Skolelinux installation with workstations instead of thin clients. Hardware equipped with intel celeron 1007u (2×1.5 ghz) gives better performance if used as workstation and not as thin client. Below are some notes describing this setup.
Because these workstations replace a thin client setup, the workstations are placed in 192.168.x.0 subnets (x=0, 1, 2) and ip forwarding is enabled on tjener (/etc/sysctl.conf); tjener is installed without ltspserver packets. On the gateway (10.0.0.1) a static route has to be set (route add -net 192.168.0.0 netmask 255.255.252.0 gw 10.0.2.2; e.g. for ipfire in /etc/sysconfig/rc.local). On tjener every 192.168.x.0 network needs its own statically configured NIC (/etc/network/interfaces). And the dhcp server has to listen on all interfaces (/etc/default/isc-dhcp-server).
To add subnet02.intern ldap has to be edited with phpldapadmin:
systems / servers / tjener: zoneName=subnet0x.intern (x=0, 1, 2); inside this ldap entry there are further zoneName entries which have to be edited as well.
(bug: default config uses a trailing dot here which should be removed to make equal to zoneName intern;
with trailing dot the nis netgroup triple with fqdn name gets a trailing dot when added by GOsa
and command innetgr -f myhost.subnet00.intern fails. )
and
systems / servers / tjener / dhcp: cn=subnet0x.intern (x=0, 1, 2)
/etc/bind/named.conf.ldap2zone:
replace existing zone “subnet00.intern.” by “subnet00.intern” (without trailing dot, same for zone file name)
add subnet01.intern and subnet02.intern
/usr/sbin/ldap2bind (runs automatically every hour)
/etc/init.d/bind9 restart (maybe not required)
/etc/init.d/isc-dhcp-server restart
To add a workstation to tjener use GOsa, set name, ip-address and mac-address, enable dhcp, add tjener as time server
and enable dns (using the zone which matches the ip-address) and add the workstation to nis netgroup workstation-hosts.
Enable auto update on workstations: /etc/apt/apt.conf.d/50unattended-upgrades:
uncomment MinimalSteps and InstallOnShutdown
Install plymouth on the workstation to get a nice splash animation:
apt-get install plymouth plymouth-drm plymouth-x11 plymouth-themes-all
edit /etc/initramfs-tools/modules (intel_agp drm i915 modeset=1)
edit /etc/default/grub: GRUB_GFXMODE=1280×1024 and GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash”
copy a background png image to /boot/grub, unpack AzenisSkole.tar.gz (based on AzenisBuntu) inside
/usr/share/plymouth/themes/ and then run
update-grub2 and select a theme with
plymouth-set-default-theme –list; plymouth-set-default-theme AzenisSkole
preview the theme with
plymouthd; plymouth –show-splash; sleep 15; plymouth quit
and put the theme to initramfs with
update-initramfs -u
Use grub.pxe to boot from network. This allows to keep pxe boot always on for the workstations which makes it easier to use clonezilla server.
The pxe boatloader grub.pxe can be created with grub-mkimage (details, embedded config and binary grub.pxe). In GOsa
systems / tjener / services / dhcp /subnet0x.intern (x=0, 1, 2): Bootup Filename: has to be changed (from default pxelinux.0) to
“/var/lib/tftpboot/ltsp/i386/grub.pxe” and grub.pxe has to be copied to this directory.
(This setting gets active after clicking on Save / Save / Apply and running /etc/init.d/isc-dhcp-server restart)
Bugfix: sometimes freshly booted workstation do not allow login. What seems to help is:
/etc/rc.local: /etc/init.d/nscd restart
Configure workstations for classroom use: chmod -R o-rwx ()and smae for /skole/tjener/home0) to get private home directories
and add to /etc/skel: ./kde/share/config/dolphinrc:
[General]
ShowSelectionToggle=false
and add to /etc/skel: ./kde/share/config/kwalletrc:
[Wallet]
Enabled=false
Install apache-openoffice because libreoffice coming with debian wheezy is outdated and buggy (crashes). Install google chrome to get its builtin flash and pdf support.
If tjener runs in xen /etc/fstab needs the option nobarrier. (This avoids I/O errors in domU.)
Clonezilla server (DRBL): Install minimal system of debian-edu and drbl. Then run drblsrv -i (no drbl or system install images; clonezilla box mode). Save and restore with drbl-ocs -j2 -q2 startdisk save; drbl-ocs stop; drbl-ocs -j2 startdisk multicast_restore; restore with -icds if the target disk is smaller than the source disk and if the source partitions fit on the target disk. – To “plug”/”unplug” network cables of xen vm machines use brctl addif/delif for vif-interfaces (displayed by xm network-list domU_name).
Administration of windows workstations: add existing admin user with GOsa /groups to domain-admins group. On tjener use commands
net -S 10.0.2.2 rpc group …; net -S 10.0.2.2 rpc user …
to display groups and users (as described here). Use smbpasswd to set samba password for user root. Samba user Administrator can be enabled with
smbpasswd -e Administrator.
Update to debian jessie and ipfire 2.19-110
Tjener: update as described on skolelinux.org. Workstation: new install from usb with debian-edu1 image as “workstation” (guided harddisk setup, whole disk, maybe use console to mkfs.ext4 because automatic formatting might error out when previous filesystem exists, bootloader to /dev/sda); manually instal: apt-get install myspell-de-ch); after cloning with drbl: adjust hostname using mcedit /etc/hostname. (step by step: drbl-ocs -j2 -sc0 –clients-to-wait 5 startdisk multicast_res; ssh 10.1.0.[1 or 2 … 6]; then on client mount /dev/sda1 /mnt; mcedit /mnt/etc/hostname; poweroff) – Updated ipfire: static route on ipfire to 192.168.x.0 subnets does not work; instead use nat on tjener:
iptables -t nat -A POSTROUTING -j MASQUERADE -s 192.168.0.0/24
iptables -t nat -A POSTROUTING -j MASQUERADE -s 192.168.1.0/24
iptables -t nat -A POSTROUTING -j MASQUERADE -s 192.168.2.0/24