X2go

From Newroco tech docs
Jump to: navigation, search

Installation

Install software-properties-common

  1. apt-get install software-properties-common

Add x2go repository and install it

  1. add-apt-repository ppa:x2go/stable
  2. apt-get update
  3. apt-get install x2goserver x2goserver-xsession

Install a desktop environment

  1. apt-get install xfce4 xfce4-goodies

Install firefox

  1. apt-get install firefox

LDAP Auth

First of all set ssh so it allows auth by key from local IPs and auth by password for the others. Modify these values in /etc/ssh/sshd_config:

  1. PubkeyAuthentication no
  2. PasswordAuthentication yes

And add these lines at the end of file, modifying the IP for your needs:

  1. Match address 192.168.*
  2. PasswordAuthentication no
  3. PubkeyAuthentication yes

Restart ssh service

  1. service ssh restart

On a DC create a simple user and set it to not expire

  1. samba-tool user add <user.name>
  2. samba-tool user setexpiry <user.name> --noexpiry

Back on the X2go server, install libpam-ldapd

  1. apt-get install libpam-ldapd

During the install process specify:

  • LDAP server: ldaps://server-ip:636
  • base search: dc=<domain>,dc=local
  • LDAP auth: simple
  • LDAP user: cn=<user.create.above>,cn=users,dc=<domain>,dc=local
  • LDAP user password: the password for the above user
  • Check server's SSL certificate: allow
  • Certificate authority certificate: you can leave this as it is

Add/modify these lines in /etc/nslcd.conf

  1. ssl on
  2.  
  3. pagesize 1000
  4. referrals off
  5. nss_nested_groups yes
  6.  
  7. filter passwd (objectClass=user)
  8. filter group (objectClass=group)
  9. filter shadow (objectClass=user)
  10.  
  11. map passwd uid sAMAccountName
  12. map passwd homeDirectory unixHomeDirectory
  13. map passwd gecos displayName
  14. map passwd gidNumber primaryGroupID
  15. map shadow uid sAMAccountName

Modify these lines in /etc/nsswitch.conf

  1. passwd: compat ldap
  2. group: compat ldap
  3. shadow: compat ldap

If you want Ubuntu to create a home dir for the LDAP users on the first login add this line to /etc/pam.d/common-session

  1. session required pam_mkhomedir.so umask=0022 skel=/etc/skel

Restart nscd and nslcd services

  1. service nscd restart && service nslcd restart

Make a directory for the LDAP users

  1. mkdir /home/ldap-users

Add attributes to the LDAP users

The LDAP users that want to connect with x2go need uidNumber and unixhomedirectory to be set. On the DC enter command

  1. wbinfo -i <user.name>

And the 3rd value, something like 3000011, will be the value for uidNumber. Create a file entrymods.ldif and and put this inside

  1. dn: cn=<user.name>,cn=Users,dc=<domain>,dc=local
  2. changetype: modify
  3. add: uidnumber
  4. uidnumber: <value-specified-above>
  5. -
  6. add: unixhomedirectory
  7. unixhomedirectory: /home/ldap-users/<user.name>
  8. -

Set the attributes

  1. ldapmodify -x -D "cn=<user-that-will-make-the-change>,cn=Users,dc=<domain>,dc=local" -W -H ldaps://localhost:636 -f entrymods.ldif

Debug mode

If you are having problems with the authentication you can enter debug mode like this

  1. service nscd stop && service nslcd stop
  2. nslcd -d