X2go: Difference between revisions
(Created page with "==Installation== Install software-properties-common <pre>apt-get install software-properties-common</pre> Add x2go repository and install it <pre>add-apt-repository ppa:x2...") |
|||
| Line 10: | Line 10: | ||
Install a desktop environment | Install a desktop environment | ||
<pre>apt-get install xfce4 xfce4-goodies</pre> | <pre>apt-get install xfce4 xfce4-goodies</pre> | ||
Install firefox | |||
<pre>apt-get install firefox</pre> | |||
==LDAP Auth== | ==LDAP Auth== | ||
Revision as of 10:29, 12 July 2017
Installation
Install software-properties-common
apt-get install software-properties-common
Add x2go repository and install it
add-apt-repository ppa:x2go/stable apt-get update apt-get install x2goserver x2goserver-xsession
Install a desktop environment
apt-get install xfce4 xfce4-goodies
Install firefox
apt-get install firefox
LDAP Auth
First of all set ssh so it allows auth by key from local IPs and auth by password for the others. Modify these values in /etc/ssh/sshd_config:
PubkeyAuthentication no PasswordAuthentication yes
And add these lines at the end of file, modifying the IP for your needs:
Match address 192.168.*
PasswordAuthentication no
PubkeyAuthentication yes
Restart ssh service
service ssh restart
On a DC create a simple user and set it to not expire
samba-tool user add <user.name> samba-tool user setexpiry <user.name> --noexpiry
Back on the X2go server, install libpam-ldapd
apt-get install libpam-ldapd
During the install process specify:
- LDAP server: ldaps://server-ip:636
- base search: dc=<domain>,dc=local
- LDAP auth: simple
- LDAP user: cn=<user.create.above>,cn=users,dc=<domain>,dc=local
- LDAP user password: the password for the above user
- Check server's SSL certificate: allow
- Certificate authority certificate: you can leave this as it is
Add/modify these lines in /etc/nslcd.conf
ssl on pagesize 1000 referrals off nss_nested_groups yes filter passwd (objectClass=user) filter group (objectClass=group) filter shadow (objectClass=user) map passwd uid sAMAccountName map passwd homeDirectory unixHomeDirectory map passwd gecos displayName map passwd gidNumber primaryGroupID map shadow uid sAMAccountName
Modify these lines in /etc/nsswitch.conf
passwd: compat ldap group: compat ldap shadow: compat ldap
If you want Ubuntu to create a home dir for the LDAP users on the first login add this line to /etc/pam.d/common-session
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
Restart nscd and nslcd services
service nscd restart && service nslcd restart
Make a directory for the LDAP users
mkdir /home/ldap-users
Add attributes to the LDAP users
The LDAP users that want to connect with x2go need uidNumber and unixhomedirectory to be set. On the DC enter command
wbinfo -i <user.name>
And the 3rd value, something like 3000011, will be the value for uidNumber. Create a file entrymods.ldif and and put this inside
dn: cn=<user.name>,cn=Users,dc=<domain>,dc=local changetype: modify add: uidnumber uidnumber: <value-specified-above> - add: unixhomedirectory unixhomedirectory: /home/ldap-users/<user.name> -
Set the attributes
ldapmodify -x -D "cn=<user-that-will-make-the-change>,cn=Users,dc=<domain>,dc=local" -W -H ldap://localhost:389 -f entrymods.ldif
Debug mode
If you are having problems with the authentication you can enter debug mode like this
service nscd stop && service nslcd stop nslcd -d
