X2go

From Newroco Tech Docs
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Installation

Install software-properties-common 

apt-get install software-properties-common

Add x2go repository and install it 

add-apt-repository ppa:x2go/stable
apt-get update
apt-get install x2goserver x2goserver-xsession

Install a desktop environment 

apt-get install xfce4 xfce4-goodies

Install firefox 

apt-get install firefox

LDAP Auth

First of all set ssh so it allows auth by key from local IPs and auth by password for the others. Modify these values in /etc/ssh/sshd_config: 

PubkeyAuthentication no
PasswordAuthentication yes

And add these lines at the end of file, modifying the IP for your needs: 

Match address 192.168.*
    PasswordAuthentication no
    PubkeyAuthentication yes

Restart ssh service 

service ssh restart

On a DC create a simple user and set it to not expire 

samba-tool user add <user.name>
samba-tool user setexpiry <user.name> --noexpiry

Back on the X2go server, install libpam-ldapd 

apt-get install libpam-ldapd

During the install process specify:

  • LDAP server: ldaps://server-ip:636
  • base search: dc=<domain>,dc=local
  • LDAP auth: simple
  • LDAP user: cn=<user.create.above>,cn=users,dc=<domain>,dc=local
  • LDAP user password: the password for the above user
  • Check server's SSL certificate: allow
  • Certificate authority certificate: you can leave this as it is

Add/modify these lines in /etc/nslcd.conf 

ssl on

pagesize        1000
referrals       off
nss_nested_groups yes

filter passwd (objectClass=user)
filter group  (objectClass=group)
filter shadow (objectClass=user)

map     passwd  uid                sAMAccountName
map     passwd  homeDirectory      unixHomeDirectory
map     passwd  gecos              displayName
map     passwd  gidNumber          primaryGroupID
map     shadow  uid                sAMAccountName

Modify these lines in /etc/nsswitch.conf 

passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

If you want Ubuntu to create a home dir for the LDAP users on the first login add this line to /etc/pam.d/common-session 

session required        pam_mkhomedir.so umask=0022 skel=/etc/skel

Restart nscd and nslcd services 

service nscd restart && service nslcd restart

Make a directory for the LDAP users 

mkdir /home/ldap-users

Add attributes to the LDAP users

The LDAP users that want to connect with x2go need uidNumber and unixhomedirectory to be set. On the DC enter command 

wbinfo -i <user.name>

And the 3rd value, something like 3000011, will be the value for uidNumber. Create a file entrymods.ldif and and put this inside 

dn: cn=<user.name>,cn=Users,dc=<domain>,dc=local
changetype: modify
add: uidnumber
uidnumber: <value-specified-above>
-
add: unixhomedirectory
unixhomedirectory: /home/ldap-users/<user.name>
-

Set the attributes 

ldapmodify -x -D "cn=<user-that-will-make-the-change>,cn=Users,dc=<domain>,dc=local" -W -H ldaps://localhost:636 -f entrymods.ldif

Debug mode

If you are having problems with the authentication you can enter debug mode like this 

service nscd stop && service nslcd stop
nslcd -d

List active sessions

If you need a list of all available X2Go sessions on the server, run the fallowing command: 

sudo x2golistsessions_root
Retrieved from "http://docswiki.newro.co/index.php?title=X2go&oldid=2738"