LTSP stands for Linux Terminal Server Project.

• Do not use amd64 client images!
  • Go for i386 instead. Amd64 are buggy and i386 client images will serve you much better even if your LTSP server is amd64…
  • Client and server architectures does not have to match.
  • When building client image using ltsp-build-client you can choose architecture using --arch parameter…
• Uninstall or disable local X server (or display manager) on LTSP server when you don't need to use desktop localy. As well as any other eye-candy junk…
  • It will save you little bit of resources and possibly some crashes related to GPU drivers.
  • Server's are meant to be lightweight as possible
  • It's better to have dedicated machine for LTSP server (preferably in rack without keyboard and display, so nobody will mess with it…)
• Even when Debian is generaly preferred distro for servers, Ubuntu seems to be preferred for LTSP servers as it seems to have better LTSP integration and is more optimized for desktop use. It's still good idea even if you prefer different distributions on classical desktop, because not every distribuion is well prepared for use with LTSP.

Now it's recommended to put configuration in /var/lib/tftpboot/ltsp/i386/lts.conf as it doesn't require to do ltsp-update-image after each change…

You can put following tweaks in [Default] section or wherewer you want

lts.conf

SCREEN_02=ssh
SCREEN_03=ssh
SCREEN_04=ssh
SCREEN_05=shell
SCREEN_06=shell
SCREEN_07=ldm
SSH_HOST=your.ltsp.server.example.com

• This will put
  • SSH to LTSP server on VCs 2-4 (in case LDM is broken, you can still use shell)
  • Paswordless shell on VCs 5-6 (in case someone needs to do something locally, no security concerns needed as everything runs from readonly netboot and RAM)
• Do not use VCs bigger than 7 (where LDM sits) it will screw LDM somehow…

Note this may need some messing in ltsp client image. (installing drivers, etc…)

lts.conf

SCANNER = True
PRINTER_0_DEVICE=/dev/lp0
PRINTER_0_WRITE_ONLY=True
PRINTER_1_DEVICE=/dev/usblp0
PRINTER_1_WRITE_ONLY=True

lts.conf

LOCALDEV = True
LOCAL_STORAGE = True
LOCALSTORAGE = True
LOCALDEV_DENY_INTERNAL_DISKS = False

If you want to support access to your LTSP server using VNC for users that are outside the network with working netboot setup (thin clients). You can use Xvnc server for this (vnc4server package at Debian/Ubuntu, also you'll need xserver-common and xfonts-base if you have uninstalled xserver completely).

We will also use lightdm display manager with lightdm-gtk-greeter as LTSP's internal display manager (LDM) is not suitable for this use. Which means that login screen at VNC will look bit different from one on LTSP's thin clients. You'll have to configure lightdm to listen for XDMCP connections, so Xvnc can connect to it. Eg. like this:

/etc/lightdm/lightdm.conf

[LightDM]
start-default-seat=false
 
[XDMCPServer]
enabled=true
port=177
 
[SeatDefaults]
greeter-session=lightdm-gtk-greeter
user-session=xfce
greeter-hide-users=true
allow-guest=false

Also we'll have to setup Xvnc to listen using superserver. We can't use xinetd as LTSP already uses inetd, so we'll have to set Xvnc in inetd.conf. As you see, it's good idea to setup different servers for different screen resolutions, so users can choose the most convenient one:

/etc/inetd.conf

#:OTHER: Other services
9571           stream  tcp     nowait  nobody /usr/sbin/tcpd /usr/sbin/ldminfod
 
5901	stream	tcp	nowait	nobody	/usr/bin/Xvnc	:1 -inetd -once -query 127.0.0.1 -SecurityTypes=none -geometry 800x600 -depth 24
5902	stream	tcp	nowait	nobody	/usr/bin/Xvnc	:2 -inetd -once -query 127.0.0.1 -SecurityTypes=none -geometry 1280x800 -depth 24
5903	stream	tcp	nowait	nobody	/usr/bin/Xvnc	:3 -inetd -once -query 127.0.0.1 -SecurityTypes=none -geometry 1024x600 -depth 24
5910	stream	tcp	nowait	nobody	/usr/bin/Xvnc	:10 -inetd -once -query 127.0.0.1 -SecurityTypes=none -geometry 480x320 -depth 16

And that's it. Now restart lightdm and then inetd and you should be ready to roll…

If you are using guest account at LTSP and you are concerned about security, you should also disable guest login from lightdm. There few ways to do this. Protect guest with secret password, use lightdm's configuration or use pam_access.so in /etc/pam.d/lightdm.

This script will maintain symlinks to all files in /etc/autolinks at desktops of all users. This is usefull when you want to make sure that all users have some desktop icons accessible all the time and they cannot delete them. Run it from cron and login scripts…

/usr/local/bin/autolinks

#!/bin/bash
AUTODIR=/etc/autolinks
LINK_PREFIX="LTSP-VOLATILE"
 
rm -f /home/*/Desktop/"$LINK_PREFIX"-*
 
for home in /home/*; do
	ls -1 "$AUTODIR" | while read link; do
		[ -e "$home"/Desktop ] && ln -s "$AUTODIR"/"$link" "$home"/Desktop/"$LINK_PREFIX"-"$link" #|| ln -s Plocha "$home"/Desktop
	done
done

ln -s /etc/xdg/xfce4/panel/default.xml /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml

bootfile-server: 192.168.223.2
subnet-parameters: option root-path "/opt/ltsp/i386";
                   filename "/ltsp/i386/pxelinux.0";