|00:11||jgee1186922534 has left IRC (email@example.com, Quit: The Lounge - https://thelounge.chat)|
|00:12||jgee11869225345 has joined IRC (firstname.lastname@example.org)|
|00:30||Vercas has left IRC (Vercas!~Vercas@gateway/tor-sasl/vercas, Remote host closed the connection)|
|00:30||Vercas has joined IRC (Vercas!~Vercas@gateway/tor-sasl/vercas)|
|00:39||sugarbeet is now away: [tmux detached]|
|01:13||sugarbeet is back|
|01:15||sugarbeet is now away: [tmux detached]|
|01:28||jason has joined IRC (email@example.com)|
|03:41||jason has left IRC (firstname.lastname@example.org, Quit: Leaving)|
|05:45||vagrantc has left IRC (vagrantc!~vagrant@2600:3c01:e000:21:7:77:0:40, Quit: leaving)|
|06:06||eu^10618115189ch has joined IRC (email@example.com)|
|06:10||eu^10618115189ch has left IRC (firstname.lastname@example.org, Client Quit)|
|06:11||pretorianecx90[m has joined IRC (pretorianecx90[m!~pretorian@2001:470:69fc:105::3:29bc)|
|06:37||wyre is back|
|06:46||ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)|
Is there a way to additionally provide RDP access to the server?
* Is there an intended way to additionally provide RDP access to the server?
|07:06||wyre is now away: Auto away at Thu Mar 9 07:05:50 2023 UTC|
do you mean what tool or package is favored? not really. there's xfreerdp client referenced on some ltsp github wiki pages
Yeah that part isn't specific to LTSP, but installing xrdp is a nice approach. Another one is x2go.
|07:33||wyre is back|
Yup! Just installed xrdp, and it's working nicely 🙂
Had to change sssd configuration a bit tho
Is there a way to stop clients from starting the xrdp server too?
are you setting up rdp connection from netboot clients back to to the ltsp server?
Tuxifan: sure, DISABLE_SYSTEM_SERVICES="xrdp" (or whatever the service name is), in ltsp.conf, and then run ltsp initrd
ah sorry i thought xrdp would omitted by default
<alkisg> "Tuxifan: sure, DISABLE_SYSTEM_SE..." <- Pefect! Thanks 🙂
For some reason the home sshfs doesn't seem on any PXE client, for domain users at least
* doesn't seem to mount on any
both server and clients should be domain joined i think is enough
How would I join the clients to the domain? I thought joining the server is enough because the server does authentication?
|08:55||woernie has joined IRC (email@example.com)|
When you use AD authentication it uses different pam auth (sssd) and it's independent from ltsp server
The home needs/If desired to Be mount tough from The ltsp server.
vsuojanen[m]: Hmm, can I configure the client to use the server to authenticate instead?
So it goes over the server
The problem isn't authentication, it's user enumeration, i.e. nss, i.e. getent passwd
In normal mode, /etc/passwd is copied from the server to the clients as a file
So when you add new users on the server, you need to run ltsp initrd and reboot the clients to see them
In LDAP/AD/Whatever mode, you need an NSS service running on the clients
That is the service that will list the users
So, the clients need to join LDAP/AD etc too
But, like, the login on the clients works just fine, it's just the SSHFS...
Then pam isn't properly configured
If you run ssh user@server on a client, can you properly authenticate using ldap/ad credentials?
Let me give that a try...
alkisg: That works
So sshfs should work too... right?
I can do id username@domain on the clients too, so they are definitely joined
OK, now press Ctrl+Alt+F5 and try to login there; see if there are any error messages regarding sshfs etc
Also try: grep -r . /etc/pam.d/common* | nc termbin.com 9999
I just noticed something:
`sshfs user@domain:/home/user@domain/ /home/user@domain/` gets stuck forever while
`sshfs user@domain:/home/user@domain/ ./test` doesn't
<alkisg> "OK, now press Ctrl+Alt+F5 and..." <- sshfs seems to mount there just fine
Which desktop environment / DM are you using? Eg. ubuntu 22.04 gnome with gdm3?
Debian Testing with KDE Plasma
<alkisg> "Also try: grep -r . /etc/pam.d/..." <- https://termbin.com/ylucm
|09:26||ddimakis[m] has joined IRC (ddimakis[m]!~ddimakism@2001:470:69fc:105::f3b5)|
Είχα έναν υπολογιστή που κλάπηκε. Ήταν δηλωμένος στο ltsp.conf ως va06. Στην θέση του έβαλα αυτόν που είχα δηλώσει ως va04 και άλλαξα την διεύθυνση στο αρχείο. Από την στιγμή που το έκανα αυτό ο τέως va04 χάθηκε από τον επόπτη ενώ φορτώνει το λειτουργικό
greek: Στο παρόν κανάλι μιλάνε μόνο Αγγλικά, για υποστήριξη στα Ελληνικά από την υπηρεσία Τεχνικής Στήριξης ΣΕΠΕΗΥ διαβάστε το http://ts.sch.gr/wiki/IRC και στη συνέχεια πληκτρολογήστε /j #ts.sch.gr
ddimakis: είσαι στο αγγλικό κανάλι, έλα στο ελληνικό ^
Are there any logs to check for sshfs? Like syslog?
Tuxifan: give it another go to try to login via sddm now; unfortunately I'm multitasking too much currently to keep up with this thread
There's /var/ltsp/debug.log or something like that, and there's pam log, reachable via journalctl
alkisg: Sorry, don't mean to overload you 😅
|09:31||ddimakis[m] has left IRC (ddimakis[m]!~ddimakism@2001:470:69fc:105::f3b5)|
Btw, is it enough to just run ltsp image ; ltsp image to update everything? Or do I need to run anything else?
Two times ltsp image? What for?
If you update the software on your server, then yes ltsp image / is enough to update the client image
<alkisg> "Two times ltsp image? What for?" <- Second one was meant to be initrd 😄
<alkisg> "If you update the software on..." <- Alright!
<alkisg> "There's /var/ltsp/debug.log or..." <- I just noticed I can't log in locally on the client
Just says authentication failure.
Therefore, I can't read the log
Something seems very mixed up here
I just noticed I can't log in locally on the client ==> I thought you said you already logged in on ctrl+alt+f5 and sshfs was working fine there
alkisg: Oh, I meant I can't log in using local accounts
like, non-domain accounts
I do not know about 'hash', but I do know about these similar topics: 'LDM_PASSWORD_HASH', 'ROOT_PASSWORD_HASH'
ROOT_PASSWORD_HASH: To be able to login as root in vt1, read the last example in https://ltsp.org/man/ltsp.conf/
Hmm, I am trying to log into my UID 1000 user
That worked before
But I guess trying root can't hurt
I've never used realmd, I don't know what pam changes it makes
That ^ root method bypasses ltsp pam and ad pam, so it should work
alkisg: It all works just fine on the server, interestingly
alkisg: So I am going to use that for debugging 🙂
Well, if it manually changes /etc/pam.d, without respecting pam-auth-update, then pam-auth-update WILL break it; nothing interesting about that though :D
(ltsp runs pam-auth-update on boot, to add its own pam hooks)
(which is the proper thing to do, but may break other bad implementations)
Hmmm, mind if I just send you the entire PAM config folder in PM? Maybe you can get something out of it. I wish I understood PAM configs lol
PAM issues require a lot of time, and unfortunately this month I'm overwhelmed :/
(or maybe this decade, not sure yet :D)
I see 😄
I guess I am going to have to wrap my head around it myself then
So, I am going to start the client, log in as domain user, and use su to read some logs
Or directly login as root on vt1/2/3
Yeah. I noticed the SSSD service appearently failing to start
Uhm. Root doesn't work either
Ahhh, epoptes to the rescue
Did you run ltsp initrd after adding the ltsp.conf line for root hash?
But yeah epoptes is great :0
alkisg: Ohhhhhhhhh, hahaha, oops, thanks for that hint 🙂
I never really ran ltsp initrd
Wasn't ever sure if it's actually needed and decided it probably isn't
Oh wow, xterm is really bad with journalctl
User not known to the underlying authentication module
That's what I am getting
Sounds like bad pam/nss settings all right
Huh... I don't get why it's working on the server but not on the clients
It must actually be some conflict with the way ltsp sets up its own authentication as you mentioned
80% of the internet tutorials suggest manually modifying /etc/pam.d. 80% of them are wrong and they should be using pam-auth-update instead :)
I am using realmd, which does all of that automatically, and it's made (or at least documented) by Red Hat, so it must be good, right?
No, because Redhat isn't using the debian ways of managing pam
Many years ago they got pam-auth-update from debian; then they developed their own fork or solution, not sure
Can you link a good tutorial on how to do this correctly on Debian?
Unfortunately no, pam lacks good documentation and tutorials
The key points are pam-auth-update and /usr/share/pam-configs/
Ubuntu.com must've got that right
Nvm, they use realmd too...
If realmd is properly packaged for debian, it means it was probably modified to respect pam-auth-update
In any case, it needs troubleshooting :D
Yeahh... should I open an issue on the ltsp repository so maybe someone more experienced than can take a look at it?
Eh, sure, but that'd be just me, so ... :)
Waiiit. there is this module required to automatically create a home dir... In the ubuntu docs they tell me to use the pam-auth-update command to add it, but I added it manually... Could that be causing any issues?
You should be able to login in vt2 even without a home directory
Hmm... I might've messed up something else there. Not sure. I restored everything back to how it was and am going to retry the whole thiing
|10:43||fiesh has left IRC (fiesh!~fiesh@2003:fb:1018::21, Ping timeout: 265 seconds)|
|10:48||jgee118692253454 has joined IRC (firstname.lastname@example.org)|
|10:50||jgee11869225345 has left IRC (email@example.com, Ping timeout: 276 seconds)|
|10:50||jgee118692253454 is now known as jgee11869225345|
|11:23||fiesh has joined IRC (fiesh!~fiesh@2003:fb:1018::21)|
Okay, I rejoined the domain using realmd... Now am I creating a new image and initrd, so I can check if login to local accounts is broken again
And if the same sshfs error is back
Does ltsp include files only readable by root in the image?
seems like sssd.conf is strictly root-only-readable
Ltsp just keeps the original permissions
|12:54||eu^D9649C0Astati has joined IRC (eu^D9649C0Astati!~eu^D9649C@D9649C0A.static.ziggozakelijk.nl)|
|12:54||eu^D9649C0Astati has left IRC (eu^D9649C0Astati!~eu^D9649C@D9649C0A.static.ziggozakelijk.nl, Client Quit)|
|15:59||wyre is now away: Auto away at Thu Mar 9 15:58:24 2023 UTC|
|16:37||jason has joined IRC (firstname.lastname@example.org)|
|16:47||tuxifan is back|
Tuxifan did you continue with the sshfs issue? If I read the above discussions right did you get the getent work on clients and server?
vsuojanen[m] alkisg: By reinstalling the realm with instructions from ubuntu.com, I got sshfs to work. Users other than domain users are still unable to log in (including root), but that's fine if I think about it.
I noticed that if I could root, I could just trigger a root shell from epoptes
yeah remote root
Great. Regarding "other users", it's tricky to get pamltsp to work both in "primary" and "additional" pam sections, so yeah leave it at that
Root should be able to login using the ltsp.conf trick
But if you have epoptes, you don't need that
Yeah. And no, root still can't log in :-)
If you do have an epoptes shell, I could take a quick look
Or just check yourself:
grep root /etc/shadow
Do you see that big hash there, and is it the same as the one you specified?
Going to check that tomorrow, I already left the building and I'm back home.
And then, from root epoptes shell, type passwd root, set a new one, and try to login in vt2 with that password
But thanks for attempting to help, I am going to come back to you tomorrow
If you can login that way, it just means the hash is wrong
Is vt2 special, unlike other vts?
Nice work Tuxifan
No, any vt will do
|17:52||MarcoRomagnoli[m has joined IRC (MarcoRomagnoli[m!~marco-rom@2001:470:69fc:105::3:2a2a)|
Hi. I 'm working fine in my Computer Science Laboratory (High School) with 30 PCs with Debian 8 and LTSP from many years. I decided finally to (try to) upgrade to last Debian (version 12 with non -free firmware) and LTSP. I struggled many hours and finally I had LTSP working on my laptop (a quite new HP Elitebook with 16 GB RAM), but the clients at the end are booting with 640x480 resolution on their (Full HD) Monitor. Tried long with
change on ltsp.conf, but nothing... Searching here I find out this suggestion (on the same issues?) : Alkisg: "....OK now try adding vga=ask in KERNEL_PARAMETERS (and run ltsp ipxe) . When prompted, select a 1024x768 something mode". Is it a possible solution? I did add this line to ltsp.conf : KERNEL_PARAMETERS="vga=ask" in the [client] section. Is it OK? What to do next? I see no prompt to select something. Thanks
Marco Romagnoli: install debian locally in one of these pcs and see if graphics work
When you do fix graphics there, possibly with the help of the #debian irc channel, then do the same things in the ltsp installation and graphics will work there too
In short, graphics issues are not at all related to ltsp
If you happen to have epoptes installed and working, I could take a quick look with remote-support
yes, epoptes is working fine. Everything is working fine, if I just leave for others years on Server Debian 8 and old LTSP. I just would like to upgrade to something more updated and attractive for my students.
vnc-edide: To share your screen with me, open Epoptes → Help menu → Remote support → Host: srv1-dide.ioa.sch.gr, and click the Connect button
Marco Romagnoli: follow the bot instructions to share the server screen with me ^
It is OK. I can do it tomorrow , or next week (according to your time preference) when I'll be at School (need to adjust with Time difference, as I live in Italy).
I'll be in Italy from 21 to 27 of March, we can do it locally there :P
Joking; ping me when you can, we'll see if I'm available then
But in general, follow the "install debian locally and troubleshooting with the help of the #debian folks" advice
I understand (install debian locally and troubleshooting with the help of the #debian folks). I didn't expect so fast reply and suggestion. Thank You soo much.
But now I'm curious to know more about the Event in Italy ? Where it will be? Is there a Conference or something related with Computer Science or something different?
In case is related with Open Source Software, than I'd like to know it
Marco Romagnoli: no, just some teacher education in Foligno
Completely unrelated to open source
Even more interesting! I'm a Teacher! It seems there is something in common. Very nice to know. Changing subject: Last info on previous request. A colleague of mine (another C.S. Theacher who uses LTSP) also had difficulties on upgrading Debian and LTSP. He suggest me to switch to Linux mint , in his case he solved his issues.
Debian is a bit more difficult to set up, sometimes help from #debian is needed, e.g. for firmware
I think bookworm will include non-free firmware though, so I guess it'll be easier
Yes I understand. I did install today last Debian release : bookworm, and still the problem is there. OK. Thank you again.
OK, see you, cheers!
|19:10||vagrantc has joined IRC (vagrantc!~vagrant@2600:3c01:e000:21:7:77:0:40)|
|19:34||wyre is back|
|19:48||tuxifan is now away: All Quassel clients vanished from the face of the earth...|
|19:49||tuxifan is back|
|20:34||woernie has left IRC (email@example.com, Remote host closed the connection)|
|21:05||tuxifan is now away: All Quassel clients vanished from the face of the earth...|
|21:06||tuxifan is back|
|21:13||wyre is now away: Auto away at Thu Mar 9 21:13:11 2023 UTC|
|22:08||ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)|
MarcoRomagnoli[m: grep for `firmware` in the kernel log, does that yield anything?
Just adding the non-free repo isn't enough to have the required firmware, there are the firmware* packages containing the actual firmware
You could also clone the whole linux firmware repo as /usr/lib/firmware, but make sure to uninstall all these firmware* packages first. That's just a last resort tho, if nothing else works
|23:28||tuxifan is now away: All Quassel clients vanished from the face of the earth...|
Bookworm will come with the non-free-firmware repo active but none of it will likely be installed. In my case I still have to install firmware-linux-nonfree. After my stuff works fine. You will likely have the same issue.