Re: [arch-general] Arch Linux PC as a Remote Desktop Node
Em julho 27, 2018 14:46 Foxtrot Mike via arch-general escreveu:
The issue with x2go and ltsp is that I'll have to separately manage username and passwords for local Linux login. The solution that I'd rather prefer would use Active directory authentication so the current system administrator won't have to do anything extra. The group policies are already there. Once the Arch system is properly configured, I'd disable local logins so there will be very limited chance for a user to corrupt/modify Arch system. And ideally, the user would have no way to interact with the local system. Thats why I want to limit the user to freeRDP. Anything else, and the X-session expires.
You have more than one option to authenticate to windows AD servers [0] . You have PAM Ldap, winbind, making a samba server the secondary controller, etc. You will probably need a local home dir for storing session data, but this can be created/destroyed on demand.
Plus, I am very much into embedded linux systems (routers, SBCs, etc). I think putting the various pieces together would be give me a lot more to learn as compared to using a third party specialized software such as a kiosk script.
Why reinvent the wheel here? I understand the need for learning, but I wouldn't do this on something that is intended as a production system. Again, don't use plain X protocol over the network, it's very wasteful. Regards, Giancarlo Razzolini [0] https://wiki.archlinux.org/index.php/Active_Directory_Integration
On 07/27/2018 11:17 PM, Giancarlo Razzolini wrote:
Em julho 27, 2018 14:46 Foxtrot Mike via arch-general escreveu:
The issue with x2go and ltsp is that I'll have to separately manage username and passwords for local Linux login. The solution that I'd rather prefer would use Active directory authentication so the current system administrator won't have to do anything extra. The group policies are already there. Once the Arch system is properly configured, I'd disable local logins so there will be very limited chance for a user to corrupt/modify Arch system. And ideally, the user would have no way to interact with the local system. Thats why I want to limit the user to freeRDP. Anything else, and the X-session expires.
You have more than one option to authenticate to windows AD servers [0] . You have PAM Ldap, winbind, making a samba server the secondary controller, etc. I thought these options worked together, i.e, I'd to use samba PAM and winbing all together. Thanks for the info. I'll look deeper into it.
You will probably need a local home dir for storing session data, but this can be created/destroyed on demand.
Plus, I am very much into embedded linux systems (routers, SBCs, etc). I think putting the various pieces together would be give me a lot more to learn as compared to using a third party specialized software such as a kiosk script.
Why reinvent the wheel here? I understand the need for learning, but I wouldn't do this on something that is intended as a production system. Again, don't use plain X protocol over the network, it's very wasteful.
I plan to use RDP. I think it's not the same as using 'plain X protocol over the network' since RDP includes encryption and compression, afaik. Please correct me if I'm wrong.
Regards, Giancarlo Razzolini
[0] https://wiki.archlinux.org/index.php/Active_Directory_Integration
participants (2)
-
Foxtrot Mike
-
Giancarlo Razzolini