caches explode ?
| |
| 09:14 | <sbalneav> What's all that goat porn doing on that page?
| |
| 09:15 | <nubae|work> :-)
| |
| 09:15 | that is a serious collection though
| |
| 09:23 | CAN-o-SPAM has joined #ltsp | |
| 09:28 | <alkisg> There's a thought to run LTSP from the edubuntu live dvd... LDM_SSHOPTIONS would be required to do that (dynamic ip etc), but it's not working atm - ldm.c reads the environment variable but doesn't do anything with it. Was support for this option dropped deliberately?
| |
| 09:29 | F-GT has quit IRC | |
| 09:30 | <sbalneav> alkisg: Thought we had added that.
| |
| 09:30 | It should be there.
| |
| 09:31 | <alkisg> sbalneav: nope :(
| |
| 09:31 | <sbalneav> Hm.
| |
| 09:31 | Well then.
| |
| 09:31 | <alkisg> ldm.sshoptions = g_strdup(getenv("LDM_SSHOPTIONS"));
| |
| 09:31 | Selveste1 has joined #ltsp | |
| 09:31 | <alkisg> ....and then nothing :)
| |
| 09:31 | <ogra> see, it was added :)
| |
| 09:32 | scott didnt say "used" :P
| |
| 09:32 | <sbalneav> Oh you expect us to DO something with the variable.
| |
| 09:32 | Well GEEZ, why didn't you SAY so
| |
| 09:32 | <ogra> yeah, always these fuzzy user requests
| |
| 09:32 | <sbalneav> I assume we want it on the initial ssh connect?
| |
| 09:33 | hold on...
| |
| 09:33 | * alkisg doesn't fully understand the whole ssh geneology tree :-/ | |
| 09:34 | <alkisg> ...but I'd like to be able to pass stricthostchecking=no
| |
| 09:34 | <ogra> i dont think that helps client side
| |
| 09:34 | <sbalneav> telnet and rsh had a 3 way with ssl, and ssh was born :)
| |
| 09:34 | <ogra> lol
| |
| 09:35 | <alkisg> ogra, it helps very very much (I modify the ssh_config file) - let me find the exact options...
| |
| 09:35 | heh
| |
| 09:35 | <ogra> ah, i always thought you need to set that server side
| |
| 09:36 | you should in any case strictly note in the release notes that the live variant is largely unsafe compared to the installed then
| |
| 09:36 | <alkisg> SSH_CONFIG="$CHROOT/etc/ssh/ssh_config"
| |
| 09:36 | sed -i -e 's/# CheckHostIP yes/ CheckHostIP no/' -e 's/# StrictHostKeyChecking ask/ StrictHostKeyChecking no/' "$SSH_CONFIG"
| |
| 09:36 | if ! grep -q 'LogLevel SILENT' "$SSH_CONFIG"; then echo ' LogLevel SILENT' >> "$SSH_CONFIG"; fi
| |
| 09:36 | Sure, such a notice should be displayed when the "start an ltsp server" script is ran...
| |
| 09:37 | <ogra> wow, with that setting you should use telnet ... saves the ssh overhead :P
| |
| 09:37 | <alkisg> ogra: in reality, it's as safe as ltsp is now
| |
| 09:37 | It doesn't protect the server. It only protects the client
| |
| 09:38 | <ogra> it protects the connection
| |
| 09:38 | <alkisg> ...and the clients can get the server keys anytime - unless of course someone protects his nbd server with a firewall
| |
| 09:38 | <ogra> you cant say its unsafe
| |
| 09:38 | its a lot less safer
| |
| 09:39 | <alkisg> ogra: if I disconnect an ltsp client and connect my laptop there, what will stop me from getting the keys?
| |
| 09:39 | <ogra> its not about the ends, its about the man in the middle :)
| |
| 09:40 | <alkisg> Where's the difference in those two cases?
| |
| 09:40 | The man in the middle can serve me the server's keys
| |
| 09:41 | (if he's in the middle, then he has access to the server's keys, as they're served with nbd)
| |
| 09:41 | EDAN_ has joined #ltsp | |
| 09:41 | <Gadi> only the server's public keys are on nbd
| |
| 09:41 | public keys, are, well, public
| |
| 09:42 | <alkisg> Gadi, he could even serve me his own image with his own keys...
| |
| 09:42 | <Gadi> this is true
| |
| 09:43 | <alkisg> The only way to make this safe is if we could transfer the keys to the client without using the network
| |
| 09:43 | <Gadi> in the end, there is no securing the pxe boot
| |
| 09:43 | <ogra> it adds one level of complexity = one level of safety ...
| |
| 09:43 | <Gadi> short of physically and at the switch
| |
| 09:43 | <ogra> its not a lot, but a wee bit
| |
| 09:44 | <Gadi> ogra likes the wee bits
| |
| 09:44 | :)
| |
| 09:44 | tstafford_ has joined #ltsp | |
| 09:44 | <alkisg> E.g. if the clients had some memory inside them... then it would be safe
| |
| 09:45 | Well in any case such a warning message will be displayed; so no problem there
| |
| 09:45 | <Gadi> still not safe
| |
| 09:45 | <alkisg> So let's worry about getting LDM_SSHOPTIONS to actually do something :)
| |
| 09:45 | <Gadi> I can pxe boot a device with storage
| |
| 09:45 | and bypass the storage
| |
| 09:45 | <alkisg> Gadi: you mean using a screwdriver? :)
| |
| 09:45 | Gadi: then the server would *not* accept that connection
| |
| 09:46 | <Gadi> ah, you mean if the keys weere on the storage
| |
| 09:46 | yeah
| |
| 09:46 | <alkisg> Yup
| |
| 09:46 | Internal usb sticks or something
| |
| 09:46 | <Gadi> but, if I am the pxe server, and I hand you an image to connect to me
| |
| 09:46 | I'll accept you ;)
| |
| 09:46 | <alkisg> Yeah the authentication would happen after the initramfs
| |
| 09:47 | <ogra> you are so promiscous
| |
| 09:47 | <alkisg> **after the tftp, at least
| |
| 09:47 | EDAN has quit IRC | |
| 09:48 | <alkisg> It could even happen when the users log on, if each one of them had a stick
| |
| 09:48 | <ogra> to fight ?
| |
| 09:48 | <alkisg> If they all had sticks and ARMs... why not :)
| |
| 09:49 | <ogra> pointy sticks ?
| |
| 09:58 | * alkisg forgot to mention that a man in the middle can serve the exact same nbd image to the client, but with only the ssh_config changed - so the security implications of this change are moot... still the warning will be displayed to make people feel safer afterwards :P :D | |
| 10:12 | jammcq has joined #ltsp | |
| 10:13 | <jammcq> g'morning friends
| |
| 10:15 | staffencasa has joined #ltsp | |
| 10:21 | CAN-o-SPAM has quit IRC | |
| 10:23 | CAN-o-SPAM has joined #ltsp | |
| 10:28 | <sbalneav> alkisg: ok, I've just posted an update to ldm-trunk
| |
| 10:28 | <jammcq> Scotty !!!!!!!!!!!!!!!!!!!
| |
| 10:28 | <sbalneav> Hey jammcq!
| |
| 10:29 | <alkisg> Wheeee!!! :)
| |
| 10:29 | <jammcq> hey, your paper plane ticket showd up here yesterday
| |
| 10:29 | <sbalneav> Super!
| |
| 10:29 | <jammcq> but it's eTicket, so no need to send it to you
| |
| 10:29 | <alkisg> Thanks sbalneav!
| |
| 10:29 | <sbalneav> We'll need to get stgraber to push a build
| |
| 10:30 | setting LDM_SSHOPTIONS="-o foop=doop" should get you what you want
| |
| 10:31 | Selveste1 has quit IRC | |
| 10:33 | * alkisg remembers a time when he reported a serious bug to microsoft "SP2 cuts in half the mails sent by outlook" - I never got and answer, and it was fixed after 6 months!!! Sweet open source & good devs, this is heaven ;) | |
| 10:34 | Selveste1 has joined #ltsp | |
| 10:34 | cyberorg has quit IRC | |
| 10:39 | cyberorg has joined #ltsp | |
| 10:45 | <jammcq> sbalneav: ping
| |
| 10:46 | <sbalneav> jammcq: pong
| |
| 10:46 | <jammcq> hey, what's a valid canadian postal code?
| |
| 10:46 | like yours for instance?
| |
| 10:46 | <sbalneav> R2N 1M1
| |
| 10:47 | Should be <letter><num><Letter><space><Num><Let><Num>
| |
| 10:47 | Caps is preferred by CanPo
| |
| 10:47 | As we affectionately referr to Canada Post
| |
| 10:48 | We use the same format as the British Postal System.
| |
| 10:51 | nubae|work has quit IRC | |
| 11:00 | Selveste1 has quit IRC | |
| 11:06 | coordinador has joined #ltsp | |
| 11:12 | EDAN has joined #ltsp | |
| 11:15 | japerry_cat has joined #ltsp | |
| 11:16 | garymc has joined #ltsp | |
| 11:30 | japerry has quit IRC | |
| 11:30 | japerry_cat is now known as japerry | |
| 11:31 | EDAN_ has quit IRC | |
| 11:32 | yoshi_ has quit IRC | |
| 11:38 | knipwim has joined #ltsp | |
| 11:55 | knipwim_ has quit IRC | |
| 11:56 | garymc has quit IRC | |
| 12:00 | artista_frustrad has quit IRC | |
| 12:14 | EDAN has quit IRC | |
| 12:15 | fotanus has joined #ltsp | |
| 12:18 | artista_frustrad has joined #ltsp | |
| 12:37 | tstafford_ has quit IRC | |
| 12:58 | chrisjrob has left #ltsp | |
| 12:58 | vagrantc has joined #ltsp | |
| 13:01 | yoshi_ has joined #ltsp | |
| 13:01 | <alkisg> Woah, python has a cgi http server module, with configurable port! http://docs.python.org/library/cgihttpserver.html#module-CGIHTTPServer
| |
| 13:01 | Hmm... that sounds really convenient for ltsp... running scripts on the server and producing different output for each client - all that with a simple wget from the client...
| |
| 13:02 | <yoshi_> iam from the impression that ltsp on jaunty isn't as stable as on intrepid
| |
| 13:02 | am i wrong ?
| |
| 13:03 | vagrantc_ has joined #ltsp | |
| 13:03 | <johnny> well don't start by blaming ltsp.. start by blaming the other components :)
| |
| 13:03 | perhaps it is that jaunty isn't as stable in general..
| |
| 13:03 | vagrantc_ has quit IRC | |
| 13:05 | spectra has joined #ltsp | |
| 13:08 | <yoshi_> so suggestion is better ltsp on ubuntu intrepid
| |
| 13:08 | or any other suggestions ?
| |
| 13:14 | tstafford_ has joined #ltsp | |
| 13:16 | pmatulis has quit IRC | |
| 13:17 | <alkisg> yoshi_: what is your actual problem? e.g. for me the ltsp in jaunty is more stable...
| |
| 13:18 | <yoshi_> well i am running on jaunty for a while now in 1 school and the other on intrepid
| |
| 13:19 | but with firefox there seems some weird problems like sometime you can't click on anything and after the ldm screen it takes a long time before the gnome desktop comes up, first the panel is grey then after like 1 minute the desktop icons appear
| |
| 13:20 | alkisg maybe the firefox problem can be fixed with stephanes patch ofcourse, also user switching doesn't work, it says something about xauhtority
| |
| 13:20 | <alkisg> Nope, I don't have those problems with jaunty.
| |
| 13:21 | Does user switching in ltsp clients work in 8.10?
| |
| 13:21 | <yoshi_> well that all weird, but i have to say i installed it on een dell T605 it has no good graphics but that can't have anything to do with it
| |
| 13:21 | yes user switching wors in 8;10
| |
| 13:21 | also the main system is X68
| |
| 13:21 | 86
| |
| 13:22 | and the chroot is i386
| |
| 13:22 | <alkisg> Mine too, both the server and the clients
| |
| 13:22 | <yoshi_> mayby thate is also the firefox problem
| |
| 13:22 | clients are i386
| |
| 13:22 | <alkisg> You mean that the main system is amd64?
| |
| 13:23 | <yoshi_> yes
| |
| 13:23 | the chroot client is i386
| |
| 13:23 | install gnome watchdos
| |
| 13:23 | dog
| |
| 13:23 | <alkisg> OK. Well, in your place, I'd try stgraber's ppa, and after that I'd tackle the problems one by one.
| |
| 13:23 | I never used gnome watchdog
| |
| 13:24 | <yoshi_> and no problems with sessions that hangs
| |
| 13:24 | the gpu in the server has nothing to do with speed isn't it
| |
| 13:24 | <alkisg> No
| |
| 13:24 | <yoshi_> like i thought
| |
| 13:25 | i think iam gonna reinstall it
| |
| 13:25 | i used the jaunty alternate cd
| |
| 13:25 | but not with the F4 option
| |
| 13:25 | and my 8.10 system is a desktop with ltsp manualy installed
| |
| 13:26 | could that have something to do with it
| |
| 13:26 | <johnny> reinstall?
| |
| 13:26 | <yoshi_> johnny, yes my knowlegde is not that great to see how i can diagnose the slow startup of gnome dekstop
| |
| 13:27 | <Gadi> yoshi_: session issues can usually be diagnosed by looking at the user's ~/.xsession-errors
| |
| 13:28 | between that, and testing simply the speed at which you get a prompt when you ssh into the server are your best bets
| |
| 13:28 | <johnny> yoshi_, reinstalling rarely fixes problems like that
| |
| 13:28 | <Gadi> also, make sure you don't have evil packages like "tracker" installed
| |
| 13:28 | <yoshi_> mmm tracker
| |
| 13:28 | <johnny> Gadi, next tracker will be more sane ..
| |
| 13:28 | <yoshi_> never heard of it
| |
| 13:28 | didn't install it either :)
| |
| 13:29 | <johnny> you might even like it
| |
| 13:29 | <Gadi> tracker indexes your filesystem, for lack of a better phrase
| |
| 13:29 | <johnny> it might come by defualt ..
| |
| 13:29 | <Gadi> :)
| |
| 13:29 | <yoshi_> ahaaa
| |
| 13:29 | <sbalneav> As well, if your site uses DNS, make sure that the LTSP thin client host names are defined either in DNS or /etc/hosts
| |
| 13:29 | <yoshi_> we don't have a dns server so
| |
| 13:29 | <sbalneav> ssh will try to reverse dns lookup the hostnames, and that can cause an initial login delay if they're not found.
| |
| 13:29 | The add them to /etc/hosts
| |
| 13:30 | s/The/Then/g
| |
| 13:30 | <Gadi> I think sbalneav's gonna win the prize on this one
| |
| 13:30 | why does he always go home with the 6' bugs bunny doll...
| |
| 13:31 | <sbalneav> Nah.
| |
| 13:31 | Even a stopped clock is correct twice a day. :)
| |
| 13:31 | And boy, am I a stopped clock :)
| |
| 13:32 | <Gadi> see, and I thought a stopped clock never boils
| |
| 13:32 | * Gadi shrugs | |
| 13:33 | <yoshi_> ok will try that all, great support guys !!
| |
| 13:33 | something funny and stupid i did today
| |
| 13:33 | installed virtual box
| |
| 13:33 | configured the adapter as host only adapter
| |
| 13:34 | after like 2 ours of fiddeling i notice it has to be on another subnet
| |
| 13:34 | installed terminal server 2008 for the kids their stupid windows games
| |
| 13:34 | and yes it worked
| |
| 13:35 | offcourse when i logged of gone was my virtual box session :(
| |
| 13:35 | 7 ours of work down the drain, can use it offcourse :(
| |
| 13:35 | so now i have to put a seperate ts server for some stuppid windows only soft
| |
| 13:36 | what i could do is install a virtual box in the chroot but then i have to install 40 windows xp's :(
| |
| 13:38 | <jammcq> Gadi: a stopped clock lives in the woods
| |
| 13:39 | * jammcq wonders if this microphone is turned on | |
| 13:40 | <yoshi_> ok iam gonna sleep, my head is killing me
| |
| 13:40 | <Gadi> but, if a stopped clock falls in the woods, does it make a sound?
| |
| 13:40 | <yoshi_> tx for all the help
| |
| 13:41 | * Gadi thought it was thx for all the fish.... | |
| 13:41 | yoshi_ has quit IRC | |
| 13:45 | knipwim_ has joined #ltsp | |
| 13:48 | johnny has left #ltsp | |
| 13:49 | Ahmuck has joined #ltsp | |
| 13:49 | johnny1 has joined #ltsp | |
| 13:54 | vagrantc has quit IRC | |
| 13:57 | alkisg has quit IRC | |
| 13:57 | knipwim has quit IRC | |
| 13:58 | arx has joined #ltsp | |
| 13:58 | korcan has joined #ltsp | |
| 13:59 | johnny1 has left #ltsp | |
| 13:59 | johnny has joined #ltsp | |
| 14:00 | artista_frustrad has quit IRC | |
| 14:03 | <_UsUrPeR_> Gadi: as long as the laws of physics are still relevant when unobserved, then yes. I, however, have a magical cat in a box that is both dead and alive.
| |
| 14:05 | on another note, I am trying to figure out how a user changes their own password in GDM when they do not have access to their ystem > Users & Groups
| |
| 14:05 | CAN-o-SPAM has quit IRC | |
| 14:05 | <_UsUrPeR_> err... System > Administration > Users & Groups menu
| |
| 14:10 | alkisg has joined #ltsp | |
| 14:12 | <sbalneav> system->preferences->about me
| |
| 14:13 | Click on "change password" button
| |
| 14:13 | ph27 has joined #ltsp | |
| 14:13 | <sbalneav> Magic ensues
| |
| 14:15 | <ph27> Hello all, why would a client stop booting after Loading initrd.img.......ready.
| |
| 14:15 | Any ideas?
| |
| 14:15 | <sbalneav> bad network connection, low ram, incorrectly configured dhcp, etc.
| |
| 14:16 | faulty PXE implementation in the client
| |
| 14:16 | <ph27> if it was working and I changed nothing other than physically moving the client...?
| |
| 14:16 | and now it happens to multiple clients.
| |
| 14:17 | <sbalneav> You got one of those switches that has an "uplink" port, that you either plung into that port, or the uplink port, but not both?
| |
| 14:17 | <ph27> running latest ubuntu, fresh install yesterday, i've tried ltsp-update-kernels, ltsp-update-image, ltsp-update-sshkeys...
| |
| 14:18 | i'd investigate networking further, but it does get dhcp, downloads the image, but doesn't crank over to the ltsp environment.
| |
| 14:18 | <sbalneav> So you haven't "just" moved a client, you've done a whole bunch of things :)
| |
| 14:18 | <ph27> well, i did a whole bunch of things after the symptom appeared... :P
| |
| 14:19 | <sbalneav> Aaaaaand... Did you keep track of them all so you'd know what you touched so when you come here for help we'll know all the facts? :)
| |
| 14:19 | I'd start with physical networking.
| |
| 14:19 | <Gadi> sbalneav: ur silly
| |
| 14:19 | <ph27> that's why i mentioned
| |
| 14:20 | <sbalneav> Gadi: Yeah, that whole "what did you touch" thing us sysadmins go on and on about :)
| |
| 14:20 | <Gadi> ph27: check the server for nbdrootd processes
| |
| 14:20 | <sbalneav> Gadi: According to him, it's not even firing up the kernel.
| |
| 14:21 | <Gadi> and check syslog to see if nbd is serving up the image
| |
| 14:21 | (03:15:41 PM) ph27: Hello all, why would a client stop booting after Loading initrd.img.......ready.
| |
| 14:21 | <sbalneav> ph27: You get no kernel splash screen, right? Just the "...ready" and that's it.
| |
| 14:21 | <Gadi> sounds like it loads kernel+initrd
| |
| 14:21 | <ph27> that's correct
| |
| 14:21 | <Gadi> ah...
| |
| 14:22 | <sbalneav> I'd check networking. Assuming you haven't bunged up some wiring, I'd try resetting the switch.
| |
| 14:23 | <ph27> i'm on the same switch, so i may brb
| |
| 14:23 | <sbalneav> The switches arp cache may be corrupted. It may need a kick in the goolies.
| |
| 14:24 | <ph27> i know it's bad, but we're cheap. my test bench has a hub :-[
| |
| 14:25 | <Gadi> a good hub can be better than a bad switch
| |
| 14:25 | :)
| |
| 14:26 | but, if you have lots of collissions, it could be ur problem
| |
| 14:27 | <ph27> now in a known good working switch, but still no joy. the only new message in syslog is:
| |
| 14:27 | Sep 24 15:27:49 opltsp in.tftpd[3782]: tftp: client does not accept options
| |
| 14:28 | opltsp is my server's hostname, btw
| |
| 14:31 | Gadi has quit IRC | |
| 14:32 | Gadi has joined #ltsp | |
| 14:32 | <ph27> i'm starting to think it's networking too - while it seems to connect and tftp, it's unpingable. do clients block pings by default?
| |
| 14:32 | that is, while they've PXEd but before the kernel loads?
| |
| 14:32 | <Gadi> ph27: it has no networking up yet
| |
| 14:33 | you won't be able to ping it
| |
| 14:33 | Gadi has quit IRC | |
| 14:37 | <ph27> still no luck, i'll have to try again tomorrow. Thanks Gadi and sbalneav for the help!
| |
| 14:37 | ph27 has left #ltsp | |
| 14:46 | Gadi has joined #ltsp | |
| 14:49 | Sarten-X2 has quit IRC | |
| 14:53 | vagrantc has joined #ltsp | |
| 14:55 | Sarten-X has joined #ltsp | |
| 14:56 | <zamba> anyone used either nomachine or open virtual desktop and can come with some insight into either of these two products?
| |
| 14:56 | how does it compare to ltsp?
| |
| 14:58 | <Gadi> they are not mutually exclusive
| |
| 14:59 | now, you may ask how nomachine compares to ldm
| |
| 14:59 | that is a more accurate comparison
| |
| 14:59 | you can boot clients with ltsp and have them use nomachine to connect to the server
| |
| 15:00 | though, even ldm is not a fair comparison
| |
| 15:00 | the best way to say it is: how does nomachine compare to X-over-ssh
| |
| 15:02 | <zamba> but nomachine isn't just the ldm part, is it?
| |
| 15:02 | it also delivers applications?
| |
| 15:02 | or?
| |
| 15:04 | jach has joined #ltsp | |
| 15:04 | Lns_ has joined #ltsp | |
| 15:06 | <jach> hi, i have one problem with client's are connecting and booting but end up with just a commandline busybox while I was expecting a full gui... ?
| |
| 15:06 | <Lns_> Any policykit gurus present?
| |
| 15:06 | <jach> my server version is ubuntu-ltsp 8.04 amd64
| |
| 15:07 | anyway help
| |
| 15:08 | <Lns_> jach, remove "quiet splash" from /var/lib/tftpboot/ltsp/i386/pxelinux.cfg/default and reboot a terminal, and pastebin any errors/relevant output please.
| |
| 15:08 | !pastebot
| |
| 15:08 | <ltspbot> Lns_: "pastebot" is The LTSP pastebot is at http://pastebot.ltsp.org. Please paste all text longer than a line or two to the pastebot, as it helps to reduce traffic in the channel. A link to the content will be pasted in the channel.
| |
| 15:09 | <Gadi> zamba: it delivers a desktop, just as X does
| |
| 15:10 | zamba: which is why you can compare it to X-over-ssh
| |
| 15:10 | zamba: it does not network boot a thin client
| |
| 15:10 | which is why you cannot compare it to ltsp
| |
| 15:11 | now, in terms of delivering a desktop, it has some attractive features that X-ove ssh does not have, like session persistence and lower bandwidth requirements
| |
| 15:11 | <zamba> Gadi: ok, so you need to have both linux and windows servers running for the "mixed"-environment running?
| |
| 15:11 | ph27 has joined #ltsp | |
| 15:11 | <Gadi> define "mixed environment"
| |
| 15:12 | <zamba> that you can run both windows and linux applications
| |
| 15:12 | on the client
| |
| 15:12 | <Gadi> well, that goes for any option
| |
| 15:12 | <zamba> can ltsp do that as well?
| |
| 15:12 | <Gadi> in order to run windows and linux, you need both windows and linux
| |
| 15:13 | you can rdesktop from your linux desktop that you get through X-over-ssh
| |
| 15:13 | if thats what you mean
| |
| 15:14 | <Lns_> I'm trying to figure out why policykit isn't working from a vnc/nx/ltsp session when doing things like "System -> Administration -> Services". Basically, the "Unlock" button is greyed out (see https://bugs.launchpad.net/ubuntu/+source/policykit-gnome/+bug/231246 ). My /etc/PolicyKit/PolicyKit.conf file has the correct line at the bottom, which is -- <define_admin_auth group="admin"/> -- but, it has no effect and users in the 'admin' g
| |
| 15:14 | roup still cannot unlock.
| |
| 15:14 | <zamba> not quite sure what i mean :)
| |
| 15:14 | i'm just checking out my options
| |
| 15:14 | do you know anything about ulteo's virtual desktop?
| |
| 15:14 | that's basically the same as nx?
| |
| 15:14 | <jach> thank Lns_
| |
| 15:16 | <alkisg> Lns_: policykit not working with vnc? afaik it works fine with vnc..
| |
| 15:17 | <Lns_> alkisg, not in ubu 8.04, via a gdm session spawned by VNC
| |
| 15:17 | <alkisg> Ah, you don't use a local session, ok
| |
| 15:17 | I tried vnc'ing to an existing session.
| |
| 15:17 | <Lns_> I'm pretty sure it has something to do w/not being on the local server console, in which polkit requires by ubuntu default config
| |
| 15:17 | alkisg, yeah that would make sense
| |
| 15:18 | * Lns_ doesn't understand why polkit takes into consideration where you're logging in from | |
| 15:22 | <Lns_> For anyone interested, I found this good doc by Novell regarding polkit..trying to figure out the implicit authorizations to only allow admin group users auth for stuff. http://www.novell.com/documentation/opensuse111/opensuse111_security/?page=/documentation/opensuse111/opensuse111_security/data/sec_policykit_change.html
| |
| 15:23 | <jach> Lns_ this is the new error: http://www.pastebin.org/23646
| |
| 15:24 | <Lns_> jach, hmm, is your tftp server config correct? can you verify it's running?
| |
| 15:26 | doesn't look like you have all the info you need in there (possible typo? in "rootserver", "rootpath" and "filename" are blank)
| |
| 15:26 | just guessing though
| |
| 15:26 | <alkisg> jach: what is the ip address of your ltsp server?
| |
| 15:27 | <jach> alkisg in eth0 192.168.1.78 via dhcp and eth1 192.168.0.254
| |
| 15:27 | <alkisg> Well, you have another dhcp server in 192.168.1.1 which gives leases to your ltsp clients
| |
| 15:28 | You have to shut it off, or re-wire it so that it's not on the same subnet as the ltsp clients
| |
| 15:29 | <jach> Lns_ yes tftp server is running
| |
| 15:29 | <Lns_> alkisg, good eye =)
| |
| 15:30 | jach, ^^
| |
| 15:30 | <alkisg> Lns_: been strugling with routers as dhcp servers for the past 2 years :D
| |
| 15:30 | <Lns_> heh
| |
| 15:30 | <jach> alkisg thank
| |
| 15:31 | <alkisg> jach: if you need help on how to rewire this, just ask again.... :)
| |
| 15:33 | <jach> alkisg as i do :)
| |
| 15:35 | <alkisg> What hardware do you have? E.g. 1 or 2 switches? 1 router to connect to the internet? etc...
| |
| 15:35 | Ahmuck has quit IRC | |
| 15:36 | <jach> i have 1 router with dhcp-server connected a switch my server connectd a switch via eth0
| |
| 15:37 | my client connect to server via other router with 4 port
| |
| 15:37 | <alkisg> Does the other router also have a dhcp server?
| |
| 15:38 | If so, turn it off..
| |
| 15:40 | <jach> aslkisg you have reason
| |
| 15:40 | alkisg thank you very much!!! :)
| |
| 15:40 | <alkisg> Did it work?
| |
| 15:40 | <jach> yes
| |
| 15:40 | <alkisg> Nice :)
| |
| 15:42 | * Lns_ hands alkisg a pint | |
| 15:43 | <alkisg> gloup gloup.... tasty :D
| |
| 15:43 | Lns, this one's more focused: https://bugs.launchpad.net/ubuntu/+source/policykit/+bug/219473
| |
| 15:43 | * Lns_ is weary of how polkit divulges much information about who is an admin, what policies are in place, etc. for any user to view | |
| 15:45 | <Lns_> alkisg, yeah i saw that - i just figured a workaround by using the polkit-gnome-authorization tool.. simply set all 3 implicit authorizations to "Admin Authentication"
| |
| 15:45 | that way it doesn't matter where you're logged in from, as long as you're part of the admin group
| |
| 15:46 | <alkisg> Ugh this thing doesn't have a search bar :(
| |
| 15:46 | <Lns_> but that also means that any user can at least start the app, hit 'unlock' and see the list of 'admin' group users that can authenticate for whatever polkit identifier you're looking at
| |
| 15:47 | <alkisg> ? can only see the members of a group?
| |
| 15:47 | One can do that by cat /etc/group...
| |
| 15:47 | <Lns_> true..
| |
| 15:47 | <jach> i have other little problem my client are i386 my server is amd64 the plugin of flashplayer no work.
| |
| 15:48 | <Lns_> kind of weird though since ubuntu default policy is to lock down everything if you're not on the local console, but still divulge like...everything about polkit authorizations to any user
| |
| 15:49 | i mean, at least require *something* for using the gnome authorization tool!
| |
| 15:49 | <jach> with amd64 i test https://help.ubuntu.com/community/UbuntuLTSP/AdobeFlashFirefoxPluginLTSP
| |
| 15:49 | <alkisg> Lns, "simply set all 3 implicit authorizations to "Admin Authentication" ==> to which authorization?
| |
| 15:49 | <jach> but not work
| |
| 15:50 | <alkisg> (to which entry?)
| |
| 15:50 | <Lns_> alkisg, org.freedesktop.systemtoolsbackends.set
| |
| 15:50 | <alkisg> Thanks
| |
| 15:51 | <Lns_> I'm glad i'm learning about polkit finally..at least that's one upside to this =)
| |
| 15:51 | <alkisg> Btw, ck-list-sessions is a cool way to find out about which users are connected, to which IPs etc... ;)
| |
| 15:51 | I think moldy was looking for something like that
| |
| 15:51 | <Lns_> hmmmmmm
| |
| 15:51 | yes
| |
| 15:52 | alkisg, thanks!!! wow, that gives us some great information we could display in tcm
| |
| 15:52 | logged in time being one =)
| |
| 15:53 | <alkisg> ...and it doesn't even need admin rights to display the info!
| |
| 15:53 | <Lns_> heh
| |
| 15:53 | lame
| |
| 15:53 | mikkel has quit IRC | |
| 15:53 | * Lns_ likes the "is-local" | |
| 15:54 | * alkisg likes the x11-display, I can pop up applications to their screens with that :D | |
| 15:55 | <Lns_> totally
| |
| 15:55 | well, tcm can do that already too
| |
| 15:55 | but yeah =)
| |
| 15:56 | launch firefox on 50 terminals with a specified URL so you don't have to direct anyone to do anything, saves 5-10 minutes depending on how many people are there
| |
| 15:56 | which is valuable when you have ~15-30 min in a computer lab
| |
| 15:57 | <alkisg> tcm can do that but it does start with the client session, right?
| |
| 15:57 | <Lns_> alkisg, huh?
| |
| 15:58 | <alkisg> I mean, when the user logs in, isn't some part of tcm started automatically?
| |
| 15:58 | E.g. in italc it's called "ica"
| |
| 15:59 | This part listens for remote requests from the teacher pc...
| |
| 15:59 | <Lns_> oh right..yeah i think that tcm-client is started.
| |
| 15:59 | well, right now it isn't, you have to invoke it manually..but it *will* be started automatically
| |
| 16:00 | it's a small user helper app
| |
| 16:00 | <alkisg> Right... with remote X you can just invoke any app anywhere, if you have the necessary rights that is. /me likes that :D
| |
| 16:00 | <Lns_> but it's not started within the chroot at all, it's within the user session
| |
| 16:01 | yeah...the beauty of remote X :)
| |
| 16:12 | ph27 has left #ltsp | |
| 16:18 | * Lns_ curses polkit...wtf is up with showing the manpage instead of actually invoking the command polkit-action..?!? | |
| 16:19 | * alkisg laughs about the local/non local distriction :) | |
| 16:19 | <alkisg> I do `ssh -l user localhost`. The session is considered non local.
| |
| 16:20 | From inside the ssh session, I do: su user. The session is considered local! :D :D :D
| |
| 16:20 | <Lns_> seriously.
| |
| 16:21 | Ahmuck has joined #ltsp | |
| 16:21 | <Lns_> alkisg, can you do me a favor and run "polkit-action --set-deaults-any org.freedesktop.systemtoolsbackends.set auth_admin" and see if it actually works instead of bringing up the manpage? I don't get what's going on here.
| |
| 16:21 | <alkisg> missing an f
| |
| 16:21 | --set-deFFFFFFFFFFFFaults-any
| |
| 16:21 | <Lns_> omg...hahahhaa
| |
| 16:22 | * Lns_ slaps himself with a large trout | |
| 16:22 | * alkisg wonders at what point in time the trouts were a common way to slap someone...! | |
| 16:23 | <Lns_> i think it was a mirc thing
| |
| 16:23 | pmatulis has joined #ltsp | |
| 16:24 | <Lns_> sweet. I'm kinda getting the hang of this now.
| |
| 16:24 | <elias_a> Wow - people hitting themselves...
| |
| 16:25 | <Ahmuck> i'm in office A and need to boot my client. there is classroom A server. same network, however, is as follows.
| |
| 16:25 | inet --> router --> ltsp server --> switch --> client
| |
| 16:25 | that's the classroom
| |
| 16:26 | <elias_a> Asmo found a new bug that prevents login of clients in Karmic: https://bugs.launchpad.net/ubuntu/+source/ltsp/+bug/435818
| |
| 16:26 | <Ahmuck> office is "inet --> router --> wireless bridge --> office computer"
| |
| 16:26 | Sarten-X2 has joined #ltsp | |
| 16:28 | vagrantc has quit IRC | |
| 16:29 | Sarten-X has quit IRC | |
| 16:29 | <elias_a> Ahmuck: What is the problem?
| |
| 16:29 | <alkisg> Ahmuck: can you use gpxe?
| |
| 16:29 | (i.e. in the hard disk or in a floppy or in a cd?)
| |
| 16:30 | <Ahmuck> office computer --> wireless bridge --> routerA --> ?
| |
| 16:30 | i'm not sure how the connection would be made to the ltsp server. the switch is isolated so to speak
| |
| 16:31 | <alkisg> ?? can you not ping the *external* nic of the ltsp server?
| |
| 16:31 | <elias_a> I am not sure what isolated means here.
| |
| 16:31 | If ports are closed, that's it. No go.
| |
| 16:32 | Ahmuck: Are you sure they are same network?
| |
| 16:33 | <Ahmuck> inet --> wireless router A --> ltsp server
| |
| 16:33 | inet --> wireless router A --> wireless bridge A --> client
| |
| 16:33 | ltsp server is serving dhcp to clients via a switch
| |
| 16:34 | <elias_a> Ok.
| |
| 16:34 | <Ahmuck> sooo ... inet --> wireless router A --> ltsp server --> client
| |
| 16:34 | er, inet --> wireless router A --> ltsp server --> swtich --> client
| |
| 16:35 | <elias_a> What exactly is the connection between wireless router A and LTSP Server?
| |
| 16:35 | <Ahmuck> wired/wireless router A --> ltsp server
| |
| 16:35 | ltsp server has two nics
| |
| 16:36 | ph27 has joined #ltsp | |
| 16:36 | <elias_a> So A is connected to Inet side NIC of the server with CAT ceble?
| |
| 16:38 | Ahmuck: So you have 3 different WLAN boxes there?
| |
| 16:38 | <Ahmuck> 2
| |
| 16:38 | 2 linksys boxes
| |
| 16:38 | the one in the office is setup as a wireless bridge
| |
| 16:38 | transparent
| |
| 16:38 | <elias_a> wait a minute...
| |
| 16:40 | IMHO your setup cannot work as you seem to have one of the wlan boxes conneted to the Inet side nic of LTSP server...
| |
| 16:40 | <alkisg> It can work with gpxe :)
| |
| 16:40 | <Ahmuck> i'll put up a mindmap
| |
| 16:40 | diagram
| |
| 16:41 | hrm, gpxe ?
| |
| 16:41 | how?
| |
| 16:41 | <alkisg> Ah, I got noticed.. .:)
| |
| 16:41 | <Ahmuck> i'd be interested in knowing how that would work
| |
| 16:41 | <alkisg> (12:30:15 πμ) alkisg: Ahmuck: can you use gpxe?
| |
| 16:41 | (12:30:25 πμ) alkisg: (i.e. in the hard disk or in a floppy or in a cd?)
| |
| 16:41 | <Ahmuck> alkisg: i noticed you, but u did not expound :)
| |
| 16:41 | the greasy wheel get's the grease so to speak
| |
| 16:42 | <alkisg> Gpxe provides a way to boot ltsp clients without using a dhcp server
| |
| 16:42 | <elias_a> Did I understand correctly that the same box routes the Inet connection to the LTSP server _and_ acts as the inet side end of the wlan bridge?
| |
| 16:43 | <Ahmuck> gpxe would allow me to specify the route?
| |
| 16:43 | <alkisg> So you can tell the office PC to boot using the kernel found in the external IP of the ltsp server
| |
| 16:43 | <Ahmuck> i think that there is a problem with the route
| |
| 16:43 | <alkisg> (12:31:40 πμ) alkisg: ?? can you not ping the *external* nic of the ltsp server?
| |
| 16:43 | <Ahmuck> i'll need an additional wireless bridge me thinks, hanging off the switch
| |
| 16:43 | hrm, let me check
| |
| 16:44 | <elias_a> Ahmuck: I think alkisg will help you out.
| |
| 16:44 | I have to get some sleep now :)
| |
| 16:44 | * alkisg has to go to bed right know... | |
| 16:44 | <alkisg> heh
| |
| 16:44 | <elias_a> Wow!
| |
| 16:44 | Some telepathy?
| |
| 16:44 | <alkisg> What time zone are you in?
| |
| 16:44 | <Ahmuck> know or now
| |
| 16:44 | <alkisg> now
| |
| 16:45 | <elias_a> Ahmuck: Read the gpxe docs.
| |
| 16:45 | It is very good.
| |
| 16:45 | <alkisg> Ahmuck: briefly: you use the new version of rom-o-matic, which enables you to embed a gpxe script
| |
| 16:45 | <elias_a> Even I can do tricks with it - it is so simple :D
| |
| 16:46 | <alkisg> In that, you directly specify next-server=the external nic of the ltsp server
| |
| 16:46 | I got a script for it, get the ping'ing ready and ask me tomorrow if you want...
| |
| 16:46 | bye all.
| |
| 16:46 | alkisg has quit IRC | |
| 16:51 | jammcq has quit IRC | |
| 16:54 | jach has quit IRC | |
| 16:57 | spectra has quit IRC | |
| 17:02 | vagrantc has joined #ltsp | |
| 17:02 | fotanus has quit IRC | |
| 17:13 | arx has quit IRC | |
| 17:25 | Gadi has left #ltsp | |
| 17:38 | <Ahmuck> make note to alkisg to explain a little bit aobut gpxe boot to server ip
| |
| 17:54 | bobby_C has quit IRC | |
| 18:05 | Ahmuck_Sr has joined #ltsp | |
| 18:26 | vagrantc has quit IRC | |
| 18:41 | staffencasa has quit IRC | |
| 18:43 | Ahmuck_Sr has quit IRC | |
| 18:49 | vagrantc has joined #ltsp | |
| 18:51 | Ahmuck has quit IRC | |
| 18:54 | cg_uira has joined #ltsp | |
| 19:04 | spin3s has joined #ltsp | |
| 19:04 | <spin3s> hi guys
| |
| 19:04 | who can help me ?
| |
| 19:05 | <Lns_> !question
| |
| 19:05 | <ltspbot> Lns_: "question" is if you have a question about ltsp, please go ahead and ask it, and people will respond if they can. please also mention the linux distro and release you're using. :)
| |
| 19:05 | <Lns_> spin3s, ^^^ =)
| |
| 19:08 | <spin3s> tanks
| |
| 19:09 | | |
| 19:09 | <ltspbot> spin3s: Error: "I" is not a valid command.
| |
| 19:09 | <spin3s> | |
| 19:09 | <ltspbot> spin3s: Error: "question" is not a valid command.
| |
| 19:09 | <spin3s> | |
| 19:10 | <vagrantc> spin3s: no need to use !, that's just for commands to the bot.
| |
| 19:12 | <moldy> spin3s: write a setuid program and give him permission to execute it
| |
| 19:13 | <johnny> why can't he be in sudoers? you can limit what a user can do for that
| |
| 19:13 | just giving them permission to useradd
| |
| 19:13 | /me imagines polkit will be handling this soon
| |
| 19:15 | <spin3s> like easy , but dont .. this user should have permissions to add, del anothers users .. less the sudoers user
| |
| 19:15 | if I give a sudoers for this user , he can del others sudoers too
| |
| 19:16 | <Lns_> spin3s, there is no ACL type permissions for deleting users based on anything. It's either on or off afaik
| |
| 19:17 | <spin3s> Lns_ what I can do so?
| |
| 19:19 | | |
| 19:20 | <vagrantc> write a wrapper script and give sudo access to that
| |
| 19:20 | <Lns_> yeah
| |
| 19:20 | and just put in cases in there
| |
| 19:20 | <spin3s> tanks.. I will search more details about this
| |
| 19:20 | never have listen about wrapper
| |
| 19:20 | hahah
| |
| 19:21 | <vagrantc> well, you have to know what you're doing to be writing a wrapper intended to be run as root ...
| |
| 19:23 | <spin3s> understood... :D tanks guys
| |
| 19:26 | spin3s has quit IRC | |
| 19:49 | <vagrantc> stgraber: i guess the nbd-server -a option may work for your current release, but nbd is dropping that option in future versions
| |
| 19:50 | i know debian unstable doesn't support it anymore.
| |
| 20:03 | strattog has quit IRC | |
| 20:09 | strattog has joined #ltsp | |
| 20:40 | vagrantc has quit IRC | |
| 20:48 | pmatulis has quit IRC | |
| 21:09 | F-GT has joined #ltsp | |
| 21:48 | ph27 has left #ltsp | |
| 21:53 | johnny has left #ltsp | |
| 21:54 | johnny has joined #ltsp | |
| 22:16 | alkisg has joined #ltsp | |
| 22:31 | cg_uira has quit IRC | |
| 22:53 | ccqgftt has joined #ltsp | |
| 22:53 | |Paradox| has quit IRC | |
| 22:54 | ccqgftt is now known as |Paradox| | |
| 23:15 | alkisg has quit IRC | |