Copyright (C) 2008-2021 Oliver Bohlen.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
A copy of the license is included in the section entitled "GNU Free Documentation License".
This documentation comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
This is a Howto which describes how you can extend your Thinclient to a Thinclient-Server.
For easier administrative handling I decided to use LDAP for Services like DHCP and DNS.
After emerging the packages copy the default configurations to the Server Profile:
cp /etc/openldap/slapd.conf /etc/thinclient/server-profile/etc/openldap/slapd.conf
cp /usr/share/webapps/phpldapadmin/*/htdocs/config/config.php /etc/thinclient/server-profile/etc/phpldapadmin.conf
cp /etc/conf.d/nfs /etc/thinclient/server-profile/etc/conf.d/nfs
cp /etc/conf.d/in.tftpd /etc/thinclient/server-profile/etc/conf.d/in.tftpd
cp /etc/conf.d/apache2 /etc/thinclient/server-profile/etc/conf.d/apache2
cp /etc/bind/named.conf /etc/thinclient/server-profile/etc/bind/named.conf
If you want to use this solution you need the following howto(s) finished:
chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge net-fs/nfs-utils' chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge sys-boot/syslinux' chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge net-ftp/tftp-hpa' chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge net-misc/dhcp' chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge net-dns/bind' chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge net-dns/bind-tools' chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge net-nds/openldap' chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge net-fs/samba' chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge net-nds/phpldapadmin' chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge www-servers/apache'
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
The Webserver configuration fpr the GTC-Server
# Some default settings Listen 80 Listen 443 NameVirtualHost *:80 NameVirtualHost *:443 # ServerName ServerName localhost # Directory Index DirectoryIndex index.html # Some security settings Timeout 60 # Allow a maximum of 100MB for upload. LimitRequestBody 104857600 # Mallow a maximum of 50 headersites LimitRequestFields 50 # Sets maximum length of the from client sent HTTP-Request-Headers LimitRequestFieldsize 4094 # Maximum leght of HTTP request line LimitRequestLine 8190 # Allow a maximum of 100MB for upload. per webdav LimitXMLRequestBody 104857600 # VHost logging CustomLog /var/log/apache2/access_log vhost # Load LDAP Auth modules LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so Loadmodule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so <Directory /> Order Deny,Allow Deny from all Options None AllowOverride None </Directory> <Directory /var/www> Order Allow,Deny Allow from all Options None AllowOverride None </Directory> ServerSignature Off TraceEnable off # The default vHost <VirtualHost *:80> ServerName default ServerAdmin gtc DocumentRoot /var/www/default/htdocs </VirtualHost> <VirtualHost *:443> ServerName default ServerAdmin gtc DocumentRoot /var/www/default/htdocs SSLEngine on SSLCertificateFile /etc/ssl/apache2/server.crt SSLCertificateKeyFile /etc/ssl/apache2/server.key </VirtualHost>
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Listen on localhost and the LAN and forward requests if they are not known by this DNS (for internet name resolution).
listen-on { 127.0.0.1; };
After change
// Listen
listen-on { 127.0.0.1/8;
0.0.0.0/0;
};
// The way to the Internet
allow-recursion { 127.0.0.1/8;
0.0.0.0/0;
};
// Local zones
allow-query { 127.0.0.1/8;
0.0.0.0/0;
};
allow-notify { none; };
allow-transfer { none; };
Zone definitions for some domains
# This is an entry for an LDAP Zone. Use this only if you want to use Bind with LDAP
zone "gtc" IN {
type master;
database "ldap ldap://127.0.0.1/cn=Computers,dc=gtc 172800";
allow-update { none; };
};
zone "in-addr.arpa" {
type master;
database "ldap ldap://127.0.0.1/cn=Computers,dc=gtc 172800";
allow-update { none; };
};
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Apache startoptions for enabling PHP5 and SSL
APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D LANGUAGE -D SSL -D SSL_DEFAULT_VHOST -D PHP5"After change
APACHE2_OPTS="-D SSL -D PHP5"
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
This are the DHCP settings for connecting to the LDAP Server.
ldap-server "127.0.0.1"; ldap-port 389; ldap-username ""; ldap-password ""; ldap-base-dn "ou=DHCP-Servers,dc=gtc"; ldap-dhcp-server-cn "gtc-server"; ldap-method dynamic; ldap-debug-file "/tmp/dhcp-ldap-startup-config";
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Basedn for phpldapadmin
// $servers->setValue('server','base',array(''));
After change
$servers->setValue('server','base',array('dc=gtc'));
Login for phpldapadmin
# $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com');
After change
$servers->setValue('login','bind_id','cn=Manager,dc=gtc');
File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x
Click here for a download of the complete file: /gtc/test/etc/thinclient/server-profile/start.sh
Changed on 23.04.10Create data and start the Services
#!/bin/bash
# Get network informations
IP=`cat /proc/cmdline | perl -pe 's/^.+ip=//; s/ .+$//'`
SRV_IP=`echo $IP | cut -d: -f1`
SRV_GATEWAY=`echo $IP | cut -d: -f3`
SRV_SUBNET=`echo $IP | cut -d: -f4`
SRV_NETWORK=`ipcalc $SRV_IP/$SRV_SUBNET -b -n | grep Network | perl -pe 's/ +/ /g' | cut -d" " -f2 | cut -d"/" -f1`
SRV_BROADCAST=`ipcalc $SRV_IP/$SRV_SUBNET -b -n | grep Broadcast | perl -pe 's/ +/ /g' | cut -d" " -f2`
# Setup pxelinux-Bootloader-Files
mkdir -p /srv/pxe/pxelinux.cfg
cp /usr/share/syslinux/pxelinux.0 /srv/pxe/
cp /usr/share/syslinux/menu.c32 /srv/pxe/
cp /boot/kernel-genkernel-x86-`uname -r` /srv/pxe/
cp /boot/initramfs-genkernel-x86-`uname -r` /srv/pxe/
# LDAP
if [ -d "/srv/ldap" ]
then
rm -r /var/lib/openldap-data
ln -sf /srv/ldap /var/lib/openldap-data
/etc/init.d/slapd start
else
echo "Creating initial LDAP Database"
SRV_REVIP=`echo "$SRV_IP" | awk 'BEGIN{FS=".";ORS="."} {for (i = NF; i > 0; i--){print $i}}' | sed 's/\.$//'`
echo "
# Create LDAP DB and start it
# The basic structure
dn: dc=gtc
dc: gtc
objectClass: top
objectClass: domain
# The DHCP Object with some default settings. filename and next-server are only needed if you want to boot with PXE.
# The entriees for your DHCP-Server(s)
dn: ou=DHCP-Servers,dc=gtc
objectClass: organizationalUnit
objectClass: top
ou: DHCP-Servers
dn: cn=gtc-server,ou=DHCP-Servers,dc=gtc
objectClass: top
objectClass: dhcpServer
cn: gtc-server
dhcpServiceDN: cn=Computers,dc=gtc
dhcpStatements: next-server $SRV_IP
dhcpOption: routers $SRV_GATEWAY
dhcpOption: domain-name-servers $SRV_IP
dhcpOption: ntp-servers $SRV_IP
# The global settings for all your DHCP-Server(s)
dn: cn=Computers,dc=gtc
cn: Computers
dhcpOption: subnet-mask $SRV_SUBNET
dhcpOption: broadcast-address $SRV_BROADCAST
dhcpOption: domain-name \"gtc\"
dhcpStatements: ddns-update-style none
dhcpStatements: get-lease-hostnames true
dhcpStatements: use-host-decl-names true
dhcpStatements: filename \"/pxelinux.0\"
dhcpStatements: default-lease-time 7200
dhcpStatements: max-lease-time 14400
objectClass: dhcpService
objectClass: top
dhcpSecondaryDN: cn=gtc-server,ou=DHCP-Servers,dc=gtc
# The DHCP-Subnet entry:
dn: cn=$SRV_NETWORK,cn=Computers,dc=gtc
objectClass: top
objectClass: dhcpSubnet
objectClass: dhcpOptions
dhcpNetMask: 24
#dhcpRange: XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
cn: $SRV_NETWORK
# The GTC/DHCP-Server
dn: pTRRecord=gtc-server.gtc.,cn=Computers,dc=gtc
aRecord: $SRV_IP
pTRRecord: gtc-server.gtc.
zoneName: gtc
zoneName: in-addr.arpa
objectClass: dNSZone
objectClass: top
sOARecord: gtc hostmaster 2010033001 8H 4H 4W 3H
nSRecord: localhost.
relativeDomainName: $SRV_REVIP
relativeDomainName: @
# Gouups
dn: ou=Group,dc=gtc
objectclass: top
objectclass: organizationalUnit
ou: Group
# Admin group
dn: cn=admins,ou=Group,dc=gtc
cn: admins
gidnumber: 12345
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=Ad min,ou=Users,ou=People,dc=gtc
# System groups
dn: cn=audio,ou=Group,dc=gtc
cn: audio
gidnumber: 18
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=users,ou=Group,dc=gtc
dn: cn=cdrom,ou=Group,dc=gtc
cn: cdrom
gidnumber: 19
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=users,ou=Group,dc=gtc
dn: cn=cdrw,ou=Group,dc=gtc
cn: cdrw
gidnumber: 80
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=users,ou=Group,dc=gtc
dn: cn=disk,ou=Group,dc=gtc
cn: disk
gidnumber: 6
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=users,ou=Group,dc=gtc
dn: cn=games,ou=Group,dc=gtc
cn: games
gidnumber: 35
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=users,ou=Group,dc=gtc
dn: cn=root,ou=Group,dc=gtc
cn: root
gidnumber: 0
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=admins,ou=Group,dc=gtc
dn: cn=usb,ou=Group,dc=gtc
cn: usb
gidnumber: 85
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=users,ou=Group,dc=gtc
dn: cn=vboxusers,ou=Group,dc=gtc
cn: vboxusers
gidnumber: 1008
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=users,ou=Group,dc=gtc
dn: cn=video,ou=Group,dc=gtc
cn: video
gidnumber: 27
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=users,ou=Group,dc=gtc
dn: cn=wheel,ou=Group,dc=gtc
cn: wheel
gidnumber: 10
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=admins,ou=Group,dc=gtc
# Users group
dn: cn=users,ou=Group,dc=gtc
cn: users
gidnumber: 100
objectclass: gaboshGroup
objectclass: posixGroup
objectclass: top
uniquemember: cn=Ad min,ou=Users,ou=People,dc=gtc
uniquemember: cn=Te St,ou=Users,ou=People,dc=gtc
# Users section:
dn: ou=People,dc=gtc
objectclass: top
objectclass: organizationalUnit
ou: People
dn: ou=SystemUsers,ou=People,dc=gtc
objectclass: organizationalUnit
objectclass: top
ou: SystemUsers
dn: ou=Users,ou=People,dc=gtc
objectclass: organizationalUnit
objectclass: top
ou: Users
# Admin User
dn: cn=Ad Min,ou=Users,ou=People,dc=gtc
cn: Ad Min
gidnumber: 100
givenname: Ad
homedirectory: /home/admin
loginshell: /bin/bash
objectclass: inetOrgPerson
objectclass: sambaSamAccount
objectclass: posixAccount
objectclass: top
sambaacctflags: [U ]
sambalmpassword: 69B3E05FE457CAAAAAD3B435B51404EE
sambantpassword: 8F6D7AB8FE0B9B159A50FE4F1174AFAF
sambapasswordhistory: 000000000000000000000000000000000000000000000000000000
0000000000
sambaprimarygroupsid: S-1-5-21-130334517-3066763751-205333941-3002-
sambapwdlastset: 1243432646
sambasid: S-1-5-21-130334517-3066763751-205333941-3004
sn: Min
uid: admin
uidnumber: 1000
userpassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXX
# Test User
dn: cn=Te St,ou=Users,ou=People,dc=gtc
cn: Te St
gidnumber: 100
givenname: Te
homedirectory: /home/test
loginshell: /bin/false
objectclass: inetOrgPerson
objectclass: sambaSamAccount
objectclass: posixAccount
objectclass: top
sambaacctflags: [U ]
sambalmpassword: 69B3E05FE457CAAAAAD3B435B51404EE
sambantpassword: 8F6D7AB8FE0B9B159A50FE4F1174AFAF
sambapasswordhistory: 000000000000000000000000000000000000000000000000000000
0000000000
sambaprimarygroupsid: S-1-5-21-130334517-3066763751-205333941-3002-
sambapwdlastset: 1243432646
sambasid: S-1-5-21-130334517-3066763751-205333941-3005
sn: St
uid: test
uidnumber: 1001
userpassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXX
# Sambadomain
dn: sambaDomainName=GTCSERVER,dc=gtc
objectclass: sambaDomain
sambaalgorithmicridbase: 1000
sambadomainname: GTC
sambaforcelogoff: -1
sambalockoutduration: 30
sambalockoutobservationwindow: 30
sambalockoutthreshold: 0
sambalogontochgpwd: 0
sambamaxpwdage: -1
sambaminpwdage: 0
sambaminpwdlength: 5
sambanextuserrid: 1000
sambapwdhistorylength: 0
sambarefusemachinepwdchange: 0
sambasid: S-1-5-21-130334517-3066763751-205333941
" > /tmp/ldapinit.ldif
mv /var/lib/openldap-data /srv/ldap
ln -sf /srv/ldap /var/lib/openldap-data
mv /srv/ldap/DB_CONFIG.example /srv/ldap/DB_CONFIG
/etc/init.d/slapd start
/etc/init.d/slapd stop
slapadd < /tmp/ldapinit.ldif
chown -R ldap:ldap /srv/ldap
/etc/init.d/slapd start
fi
cp /etc/nsswitch.conf /tmp/nsswitch.conf.tcorig
cat /tmp/nsswitch.conf.tcorig | \
sed 's/^passwd:.*/passwd: ldap compat/' | \
sed 's/^shadow:.*/shadow: ldap compat/' | \
sed 's/^group:.*/group: ldap compat/' > /etc/nsswitch.conf
/etc/init.d/nscd restart
# Copy up-to-date default configs
if [ -d "/srv/config" ]
then
rsync -a --exclude=thinclient.conf.local --exclude=profiles --exclude=global-profile --delete /etc/thinclient/ /srv/config/
else
mkdir -p /srv/config
rsync -a /etc/thinclient/ /srv/config/
fi
# Prepare Server gtcroot
mkdir -p /opt/gtcroot
mount -B /_gtcroot /opt/gtcroot
mount -B /srv/config /opt/gtcroot/etc/thinclient
mkdir -p /opt/gtcroot/etc/thinclient/profiles
mkdir -p /srv/profiles
mount -B /srv/profiles /opt/gtcroot/etc/thinclient/profiles
mkdir -p /srv/global-profile
mount -B /srv/profiles /opt/gtcroot/etc/thinclient/global-profile
# Configure phpldapadmin
mkdir -p /var/www/default/htdocs/phpldapadmin
rsync -a --delete /usr/share/webapps/phpldapadmin/*/htdocs/ /var/www/default/htdocs/phpldapadmin
cp /etc/phpldapadmin.conf /var/www/default/htdocs/phpldapadmin/config/config.php
chown -R apache:apache /var/www/default/htdocs
# DNS
echo "nameserver 127.0.0.1
search gtc" >/etc/resolv.conf
chmod 644 /etc/resolv.conf
# Start the other Services
/etc/init.d/named start
/etc/init.d/dhcpd start
killall -9 portmap 2>/dev/null
umount -lf /var/lib/nfs/rpc_pipefs 2>/dev/null
sleep 5
/etc/init.d/portmap start
/etc/init.d/rpc.statd start
/etc/init.d/nfs start
/etc/init.d/atftp start
/etc/init.d/apache2 start
mkdir -p /srv/log /srv/share/home/test /srv/share/home/admin
chown test:users /srv/share/home/test
chown admin:admins /srv/share/home/admin
chmod 750 /srv/share/home/test
chmod 750 /srv/share/home/admin
mount -B /srv/share/home /home
/etc/init.d/samba start
# Write the Bootmanager-Config
mkdir -p /srv/pxe/pxelinux.cfg
echo "
default menu.c32
prompt 0
menu title GTC Boot Menu
NOESCAPE 1
ALLOWOPTIONS 0
MENU AUTOBOOT Starting Gentoo Stable Thinclient in # seconds
label gtc
menu default
menu label ^GTC
timeout 100
kernel /kernel-genkernel-x86-`uname -r`
append initrd=/initramfs-genkernel-x86-`uname -r` root=/dev/nfs nfsroot=$SRV_IP:/opt/gtcroot ramdisk_size=256000 acpi_sleep=s3_bios real_root=/dev/nfs
ipappend 3
label bootlocal
menu label ^Boot from local Disk
localboot 0
" > /srv/pxe/pxelinux.cfg/default
Please send a feedback to: doc<at>gabosh.net
Howto listingHere you can find the official Gentoo Linux Forums where you can find a lot of answers.
Here a link to the official Gentoo Linux Homepage.