[arch-general] Arch Linux PC as a Remote Desktop Node
Hi all, Currently we have around 10 employees who develop software using Visual Studio. The idea is to install the development tools on the Windows Server system, and to have all the developers connect to the server over RDP using low-end low-power computers. The server is pretty beefy though. The low end client PCs will save up-front cost as well as power bills. The network backend will not have any issue with the increased RDP traffic. I have been using Arch Linux for some years now, so I undertook this as a research project. I want to use the Arch system as a Remote Desktop node. The Arch system would use a login manager (such as lightdm) to authenticate users from Windows Domain. Once the user has been authenticated, the system is supposed to automatically open a RDP connection (using freerdp) to the Windows Server (if possible, using the credentials provided to lightdm so the user doesn't have to enter his password twice). As soon as the user quits the RDP session, his X-session should also be closed automatically. Here are the major tasks: 1- Ask LightDM to use Windows Domain (Kerberos) authentication. I am a little confused. There are supposedly many different ways with little changes to do this. [1] is one solution. LDAP is also a possibility. I need advice from someone who knows this field better than me :p 2- How to ask i3-wm (my default wm) to run freerdp at login? I guess [2] will get this done. 3- How to ask freerdp to authenticate using the ticket received from TGT during LightDM Domain authentication? If I could somehow configure freerdp to use Kerberos Tickets then the user won't have to enter his Domain password again. 4- How to ask i3-wm to close the X-session when freeRDP quits? I read something a while ago about .xsession files to achieve this functionality, but can't find it now. Any help would be appreciated! Regards. [1] https://wiki.archlinux.org/index.php/Active_Directory_Integration#Join_the_d... [2] https://i3wm.org/docs/userguide.html#_automatically_starting_applications_on...
On 2018-07-27 19:07, Foxtrot Mike via arch-general wrote:
Hi all,
Currently we have around 10 employees who develop software using Visual Studio. The idea is to install the development tools on the Windows Server system, and to have all the developers connect to the server over RDP using low-end low-power computers. The server is pretty beefy though. The low end client PCs will save up-front cost as well as power bills. The network backend will not have any issue with the increased RDP traffic.
I'm not sure about the auth part given my little experience with it, but if you're going to log into a server via RDP, can't you simply have your lightweight machine automatically open a default session [1], connect to the windows server, and authenticate users there? If you're going to only have one app running on the client machines, you don't need a window manager; xinit do that [2] [3] [1] https://wiki.archlinux.org/index.php/Xinit#Autostart_X_at_login [2] https://wiki.archlinux.org/index.php/Xinit#Starting_applications_without_a_w... [3] https://bbs.archlinux.org/viewtopic.php?id=107319
Hi Mike, cyelae wrote:
I'm not sure about the auth part given my little experience with it, but if you're going to log into a server via RDP, can't you simply have your lightweight machine automatically open a default session [1], connect to the windows server, and authenticate users there?
That would be my suggestion. It sounds like you don't want the local user to be able to access anything but the remote Windows server anyway. I realise you want to know how to fit the parts together yourself, but it would still be worth a look at existing solutions for ideas, e.g. should a user be able to shutdown the PC? https://thinstation.github.io/thinstation/ http://porteus-kiosk.org/ http://users.telenet.be/mydotcom/howto/linuxkiosk/rdpterm.html -- Cheers, Ralph. https://plus.google.com/+RalphCorderoy
On 2018-07-27 19:07, Foxtrot Mike via arch-general wrote:
Hi all,
Currently we have around 10 employees who develop software using Visual Studio. The idea is to install the development tools on the Windows Server system, and to have all the developers connect to the server over RDP using low-end low-power computers. The server is pretty beefy though. The low end client PCs will save up-front cost as well as power bills. The network backend will not have any issue with the increased RDP traffic.
I'm not sure about the auth part given my little experience with it, but if you're going to log into a server via RDP, can't you simply have your lightweight machine automatically open a default session [1], connect to the windows server, and authenticate users there? You mean I should have something like a guest account on Linux for opening an X session, and then the RDP application would connect to the Windows Server and ask for Windows Domain password? I think it could be done, but I'll have to severely limit the guest account from security
On 07/28/2018 02:52 AM, cyelae via arch-general wrote: point of view.
If you're going to only have one app running on the client machines, you don't need a window manager; xinit do that [2] [3]
I tried opening Firefox using init, without any window manager. Firefox did open but there were some issues with graphics. Such as upon right clicking, the options menu wouldn't show. Also, youtube for some reason didn't show any thumbnail. After some research it seemed that directly running an application from xinit without a window manager is not a good idea if the application is graphically complex.
[1] https://wiki.archlinux.org/index.php/Xinit#Autostart_X_at_login [2] https://wiki.archlinux.org/index.php/Xinit#Starting_applications_without_a_w... [3] https://bbs.archlinux.org/viewtopic.php?id=107319
On Fri, 27 Jul 2018 at 19:07, Foxtrot Mike via arch-general <arch-general@archlinux.org> wrote:
Hi all,
Currently we have around 10 employees who develop software using Visual Studio. The idea is to install the development tools on the Windows Server system, and to have all the developers connect to the server over RDP using low-end low-power computers. The server is pretty beefy though. The low end client PCs will save up-front cost as well as power bills. The network backend will not have any issue with the increased RDP traffic.
If I were one of the employees, I wouldn’t be very happy about the idea. RDP will never be as reliable and snappy as working on a physical machine, even if the server was more powerful. Developers aren’t the best employees to make savings on. Do note that the savings will be limited due to eg. Windows Server licensing. Also, have you tested it and made sure that all the software is compatible with concurrent use via RDP? But if you have to, here’s an idea: One Linux user account, auto-login into X. That user account runs Openbox (as something more user-friendly), which auto-starts a RDP client. After the user ends their Windows session, a dialog box (eg. from Zenity) appears, asking to restart the Windows session or shut down the computer, perhaps with a timeout. -- Chris Warrick <https://chriswarrick.com/> PGP: 5EAAEA16
On 07/29/2018 10:01 PM, Chris Warrick via arch-general wrote:
Hi all,
Currently we have around 10 employees who develop software using Visual Studio. The idea is to install the development tools on the Windows Server system, and to have all the developers connect to the server over RDP using low-end low-power computers. The server is pretty beefy though. The low end client PCs will save up-front cost as well as power bills. The network backend will not have any issue with the increased RDP traffic. If I were one of the employees, I wouldn’t be very happy about the idea. RDP will never be as reliable and snappy as working on a
On Fri, 27 Jul 2018 at 19:07, Foxtrot Mike via arch-general <arch-general@archlinux.org> wrote: physical machine, even if the server was more powerful. Developers aren’t the best employees to make savings on. Do note that the savings will be limited due to eg. Windows Server licensing. Also, have you tested it and made sure that all the software is compatible with concurrent use via RDP?
Well, the decision to use RDP comes from higher management. There was a suggestion to use proprietary thin clients (such as from HP), but I thought I could make the 'system' myself with some tinkering. The network backend is enough for these RDP sessions. May be the lag won't be that bad. If the worst happens, I'll write all this effort and time off as 'experience'.
But if you have to, here’s an idea:
One Linux user account, auto-login into X. That user account runs Openbox (as something more user-friendly), which auto-starts a RDP client. After the user ends their Windows session, a dialog box (eg. from Zenity) appears, asking to restart the Windows session or shut down the computer, perhaps with a timeout.
Thanks. That's the approach I have decided would be the best, based on the very helpful comments from other users. One thing though. How can I automatically detect that FreeRDP session has been closed so that I can run a small Zenity script? Regards.
Hi Mike,
How can I automatically detect that FreeRDP session has been closed so that I can run a small Zenity script?
Well, a script is probably being run, just like a .xinitrc might be, and instead of its normal xclock & xbiff & xterm & exec twm to start a bunch of X clients in the background and then replace xinit with the window manager, ending the session when the WM quits, you could twm & rdp-client timeout 30 zenity ... # ...conditionally reboot, shutdown, or just re-start X server when # it exits to get a fresh rdp-client. so sh(1) waits for rdp-client to exit before executing further commands. -- Cheers, Ralph. https://plus.google.com/+RalphCorderoy
On Mon, 30 Jul 2018 at 16:00, Ralph Corderoy <ralph@inputplus.co.uk> wrote:
Hi Mike,
How can I automatically detect that FreeRDP session has been closed so that I can run a small Zenity script?
Well, a script is probably being run, just like a .xinitrc might be, and instead of its normal
xclock & xbiff & xterm & exec twm
to start a bunch of X clients in the background and then replace xinit with the window manager, ending the session when the WM quits, you could
twm & rdp-client timeout 30 zenity ... # ...conditionally reboot, shutdown, or just re-start X server when # it exits to get a fresh rdp-client.
so sh(1) waits for rdp-client to exit before executing further commands.
One issue here: it’s possible that the RDP client returns control to the shell immediately (as some GUI apps will do). In that case, you’ll need a different solution. -- Chris Warrick <https://chriswarrick.com/> PGP: 5EAAEA16
On 07/27/2018 12:07 PM, Foxtrot Mike via arch-general wrote:
I want to use the Arch system as a Remote Desktop node. The Arch system would use a login manager (such as lightdm) to authenticate users from Windows Domain. Once the user has been authenticated, the system is supposed to automatically open a RDP connection (using freerdp) to the Windows Server (if possible, using the credentials provided to lightdm so the user doesn't have to enter his password twice). As soon as the user quits the RDP session, his X-session should also be closed automatically.
FM, I am totally confused as to what and why you are wanting to put your Arch server between the employees and the RDP session to the windows server?? Where is the code they produce stored? Windows? Arch Server? Why not just have them open a single RDP session to the windows server directly? Are they actually using something from the Linux box? If there is a reason why they need the Arch server, do they each have a Linux user account there? If they do, why not use vncserver (TigerVNC) to provide a Linux desktop to them using ssh tunneling. The vncserver can handle the X startup (it provides a nice short configuration file you can tweak to start whatever desktop you like. I3 is fine, fluxbox is another excellent choice). You likely could launch the additional RDP session there, or have the desktop startup file do it for you. Sorry for the additional questions, but I am not clear on what you are trying to achieve and there may be simpler ways of doing it -- if I understood what you were trying to do. I use RDP to both Linux and Windows, but each are virtualized with VirtualBox and made available over the network. That would be a bit resource intensive for the server depending on your RAM -- I run guests with 2G. If both the all employees and both the Arch and Windows servers are being a secure firewall, then XDMCP is another option for providing a remote Xsession to your employees. It has its valid uses, but is generally frowned upon from a security standpoint. If all your employees need is the VS install on the windows server -- then I don't see how the Arch server would be a benefit to have in the middle. (of course I don't see the benefit of coding in VS... but to each his own...) -- David C. Rankin, J.D.,P.E.
Hi David,
Foxtrot Mike wrote:
I want to use the Arch system as a Remote Desktop node. The Arch system would use a login manager (such as lightdm) to authenticate users from Windows Domain. Once the user has been authenticated, the system is supposed to automatically open a RDP connection (using freerdp) to the Windows Server (if possible, using the credentials provided to lightdm so the user doesn't have to enter his password twice). As soon as the user quits the RDP session, his X-session should also be closed automatically.
I am totally confused as to what and why you are wanting to put your Arch server between the employees and the RDP session to the windows server?? Where is the code they produce stored? Windows? Arch Server?
Mike didn't mention an Arch server. He has a Windows server and ten PCs. He wants each PC to be a dumb RDP terminal to the server. He is considering running `the Arch system' on each dumb PC to provide the RDP-terminal functionality, e.g. an X server and RDP client. -- Cheers, Ralph. https://plus.google.com/+RalphCorderoy
On 07/30/2018 12:32 PM, Ralph Corderoy wrote:
Hi David,
Foxtrot Mike wrote:
I want to use the Arch system as a Remote Desktop node. The Arch system would use a login manager (such as lightdm) to authenticate users from Windows Domain. Once the user has been authenticated, the system is supposed to automatically open a RDP connection (using freerdp) to the Windows Server (if possible, using the credentials provided to lightdm so the user doesn't have to enter his password twice). As soon as the user quits the RDP session, his X-session should also be closed automatically. I am totally confused as to what and why you are wanting to put your Arch server between the employees and the RDP session to the windows server?? Where is the code they produce stored? Windows? Arch Server? Mike didn't mention an Arch server. He has a Windows server and ten PCs. He wants each PC to be a dumb RDP terminal to the server. He is considering running `the Arch system' on each dumb PC to provide the RDP-terminal functionality, e.g. an X server and RDP client.
Thanks for summarizing it so elegantly.
On 07/30/2018 02:32 AM, Ralph Corderoy wrote:
I am totally confused as to what and why you are wanting to put your Arch server between the employees and the RDP session to the windows server?? Where is the code they produce stored? Windows? Arch Server? Mike didn't mention an Arch server. He has a Windows server and ten PCs. He wants each PC to be a dumb RDP terminal to the server. He is considering running `the Arch system' on each dumb PC to provide the RDP-terminal functionality, e.g. an X server and RDP client.
Ralph, Oh, oh, that makes sense. Yes, just load arch, load whatever lightweight desktop you like. I like both i3 and fluxbox, but prefer fluxbox. A lightdm type DM is fine. With fluxbox, I would just configure the autologin to the windows RDP session via the ~/.fluxbox/startup file. I don't use AD/kerbose, etc.., but I see no reason you couldn't do something similar. As long as you can invoke the RDP session from the command line -- you can put it in a startup file. I've always just used the rdesktop package from the community repository. Always worked fine. FM Good luck on the project and sorry for the confusion. -- David C. Rankin, J.D.,P.E.
participants (5)
-
Chris Warrick
-
cyelae
-
David C. Rankin
-
Foxtrot Mike
-
Ralph Corderoy