Ubuntu 14.04, LTSP Server, proxy DHCP, Windows Server RDP

Ubuntu Linux Specific Guides
Post Reply
User avatar
dedwards
Site Admin
Posts: 70
Joined: Wed Mar 15, 2006 8:28 pm
Contact:

Ubuntu 14.04, LTSP Server, proxy DHCP, Windows Server RDP

Post by dedwards » Mon Feb 23, 2015 3:47 pm

This guide assumes you have an existing DHCP server on the network that will be assigning IP addresses to the clients. In other words, the LTSP server will be running in proxy DHCP mode. It also assumes you will be using your clients to connect to a Windows Remote Desktop Service server using rdesktop.

1. Install Ubuntu 14.04 32-bit or 64-bit (64-bit recommended) with a static network address. On the software selection screen, ensure you only select OpenSSH server.

2. Once the installation is complete, login through SSH and update and upgrade your installation

Code: Select all

sudo apt-get update
sudo apt-get upgrade
3. Install LTSP, a proxy DHCP server, and a TFTP server

Code: Select all

sudo apt-get install ltsp-server dnsmasq tftpd-hpa
4. Configure Dnsmasq to forward DHCP requests. Edit /etc/dnsmsq.d/ltsp.conf (file does not exist so you must create it):

Code: Select all

sudo vi /etc/dnsmasq.d/ltsp.conf
Paste the following into the file (Ensure you adjust the "dhcp-range=192.168.1.0,proxy" line to reflect your actual subnet):

Code: Select all

#
# Dnsmasq running as a proxy DHCP and TFTP server
#
# See: http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
#

#
# TFTP
#

# This might work instead of tftpd-hpa:
#enable-tftp
#tftp-root=/var/lib/tftpboot

#
# DHCP
#

# DHCP proxy on this network
dhcp-range=192.168.1.0,proxy

# Tell PXE clients not to use multicast discovery
# See section 3.2.3.1 in http://tools.ietf.org/html/draft-henry-remote-boot-protocol-00
dhcp-option=vendor:PXEClient,6,2b

# Better support for old or broken DHCP clients
dhcp-no-override

# Enable this for better debugging
#log-dhcp

#
# PXE
#

# Note the file paths are relative to our "tftp-root" and that ".0" will be appended

pxe-prompt="Press F8 for boot menu", 3
pxe-service=x86PC, "Boot from network", /ltsp/i386/pxelinux
pxe-service=x86PC, "Boot from local hard disk"
Save the file

Restart the Dnsmasq service and make sure you get no errors:

Code: Select all

sudo service dnsmasq restart
5. Disable nbd authentication in nbd-server by editing /etc/nbd-server/conf.d/ltsp_i386.conf:

Code: Select all

vi /etc/nbd-server/conf.d/ltsp_i386.conf
Remove the "authfile = /etc/ltsp/nbd-server.allow" line and save the file so that it looks like below:

Code: Select all

[/opt/ltsp/i386]
exportname = /opt/ltsp/images/i386.img
readonly = true
Restart nbd-server:

Code: Select all

service nbd-server restart

6. Build your client image. In this case we are going to be building 32-bit client images as indicated by the "--arch i386" on the command. If you are going to be building 64-bit images, just leave the "--arch i386" part out. The following command is going to take some time to complete:

Code: Select all

sudo ltsp-build-client --arch i386
Note that at this point your client image is considered to be a thin client image. Proceeding with the following steps, you will be creating a fat client image since we are going to be installing a full ubuntu desktop in the following steps.

7. Configure your LTSP environment. The LTSP environment exists in a separate part of your Ubuntu installation. This means that we have to add/remove packages in this environment independent of your host machine. We switch to this environment with the chroot command (Note again, we are working with 32-bit client images. For 64-bit, simply replace the "i386" with "amd64"):

Code: Select all

sudo chroot /opt/ltsp/i386
mount the proc filesystem:

Code: Select all

mount -t proc proc /proc
Update the sources on your client image:

Code: Select all

apt-get update
Install Ubuntu Desktop GUI on your client image:

Code: Select all

apt-get install ubuntu-desktop
Install rdesktop:

Code: Select all

apt-get install rdesktop
NOTE: If you are going to be connecting to Windows Remote Desktop Services servers that have host names that end in .local, for example: rdserver.domain.local, avahi will prevent you from connecting to those servers. In that case, you must uninstall avahi in the client environment:

Code: Select all

apt-get remove avahi-daemon
Exit out of chroot:

Code: Select all

exit
Umount the proc filesystem:

Code: Select all

sudo umount /opt/ltsp/i386/proc
Whenever you make any changes to your LTSP environment it's always a good idea to run the following commands:

Code: Select all

sudo ltsp-update-sshkeys

sudo ltsp-update-kernels

sudo ltsp-update-image
The configuration file for PXELINUX is under /var/lib/tftpboot/ltsp/i386/pxelinux.cfg/default. Unfortunately, in the version of LTSP included in Ubuntu 14.04 the file does not have support for proxy DHCP by default. To fix this, you must run the following command. Note the command below MUST be run each time you update your client image because updating the client image defaults the file back to not having support for proxy DHCP:

Code: Select all

sudo sed -i 's/ipappend 2/ipappend 3/g' /var/lib/tftpboot/ltsp/i386/pxelinux.cfg/default
At this point you are ready to start network booting your clients. If you were to do that now, you clients would boot into a Ubuntu desktop login screen. If you were to put in the username/password you used to install your server you would be presented with a full Ubuntu Unity GUI.

However, in this example, the ultimate goal is to boot straight into your Windows Remote Desktop Server using the rdesktop client. In order to accomplish that, we must take some additional steps. First, create an account to auto-login the clients:

Code: Select all

useradd -m rduser -G sudo
Next create a password for the rduser account. You will be prompted for a password and a confirmation:

Code: Select all

passwd rduser
Next add the rduser to the sudoers file:

Code: Select all

visudo
paste the following under the "%sudo ALL=(ALL) ALL" line:

Code: Select all

rduser ALL=(ALL) ALL
so it looks like this:

Code: Select all

%sudo   ALL=(ALL:ALL) ALL
rduser ALL=(ALL) ALL
Save the file by hitting CTRL + O to save and CTRL + X to exit

Next update the client image:

Code: Select all

sudo ltsp-update-sshkeys

sudo ltsp-update-kernels

sudo ltsp-update-image
Don't forget to add support for proxy DHCP:

Code: Select all

sudo sed -i 's/ipappend 2/ipappend 3/g' /var/lib/tftpboot/ltsp/i386/pxelinux.cfg/default
Next, we need to make some configuration changes to the /var/lib/tftpboot/ltsp/i386/lts.conf file (the file does not exist yet so we will create it):

Code: Select all

sudo vi /var/lib/tftpboot/ltsp/i386/lts.conf
Paste the following into it. Adjust the LDM_PASSWORD to reflect the password you set for the rduser account previously, adjust the DNS_SERVER to the IP of your DNS server, adjust the rdserver.domain.local to the IP address or host name of your Windows Remote Desktop server, adjust domain to your netbios domain and save the file:

Code: Select all

[default]
# Auto Login
LDM_AUTOLOGIN = True
LDM_USERNAME = rduser
LDM_PASSWORD = password
DNS_SERVER = "192.168.0.100"
SCREEN_02 = xterm
SCREEN_07 = "rdesktop -f -d domain -a 16 rdserver.domain.local"
If you configured everything correctly, next time you network boot one of your clients it should go straight into rdesktop session to your Windows Remote Desktop server.

8. OPTIONAL: Automatic Shutdown of LTSP Clients. Having the ability to shutdown LTSP clients is very useful for a couple of reasons. First and foremost, in a Windows Remote Desktop environment, the clients make a persistent connection to your Windows Remote Desktop server. This connection is always active as long as the client is on even if nobody is actually logged in to the Remote Desktop Server. This in turn causes the Remote Desktop Server to keep separate winlogon.exe processes active in order to serve those clients. If you have enough clients doing this, it has the potential to cause your Remote Desktop Server to come to a crawl because of all those persistent connections. Additionally, automatically shutting down the clients saves power which equals $$. An excellent approach to automatic shutdown of clients is to use Autopoweroff which allows automatic shutdown based on times of the day as well as inactivity on the client.

Download the Autopoweroff .deb file from http://sourceforge.net/projects/autopoweroff/files/. Once downloaded, copy to /opt/ltsp/i386 directory on your LTSP server (For this example, autopoweroff 2.9.1.1 was used):

Code: Select all

sudo cp autopoweroff-2.9.1-1.noarch.deb /opt/ltsp/i386/
Change into your client chroot environment:

Code: Select all

sudo chroot /opt/ltsp/i386
mount the proc filesystem:

Code: Select all

mount -t proc proc /proc
Install Autopoweroff prerequisites:

Code: Select all

apt-get install gksu
Install Autopoweroff:

Code: Select all

dpkg -i autopoweroff-2.9.1-1.noarch.deb
Exit out of chroot:

Code: Select all

exit
Umount the proc filesystem:

Code: Select all

sudo umount /opt/ltsp/i386/proc
Edit /opt/ltsp/i386/etc/autopoweroff.conf:

sudo vi /opt/ltsp/i386/etc/autopoweroff.conf

Adjust the [NO_SHUTDOWN_TIME_RANGE] section below. This parameter specifies the time range where the clients will not shutdown even if all other conditions are met:

Code: Select all

[NO_SHUTDOWN_TIME_RANGE]
StartHour=0
EndHour=1
where StartHour and EndHour are expressed in 24-Hour format. For instance 5 being 5 a.m. and 18 being 6 p.m.. In this example, I've set the values for 12 a.m. to 1 a.m. since it's a time nobody is around so it won't make a difference that way the clients will auto poweroff after they have been idle for a certain amount of time which will set next.

Set the [TIMEOUTS] section if you like. Leaving it default like below will automatically shutdown the client after 60 minutes of inactivity as long as it doesn't fall within the [NO_SHUTDOWN_TIME_RANGE]:

Code: Select all

[TIMEOUTS]
StartupDelay=30
IdleTime=60
Remove any entries after the "Hosts=" under the [DEPENDANTS] section like below:

[DEPENDANTS]
Hosts=

Save the file

Build the image

Code: Select all

sudo ltsp-update-sshkeys

sudo ltsp-update-kernels

sudo ltsp-update-image
Don't forget to add support for proxy DHCP:

Code: Select all

sudo sed -i 's/ipappend 2/ipappend 3/g' /var/lib/tftpboot/ltsp/i386/pxelinux.cfg/default
9. OPTIONAL: Client Central Monitoring and Management with Epoptes. Epoptes is a tool that will allow for the screen broadcasting, monitor and remote command execution of all your clients. Epoptes has two main components. Epoptes which will be installed on the LTSP server and Epoptes Client which will be installed on the clients. Since Epoptes on the server requires a GUI, we will install xFCE desktop manager for the GUI environment and xRDP in order to administer Epoptes using Remote Desktop Connection from any Windows machine.

Install xRDP on the LTSP server:

Code: Select all

sudo apt-get install xrdp
Install xFCE4 on the LTSP server:

Code: Select all

sudo apt-get install xfce4
Configure xRDP to use xFCE4. Create .xsession file in our home directory:

Code: Select all

echo xfce4-session >~/.xsession
Edit /etc/xrdp/startwm.sh:

Code: Select all

sudo vi /etc/xrdp/startwm.sh
Remove the last line that says ". /etc/X11/Xsession" and replace it with "startxfce4" so it looks like below:

Code: Select all

#!/bin/sh

if [ -r /etc/default/locale ]; then
  . /etc/default/locale
  export LANG LANGUAGE
fi

startxfce4
Save the file

Restart xRDP:

Code: Select all

sudo service xrdp restart
Test xRDP by connecting with your Windows Remote Desktop Connection client to the IP address of your LTSP server. Login with your admin username/password. Once successful connected, proceed with installing Epoptes from the xFCE4 environment. Click on "Applications Menu" and then click on "Terminal Emulator".

From the "Terminal Emulator" command prompt install Epoptes server component:

Code: Select all

sudo apt-get install epoptes
Add your server admin user to the epoptes group where "username" is the username of your admin user:

Code: Select all

gpasswd -a username epoptes
Logout of the GUI and log back in for the group changes to take effect. Once you log back in, check that "Epoptes" appears under "Applications Menu" --> "Internet". Again, click on "Applications Menu" and then click on "Terminal Emulator".

Change into your client chroot environment:

Code: Select all

sudo chroot /opt/ltsp/i386
mount the proc filesystem:

Code: Select all

mount -t proc proc /proc
Install Epoptes Client:

Code: Select all

apt-get install epoptes-client
Fetch the OpenSSL certificate from the server:

Code: Select all

epoptes-client -c
Exit out of chroot:

Code: Select all

exit
Umount the proc filesystem:

Code: Select all

sudo umount /opt/ltsp/i386/proc
Build the image

Code: Select all

sudo ltsp-update-sshkeys

sudo ltsp-update-kernels

sudo ltsp-update-image
Don't forget to add support for proxy DHCP:

Code: Select all

sudo sed -i 's/ipappend 2/ipappend 3/g' /var/lib/tftpboot/ltsp/i386/pxelinux.cfg/default
Now, start Epoptes from the LTSP server and boot your clients. You will see them appear in the "Detected Clients" section of your Epoptes application. From there you can perform a variety of tasks on those clients, such as shutdown, reboot and view information about those clients. I haven't been able to view the screen of the remote clients but since this is not a requirement it hasn't been a problem.
Post Reply