Table of Contents for
Linux in a Windows World

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Linux in a Windows World by Roderick W Smith Published by O'Reilly Media, Inc., 2005
  1. Cover
  2. Linux in a Windows World
  3. Dedication
  4. Preface
  5. Contents of This Book
  6. Conventions Used in This Book
  7. Using Code Examples
  8. Comments and Questions
  9. Safari Enabled
  10. Acknowledgments
  11. I. Linux’s Place in a Windows Network
  12. 1. Linux’s Features
  13. Linux as a Server
  14. Linux on the Desktop
  15. Comparing Linux and Windows Features
  16. Summary
  17. 2. Linux Deployment Strategies
  18. Linux Desktop Migration
  19. Linux and Thin Clients
  20. Summary
  21. II. Sharing Files and Printers
  22. 3. Basic Samba Configuration
  23. The Samba Configuration File Format
  24. Identifying the Server
  25. Setting Master Browser Options
  26. Setting Password Options
  27. Summary
  28. 4. File and Printer Shares
  29. Printing with CUPS
  30. Creating a Printer Share
  31. Delivering Printer Drivers to Windows Clients
  32. Example Shares
  33. Summary
  34. 5. Managing a NetBIOS Network with Samba
  35. Enabling NBNS Functions
  36. Assuming Master Browser Duties
  37. Summary
  38. 6. Linux as an SMB/CIFS Client
  39. Accessing File Shares
  40. Printing to Printer Shares
  41. Configuring GUI Workgroup Browsers
  42. Summary
  43. III. Centralized Authentication Tools
  44. 7. Using NT Domains for Linux Authentication
  45. Samba Winbind Configuration
  46. PAM and NSS Winbind Options
  47. Winbind in Action
  48. Summary
  49. 8. Using LDAP
  50. Configuring an OpenLDAP Server
  51. Creating a User Directory
  52. Configuring Linux to Use LDAP for Login Authentication
  53. Configuring Windows to Use LDAPfor Login Authentication
  54. Summary
  55. 9. Kerberos Configuration and Use
  56. Linux Kerberos Server Configuration
  57. Kerberos Application Server Configuration
  58. Linux Kerberos Client Configuration
  59. Windows Kerberos Tools
  60. Summary
  61. IV. Remote Login Tools
  62. 10. Remote Text-Mode Administration and Use
  63. SSH Server Configuration
  64. Telnet Server Configuration
  65. Windows Remote-Login Tools
  66. Summary
  67. 11. Running GUI Programs Remotely
  68. Using Remote X Access
  69. Encrypting X by SSH Tunneling
  70. VNC Configuration and Use
  71. Running Windows Programs from Linux
  72. Summary
  73. 12. Linux Thin Client Configurations
  74. Hardware Requirements
  75. Linux as a Server for Thin Clients
  76. Linux as a Thin Client
  77. Summary
  78. V. Additional Server Programs
  79. 13. Configuring Mail Servers
  80. Configuring Sendmail
  81. Configuring Postfix
  82. Configuring POP and IMAP Servers
  83. Scanning for Spam, Worms, and Viruses
  84. Supplementing a Microsoft Exchange Server
  85. Using Fetchmail
  86. Summary
  87. 14. Network Backups
  88. Backing Up the Linux System
  89. Backing Up with Samba
  90. Backing Up with AMANDA
  91. Summary
  92. 15. Managing a Network with Linux
  93. Delivering Names with DNS
  94. Keeping Clocks Synchronized with NTP
  95. Summary
  96. VI. Appendixes
  97. A. Configuring PAM
  98. The PAM Configuration File Format
  99. PAM Modules
  100. Sample PAM Configurations
  101. Summary
  102. B. Linux on the Desktop
  103. Configuring Applications and Environments
  104. Running Windows Programs in Linux
  105. File and Filesystem Compatibility
  106. Font Handling
  107. Summary
  108. Index
  109. Colophon

Linux as a Server for Thin Clients

Thin clients rely on servers to do any good. Most obviously, this reliance is on the login servers themselves. Chapter 11 describes two such servers, XDMCP (for use with X) and VNC. For the most part, the configurations described in that chapter work well with thin clients, although there are a few caveats. Thin clients booted from the network also rely on DHCP and TFTP, so knowing how to configure these two servers is important.

Linux Distribution Selection and Configuration

In principle, you can use any mainstream Linux distribution as a login server for thin clients. Distributions that are geared toward desktop use, such as Mandrake and Xandros, can provide lots of eye candy and be very friendly to users, but these features may generate more in the way of video (and hence network) activity than you’d like, because they might use lots of animation and demand large or color-intensive displays. Thus, you might prefer starting with a distribution that provides less fluff, such as Debian, Gentoo, or Slackware, and build it up to the point that you want and no further. This can help you control network and server load.

For the most part, you can configure a Linux login server for thin clients just as you’d configure any other desktop system. Appendix B describes some of the issues involved in such a configuration. When planning this configuration, remember that the video display involves a network access, so features such as animated icons will consume network bandwidth. Because thin clients may be running on small or low-bit-depth displays, you may also need to test your applications on such systems, and perhaps adjust their default configurations.

XDMCP and VNC Options

Fortunately, very little needs to be done to XDMCP and VNC configurations to support thin clients. The configurations described in Chapter 11 should work fine with X terminals and thin clients that support VNC.

For XDMCP, though, one feature you may want to be sure you support is indirect accesses. Some X terminal thin clients can’t present a list of available servers by themselves; they need the help of an XDMCP server that’s configured to provide this list. This can be accomplished on the XDM and KDM servers by editing the Xaccess file to include an appropriate line:

* CHOOSER BROADCAST

You can also specify a pattern of hostnames for the asterisk (*), which lets only specified computers receive the server list. In GDM, the equivalent configuration can be found in the gdm.conf file, which is usually in /etc/X11/gdm:

HonorIndirect=true

This line should appear in the [xdmcp] section of the file. In either case, you must then configure your thin client to make an indirect query of the XDMCP server that supports indirect lookups.

Of course, all this is necessary only if you want your users to be able to use more than one computer from their thin clients. If each thin client should connect to precisely one system, you can configure it to make a direct connection to the remote system and be done with it.

If you’re running VNC on the Linux system to enable remote logins via thin clients, chances are you’ll want to link VNC to an XDMCP server. This configuration enables users to type their usernames and passwords when logging in, rather than logging in via a text-mode protocol, running a VNC server, and then connecting to a specified port. Linking VNC to XDMCP is described in Chapter 11, so consult it for details.

DHCP Configuration

Thin clients are generally much simpler to configure if you use DHCP to help configure them, particularly if you want the thin client to download its OS from a TFTP server. DHCP configuration is described in more detail in Chapter 15, so if you’re not already familiar with DHCP configuration, consult that chapter.

Tip

Many thin clients actually use a protocol known as BootP for automatic configuration via a BootP server. DHCP provides a superset of BootP functionality, though, and common DHCP servers can configure BootP clients. Thus, I describe DHCP configuration using the common Linux DHCP server. This configuration should work with clients that use BootP.

In addition to the common options described in Chapter 15, you may want to add more options for the benefit of thin clients:

allow booting

This global option enables support for clients that boot remotely.

allow bootp

This global option adds support for BootP, which is necessary for some thin clients.

option x-display-manager server.name

This option delivers the name of the XDMCP server for the network. Some X terminals use this information to locate an XDMCP server, but not all do so. This option is important only if you’re using X as a remote GUI access tool.

option tftp-server-name "server.name"

You can tell thin clients where to go to find their boot files with this option, which takes the hostname of the Trivial File Transfer Protocol (TFTP) server as an option.

next-server server.name

This option normally appears within a parameter block for a group of servers. It has an effect similar to that of the tftp-server-name option, and you should normally give it the same hostname or IP address as a value.

filename "/path/to/file"

This option also typically appears in a group with other options. It specifies the filename that a server is to download from the TFTP server. For Preboot Execution Environment (PXE)-enabled PXES clients, this should often be /pxes/pxelinux.0, which is essentially a PXE boot loader. For EtherBoot clients, it should be the filename of the network bootable image you specified when you enabled this support when configuring PXES. In either case, this filename is specified relative to any chroot environment used by the TFTP server, if the TFTP server is run that way. For dedicated thin clients, consult their documentation; they may come with a floppy disk or CD-ROM with files that the TFTP server should deliver, and this parameter will do the job.

Consider Example 12-1, which shows a short but typical configuration for enabling network booting. Many of these options are described in Chapter 15, so consult it for details. This listing points to an XDMCP server and a TFTP server in the opening lines. It also creates a group with options for PXE-bootable hosts, including an additional pointer to the TFTP server and a reference to the file that’s to be delivered to the clients. (To use EtherBoot rather than PXE, change the filename to point to an appropriate .nbi file.) Two specific clients are defined in this group; you can create other groups with other options. This might be handy if your thin clients have different needs, in terms of features such as default resolutions or even the OSs they run. You can mix Linux-based PXES clients with dedicated X terminals, for instance, by creating separate groups for each set of systems and identifying individual clients by their hardware Ethernet addresses.

Example 12-1. Sample /etc/dhcpd.conf file to support booting thin clients

allow booting;
allow bootp;

# Standard configuration directives...
option domain-name "example.com";
option domain-name-servers ns1.example.com, ns2.example.com;
option routers 172.24.21.1;
#option resource-location-servers server.your.domain;
#option font-servers server.your.domain;
option x-display-manager xdmcp.example.com;
option tftp-server-name "tftp.example.com";

max-lease-time 120;
default-lease-time 120;

subnet 172.24.21.0 netmask 255.255.255.0 {
}

# Options for PXE-bootable hosts
group {
    next-server tftp.example.com;
    server-name "dhcp.example.com";
    filename "/pxes/pxelinux.0";
    get-lease-hostnames true;
    use-host-decl-names on;

    host thin1 {
        hardware ethernet 00:0C:76:96:A3:73;
        fixed-address 172.24.21.101;
    }

    host thin2 {
        hardware ethernet 00:80:C6:F9:3B:BA;
        fixed-address 172.24.21.102;
    }
}

TFTP Configuration

Configuring your DHCP server to deliver information to clients is only part of the job. To do any good, clients must be able to download Linux files from a server. The TFTP protocol was designed for this task; it’s a very simple file transfer protocol that’s useful for clients with minimal software, such as systems that haven’t yet fully booted.

Tip

Despite the similarity in names, TFTP is not closely related to FTP. Most importantly, an FTP server can’t handle requests from TFTP clients; you must install a TFTP server.

Most Linux distributions ship with a TFTP server, typically in a package called tftp. This server is usually launched through a super server such as inetd or xinetd. A typical xinetd configuration, stored in /etc/xinetd.d/tftp, looks like this:

service tftp
{
  socket_type  = dgram
  protocol     = udp
  wait         = yes
  user         = root
  server       = /usr/sbin/in.tftpd
  server_args  = -s /tftpboot
  disable      = no
}

This configuration is fairly typical of xinetd-launched servers that use UDP. If your distribution uses xinetd, chances are it ships with such a configuration file, but it may be disabled by default; you must change disable = yes to disable = no.

This example also passes an argument to the TFTP server: -s /tftpboot. This option tells the TFTP server to use the chroot( ) system call, which “locks” the running program in the specified directory, making the server treat that directory as if it were the root directory for the system. This is a useful security feature, and it has implications for file access and naming; all files served by the TFTP server must reside in the specified directory tree, and references to files omit the name of the chroot directory. For instance, the file /tftpboot/pxes/pxelinux.0 is referred to as /pxes/pxelinux.0 in client configurations. Because boot clients receive their filenames from a DHCP server, this means you must use these truncated filenames in DHCP server configurations.

Tip

In theory, you should be able to install and run the TFTP server on any computer on your network. Unfortunately, some thin clients seem to assume that the DHCP and TFTP servers are one and the same. Thus, if you have problems getting some thin clients to boot, you may want to consolidate both functions on a single computer.