====== LTSP (Terminal Server) ======
[[wp>LTSP]] stands for [[http://www.ltsp.org/|Linux Terminal Server Project]].
===== General reccomendations =====
* **Do not use amd64 client images!**
* Go for **i386** instead. Amd64 are buggy and i386 client images will serve you much better even if your LTSP server is amd64...
* Client and server architectures does not have to match.
* When building client image using [[man>ltsp-build-client]] you can choose architecture using %%--arch%% parameter...
* Uninstall or disable local X server (or display manager) on LTSP server when you don't need to use desktop localy. As well as any other eye-candy junk...
* It will save you little bit of resources and possibly some crashes related to GPU drivers.
* Server's are meant to be lightweight as possible
* It's better to have dedicated machine for LTSP server (preferably in rack without keyboard and display, so nobody will mess with it...)
* Even when Debian is generaly preferred distro for servers, Ubuntu seems to be preferred for LTSP servers as it seems to have better LTSP integration and is more optimized for desktop use. It's still good idea even if you prefer different distributions on classical desktop, because not every distribuion is well prepared for use with LTSP.
===== Tricks in lts.conf =====
Now it's recommended to put configuration in **/var/lib/tftpboot/ltsp/i386/lts.conf** as it doesn't require to do [[man>ltsp-update-image]] after each change...
You can put following tweaks in [Default] section or wherewer you want
==== Service shells ====
SCREEN_02=ssh
SCREEN_03=ssh
SCREEN_04=ssh
SCREEN_05=shell
SCREEN_06=shell
SCREEN_07=ldm
SSH_HOST=your.ltsp.server.example.com
* This will put
* SSH to LTSP server on VCs 2-4 (in case LDM is broken, you can still use shell)
* Paswordless shell on VCs 5-6 (in case someone needs to do something locally, no security concerns needed as everything runs from readonly netboot and RAM)
* Do not use VCs bigger than 7 (where LDM sits) it will screw LDM somehow...
==== Share scanners and printers ====
Note this may need some messing in ltsp client image. (installing drivers, etc...)
SCANNER = True
PRINTER_0_DEVICE=/dev/lp0
PRINTER_0_WRITE_ONLY=True
PRINTER_1_DEVICE=/dev/usblp0
PRINTER_1_WRITE_ONLY=True
==== Make thin client's disk drives accessible in LTSP ====
LOCALDEV = True
LOCAL_STORAGE = True
LOCALSTORAGE = True
LOCALDEV_DENY_INTERNAL_DISKS = False
===== Make LTSP available through VNC =====
If you want to support access to your LTSP server using [[wp>VNC]] for users that are outside the network with working netboot setup (thin clients). You can use [[man>Xvnc]] server for this ([[man>vnc4server]] package at Debian/Ubuntu, also you'll need xserver-common and xfonts-base if you have uninstalled xserver completely).
This manual will work even for servers without LTSP, it just describes how to setup passwordless VNC server with login screen provided by [[wp>XDMCP]] capable display manager. This allows you to share VNC server between multiple users, while typical VNC setup on Linux is to let users launch their own VNC server using SSH, which is not very convenient.
We will also use [[man>lightdm]] display manager with **lightdm-gtk-greeter** as LTSP's internal display manager (LDM) is not suitable for this use. Which means that login screen at VNC will look bit different from one on LTSP's thin clients. You'll have to configure lightdm to listen for XDMCP connections, so Xvnc can connect to it. Eg. like this:
[LightDM]
start-default-seat=false
[XDMCPServer]
enabled=true
port=177
[SeatDefaults]
greeter-session=lightdm-gtk-greeter
user-session=xfce
greeter-hide-users=true
allow-guest=false
Also we'll have to setup Xvnc to listen using superserver. We can't use [[man>xinetd]] as LTSP already uses [[man>inetd]], so we'll have to set Xvnc in inetd.conf. As you see, it's good idea to setup different servers for different screen resolutions, so users can choose the most convenient one:
#:OTHER: Other services
9571 stream tcp nowait nobody /usr/sbin/tcpd /usr/sbin/ldminfod
5901 stream tcp nowait nobody /usr/bin/Xvnc :1 -inetd -once -query 127.0.0.1 -SecurityTypes=none -geometry 800x600 -depth 24
5902 stream tcp nowait nobody /usr/bin/Xvnc :2 -inetd -once -query 127.0.0.1 -SecurityTypes=none -geometry 1280x800 -depth 24
5903 stream tcp nowait nobody /usr/bin/Xvnc :3 -inetd -once -query 127.0.0.1 -SecurityTypes=none -geometry 1024x600 -depth 24
5910 stream tcp nowait nobody /usr/bin/Xvnc :10 -inetd -once -query 127.0.0.1 -SecurityTypes=none -geometry 480x320 -depth 16
And that's it. Now restart lightdm and then inetd and you should be ready to roll...
I can suggest you to use vinagre VNC client on Linux and realvnc on Windows.
If you are using guest account at LTSP and you are concerned about security, you should also disable guest login from lightdm. There few ways to do this. Protect guest with secret password, use lightdm's configuration or use [[man>pam_access]].so in **/etc/pam.d/lightdm**.
===== Desktop Autolinking =====
This script will maintain symlinks to all files in /etc/autolinks at desktops of all users. This is usefull when you want to make sure that all users have some desktop icons accessible all the time and they cannot delete them. Run it from cron and login scripts...
#!/bin/bash
AUTODIR=/etc/autolinks
LINK_PREFIX="LTSP-VOLATILE"
rm -f /home/*/Desktop/"$LINK_PREFIX"-*
for home in /home/*; do
ls -1 "$AUTODIR" | while read link; do
[ -e "$home"/Desktop ] && ln -s "$AUTODIR"/"$link" "$home"/Desktop/"$LINK_PREFIX"-"$link" #|| ln -s Plocha "$home"/Desktop
done
done
===== Disable XFCE dialog at first login =====
ln -s /etc/xdg/xfce4/panel/default.xml /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml
===== EdgeRouter EdgeOs DHCP =====
bootfile-server: 192.168.223.2
subnet-parameters: option root-path "/opt/ltsp/i386";
filename "/ltsp/i386/pxelinux.0";