X2go

From Newroco Tech Docs
Jump to navigationJump to search

Installation

Install software-properties-common

apt-get install software-properties-common

Add x2go repository and install it

add-apt-repository ppa:x2go/stable
apt-get update
apt-get install x2goserver x2goserver-xsession

Install a desktop environment

apt-get install xfce4 xfce4-goodies

Install firefox

apt-get install firefox

LDAP Auth

First of all set ssh so it allows auth by key from local IPs and auth by password for the others. Modify these values in /etc/ssh/sshd_config:

PubkeyAuthentication no
PasswordAuthentication yes

And add these lines at the end of file, modifying the IP for your needs:

Match address 192.168.*
    PasswordAuthentication no
    PubkeyAuthentication yes

Restart ssh service

service ssh restart

On a DC create a simple user and set it to not expire

samba-tool user add <user.name>
samba-tool user setexpiry <user.name> --noexpiry

Back on the X2go server, install libpam-ldapd

apt-get install libpam-ldapd

During the install process specify:

  • LDAP server: ldaps://server-ip:636
  • base search: dc=<domain>,dc=local
  • LDAP auth: simple
  • LDAP user: cn=<user.create.above>,cn=users,dc=<domain>,dc=local
  • LDAP user password: the password for the above user
  • Check server's SSL certificate: allow
  • Certificate authority certificate: you can leave this as it is

Add/modify these lines in /etc/nslcd.conf

ssl on

pagesize        1000
referrals       off
nss_nested_groups yes

filter passwd (objectClass=user)
filter group  (objectClass=group)
filter shadow (objectClass=user)

map     passwd  uid                sAMAccountName
map     passwd  homeDirectory      unixHomeDirectory
map     passwd  gecos              displayName
map     passwd  gidNumber          primaryGroupID
map     shadow  uid                sAMAccountName

Modify these lines in /etc/nsswitch.conf

passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

If you want Ubuntu to create a home dir for the LDAP users on the first login add this line to /etc/pam.d/common-session

session required        pam_mkhomedir.so umask=0022 skel=/etc/skel

Restart nscd and nslcd services

service nscd restart && service nslcd restart

Make a directory for the LDAP users

mkdir /home/ldap-users

Add attributes to the LDAP users

The LDAP users that want to connect with x2go need uidNumber and unixhomedirectory to be set. On the DC enter command

wbinfo -i <user.name>

And the 3rd value, something like 3000011, will be the value for uidNumber. Create a file entrymods.ldif and and put this inside

dn: cn=<user.name>,cn=Users,dc=<domain>,dc=local
changetype: modify
add: uidnumber
uidnumber: <value-specified-above>
-
add: unixhomedirectory
unixhomedirectory: /home/ldap-users/<user.name>
-

Set the attributes

ldapmodify -x -D "cn=<user-that-will-make-the-change>,cn=Users,dc=<domain>,dc=local" -W -H ldaps://localhost:636 -f entrymods.ldif

Debug mode

If you are having problems with the authentication you can enter debug mode like this

service nscd stop && service nslcd stop
nslcd -d

List active sessions

If you need a list of all available X2Go sessions on the server, run the fallowing command:

sudo x2golistsessions_root