One generic term for both thin clients and diskless workstations is LTSP client.
Starting with Bullseye, LTSP is quite different from the previous
versions. This concerns both setup and maintenance.
As one main difference, the SquashFS image for diskless workstations is now generated from the LTSP server file system by default. This happens on a combined server at first boot, taking some time.
Thin clients are no longer part of LTSP. Debian Edu uses X2Go to still support thin client usage.
In case of a separate or an additional LTSP server, required information for setting up the LTSP client environment isn't complete at installation time. Setup can be done once the system has been added with GOsa².
For information about LTSP in general, see the LTSP homepage. On systems with LTSP
server profile, man ltsp
provides more information.
Please note that the ltsp tool from LTSP has to be used
carefully. For example, ltsp image /
would
fail to generate the SquashFS image in case of Debian machines (these have a
separate /boot partition by default), ltsp
ipxe
would fail to generate the iPXE menu correctly (due to
Debian Edu's thin client support), and ltsp
initrd
would mess up LTSP client boot completely.
The debian-edu-ltsp-install tool is a
wrapper script for ltsp image
,
ltsp initrd
and ltsp
ipxe
. It is used to setup and configure diskless
workstation and thin client support (both 64-Bit and 32-Bit PC). See
man debian-edu-ltsp-install
or the script
content to see how it works. All configuration is contained in the script
itself (HERE documents) to facilitate site specific adjustments.
Examples how to use the wrapper script debian-edu-ltsp-install:
debian-edu-ltsp-install --diskless_workstation
yes
updates the diskless workstation SquashFS image (server
filesystem).
debian-edu-ltsp-install --diskless_workstation yes
--thin_type bare
creates diskless workstation and 64-bit
thin client support.
debian-edu-ltsp-install --arch i386 --thin_type
bare
creates additional 32-bit thin client support (chroot
and SquashFS image).
Besides bare (smallest thin client system), also display and desktop are available options. The display type offers a shutdown button, the desktop type runs Firefox ESR in kiosk mode on the client itself (more local RAM and CPU power required, but server load reduced).
The debian-edu-ltsp-ipxe tool is a
wrapper script for ltsp ipxe
. It makes sure
that the /srv/tftp/ltsp/ltsp.ipxe file is Debian Edu specific. The command
needs to be run after iPXE menu related items (like menu timeout or default
boot settings) in the /etc/ltsp/ltsp.conf [server] section have been
modified.
The debian-edu-ltsp-initrd tool is a
wrapper script for ltsp initrd
. It makes
sure that a use case specific initrd (/srv/tftp/ltsp/ltsp.img) is generated
and then moved to the use case related directory. The command needs to be
run after the /etc/ltsp/ltsp.conf [clients] section has been modified.
The debian-edu-ltsp-chroot tool is a replacement for the ltsp-chroot tool shipped with LTSP5. It is used to execute commands in a specified LTSP chroot (like e.g. install, upgrade and remove packages).
Diskløs arbejdsstation
A diskless workstation runs all software locally. The client machines boot directly from the LTSP server without a local hard drive. Software is administered and maintained on the LTSP server, but runs on the diskless workstations. Home directories and system settings are stored on the server too. Diskless workstations are an excellent way of reusing older (but powerful) hardware with the same low maintenance costs as with thin clients.
Unlike workstations diskless workstations run without any need to add them with GOsa².
Tynd klient
A thin client setup enables an ordinary PC to function as an (X-)terminal, where all software runs on the LTSP server. This means that this machine boots via PXE without using a local client hard drive and that the LTSP server needs to be a powerful machine.
Debian Edu still supports the use of thin clients to enable the use of very old hardware.
LTSP-klientfirmware
LTSP client boot will fail if the client's network interface requires a non-free firmware. A PXE installation can be used for troubleshooting problems with netbooting a machine; if the Debian Installer complains about a missing XXX.bin file then non-free firmware has to be added to the LTSP server's initrd.
Proceed like this on the LTSP server:
First get information about firmware packages, run:
apt update && apt search ^firmware-
Decide which package has to be installed for the network interface(s), most probably this will be firmware-linux, run:
apt -y -q install firmware-linux
Update the SquashFS image for diskless workstations, run:
debian-edu-ltsp-install --diskless_workstation yes
In case X2Go thin clients are used, run:
/usr/share/debian-edu-config/tools/ltsp-addfirmware -h
and proceed according to the usage information.
Then update the SquashFS image; e.g. for the /srv/ltsp/x2go-bare-amd64 chroot, run:
ltsp image x2go-bare-amd64
Each LTSP server has two ethernet interfaces: one configured in the main 10.0.0.0/8 subnet (which is shared with the main server), and another forming a local subnet (a separate subnet for each LTSP server).
In both cases diskless workstation or thin client can be chosen from the iPXE menu. After waiting for 5 seconds, the machine will boot as diskless workstation.
The default iPXE boot menu item and it's default timeout can both be
configured in /etc/ltsp/ltsp.conf
. A
timeout value of -1 is used to hide the menu. Run
debian-edu-ltsp-ipxe
for the changes to
take effect.
192.168.0.0/24 er standardnetværk for LTSP-klienten hvis en maskine
installeres via LTSP-profilen. Hvis en masse LTSP-klienter bruges eller hvis
forskellige LTSP-klienter skal betjene både i386- og amd64-chrootmiljøer kan
det andet prækonfigurerede netværk 192.168.1.0/24 også anvendes. Rediger
filen /etc/network/interfaces
og juster
eth1-indstillingerne. Brug ldapvi
eller et
andet LDAP-redigeringsprogram til at inspicere DNS- og DHCP-konfigurationen.
To create chroot and SquashFS image, run:
debian-edu-ltsp-install --arch i386 --thin_type bare
See man debian-edu-ltsp-install
for details
about thin client types.
Run man ltsp.conf
to have a look at
available configuration options. Or read it online: https://ltsp.org/man/ltsp.conf/
Add configuration items to the /etc/ltsp/ltsp.conf [clients] section. For the changes to take effect, run:
debian-edu-ltsp-initrd
LTSP-tynde klienter bruger netværkslyd til at sende lyd fra serveren til klienterne.
LTSP-diskløse arbejdsstationer håndterer lyd lokalt.
Kobl printeren til LTSP-klientmaskinen (både USB og parallel port er understøttet).
Configure the LTSP client with GOsa² to use a fixed IP address.
Configure the printer using the web interface
https://www.intern:631
on the main server;
choose network printer type AppSocket/HP
JetDirect
(for all printers regardless of brand or model)
and set socket://<LTSP client
ip>:9100
as connection URI.
PXE stands for Preboot eXecution Environment. Debian Edu now uses the iPXE implementation for easier LTSP integration.
The iPXE menu item concerning system installations is generated using the
script debian-edu-pxeinstall
. It allows
some settings to be overridden using the file
/etc/debian-edu/pxeinstall.conf
with
replacement values.
PXE-installationen vil arve sproget, tastaturlayout og spejlindstillinger
fra opsætningen brugt under installation af hovedserveren, og de andre
spørgsmål der bliver spurgt om under installation (profil,
popcon-deltagelse, partitionering og adgangskode for root). For at undgå
disse spørgsmål, kan filen
/etc/debian-edu/www/debian-edu-install.dat
ændres så den indeholder prævalgte svar for debconf-værdier. Nogle eksempler
på tilgængelige debconf-værdier har allerede kommentarer i
/etc/debian-edu/www/debian-edu-install.dat
.
Dine ændringer vil gå tabt så snart at
debian-edu-pxeinstall
bruges til at
genskabe PXE-installationsmiljøet. For at vedhæfte debconf-værdier til
/etc/debian-edu/www/debian-edu-install.dat
under genskabelse med
debian-edu-pxeinstall
, så tilføj filen
/etc/debian-edu/www/debian-edu-install.dat.local
med dine yderligere debconf-værdier.
Yderligere information om ændring af PXE-installationer kan findes i kapitlet Installation.
For at tilføje et tilpasset arkiv, så tilføj noget som
/etc/debian-edu/www/debian-edu-install.dat.local
:
#tilføj skolens projekters lokale arkiv d-i apt-setup/local1/repository string http://example.org/debian stable main contrib non-free d-i apt-setup/local1/comment string Example Software Repository d-i apt-setup/local1/source boolean true d-i apt-setup/local1/key string http://example.org/key.asc
og kør så /usr/sbin/debian-edu-pxeinstall
en gang.
Pakken debian-edu-config indeholder et værktøj, som hjælper med at ændre
netværket 10.0.0.0/8 til noget andet. Se eventuelt
/usr/share/debian-edu-config/tools/subnet-change
.
Det er lavet for brug lige efter installationen på hovedserveren, for at
opdatere LDAP og andre filer, som skal redigeres for at ændre undernettet.
Note that changing to one of the subnets already used elsewhere in Debian
Edu will not work. 192.168.0.0/24 and 192.168.1.0/24 are already set up as
LTSP client networks. Changing to these subnets will require manual editing
of configuration files to remove duplicate entries.
Der er ingen nem måde at ændre DNS-domænenavnet. Ændring af navnet vil kræve ændringer til både LDAP-strukturen og flere filer i filsystemet for hovedserveren (tjener.intern). At gøre dette vil også kræve ændringer til LDAP og filer i hovedserveren og filsystemet for klienten. I begge tilfælde skal Kerberosopsætningen også ændres.
Choosing the LTSP server profile or the combined server profile also installs the xrdp and x2goserver packages.
Xrdp uses the Remote Desktop Protocol to present a graphical login to a remote client. Microsoft Windows users can connect to the LTSP server running xrdp without installing additional software - they simply start a Remote Desktop Connection on their Windows machine and connect.
Derudover kan xrdp forbinde til en VNC-server eller en anden RDP-server.
Xrdp har ikke lydunderstøttelse; for at kompilere de krævede moduler kan dette skript bruges.
#!/bin/bash # Skript til at kompilere/genkompilere xrdp PulseAudio-moduler. # Kalderen skal være root eller medlem af sudo-gruppen. # /etc/apt/sources.list skal også indeholde en gyldig deb-src-linje. set -e if [[ $UID -ne 0 ]] ; then if ! groups | egrep -q sudo ; then echo "ERROR: You need to be root or a sudo group member." exit 1 fi fi if ! egrep -q ^deb-src /etc/apt/sources.list ; then echo "ERROR: Make sure /etc/apt/sources.list contains a deb-src line." exit 1 fi TMP=$(mktemp -d) PULSE_UPSTREAM_VERSION="$(dpkg-query -W -f='${source:Upstream-Version}' pulseaudio)" XRDP_UPSTREAM_VERSION="$(dpkg-query -W -f='${source:Upstream-Version}' xrdp)" sudo apt -q update # Hent kilder og byggeafhængigheder: sudo apt -q install dpkg-dev cd $TMP apt -q source pulseaudio xrdp sudo apt -q build-dep pulseaudio xrdp # For pulseaudio 'configure' is all what is needed: cd pulseaudio-$PULSE_UPSTREAM_VERSION/ ./configure # Juster pulseaudio-modulers Makefile (kræver absolut sti) # og byg pulseaudio-modulerne. cd $TMP/xrdp-$XRDP_UPSTREAM_VERSION/sesman/chansrv/pulse/ sed -i 's/^PULSE/#PULSE/' Makefile sed -i "/#PULSE_DIR/a \ PULSE_DIR = $TMP/pulseaudio-$PULSE_UPSTREAM_VERSION" Makefile make # Kopier moduler til Pulseaudio modules-mappen, juster rettigheder. sudo cp *.so /usr/lib/pulse-$PULSE_UPSTREAM_VERSION/modules/ sudo chmod 644 /usr/lib/pulse-$PULSE_UPSTREAM_VERSION/modules/module-xrdp* # Genstart xrdp, nu med lyd aktiveret. sudo service xrdp restart
X2Go enables you to access a graphical desktop on the LTSP server over both low bandwidth and high bandwidth connections from a PC running Linux, Windows or macOS. Additional software is needed on the client side, see the X2Go wiki for more information.
Please note that the killer
package should
best be removed on the LTSP server if X2Go is used, see 890517.
freerdp-x11
installeres som standard og kan
RDP og VNC.
RDP - den nemmeste måde at tilgå Windows' terminalserver. En alternativ
klientpakke er rdesktop
.
VNC-klient (Virtual Network Computer) giver adgang til Skolelinux
eksternt. En alternativ klientpakke er
xvncviewer
.
x2goclient
is a graphical client for the
X2Go system (not installed by default). You can use it to connect to running
sessions and start new ones.
The freeRADIUS server could be used to provide secure
network connections. For this to work, install the
freeradius and winbind packages on
the main server and run
/usr/share/debian-edu-config/setup-freeradius-server
to generate a basic, site specific configuration. This way, both
EAP-TTLS/PAP and PEAP-MSCHAPV2 methods are enabled. All configuration is
contained in the script itself to facilitate site specific adjustments. See
the freeRADIUS homepage for
details.
Additional configuration is needed to
enable/disable access points via a shared secret (/etc/freeradius/3.0/clients.conf).
allow/deny wireless access using LDAP groups (/etc/freeradius/3.0/users).
combine access points into dedicated groups (/etc/freeradius/3.0/huntgroups)
End user devices need to be configured properly, these devices need to be
PIN protected for the use of EAP (802.1x) methods. And most important: users
need to be educated to install the freeradius CA certificate on their
devices to be sure to connect to the right server. This way the password
can't be catched in case of a malicious server. The site specific
certificate is available on the internal network.
https://www.intern/freeradius-ca.pem (for end user devices running Linux)
https://www.intern/freeradius-ca.crt (Linux, Android)
https://www.intern/freeradius-ca.der (macOS, iOS, iPadOS, Windows)
Please note that configuring end user devices will be a real challenge due to the variety of devices. For Windows devices an installer script could be created, for Apple devices a mobileconfig file. In both cases the freeRADIUS CA certificate can be integrated, but OS specific tools are needed to create the scripts.