IRC chat logs for #ltsp on irc.libera.chat (webchat)


Channel log from 24 September 2009   (all times are UTC)

09:07ltspbot has joined #ltsp
09:07sbalneav has joined #ltsp
09:08
<sbalneav>
Ugh. Morning all.
09:08* sbalneav has been sick
09:09* ogra hopes there are no H's N's or 1's involved
09:09
<nubae|work>
hi Gadi
09:10* nubae|work hopes sbalneav feels better
09:10
<sbalneav>
No, nothing so disasterous.
09:11
Just a common head cold.
09:11
Thanks nubae|work, otavio
09:11
err
09:11
ogra
09:11
<nubae|work>
http://threads.rebelscum.com/showflat.php?Cat=&Number=2039728&page=0
09:11
<sbalneav>
geez, o<tab> ususally picks you Ollie! :)
09:12
<ogra>
heh
09:12
nubae|work, trying to make our FF pixmap caches explode ?
09:14
<sbalneav>
What's all that goat porn doing on that page?
09:15
<nubae|work>
:-)
09:15
that is a serious collection though
09:23CAN-o-SPAM has joined #ltsp
09:28
<alkisg>
There's a thought to run LTSP from the edubuntu live dvd... LDM_SSHOPTIONS would be required to do that (dynamic ip etc), but it's not working atm - ldm.c reads the environment variable but doesn't do anything with it. Was support for this option dropped deliberately?
09:29F-GT has quit IRC
09:30
<sbalneav>
alkisg: Thought we had added that.
09:30
It should be there.
09:31
<alkisg>
sbalneav: nope :(
09:31
<sbalneav>
Hm.
09:31
Well then.
09:31
<alkisg>
ldm.sshoptions = g_strdup(getenv("LDM_SSHOPTIONS"));
09:31Selveste1 has joined #ltsp
09:31
<alkisg>
....and then nothing :)
09:31
<ogra>
see, it was added :)
09:32
scott didnt say "used" :P
09:32
<sbalneav>
Oh you expect us to DO something with the variable.
09:32
Well GEEZ, why didn't you SAY so
09:32
<ogra>
yeah, always these fuzzy user requests
09:32
<sbalneav>
I assume we want it on the initial ssh connect?
09:33
hold on...
09:33* alkisg doesn't fully understand the whole ssh geneology tree :-/
09:34
<alkisg>
...but I'd like to be able to pass stricthostchecking=no
09:34
<ogra>
i dont think that helps client side
09:34
<sbalneav>
telnet and rsh had a 3 way with ssl, and ssh was born :)
09:34
<ogra>
lol
09:35
<alkisg>
ogra, it helps very very much (I modify the ssh_config file) - let me find the exact options...
09:35
heh
09:35
<ogra>
ah, i always thought you need to set that server side
09:36
you should in any case strictly note in the release notes that the live variant is largely unsafe compared to the installed then
09:36
<alkisg>
SSH_CONFIG="$CHROOT/etc/ssh/ssh_config"
09:36
sed -i -e 's/# CheckHostIP yes/ CheckHostIP no/' -e 's/# StrictHostKeyChecking ask/ StrictHostKeyChecking no/' "$SSH_CONFIG"
09:36
if ! grep -q 'LogLevel SILENT' "$SSH_CONFIG"; then echo ' LogLevel SILENT' >> "$SSH_CONFIG"; fi
09:36
Sure, such a notice should be displayed when the "start an ltsp server" script is ran...
09:37
<ogra>
wow, with that setting you should use telnet ... saves the ssh overhead :P
09:37
<alkisg>
ogra: in reality, it's as safe as ltsp is now
09:37
It doesn't protect the server. It only protects the client
09:38
<ogra>
it protects the connection
09:38
<alkisg>
...and the clients can get the server keys anytime - unless of course someone protects his nbd server with a firewall
09:38
<ogra>
you cant say its unsafe
09:38
its a lot less safer
09:39
<alkisg>
ogra: if I disconnect an ltsp client and connect my laptop there, what will stop me from getting the keys?
09:39
<ogra>
its not about the ends, its about the man in the middle :)
09:40
<alkisg>
Where's the difference in those two cases?
09:40
The man in the middle can serve me the server's keys
09:41
(if he's in the middle, then he has access to the server's keys, as they're served with nbd)
09:41EDAN_ has joined #ltsp
09:41
<Gadi>
only the server's public keys are on nbd
09:41
public keys, are, well, public
09:42
<alkisg>
Gadi, he could even serve me his own image with his own keys...
09:42
<Gadi>
this is true
09:43
<alkisg>
The only way to make this safe is if we could transfer the keys to the client without using the network
09:43
<Gadi>
in the end, there is no securing the pxe boot
09:43
<ogra>
it adds one level of complexity = one level of safety ...
09:43
<Gadi>
short of physically and at the switch
09:43
<ogra>
its not a lot, but a wee bit
09:44
<Gadi>
ogra likes the wee bits
09:44
:)
09:44tstafford_ has joined #ltsp
09:44
<alkisg>
E.g. if the clients had some memory inside them... then it would be safe
09:45
Well in any case such a warning message will be displayed; so no problem there
09:45
<Gadi>
still not safe
09:45
<alkisg>
So let's worry about getting LDM_SSHOPTIONS to actually do something :)
09:45
<Gadi>
I can pxe boot a device with storage
09:45
and bypass the storage
09:45
<alkisg>
Gadi: you mean using a screwdriver? :)
09:45
Gadi: then the server would *not* accept that connection
09:46
<Gadi>
ah, you mean if the keys weere on the storage
09:46
yeah
09:46
<alkisg>
Yup
09:46
Internal usb sticks or something
09:46
<Gadi>
but, if I am the pxe server, and I hand you an image to connect to me
09:46
I'll accept you ;)
09:46
<alkisg>
Yeah the authentication would happen after the initramfs
09:47
<ogra>
you are so promiscous
09:47
<alkisg>
**after the tftp, at least
09:47EDAN has quit IRC
09:48
<alkisg>
It could even happen when the users log on, if each one of them had a stick
09:48
<ogra>
to fight ?
09:48
<alkisg>
If they all had sticks and ARMs... why not :)
09:49
<ogra>
pointy sticks ?
09:58* alkisg forgot to mention that a man in the middle can serve the exact same nbd image to the client, but with only the ssh_config changed - so the security implications of this change are moot... still the warning will be displayed to make people feel safer afterwards :P :D
10:12jammcq has joined #ltsp
10:13
<jammcq>
g'morning friends
10:15staffencasa has joined #ltsp
10:21CAN-o-SPAM has quit IRC
10:23CAN-o-SPAM has joined #ltsp
10:28
<sbalneav>
alkisg: ok, I've just posted an update to ldm-trunk
10:28
<jammcq>
Scotty !!!!!!!!!!!!!!!!!!!
10:28
<sbalneav>
Hey jammcq!
10:29
<alkisg>
Wheeee!!! :)
10:29
<jammcq>
hey, your paper plane ticket showd up here yesterday
10:29
<sbalneav>
Super!
10:29
<jammcq>
but it's eTicket, so no need to send it to you
10:29
<alkisg>
Thanks sbalneav!
10:29
<sbalneav>
We'll need to get stgraber to push a build
10:30
setting LDM_SSHOPTIONS="-o foop=doop" should get you what you want
10:31Selveste1 has quit IRC
10:33* alkisg remembers a time when he reported a serious bug to microsoft "SP2 cuts in half the mails sent by outlook" - I never got and answer, and it was fixed after 6 months!!! Sweet open source & good devs, this is heaven ;)
10:34Selveste1 has joined #ltsp
10:34cyberorg has quit IRC
10:39cyberorg has joined #ltsp
10:45
<jammcq>
sbalneav: ping
10:46
<sbalneav>
jammcq: pong
10:46
<jammcq>
hey, what's a valid canadian postal code?
10:46
like yours for instance?
10:46
<sbalneav>
R2N 1M1
10:47
Should be <letter><num><Letter><space><Num><Let><Num>
10:47
Caps is preferred by CanPo
10:47
As we affectionately referr to Canada Post
10:48
We use the same format as the British Postal System.
10:51nubae|work has quit IRC
11:00Selveste1 has quit IRC
11:06coordinador has joined #ltsp
11:12EDAN has joined #ltsp
11:15japerry_cat has joined #ltsp
11:16garymc has joined #ltsp
11:30japerry has quit IRC
11:30japerry_cat is now known as japerry
11:31EDAN_ has quit IRC
11:32yoshi_ has quit IRC
11:38knipwim has joined #ltsp
11:55knipwim_ has quit IRC
11:56garymc has quit IRC
12:00artista_frustrad has quit IRC
12:14EDAN has quit IRC
12:15fotanus has joined #ltsp
12:18artista_frustrad has joined #ltsp
12:37tstafford_ has quit IRC
12:58chrisjrob has left #ltsp
12:58vagrantc has joined #ltsp
13:01yoshi_ has joined #ltsp
13:01
<alkisg>
Woah, python has a cgi http server module, with configurable port! http://docs.python.org/library/cgihttpserver.html#module-CGIHTTPServer
13:01
Hmm... that sounds really convenient for ltsp... running scripts on the server and producing different output for each client - all that with a simple wget from the client...
13:02
<yoshi_>
iam from the impression that ltsp on jaunty isn't as stable as on intrepid
13:02
am i wrong ?
13:03vagrantc_ has joined #ltsp
13:03
<johnny>
well don't start by blaming ltsp.. start by blaming the other components :)
13:03
perhaps it is that jaunty isn't as stable in general..
13:03vagrantc_ has quit IRC
13:05spectra has joined #ltsp
13:08
<yoshi_>
so suggestion is better ltsp on ubuntu intrepid
13:08
or any other suggestions ?
13:14tstafford_ has joined #ltsp
13:16pmatulis has quit IRC
13:17
<alkisg>
yoshi_: what is your actual problem? e.g. for me the ltsp in jaunty is more stable...
13:18
<yoshi_>
well i am running on jaunty for a while now in 1 school and the other on intrepid
13:19
but with firefox there seems some weird problems like sometime you can't click on anything and after the ldm screen it takes a long time before the gnome desktop comes up, first the panel is grey then after like 1 minute the desktop icons appear
13:20
alkisg maybe the firefox problem can be fixed with stephanes patch ofcourse, also user switching doesn't work, it says something about xauhtority
13:20
<alkisg>
Nope, I don't have those problems with jaunty.
13:21
Does user switching in ltsp clients work in 8.10?
13:21
<yoshi_>
well that all weird, but i have to say i installed it on een dell T605 it has no good graphics but that can't have anything to do with it
13:21
yes user switching wors in 8;10
13:21
also the main system is X68
13:21
86
13:22
and the chroot is i386
13:22
<alkisg>
Mine too, both the server and the clients
13:22
<yoshi_>
mayby thate is also the firefox problem
13:22
clients are i386
13:22
<alkisg>
You mean that the main system is amd64?
13:23
<yoshi_>
yes
13:23
the chroot client is i386
13:23
install gnome watchdos
13:23
dog
13:23
<alkisg>
OK. Well, in your place, I'd try stgraber's ppa, and after that I'd tackle the problems one by one.
13:23
I never used gnome watchdog
13:24
<yoshi_>
and no problems with sessions that hangs
13:24
the gpu in the server has nothing to do with speed isn't it
13:24
<alkisg>
No
13:24
<yoshi_>
like i thought
13:25
i think iam gonna reinstall it
13:25
i used the jaunty alternate cd
13:25
but not with the F4 option
13:25
and my 8.10 system is a desktop with ltsp manualy installed
13:26
could that have something to do with it
13:26
<johnny>
reinstall?
13:26
<yoshi_>
johnny, yes my knowlegde is not that great to see how i can diagnose the slow startup of gnome dekstop
13:27
<Gadi>
yoshi_: session issues can usually be diagnosed by looking at the user's ~/.xsession-errors
13:28
between that, and testing simply the speed at which you get a prompt when you ssh into the server are your best bets
13:28
<johnny>
yoshi_, reinstalling rarely fixes problems like that
13:28
<Gadi>
also, make sure you don't have evil packages like "tracker" installed
13:28
<yoshi_>
mmm tracker
13:28
<johnny>
Gadi, next tracker will be more sane ..
13:28
<yoshi_>
never heard of it
13:28
didn't install it either :)
13:29
<johnny>
you might even like it
13:29
<Gadi>
tracker indexes your filesystem, for lack of a better phrase
13:29
<johnny>
it might come by defualt ..
13:29
<Gadi>
:)
13:29
<yoshi_>
ahaaa
13:29
<sbalneav>
As well, if your site uses DNS, make sure that the LTSP thin client host names are defined either in DNS or /etc/hosts
13:29
<yoshi_>
we don't have a dns server so
13:29
<sbalneav>
ssh will try to reverse dns lookup the hostnames, and that can cause an initial login delay if they're not found.
13:29
The add them to /etc/hosts
13:30
s/The/Then/g
13:30
<Gadi>
I think sbalneav's gonna win the prize on this one
13:30
why does he always go home with the 6' bugs bunny doll...
13:31
<sbalneav>
Nah.
13:31
Even a stopped clock is correct twice a day. :)
13:31
And boy, am I a stopped clock :)
13:32
<Gadi>
see, and I thought a stopped clock never boils
13:32* Gadi shrugs
13:33
<yoshi_>
ok will try that all, great support guys !!
13:33
something funny and stupid i did today
13:33
installed virtual box
13:33
configured the adapter as host only adapter
13:34
after like 2 ours of fiddeling i notice it has to be on another subnet
13:34
installed terminal server 2008 for the kids their stupid windows games
13:34
and yes it worked
13:35
offcourse when i logged of gone was my virtual box session :(
13:35
7 ours of work down the drain, can use it offcourse :(
13:35
so now i have to put a seperate ts server for some stuppid windows only soft
13:36
what i could do is install a virtual box in the chroot but then i have to install 40 windows xp's :(
13:38
<jammcq>
Gadi: a stopped clock lives in the woods
13:39* jammcq wonders if this microphone is turned on
13:40
<yoshi_>
ok iam gonna sleep, my head is killing me
13:40
<Gadi>
but, if a stopped clock falls in the woods, does it make a sound?
13:40
<yoshi_>
tx for all the help
13:41* Gadi thought it was thx for all the fish....
13:41yoshi_ has quit IRC
13:45knipwim_ has joined #ltsp
13:48johnny has left #ltsp
13:49Ahmuck has joined #ltsp
13:49johnny1 has joined #ltsp
13:54vagrantc has quit IRC
13:57alkisg has quit IRC
13:57knipwim has quit IRC
13:58arx has joined #ltsp
13:58korcan has joined #ltsp
13:59johnny1 has left #ltsp
13:59johnny has joined #ltsp
14:00artista_frustrad has quit IRC
14:03
<_UsUrPeR_>
Gadi: as long as the laws of physics are still relevant when unobserved, then yes. I, however, have a magical cat in a box that is both dead and alive.
14:05
on another note, I am trying to figure out how a user changes their own password in GDM when they do not have access to their ystem > Users & Groups
14:05CAN-o-SPAM has quit IRC
14:05
<_UsUrPeR_>
err... System > Administration > Users & Groups menu
14:10alkisg has joined #ltsp
14:12
<sbalneav>
system->preferences->about me
14:13
Click on "change password" button
14:13ph27 has joined #ltsp
14:13
<sbalneav>
Magic ensues
14:15
<ph27>
Hello all, why would a client stop booting after Loading initrd.img.......ready.
14:15
Any ideas?
14:15
<sbalneav>
bad network connection, low ram, incorrectly configured dhcp, etc.
14:16
faulty PXE implementation in the client
14:16
<ph27>
if it was working and I changed nothing other than physically moving the client...?
14:16
and now it happens to multiple clients.
14:17
<sbalneav>
You got one of those switches that has an "uplink" port, that you either plung into that port, or the uplink port, but not both?
14:17
<ph27>
running latest ubuntu, fresh install yesterday, i've tried ltsp-update-kernels, ltsp-update-image, ltsp-update-sshkeys...
14:18
i'd investigate networking further, but it does get dhcp, downloads the image, but doesn't crank over to the ltsp environment.
14:18
<sbalneav>
So you haven't "just" moved a client, you've done a whole bunch of things :)
14:18
<ph27>
well, i did a whole bunch of things after the symptom appeared... :P
14:19
<sbalneav>
Aaaaaand... Did you keep track of them all so you'd know what you touched so when you come here for help we'll know all the facts? :)
14:19
I'd start with physical networking.
14:19
<Gadi>
sbalneav: ur silly
14:19
<ph27>
that's why i mentioned
14:20
<sbalneav>
Gadi: Yeah, that whole "what did you touch" thing us sysadmins go on and on about :)
14:20
<Gadi>
ph27: check the server for nbdrootd processes
14:20
<sbalneav>
Gadi: According to him, it's not even firing up the kernel.
14:21
<Gadi>
and check syslog to see if nbd is serving up the image
14:21
(03:15:41 PM) ph27: Hello all, why would a client stop booting after Loading initrd.img.......ready.
14:21
<sbalneav>
ph27: You get no kernel splash screen, right? Just the "...ready" and that's it.
14:21
<Gadi>
sounds like it loads kernel+initrd
14:21
<ph27>
that's correct
14:21
<Gadi>
ah...
14:22
<sbalneav>
I'd check networking. Assuming you haven't bunged up some wiring, I'd try resetting the switch.
14:23
<ph27>
i'm on the same switch, so i may brb
14:23
<sbalneav>
The switches arp cache may be corrupted. It may need a kick in the goolies.
14:24
<ph27>
i know it's bad, but we're cheap. my test bench has a hub :-[
14:25
<Gadi>
a good hub can be better than a bad switch
14:25
:)
14:26
but, if you have lots of collissions, it could be ur problem
14:27
<ph27>
now in a known good working switch, but still no joy. the only new message in syslog is:
14:27
Sep 24 15:27:49 opltsp in.tftpd[3782]: tftp: client does not accept options
14:28
opltsp is my server's hostname, btw
14:31Gadi has quit IRC
14:32Gadi has joined #ltsp
14:32
<ph27>
i'm starting to think it's networking too - while it seems to connect and tftp, it's unpingable. do clients block pings by default?
14:32
that is, while they've PXEd but before the kernel loads?
14:32
<Gadi>
ph27: it has no networking up yet
14:33
you won't be able to ping it
14:33Gadi has quit IRC
14:37
<ph27>
still no luck, i'll have to try again tomorrow. Thanks Gadi and sbalneav for the help!
14:37ph27 has left #ltsp
14:46Gadi has joined #ltsp
14:49Sarten-X2 has quit IRC
14:53vagrantc has joined #ltsp
14:55Sarten-X has joined #ltsp
14:56
<zamba>
anyone used either nomachine or open virtual desktop and can come with some insight into either of these two products?
14:56
how does it compare to ltsp?
14:58
<Gadi>
they are not mutually exclusive
14:59
now, you may ask how nomachine compares to ldm
14:59
that is a more accurate comparison
14:59
you can boot clients with ltsp and have them use nomachine to connect to the server
15:00
though, even ldm is not a fair comparison
15:00
the best way to say it is: how does nomachine compare to X-over-ssh
15:02
<zamba>
but nomachine isn't just the ldm part, is it?
15:02
it also delivers applications?
15:02
or?
15:04jach has joined #ltsp
15:04Lns_ has joined #ltsp
15:06
<jach>
hi, i have one problem with client's are connecting and booting but end up with just a commandline busybox while I was expecting a full gui... ?
15:06
<Lns_>
Any policykit gurus present?
15:06
<jach>
my server version is ubuntu-ltsp 8.04 amd64
15:07
anyway help
15:08
<Lns_>
jach, remove "quiet splash" from /var/lib/tftpboot/ltsp/i386/pxelinux.cfg/default and reboot a terminal, and pastebin any errors/relevant output please.
15:08
!pastebot
15:08
<ltspbot>
Lns_: "pastebot" is The LTSP pastebot is at http://pastebot.ltsp.org. Please paste all text longer than a line or two to the pastebot, as it helps to reduce traffic in the channel. A link to the content will be pasted in the channel.
15:09
<Gadi>
zamba: it delivers a desktop, just as X does
15:10
zamba: which is why you can compare it to X-over-ssh
15:10
zamba: it does not network boot a thin client
15:10
which is why you cannot compare it to ltsp
15:11
now, in terms of delivering a desktop, it has some attractive features that X-ove ssh does not have, like session persistence and lower bandwidth requirements
15:11
<zamba>
Gadi: ok, so you need to have both linux and windows servers running for the "mixed"-environment running?
15:11ph27 has joined #ltsp
15:11
<Gadi>
define "mixed environment"
15:12
<zamba>
that you can run both windows and linux applications
15:12
on the client
15:12
<Gadi>
well, that goes for any option
15:12
<zamba>
can ltsp do that as well?
15:12
<Gadi>
in order to run windows and linux, you need both windows and linux
15:13
you can rdesktop from your linux desktop that you get through X-over-ssh
15:13
if thats what you mean
15:14
<Lns_>
I'm trying to figure out why policykit isn't working from a vnc/nx/ltsp session when doing things like "System -> Administration -> Services". Basically, the "Unlock" button is greyed out (see https://bugs.launchpad.net/ubuntu/+source/policykit-gnome/+bug/231246 ). My /etc/PolicyKit/PolicyKit.conf file has the correct line at the bottom, which is -- <define_admin_auth group="admin"/> -- but, it has no effect and users in the 'admin' g
15:14
roup still cannot unlock.
15:14
<zamba>
not quite sure what i mean :)
15:14
i'm just checking out my options
15:14
do you know anything about ulteo's virtual desktop?
15:14
that's basically the same as nx?
15:14
<jach>
thank Lns_
15:16
<alkisg>
Lns_: policykit not working with vnc? afaik it works fine with vnc..
15:17
<Lns_>
alkisg, not in ubu 8.04, via a gdm session spawned by VNC
15:17
<alkisg>
Ah, you don't use a local session, ok
15:17
I tried vnc'ing to an existing session.
15:17
<Lns_>
I'm pretty sure it has something to do w/not being on the local server console, in which polkit requires by ubuntu default config
15:17
alkisg, yeah that would make sense
15:18* Lns_ doesn't understand why polkit takes into consideration where you're logging in from
15:22
<Lns_>
For anyone interested, I found this good doc by Novell regarding polkit..trying to figure out the implicit authorizations to only allow admin group users auth for stuff. http://www.novell.com/documentation/opensuse111/opensuse111_security/?page=/documentation/opensuse111/opensuse111_security/data/sec_policykit_change.html
15:23
<jach>
Lns_ this is the new error: http://www.pastebin.org/23646
15:24
<Lns_>
jach, hmm, is your tftp server config correct? can you verify it's running?
15:26
doesn't look like you have all the info you need in there (possible typo? in "rootserver", "rootpath" and "filename" are blank)
15:26
just guessing though
15:26
<alkisg>
jach: what is the ip address of your ltsp server?
15:27
<jach>
alkisg in eth0 192.168.1.78 via dhcp and eth1 192.168.0.254
15:27
<alkisg>
Well, you have another dhcp server in 192.168.1.1 which gives leases to your ltsp clients
15:28
You have to shut it off, or re-wire it so that it's not on the same subnet as the ltsp clients
15:29
<jach>
Lns_ yes tftp server is running
15:29
<Lns_>
alkisg, good eye =)
15:30
jach, ^^
15:30
<alkisg>
Lns_: been strugling with routers as dhcp servers for the past 2 years :D
15:30
<Lns_>
heh
15:30
<jach>
alkisg thank
15:31
<alkisg>
jach: if you need help on how to rewire this, just ask again.... :)
15:33
<jach>
alkisg as i do :)
15:35
<alkisg>
What hardware do you have? E.g. 1 or 2 switches? 1 router to connect to the internet? etc...
15:35Ahmuck has quit IRC
15:36
<jach>
i have 1 router with dhcp-server connected a switch my server connectd a switch via eth0
15:37
my client connect to server via other router with 4 port
15:37
<alkisg>
Does the other router also have a dhcp server?
15:38
If so, turn it off..
15:40
<jach>
aslkisg you have reason
15:40
alkisg thank you very much!!! :)
15:40
<alkisg>
Did it work?
15:40
<jach>
yes
15:40
<alkisg>
Nice :)
15:42* Lns_ hands alkisg a pint
15:43
<alkisg>
gloup gloup.... tasty :D
15:43
Lns, this one's more focused: https://bugs.launchpad.net/ubuntu/+source/policykit/+bug/219473
15:43* Lns_ is weary of how polkit divulges much information about who is an admin, what policies are in place, etc. for any user to view
15:45
<Lns_>
alkisg, yeah i saw that - i just figured a workaround by using the polkit-gnome-authorization tool.. simply set all 3 implicit authorizations to "Admin Authentication"
15:45
that way it doesn't matter where you're logged in from, as long as you're part of the admin group
15:46
<alkisg>
Ugh this thing doesn't have a search bar :(
15:46
<Lns_>
but that also means that any user can at least start the app, hit 'unlock' and see the list of 'admin' group users that can authenticate for whatever polkit identifier you're looking at
15:47
<alkisg>
? can only see the members of a group?
15:47
One can do that by cat /etc/group...
15:47
<Lns_>
true..
15:47
<jach>
i have other little problem my client are i386 my server is amd64 the plugin of flashplayer no work.
15:48
<Lns_>
kind of weird though since ubuntu default policy is to lock down everything if you're not on the local console, but still divulge like...everything about polkit authorizations to any user
15:49
i mean, at least require *something* for using the gnome authorization tool!
15:49
<jach>
with amd64 i test https://help.ubuntu.com/community/UbuntuLTSP/AdobeFlashFirefoxPluginLTSP
15:49
<alkisg>
Lns, "simply set all 3 implicit authorizations to "Admin Authentication" ==> to which authorization?
15:49
<jach>
but not work
15:50
<alkisg>
(to which entry?)
15:50
<Lns_>
alkisg, org.freedesktop.systemtoolsbackends.set
15:50
<alkisg>
Thanks
15:51
<Lns_>
I'm glad i'm learning about polkit finally..at least that's one upside to this =)
15:51
<alkisg>
Btw, ck-list-sessions is a cool way to find out about which users are connected, to which IPs etc... ;)
15:51
I think moldy was looking for something like that
15:51
<Lns_>
hmmmmmm
15:51
yes
15:52
alkisg, thanks!!! wow, that gives us some great information we could display in tcm
15:52
logged in time being one =)
15:53
<alkisg>
...and it doesn't even need admin rights to display the info!
15:53
<Lns_>
heh
15:53
lame
15:53mikkel has quit IRC
15:53* Lns_ likes the "is-local"
15:54* alkisg likes the x11-display, I can pop up applications to their screens with that :D
15:55
<Lns_>
totally
15:55
well, tcm can do that already too
15:55
but yeah =)
15:56
launch firefox on 50 terminals with a specified URL so you don't have to direct anyone to do anything, saves 5-10 minutes depending on how many people are there
15:56
which is valuable when you have ~15-30 min in a computer lab
15:57
<alkisg>
tcm can do that but it does start with the client session, right?
15:57
<Lns_>
alkisg, huh?
15:58
<alkisg>
I mean, when the user logs in, isn't some part of tcm started automatically?
15:58
E.g. in italc it's called "ica"
15:59
This part listens for remote requests from the teacher pc...
15:59
<Lns_>
oh right..yeah i think that tcm-client is started.
15:59
well, right now it isn't, you have to invoke it manually..but it *will* be started automatically
16:00
it's a small user helper app
16:00
<alkisg>
Right... with remote X you can just invoke any app anywhere, if you have the necessary rights that is. /me likes that :D
16:00
<Lns_>
but it's not started within the chroot at all, it's within the user session
16:01
yeah...the beauty of remote X :)
16:12ph27 has left #ltsp
16:18* Lns_ curses polkit...wtf is up with showing the manpage instead of actually invoking the command polkit-action..?!?
16:19* alkisg laughs about the local/non local distriction :)
16:19
<alkisg>
I do `ssh -l user localhost`. The session is considered non local.
16:20
From inside the ssh session, I do: su user. The session is considered local! :D :D :D
16:20
<Lns_>
seriously.
16:21Ahmuck has joined #ltsp
16:21
<Lns_>
alkisg, can you do me a favor and run "polkit-action --set-deaults-any org.freedesktop.systemtoolsbackends.set auth_admin" and see if it actually works instead of bringing up the manpage? I don't get what's going on here.
16:21
<alkisg>
missing an f
16:21
--set-deFFFFFFFFFFFFaults-any
16:21
<Lns_>
omg...hahahhaa
16:22* Lns_ slaps himself with a large trout
16:22* alkisg wonders at what point in time the trouts were a common way to slap someone...!
16:23
<Lns_>
i think it was a mirc thing
16:23pmatulis has joined #ltsp
16:24
<Lns_>
sweet. I'm kinda getting the hang of this now.
16:24
<elias_a>
Wow - people hitting themselves...
16:25
<Ahmuck>
i'm in office A and need to boot my client. there is classroom A server. same network, however, is as follows.
16:25
inet --> router --> ltsp server --> switch --> client
16:25
that's the classroom
16:26
<elias_a>
Asmo found a new bug that prevents login of clients in Karmic: https://bugs.launchpad.net/ubuntu/+source/ltsp/+bug/435818
16:26
<Ahmuck>
office is "inet --> router --> wireless bridge --> office computer"
16:26Sarten-X2 has joined #ltsp
16:28vagrantc has quit IRC
16:29Sarten-X has quit IRC
16:29
<elias_a>
Ahmuck: What is the problem?
16:29
<alkisg>
Ahmuck: can you use gpxe?
16:29
(i.e. in the hard disk or in a floppy or in a cd?)
16:30
<Ahmuck>
office computer --> wireless bridge --> routerA --> ?
16:30
i'm not sure how the connection would be made to the ltsp server. the switch is isolated so to speak
16:31
<alkisg>
?? can you not ping the *external* nic of the ltsp server?
16:31
<elias_a>
I am not sure what isolated means here.
16:31
If ports are closed, that's it. No go.
16:32
Ahmuck: Are you sure they are same network?
16:33
<Ahmuck>
inet --> wireless router A --> ltsp server
16:33
inet --> wireless router A --> wireless bridge A --> client
16:33
ltsp server is serving dhcp to clients via a switch
16:34
<elias_a>
Ok.
16:34
<Ahmuck>
sooo ... inet --> wireless router A --> ltsp server --> client
16:34
er, inet --> wireless router A --> ltsp server --> swtich --> client
16:35
<elias_a>
What exactly is the connection between wireless router A and LTSP Server?
16:35
<Ahmuck>
wired/wireless router A --> ltsp server
16:35
ltsp server has two nics
16:36ph27 has joined #ltsp
16:36
<elias_a>
So A is connected to Inet side NIC of the server with CAT ceble?
16:38
Ahmuck: So you have 3 different WLAN boxes there?
16:38
<Ahmuck>
2
16:38
2 linksys boxes
16:38
the one in the office is setup as a wireless bridge
16:38
transparent
16:38
<elias_a>
wait a minute...
16:40
IMHO your setup cannot work as you seem to have one of the wlan boxes conneted to the Inet side nic of LTSP server...
16:40
<alkisg>
It can work with gpxe :)
16:40
<Ahmuck>
i'll put up a mindmap
16:40
diagram
16:41
hrm, gpxe ?
16:41
how?
16:41
<alkisg>
Ah, I got noticed.. .:)
16:41
<Ahmuck>
i'd be interested in knowing how that would work
16:41
<alkisg>
(12:30:15 πμ) alkisg: Ahmuck: can you use gpxe?
16:41
(12:30:25 πμ) alkisg: (i.e. in the hard disk or in a floppy or in a cd?)
16:41
<Ahmuck>
alkisg: i noticed you, but u did not expound :)
16:41
the greasy wheel get's the grease so to speak
16:42
<alkisg>
Gpxe provides a way to boot ltsp clients without using a dhcp server
16:42
<elias_a>
Did I understand correctly that the same box routes the Inet connection to the LTSP server _and_ acts as the inet side end of the wlan bridge?
16:43
<Ahmuck>
gpxe would allow me to specify the route?
16:43
<alkisg>
So you can tell the office PC to boot using the kernel found in the external IP of the ltsp server
16:43
<Ahmuck>
i think that there is a problem with the route
16:43
<alkisg>
(12:31:40 πμ) alkisg: ?? can you not ping the *external* nic of the ltsp server?
16:43
<Ahmuck>
i'll need an additional wireless bridge me thinks, hanging off the switch
16:43
hrm, let me check
16:44
<elias_a>
Ahmuck: I think alkisg will help you out.
16:44
I have to get some sleep now :)
16:44* alkisg has to go to bed right know...
16:44
<alkisg>
heh
16:44
<elias_a>
Wow!
16:44
Some telepathy?
16:44
<alkisg>
What time zone are you in?
16:44
<Ahmuck>
know or now
16:44
<alkisg>
now
16:45
<elias_a>
Ahmuck: Read the gpxe docs.
16:45
It is very good.
16:45
<alkisg>
Ahmuck: briefly: you use the new version of rom-o-matic, which enables you to embed a gpxe script
16:45
<elias_a>
Even I can do tricks with it - it is so simple :D
16:46
<alkisg>
In that, you directly specify next-server=the external nic of the ltsp server
16:46
I got a script for it, get the ping'ing ready and ask me tomorrow if you want...
16:46
bye all.
16:46alkisg has quit IRC
16:51jammcq has quit IRC
16:54jach has quit IRC
16:57spectra has quit IRC
17:02vagrantc has joined #ltsp
17:02fotanus has quit IRC
17:13arx has quit IRC
17:25Gadi has left #ltsp
17:38
<Ahmuck>
make note to alkisg to explain a little bit aobut gpxe boot to server ip
17:54bobby_C has quit IRC
18:05Ahmuck_Sr has joined #ltsp
18:26vagrantc has quit IRC
18:41staffencasa has quit IRC
18:43Ahmuck_Sr has quit IRC
18:49vagrantc has joined #ltsp
18:51Ahmuck has quit IRC
18:54cg_uira has joined #ltsp
19:04spin3s has joined #ltsp
19:04
<spin3s>
hi guys
19:04
who can help me ?
19:05
<Lns_>
!question
19:05
<ltspbot>
Lns_: "question" is if you have a question about ltsp, please go ahead and ask it, and people will respond if they can. please also mention the linux distro and release you're using. :)
19:05
<Lns_>
spin3s, ^^^ =)
19:08
<spin3s>
tanks
19:09
19:09
<ltspbot>
spin3s: Error: "I" is not a valid command.
19:09
<spin3s>
19:09
<ltspbot>
spin3s: Error: "question" is not a valid command.
19:09
<spin3s>
19:10
<vagrantc>
spin3s: no need to use !, that's just for commands to the bot.
19:12
<moldy>
spin3s: write a setuid program and give him permission to execute it
19:13
<johnny>
why can't he be in sudoers? you can limit what a user can do for that
19:13
just giving them permission to useradd
19:13
/me imagines polkit will be handling this soon
19:15
<spin3s>
like easy , but dont .. this user should have permissions to add, del anothers users .. less the sudoers user
19:15
if I give a sudoers for this user , he can del others sudoers too
19:16
<Lns_>
spin3s, there is no ACL type permissions for deleting users based on anything. It's either on or off afaik
19:17
<spin3s>
Lns_ what I can do so?
19:19
19:20
<vagrantc>
write a wrapper script and give sudo access to that
19:20
<Lns_>
yeah
19:20
and just put in cases in there
19:20
<spin3s>
tanks.. I will search more details about this
19:20
never have listen about wrapper
19:20
hahah
19:21
<vagrantc>
well, you have to know what you're doing to be writing a wrapper intended to be run as root ...
19:23
<spin3s>
understood... :D tanks guys
19:26spin3s has quit IRC
19:49
<vagrantc>
stgraber: i guess the nbd-server -a option may work for your current release, but nbd is dropping that option in future versions
19:50
i know debian unstable doesn't support it anymore.
20:03strattog has quit IRC
20:09strattog has joined #ltsp
20:40vagrantc has quit IRC
20:48pmatulis has quit IRC
21:09F-GT has joined #ltsp
21:48ph27 has left #ltsp
21:53johnny has left #ltsp
21:54johnny has joined #ltsp
22:16alkisg has joined #ltsp
22:31cg_uira has quit IRC
22:53ccqgftt has joined #ltsp
22:53|Paradox| has quit IRC
22:54ccqgftt is now known as |Paradox|
23:15alkisg has quit IRC