IRC chat logs for #ltsp on irc.libera.chat (webchat)


Channel log from 5 October 2021   (all times are UTC)

00:14zelt1954[m] has joined IRC (zelt1954[m]!~zelt1954m@2001:470:69fc:105::1:c34)
00:21
<zelt1954[m]>
I am new here. I have been using ltsp for about 6 or so months. It works great. I realize that this question has probably been asked, but as I said I am new here. My question is this; I connect to the server over network boot. Can a boot be done over wifi ?
00:23
<vagrantc>
for the most part, no
00:23
!wifi
00:23
<ltspbot>
I do not know about 'wifi', but I do know about these similar topics: 'wiki'
00:23fottsia[m] has joined IRC (fottsia[m]!~fottsiama@2001:470:69fc:105::48bb)
00:25
<vagrantc>
zelt1954[m]: you'd have to at least have a local copy of the kernel and initrd and ltsp's supplimentary initrd ... if you had those, it could maybe work, although with performance degradation as all your filesystem calls would be over wifi ...
00:26
maybe for some use-cases, it might be worth trying
00:28
<zelt1954[m]>
I admit I hadn't thought of that. It would be interesting to give it a try. Thank you for the reply.
01:47vagrantc has left IRC (vagrantc!~vagrant@2600:3c01:e000:21:21:21:0:100b, Ping timeout: 252 seconds)
04:25vagrantc has joined IRC (vagrantc!~vagrant@2600:3c01:e000:21:21:21:0:100b)
04:45
<alkisg>
zelt1954: for a couple of clients it might be usable, but for more, I doubt they'd boot in under 5 minutes. And they'd probably need another 5 minutes to load apps like firefox or libreoffice..
04:45
Collisions in wifi make its performance degrade dramatically with the number of connected devices
06:04ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
06:15
<alkisg>
!lowercase-mac
06:15
<ltspbot>
lowercase-mac: The new ltsp.conf expects mac addresses in lowercase. Here's a command to convert them: sed -E 's/([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}/\L&/' -i ltsp.conf
06:34d4nowar has joined IRC (d4nowar!~d4nowar@c-71-238-17-191.hsd1.or.comcast.net)
06:46vagrantc has left IRC (vagrantc!~vagrant@2600:3c01:e000:21:21:21:0:100b, Quit: leaving)
06:49woernie has joined IRC (woernie!~werner@p5ddec1ab.dip0.t-ipconnect.de)
07:32d4nowar has left IRC (d4nowar!~d4nowar@c-71-238-17-191.hsd1.or.comcast.net, Quit: Leaving)
08:12adrianorg has left IRC (adrianorg!~adrianorg@debian/adrianorg, *.net *.split)
08:19danboid has joined IRC (danboid!~dan@cpc127016-macc4-2-0-cust104.1-3.cable.virginm.net)
08:20
<danboid>
alkisg, Is it possible to use (host) a 20.04 LTSP img on a 16.04 LTSP5 server?
08:20
Funny request I know
08:20
<alkisg>
danboid: sure
08:20
You can even host a 64bit image on a 32bit server
08:21
But of course you'll need to provide the correct ltsp.ipxe, the boot menu
08:21
<danboid>
Would the image have to be created with LTSP5 or could I creaete it with the latest LTSP?#
08:21
<alkisg>
Or at least to modify your existing pxelinux.cfg
08:22
Do you want to keep ltsp5 in 16.04, or can you switch to ltsp20 while still on 16.04?
08:23
I mean, ltsp20 can boot 16.04, 20.04, whatever, and auto-creates the menus for you, it'll make things easier
08:24
But if you have an existing ltsp5 image that you want to keep offering to your clients alongside the ltsp20 image, then you can co-install ltsp20 while keeping ltsp5 too
08:24adrianorg has joined IRC (adrianorg!~adrianorg@debian/adrianorg)
08:26
<danboid>
Whats happened is that we've got a LTSP5 16.04 server I've wanted to replace for 3 years now but... the last few times I've tried running ltsp-update-image the images have failed to boot but I have some older images that still boot so we're using one of them until we get a new server set up
08:28
If I'm creating a new image on a fresh install I might as well use 20.04
08:29
I warned them about this situation but it has took the sh to hit the fan for it to get the attention of senior management :(
08:31
I think I've asked this in here before but there are no MFA solutions for SSH are there? Ther security guys aren't happy with our LTSP server sitting on te net with SSH access
08:32
<alkisg>
You can create the image on any installation
08:32
But if you're using chrootless, then of course you need 20.04 for the server too
08:32
<danboid>
esp as its currently using passwords instead of keys
08:34
<alkisg>
How many clients do you have and which CPU and how much RAM do they have?
08:35
<danboid>
Not sure. About 200? All have 16 GB RAM
08:37
<alkisg>
Sure there are. E.g. google authenticator works with ssh
08:38
<danboid>
I think it was me messing with the Nvidia driver that has borked it. We got new GPUs in one lab, RTX 3060s, so I was trying to get them to work using the Lambda repo. I've since reverted to standard Ubuntu 16.04 nvidia driver but that doesn't work now
08:40
I had to write a hacky script to get the NVIDIA GPUs working with the same image as the Intel machines with LTSP5 / 16.04. That isn't needed with LTSP20
08:40
<alkisg>
OK then sure LTSP20 is much better than ltsp5 there
08:41
Does your ltsp5 server have a GUI and a lot of RAM?
08:41
(so that you could e.g. install ltsp20 inside virtualbox there)
08:41
<danboid>
Yep, 128 GB RAM
08:42
<alkisg>
Re: authentication, you can restrict the SSH logins to a chroot, so that the server itself isn't affected
08:42
That way each user can only see his own home dir and nothing else. Noone can see the server OS via SSH
08:42
I.e. `ls /` would only show the contents of /home/username, not an OS
08:43
And you may even prohibit logins and only allow sftp
08:43
So they'd even be unable to ssh; they'd only be able to sshfs
08:44
<danboid>
We want to retain ssh access but the chroot idea (not showing /) is a good one
08:45
So you reckon Google authenticator might be our best bet for MFA with SSH? Are there any other, open source options? I don't think tht is a must but it would be nice. I presume G auth is closed?
08:47
<alkisg>
I've tested google authenticator with ssh, I haven't tested anything else as I only needed it once for PCI/DSS certification
08:48
So I can't recommend anything, but I know it's doable, even with pamltsp
08:57
<danboid>
Google auth should do the trick then. Lets see if our security team approve it
09:00fottsia[m] has left IRC (fottsia[m]!~fottsiama@2001:470:69fc:105::48bb, Quit: You have been kicked for being idle)
09:17danboid has left IRC (danboid!~dan@cpc127016-macc4-2-0-cust104.1-3.cable.virginm.net, Quit: Leaving)
10:57alkisg_web has left IRC (alkisg_web!~alkisg_we@srv1-dide.ioa.sch.gr, Quit: Client closed)
10:58woernie has left IRC (woernie!~werner@p5ddec1ab.dip0.t-ipconnect.de, Ping timeout: 246 seconds)
10:58woernie has joined IRC (woernie!~werner@p578bb7b6.dip0.t-ipconnect.de)
11:36lcurl_ has joined IRC (lcurl_!~UserNick@42.115.252.133)
11:39lcurl_ has left IRC (lcurl_!~UserNick@42.115.252.133)
11:52woernie has left IRC (woernie!~werner@p578bb7b6.dip0.t-ipconnect.de, Ping timeout: 252 seconds)
11:52woernie has joined IRC (woernie!~werner@p5ddec1ab.dip0.t-ipconnect.de)
15:55MUHWALT has left IRC (MUHWALT!~ubox@user/muhwalt, Ping timeout: 240 seconds)
16:04MUHWALT has joined IRC (MUHWALT!~ubox@user/muhwalt)
17:23Vercas6 has joined IRC (Vercas6!~Vercas@gateway/tor-sasl/vercas)
17:25Vercas has left IRC (Vercas!~Vercas@gateway/tor-sasl/vercas, Ping timeout: 276 seconds)
17:25Vercas6 is now known as Vercas
19:04Vercas8 has joined IRC (Vercas8!~Vercas@gateway/tor-sasl/vercas)
19:07Vercas has left IRC (Vercas!~Vercas@gateway/tor-sasl/vercas, Ping timeout: 276 seconds)
19:07Vercas8 is now known as Vercas
22:01ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)