Re: [arch-general] Arch Linux PC as a Remote Desktop Node
Em julho 27, 2018 14:07 Foxtrot Mike via arch-general escreveu:
Here are the major tasks:
1- Ask LightDM to use Windows Domain (Kerberos) authentication. I am a little confused. There are supposedly many different ways with little changes to do this. [1] is one solution. LDAP is also a possibility. I need advice from someone who knows this field better than me :p
2- How to ask i3-wm (my default wm) to run freerdp at login? I guess [2] will get this done.
3- How to ask freerdp to authenticate using the ticket received from TGT during LightDM Domain authentication? If I could somehow configure freerdp to use Kerberos Tickets then the user won't have to enter his Domain password again.
4- How to ask i3-wm to close the X-session when freeRDP quits? I read something a while ago about .xsession files to achieve this functionality, but can't find it now.
Hi Mike, You have some options here. I suggest you look into x2go and ltsp for starters. I don't suggest you use plain X over the network. With those 2 options you can have this kiosk mode you want, for the users to only be able to access windows. Regards, Giancarlo Razzolini
On 07/27/2018 10:16 PM, Giancarlo Razzolini wrote:
Em julho 27, 2018 14:07 Foxtrot Mike via arch-general escreveu:
Here are the major tasks:
1- Ask LightDM to use Windows Domain (Kerberos) authentication. I am a little confused. There are supposedly many different ways with little changes to do this. [1] is one solution. LDAP is also a possibility. I need advice from someone who knows this field better than me :p
2- How to ask i3-wm (my default wm) to run freerdp at login? I guess [2] will get this done.
3- How to ask freerdp to authenticate using the ticket received from TGT during LightDM Domain authentication? If I could somehow configure freerdp to use Kerberos Tickets then the user won't have to enter his Domain password again.
4- How to ask i3-wm to close the X-session when freeRDP quits? I read something a while ago about .xsession files to achieve this functionality, but can't find it now.
Hi Mike,
You have some options here. I suggest you look into x2go and ltsp for starters. I don't suggest you use plain X over the network.
With those 2 options you can have this kiosk mode you want, for the users to only be able to access windows.
Regards, Giancarlo Razzolini
Thanks for the reply. The issue with x2go and ltsp is that I'll have to separately manage username and passwords for local Linux login. The solution that I'd rather prefer would use Active directory authentication so the current system administrator won't have to do anything extra. The group policies are already there. Once the Arch system is properly configured, I'd disable local logins so there will be very limited chance for a user to corrupt/modify Arch system. And ideally, the user would have no way to interact with the local system. Thats why I want to limit the user to freeRDP. Anything else, and the X-session expires. Plus, I am very much into embedded linux systems (routers, SBCs, etc). I think putting the various pieces together would be give me a lot more to learn as compared to using a third party specialized software such as a kiosk script. Regards.
On 2018-07-27 19:46, Foxtrot Mike via arch-general wrote:
The issue with x2go and ltsp is that I'll have to separately manage username and passwords for local Linux login. The solution that I'd rather prefer would use Active directory authentication so the current system administrator won't have to do anything extra. The group policies are already there. Once the Arch system is properly configured, I'd disable local logins so there will be very limited chance for a user to corrupt/modify Arch system. And ideally, the user would have no way to interact with the local system. Thats why I want to limit the user to freeRDP. Anything else, and the X-session expires.
I'm not up to speed on the windows world, but could PAM LDAP authentication perhaps be of help here? Regards,
Am 27.07.2018 um 19:46 schrieb Foxtrot Mike via arch-general:
On 07/27/2018 10:16 PM, Giancarlo Razzolini wrote:
Em julho 27, 2018 14:07 Foxtrot Mike via arch-general escreveu:
Here are the major tasks:
1- Ask LightDM to use Windows Domain (Kerberos) authentication. I am a little confused. There are supposedly many different ways with little changes to do this. [1] is one solution. LDAP is also a possibility. I need advice from someone who knows this field better than me :p
2- How to ask i3-wm (my default wm) to run freerdp at login? I guess [2] will get this done.
3- How to ask freerdp to authenticate using the ticket received from TGT during LightDM Domain authentication? If I could somehow configure freerdp to use Kerberos Tickets then the user won't have to enter his Domain password again.
4- How to ask i3-wm to close the X-session when freeRDP quits? I read something a while ago about .xsession files to achieve this functionality, but can't find it now.
Hi Mike,
You have some options here. I suggest you look into x2go and ltsp for starters. I don't suggest you use plain X over the network.
With those 2 options you can have this kiosk mode you want, for the users to only be able to access windows.
Regards, Giancarlo Razzolini Thanks for the reply.
The issue with x2go and ltsp is that I'll have to separately manage username and passwords for local Linux login. The solution that I'd rather prefer would use Active directory authentication so the current system administrator won't have to do anything extra. The group policies are already there. Once the Arch system is properly configured, I'd disable local logins so there will be very limited chance for a user to corrupt/modify Arch system. And ideally, the user would have no way to interact with the local system. Thats why I want to limit the user to freeRDP. Anything else, and the X-session expires.
Plus, I am very much into embedded linux systems (routers, SBCs, etc). I think putting the various pieces together would be give me a lot more to learn as compared to using a third party specialized software such as a kiosk script.
Regards.
The Arctica Project seems to be in the process of implementing exactly what you want. https://arctica-project.org/ https://github.com/ArcticaProject/remote-logon-service Regards, Andy
Em julho 27, 2018 16:24 ProgAndy escreveu:
The Arctica Project seems to be in the process of implementing exactly what you want.
It looks they are using Nomachine's nx libraries, the same x2go uses. And, the fact the transport is over SSH, makes it look a lot like x2go. But, it seems to me that the project is very much on the beginning, I wouldn't use it also for production. Regards, Giancarlo Razzolini
participants (4)
-
Bardur Arantsson
-
Foxtrot Mike
-
Giancarlo Razzolini
-
ProgAndy