From william at fragakis.com Wed Feb 1 17:08:38 2012 From: william at fragakis.com (William Fragakis) Date: Wed, 01 Feb 2012 12:08:38 -0500 Subject: [K12OSN] freerdp ver 1.0 In-Reply-To: References: Message-ID: <1328116118.14394.40.camel@server.ltsp> I know that a number of us use rdesktop or freerdp for rdp sessions. If you weren't already aware, a fork/update to rdesktop, freerdp has just come out with ver. 1.0. I don't believe rpms, etc are available yet but it's pretty easy to compile (even I could do it). Information, links to files, wiki, how to compile, etc. http://www.freerdp.com/ This new version solved a major issue for us, authenticating onto a Win Server 2008 remote app server. There are some differences on how it works on F14 vs. SL 6.1 (which flags to use, etc.) but, generally, it works very well. It hasn't been integrated into remmina yet but you can create a "gui" using zenity. Let me know if you need more on this. btw, if you get a "could not find cups" message during compile - I did on F14 - install cups-devel along with the other recommended files shown on the install pages. Regards, William From jvermeulen at cawdekempen.be Thu Feb 2 13:48:23 2012 From: jvermeulen at cawdekempen.be (Johan Vermeulen) Date: Thu, 02 Feb 2012 14:48:23 +0100 Subject: [K12OSN] k12ltsp as next-server - solved In-Reply-To: <1328031706.27208.174.camel@server.ltsp> References: <1328031706.27208.174.camel@server.ltsp> Message-ID: <4F2A9427.2080505@cawdekempen.be> William, this solved my problem. My dhcpd.conf on the first server now is: *group { next-server 192.168.66.150; filename "ltsp/i386/pxelinux.0"; option root-path "nbd:192.168.66.150:2000:squashfs:ro"; option root-path "192.168.66.150:/opt/ltsp/i386"; host testtc { hardware ethernet 00:22:64:29:a9:4e; fixed-address 192.168.66.156; } } *this did the trick. Thank you Wiliam ! greetings, J Op 31-01-12 18:41, William Fragakis schreef: > Johan, > Hopefully, the following is correct and helpful. > > Have you set the correct option-path for the kernel in dhcpd.conf? > > It will probably look like this for you, if *.66.150 is where the ltsp > kernels are > > option root-path "192.168.66.150:/opt/ltsp/i386"; > or if you are using nbd > option root-path "nbd:192.168.66.150:2000:squashfs:ro"; > > filename "/ltsp/i386/pxelinux.0"; only is for the pxe image. From there, > it needs to find its full kernel to finish booting > > also, you will have to edit > /opt/ltsp/i386/usr/sbin/ltsp-client-launch > if you want your clients to connect to *.66.150 or anything other than > the default ip from install for the ldm session. > look for the server variable on line 46. > > Regards, > William > >> Message: 1 >> Date: Mon, 30 Jan 2012 19:29:35 +0100 >> From: Johan Vermeulen >> To: "Support list for open source software in schools." >> >> Subject: [K12OSN] k12ltsp as next-server >> Message-ID:<4F26E18F.4070907 at cawdekempen.be> >> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed" >> >> dear All, >> >> I'm trying to set up a K12Ltsp server on Centos6.2 as next-server behind >> an OpenSuse11.1 Kiwi-ltsp server. >> So everybody on this site boots from the Kiwi-ltsp machine, but I want >> to put some users on the newer CentOs-server. >> >> >> So in /etc/dhcpd.conf on the Kiwi-ltsp machine it says: >> >> *group { >> next-server 192.168.66.150; >> filename "/ltsp/i386/pxelinux.0"; >> >> host testtc { >> hardware ethernet 00:22:64:29:a9:4e; >> fixed-address 192.168.66.156; >> } >> }* >> >> next-server being the K12ltsp machine. >> host testtc, the test thinclient, is a Hp thinclient attached to the >> Kiwi-ltsp machine. >> >> The K12ltsp setup on the Centos6.2 machine is completely new installed >> and exactly like it's explained on the site. >> So firewall is off. >> >> The thinclient gets an dhcp address and begins booting, then halfway >> down stalls with this EM: >> >> *Dracut: Warning: Boot has failed. To debug this issue add "rdshell" to >> the kernel >> command line. >> Dracut Warning : Signal caught. >> >> Kernel Panic -not syncing : attempted to kill init! >> id:1, comm: init Tainted :6 >> --------------------------------------------#2.6.32-131.6.1el6.i6 >> 6.thinclient s1 >> >> *If I want to add "rdshell", where would I put it? >> >> Could this be a simple permission problem --- the Kiwi-Ltsp machine >> boots with the pxelinux.0 from the CentOs machine >> if I understand it correctly -. >> >> Or could the 2 systems be incompatible? >> >> Thanks for any advise on this. >> >> greetings, J. >> * >> * >> > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see -------------- next part -------------- An HTML attachment was scrubbed... URL: From william at fragakis.com Thu Feb 2 17:41:49 2012 From: william at fragakis.com (William Fragakis) Date: Thu, 02 Feb 2012 12:41:49 -0500 Subject: [K12OSN] k12ltsp as next-server - solved In-Reply-To: References: Message-ID: <1328204509.14394.103.camel@server.ltsp> Johan, Glad it worked out for you. You probably want to comment out the root-path you aren't using as it is redundant and will confuse things if someone is trying debug/change things in the future. I don't know enough about how dhcpd.conf is read to say if the first or last one is respected. iirc, nbd works better for larger installations. So maybe something like option root-path "nbd:192.168.66.150:2000:squashfs:ro"; # option root-path "192.168.66.150:/opt/ltsp/i386"; You probably already know that if you make any changes to the chroot like yum update or installing local apps, you'll need to run ltsp-update-kernels for the nbd image to be updated. You don't need to do that if you are booting from /opt/ltsp/i386 Good luck, William > ontent-Type: text/plain; charset="iso-8859-1"; Format="flowed" > > William, > > this solved my problem. > > My dhcpd.conf on the first server now is: > > *group { > next-server 192.168.66.150; > filename "ltsp/i386/pxelinux.0"; > option root-path "nbd:192.168.66.150:2000:squashfs:ro"; > option root-path "192.168.66.150:/opt/ltsp/i386"; > > host testtc { > hardware ethernet 00:22:64:29:a9:4e; > fixed-address 192.168.66.156; > } > } > > *this did the trick. > > Thank you Wiliam ! > > greetings, J > > > Op 31-01-12 18:41, William Fragakis schreef: > > Johan, > > Hopefully, the following is correct and helpful. > > > > Have you set the correct option-path for the kernel in dhcpd.conf? > > > > It will probably look like this for you, if *.66.150 is where the ltsp > > kernels are > > > > option root-path "192.168.66.150:/opt/ltsp/i386"; > > or if you are using nbd > > option root-path "nbd:192.168.66.150:2000:squashfs:ro"; > > > > filename "/ltsp/i386/pxelinux.0"; only is for the pxe image. From there, > > it needs to find its full kernel to finish booting > > > > also, you will have to edit > > /opt/ltsp/i386/usr/sbin/ltsp-client-launch > > if you want your clients to connect to *.66.150 or anything other than > > the default ip from install for the ldm session. > > look for the server variable on line 46. > > > > Regards, > > William > > > >> Message: 1 > >> Date: Mon, 30 Jan 2012 19:29:35 +0100 > >> From: Johan Vermeulen > >> To: "Support list for open source software in schools." > >> > >> Subject: [K12OSN] k12ltsp as next-server > >> Message-ID:<4F26E18F.4070907 at cawdekempen.be> > >> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed" > >> > >> dear All, > >> > >> I'm trying to set up a K12Ltsp server on Centos6.2 as next-server behind > >> an OpenSuse11.1 Kiwi-ltsp server. > >> So everybody on this site boots from the Kiwi-ltsp machine, but I want > >> to put some users on the newer CentOs-server. > >> > >> > >> So in /etc/dhcpd.conf on the Kiwi-ltsp machine it says: > >> > >> *group { > >> next-server 192.168.66.150; > >> filename "/ltsp/i386/pxelinux.0"; > >> > >> host testtc { > >> hardware ethernet 00:22:64:29:a9:4e; > >> fixed-address 192.168.66.156; > >> } > >> }* > >> > >> next-server being the K12ltsp machine. > >> host testtc, the test thinclient, is a Hp thinclient attached to the > >> Kiwi-ltsp machine. > >> > >> The K12ltsp setup on the Centos6.2 machine is completely new installed > >> and exactly like it's explained on the site. > >> So firewall is off. > >> > >> The thinclient gets an dhcp address and begins booting, then halfway > >> down stalls with this EM: > >> > >> *Dracut: Warning: Boot has failed. To debug this issue add "rdshell" to > >> the kernel > >> command line. > >> Dracut Warning : Signal caught. > >> > >> Kernel Panic -not syncing : attempted to kill init! > >> id:1, comm: init Tainted :6 > >> --------------------------------------------#2.6.32-131.6.1el6.i6 > >> 6.thinclient s1 > >> > >> *If I want to add "rdshell", where would I put it? > >> > >> Could this be a simple permission problem --- the Kiwi-Ltsp machine > >> boots with the pxelinux.0 from the CentOs machine > >> if I understand it correctly -. > >> > >> Or could the 2 systems be incompatible? > >> > >> Thanks for any advise on this. > >> > >> greetings, J. > >> * > >> * > >> > > > > _______________________________________________ > > K12OSN mailing list > > K12OSN at redhat.com > > https://www.redhat.com/mailman/listinfo/k12osn > > For more info see > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > > ------------------------------ > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > > End of K12OSN Digest, Vol 96, Issue 2 > ************************************* From jvermeulen at cawdekempen.be Fri Feb 3 13:46:41 2012 From: jvermeulen at cawdekempen.be (Johan Vermeulen) Date: Fri, 03 Feb 2012 14:46:41 +0100 Subject: [K12OSN] k12ltsp as next-server - solved In-Reply-To: <1328204509.14394.103.camel@server.ltsp> References: <1328204509.14394.103.camel@server.ltsp> Message-ID: <4F2BE541.9040703@cawdekempen.be> hello William, actualy, I didn't know that. I'll have to do some more reading on the difference between the two methods. It worked yesterday in my test environment, but today on the actual site, it's less successfull. The thinclients boot ok, but no matter what I try, users or root cannot log in on the thinclients. LDAP auth does work on the server... It keeps coming back with : no response from server. grt, Johan Op 02-02-12 18:41, William Fragakis schreef: > Johan, > Glad it worked out for you. You probably want to comment out > the root-path you aren't using as it is redundant and will confuse > things if someone is trying > debug/change things in the future. > > I don't know enough about how dhcpd.conf is read to say if the first or > last one is respected. iirc, > nbd works better for larger installations. So maybe something like > > option root-path "nbd:192.168.66.150:2000:squashfs:ro"; > # option root-path "192.168.66.150:/opt/ltsp/i386"; > > You probably already know that if you make any changes to the chroot > like yum update or installing local apps, you'll need to run > ltsp-update-kernels for the nbd image to be updated. You don't need to > do that if you are booting from /opt/ltsp/i386 > > Good luck, > William > > > >> ontent-Type: text/plain; charset="iso-8859-1"; Format="flowed" >> >> William, >> >> this solved my problem. >> >> My dhcpd.conf on the first server now is: >> >> *group { >> next-server 192.168.66.150; >> filename "ltsp/i386/pxelinux.0"; >> option root-path "nbd:192.168.66.150:2000:squashfs:ro"; >> option root-path "192.168.66.150:/opt/ltsp/i386"; >> >> host testtc { >> hardware ethernet 00:22:64:29:a9:4e; >> fixed-address 192.168.66.156; >> } >> } >> >> *this did the trick. >> >> Thank you Wiliam ! >> >> greetings, J >> >> >> Op 31-01-12 18:41, William Fragakis schreef: >>> Johan, >>> Hopefully, the following is correct and helpful. >>> >>> Have you set the correct option-path for the kernel in dhcpd.conf? >>> >>> It will probably look like this for you, if *.66.150 is where the ltsp >>> kernels are >>> >>> option root-path "192.168.66.150:/opt/ltsp/i386"; >>> or if you are using nbd >>> option root-path "nbd:192.168.66.150:2000:squashfs:ro"; >>> >>> filename "/ltsp/i386/pxelinux.0"; only is for the pxe image. From there, >>> it needs to find its full kernel to finish booting >>> >>> also, you will have to edit >>> /opt/ltsp/i386/usr/sbin/ltsp-client-launch >>> if you want your clients to connect to *.66.150 or anything other than >>> the default ip from install for the ldm session. >>> look for the server variable on line 46. >>> >>> Regards, >>> William >>> >>>> Message: 1 >>>> Date: Mon, 30 Jan 2012 19:29:35 +0100 >>>> From: Johan Vermeulen >>>> To: "Support list for open source software in schools." >>>> >>>> Subject: [K12OSN] k12ltsp as next-server >>>> Message-ID:<4F26E18F.4070907 at cawdekempen.be> >>>> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed" >>>> >>>> dear All, >>>> >>>> I'm trying to set up a K12Ltsp server on Centos6.2 as next-server behind >>>> an OpenSuse11.1 Kiwi-ltsp server. >>>> So everybody on this site boots from the Kiwi-ltsp machine, but I want >>>> to put some users on the newer CentOs-server. >>>> >>>> >>>> So in /etc/dhcpd.conf on the Kiwi-ltsp machine it says: >>>> >>>> *group { >>>> next-server 192.168.66.150; >>>> filename "/ltsp/i386/pxelinux.0"; >>>> >>>> host testtc { >>>> hardware ethernet 00:22:64:29:a9:4e; >>>> fixed-address 192.168.66.156; >>>> } >>>> }* >>>> >>>> next-server being the K12ltsp machine. >>>> host testtc, the test thinclient, is a Hp thinclient attached to the >>>> Kiwi-ltsp machine. >>>> >>>> The K12ltsp setup on the Centos6.2 machine is completely new installed >>>> and exactly like it's explained on the site. >>>> So firewall is off. >>>> >>>> The thinclient gets an dhcp address and begins booting, then halfway >>>> down stalls with this EM: >>>> >>>> *Dracut: Warning: Boot has failed. To debug this issue add "rdshell" to >>>> the kernel >>>> command line. >>>> Dracut Warning : Signal caught. >>>> >>>> Kernel Panic -not syncing : attempted to kill init! >>>> id:1, comm: init Tainted :6 >>>> --------------------------------------------#2.6.32-131.6.1el6.i6 >>>> 6.thinclient s1 >>>> >>>> *If I want to add "rdshell", where would I put it? >>>> >>>> Could this be a simple permission problem --- the Kiwi-Ltsp machine >>>> boots with the pxelinux.0 from the CentOs machine >>>> if I understand it correctly -. >>>> >>>> Or could the 2 systems be incompatible? >>>> >>>> Thanks for any advise on this. >>>> >>>> greetings, J. >>>> * >>>> * >>>> >>> _______________________________________________ >>> K12OSN mailing list >>> K12OSN at redhat.com >>> https://www.redhat.com/mailman/listinfo/k12osn >>> For more info see >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: >> >> ------------------------------ >> >> _______________________________________________ >> K12OSN mailing list >> K12OSN at redhat.com >> https://www.redhat.com/mailman/listinfo/k12osn >> >> End of K12OSN Digest, Vol 96, Issue 2 >> ************************************* > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see From william at fragakis.com Fri Feb 3 20:38:25 2012 From: william at fragakis.com (William Fragakis) Date: Fri, 03 Feb 2012 15:38:25 -0500 Subject: [K12OSN] k12ltsp as next-server - solved In-Reply-To: References: Message-ID: <1328301505.14394.140.camel@server.ltsp> Johan, 1) In your test environment, did the clients log in correctly? 2) I know almost zero about using LDAP. Sorry. 3) If it appears that the clients are trying to log in to the wrong server: it appears I was incorrect to suggest editing /opt/ltsp/i386/usr/sbin/ltsp-client-launch to point the clients to a server other than the default at installation. Although it works, it's the hard way to do something. Use the option LDM_SERVER in lts.conf to tell the clients the ip address of the server they should connect to. Again, apologies. I forget how much I've forgotten. (Editing ltsp-client-launch, though, does eliminate the need to set LDM_SERVER if you are using an IP range other than the default installation.) Regards, William On Fri, 2012-02-03 at 12:00 -0500, k12osn-request at redhat.com wrote: > From: Johan Vermeulen > To: "Support list for open source software in schools." > > Subject: Re: [K12OSN] k12ltsp as next-server - solved > Message-ID: <4F2BE541.9040703 at cawdekempen.be> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > hello William, > > actualy, I didn't know that. > > I'll have to do some more reading on the difference between the two > methods. > > It worked yesterday in my test environment, but today on the actual > site, it's less successfull. > The thinclients boot ok, but no matter what I try, users or root > cannot > log in on the thinclients. LDAP auth does work on the server... > It keeps coming back with : no response from server. > > grt, Johan > > Op 02-02-12 18:41, William Fragakis schreef: > > Johan, > > Glad it worked out for you. You probably want to comment out > > the root-path you aren't using as it is redundant and will confuse > > things if someone is trying > > debug/change things in the future. > > > > I don't know enough about how dhcpd.conf is read to say if the first > or > > last one is respected. iirc, > > nbd works better for larger installations. So maybe something like > > > > option root-path "nbd:192.168.66.150:2000:squashfs:ro"; > > # option root-path "192.168.66.150:/opt/ltsp/i386"; > > > > You probably already know that if you make any changes to the chroot > > like yum update or installing local apps, you'll need to run > > ltsp-update-kernels for the nbd image to be updated. You don't need > to > > do that if you are booting from /opt/ltsp/i386 > > > > Good luck, > > William > > > > > > > >> ontent-Type: text/plain; charset="iso-8859-1"; Format="flowed" > >> > >> William, [snippage] From brcisna at eazylivin.net Sun Feb 5 19:49:10 2012 From: brcisna at eazylivin.net (Barry R Cisna) Date: Sun, 05 Feb 2012 13:49:10 -0600 Subject: [K12OSN] Raspberry Pi support? Message-ID: <1328471350.5007.84.camel@localhost.localdomain> Jeff, Do you by chance know of anyone that has test piloted any of these TC's? Lots of times this type of thing sounds good "in theory",,but just don't have enough soup,in the real world. Would be the cat's meow,if it does in fact work decent as a web browsing machine! Take Care, Barry From dean.jones at oregonstate.edu Mon Feb 6 15:53:31 2012 From: dean.jones at oregonstate.edu (Dean Jones) Date: Mon, 6 Feb 2012 07:53:31 -0800 Subject: [K12OSN] Raspberry Pi support? In-Reply-To: <1328471350.5007.84.camel@localhost.localdomain> References: <1328471350.5007.84.camel@localhost.localdomain> Message-ID: Are these for sale yet? Last I checked they were not available just yet. On Sun, Feb 5, 2012 at 11:49 AM, Barry R Cisna wrote: > Jeff, > > Do you by chance know of anyone that has test piloted any of these TC's? > Lots of times this type of thing sounds good "in theory",,but just don't > have enough soup,in the real world. Would be the cat's meow,if it does > in fact work decent as a web browsing machine! > > Take Care, > Barry > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see From jvermeulen at cawdekempen.be Mon Feb 6 19:13:10 2012 From: jvermeulen at cawdekempen.be (Johan Vermeulen) Date: Mon, 06 Feb 2012 20:13:10 +0100 Subject: [K12OSN] k12ltsp as next-server - solved or almost In-Reply-To: <1328301505.14394.140.camel@server.ltsp> References: <1328301505.14394.140.camel@server.ltsp> Message-ID: <4F302646.3070207@cawdekempen.be> Hello William, hello All, I tested this again today on the production environment. 1) on the test environment, clients did log in correctly 2) I don't think it's LDAP related, mostly because root can also not log in. 3) the clients do not log in on the wrong server. I think your advise was right, they make the thinclients boot. I tested today with the two options in dhcpd.conf and ended up enabling them both, it makes no difference. so tho thinks are puzling me: * this is var/log/messages on thinclient boot : *Feb 6 16:17:05 server2 in.tftpd[9413]: tftp: client does not accept options Feb 6 16:17:24 server2 rpc.mountd[7744]: authenticated mount request from 192.168.50.148:678 for /opt/ltsp/i386 (/opt/ltsp) Feb 6 16:17:40 server2 xinetd[7603]: START: nbdswapd pid=9431 from=::ffff:192.168.50.148 Feb 6 16:17:40 server2 nbd-server: connect from 192.168.50.148, assigned file is /var/lib/ltsp/swapfiles/QlNwyt Feb 6 16:17:40 server2 nbd-server: Size of exported file/device is 67108864 Feb 6 16:17:42 server2 xinetd[7603]: START: ldminfod pid=9438 from=::ffff:192.168.50.148 Feb 6 16:17:42 server2 xinetd[7603]: EXIT: ldminfod status=0 pid=9438 duration=0(sec) Feb 6 16:18:37 server2 xinetd[7603]: START: ldminfod pid=9454 from=::ffff:192.168.50.148 Feb 6 16:18:37 server2 xinetd[7603]: EXIT: ldminfod status=0 pid=9454 duration=0(sec) * so I am wondering about the EXIT; ldminfod part, but I think it's not related to the problem. Or is it? * this is /var/log/secure : *Feb 6 16:11:12 server2 sshd[9228]: Accepted password for root from 192.168.50.174 port 45240 ssh2 Feb 6 16:11:12 server2 sshd[9228]: pam_unix(sshd:session): session opened for user root by (uid=0) Feb 6 16:11:13 server2 sshd[9228]: Received disconnect from 192.168.50.174: 11: disconnected by user Feb 6 16:11:13 server2 sshd[9228]: pam_unix(sshd:session): session closed for user root Feb 6 16:12:59 server2 sshd[9271]: Connection closed by 192.168.50.148 Feb 6 16:15:13 server2 sshd[9309]: Connection closed by 192.168.50.148 Feb 6 16:18:36 server2 sshd[9443]: Connection closed by 192.168.50.148 * I think this is the problem: sshd gets closed somehow. So I tried different firewall configs, but to no avail. Also turned off Selinux, that's not it, either. I also checked /etc/ssh/sshd_config to make shure to have pam=on. So I think it has to do with sshd, but cannot figure out what. greetings, J. Op 03-02-12 21:38, William Fragakis schreef: > Johan, > 1) In your test environment, did the clients log in correctly? > > 2) I know almost zero about using LDAP. Sorry. > > 3) If it appears that the clients are trying to log in to the wrong > server: > > it appears I was incorrect to suggest editing > > /opt/ltsp/i386/usr/sbin/ltsp-client-launch > > to point the clients to a server other than the default at installation. > > Although it works, it's the hard way to do something. > > Use the option LDM_SERVER in lts.conf to tell the clients the ip address > of the server they should connect to. Again, apologies. I forget how > much I've forgotten. > (Editing ltsp-client-launch, though, does eliminate the need to set > LDM_SERVER if you are using an IP range other than the default > installation.) > > Regards, > William > > > On Fri, 2012-02-03 at 12:00 -0500, k12osn-request at redhat.com wrote: >> From: Johan Vermeulen >> To: "Support list for open source software in schools." >> >> Subject: Re: [K12OSN] k12ltsp as next-server - solved >> Message-ID:<4F2BE541.9040703 at cawdekempen.be> >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed >> >> hello William, >> >> actualy, I didn't know that. >> >> I'll have to do some more reading on the difference between the two >> methods. >> >> It worked yesterday in my test environment, but today on the actual >> site, it's less successfull. >> The thinclients boot ok, but no matter what I try, users or root >> cannot >> log in on the thinclients. LDAP auth does work on the server... >> It keeps coming back with : no response from server. >> >> grt, Johan >> >> Op 02-02-12 18:41, William Fragakis schreef: >>> Johan, >>> Glad it worked out for you. You probably want to comment out >>> the root-path you aren't using as it is redundant and will confuse >>> things if someone is trying >>> debug/change things in the future. >>> >>> I don't know enough about how dhcpd.conf is read to say if the first >> or >>> last one is respected. iirc, >>> nbd works better for larger installations. So maybe something like >>> >>> option root-path "nbd:192.168.66.150:2000:squashfs:ro"; >>> # option root-path "192.168.66.150:/opt/ltsp/i386"; >>> >>> You probably already know that if you make any changes to the chroot >>> like yum update or installing local apps, you'll need to run >>> ltsp-update-kernels for the nbd image to be updated. You don't need >> to >>> do that if you are booting from /opt/ltsp/i386 >>> >>> Good luck, >>> William >>> >>> >>> >>>> ontent-Type: text/plain; charset="iso-8859-1"; Format="flowed" >>>> >>>> William, > [snippage] > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see -------------- next part -------------- An HTML attachment was scrubbed... URL: From news at siddall.name Mon Feb 6 20:07:52 2012 From: news at siddall.name (Jeff Siddall) Date: Mon, 06 Feb 2012 15:07:52 -0500 Subject: [K12OSN] Raspberry Pi support? In-Reply-To: References: <1328471350.5007.84.camel@localhost.localdomain> Message-ID: <4F303318.30202@siddall.name> On 02/06/2012 10:53 AM, Dean Jones wrote: > Are these for sale yet? > > Last I checked they were not available just yet. Nope, but apparently they started manufacturing now so I suspect they will be soon. The hardware is basically tablet-like so it should be good with video and barely acceptable for CPU, but that is fine for a thin client. They got XBMC running on it, which is a good sign: http://www.raspberrypi.org/archives/571 Jeff From william at fragakis.com Tue Feb 7 18:30:33 2012 From: william at fragakis.com (William Fragakis) Date: Tue, 07 Feb 2012 13:30:33 -0500 Subject: [K12OSN] k12ltsp as next-server - solved or almost In-Reply-To: References: Message-ID: <1328639433.14394.457.camel@server.ltsp> Johan, In the test environment, did the ltsp server have the same ip address or was it x.x.x.254? If the server changes ip address, then you need to run ltsp-update-sshkeys (and ltsp-update-kernels if you are using nbd images). Hope this helps, William On Tue, 2012-02-07 at 12:00 -0500, k12osn-request at redhat.com wrote: > From: Johan Vermeulen > To: "Support list for open source software in schools." > > Subject: Re: [K12OSN] k12ltsp as next-server - solved or almost > Message-ID: <4F302646.3070207 at cawdekempen.be> > Content-Type: text/plain; charset="iso-8859-1"; Format="flowed" > > Hello William, hello All, > > I tested this again today on the production environment. > > 1) on the test environment, clients did log in correctly > > 2) I don't think it's LDAP related, mostly because root can also not > log in. > > 3) the clients do not log in on the wrong server. I think your advise > was right, they make the thinclients boot. > > I tested today with the two options in dhcpd.conf and ended up > enabling > them both, it makes no difference. > > so tho thinks are puzling me: > > * this is var/log/messages on thinclient boot : > > *Feb 6 16:17:05 server2 in.tftpd[9413]: tftp: client does not accept > options > Feb 6 16:17:24 server2 rpc.mountd[7744]: authenticated mount request > from 192.168.50.148:678 for /opt/ltsp/i386 (/opt/ltsp) > Feb 6 16:17:40 server2 xinetd[7603]: START: nbdswapd pid=9431 > from=::ffff:192.168.50.148 > Feb 6 16:17:40 server2 nbd-server: connect from 192.168.50.148, > assigned file is /var/lib/ltsp/swapfiles/QlNwyt > Feb 6 16:17:40 server2 nbd-server: Size of exported file/device is > 67108864 > Feb 6 16:17:42 server2 xinetd[7603]: START: ldminfod pid=9438 > from=::ffff:192.168.50.148 > Feb 6 16:17:42 server2 xinetd[7603]: EXIT: ldminfod status=0 > pid=9438 > duration=0(sec) > Feb 6 16:18:37 server2 xinetd[7603]: START: ldminfod pid=9454 > from=::ffff:192.168.50.148 > Feb 6 16:18:37 server2 xinetd[7603]: EXIT: ldminfod status=0 > pid=9454 > duration=0(sec) > * > so I am wondering about the EXIT; ldminfod part, but I think it's not > related to the problem. Or is it? > > * this is /var/log/secure : > > *Feb 6 16:11:12 server2 sshd[9228]: Accepted password for root from > 192.168.50.174 port 45240 ssh2 > Feb 6 16:11:12 server2 sshd[9228]: pam_unix(sshd:session): session > opened for user root by (uid=0) > Feb 6 16:11:13 server2 sshd[9228]: Received disconnect from > 192.168.50.174: 11: disconnected by user > Feb 6 16:11:13 server2 sshd[9228]: pam_unix(sshd:session): session > closed for user root > Feb 6 16:12:59 server2 sshd[9271]: Connection closed by > 192.168.50.148 > Feb 6 16:15:13 server2 sshd[9309]: Connection closed by > 192.168.50.148 > Feb 6 16:18:36 server2 sshd[9443]: Connection closed by > 192.168.50.148 > * > I think this is the problem: sshd gets closed somehow. > So I tried different firewall configs, but to no avail. Also turned > off > Selinux, that's not it, either. > I also checked /etc/ssh/sshd_config to make shure to have pam=on. > > So I think it has to do with sshd, but cannot figure out what. > > greetings, J. > > From news at siddall.name Wed Feb 8 02:55:01 2012 From: news at siddall.name (Jeff Siddall) Date: Tue, 07 Feb 2012 21:55:01 -0500 Subject: [K12OSN] Wireless TC assistance In-Reply-To: <4F1477CA.7030107@structural-wood.com> References: <1326548238.21764.123.camel@localhost.localdomain> <4F11BA2F.3080503@gmail.com> <4F1477CA.7030107@structural-wood.com> Message-ID: <4F31E405.7010907@siddall.name> On 01/16/2012 02:17 PM, Kent Schumacher wrote: > For what it's worth, I've played around with hooking a terminal to a > wireless bridge. I was able to achieve a usable wireless LTSP terminal > in that configuration. As I remember it, it wasn't too bad to use from a > speed perspective. > > Back then a bridge cost $80 and was about the size of two decks of cards > - I have no idea what a bridge would look like or cost today. I decided to try to build my own custom wireless client. I am taking a relatively inexpensive ($30) Asus wireless N router that runs DD-WRT and am attempting to make it a wireless client that also runs OpenVPN to secure the attached _wired_ thin client. That way I can use a standard wired PXE thin client/server setup and securely connect anywhere I have fast enough wireless access (theoretically it could even work at Starbucks!). Of course this is highly dependent on getting client mode + OpenVPN + the require DHCP stuff all working over a NATed VPN connection. I sorta doubt it will work but I will report back what I find. Plan B is that DD-WRT does support a wireless bridge mode and that will almost certainly work. Jeff From jvermeulen at cawdekempen.be Wed Feb 8 08:46:49 2012 From: jvermeulen at cawdekempen.be (Johan Vermeulen) Date: Wed, 08 Feb 2012 09:46:49 +0100 Subject: [K12OSN] k12ltsp as next-server - solved or almost In-Reply-To: <1328639433.14394.457.camel@server.ltsp> References: <1328639433.14394.457.camel@server.ltsp> Message-ID: <4F323679.4030403@cawdekempen.be> William, thanks again for the reply. I was able to log in yesterday morning by logging in to the own ip address, then copying the key from /root/.ssh/known_hosts to /opt/ltsp/i386/etc/ssh/ssh_known_hosts. I think that's the same result as running ltsp-update-sshkeys. Thanks to your help, starting next Tuesday, we will have people doing their desktop business with the help of K12Linux. Maybe that's a first in Belgium ??!! :-) greetings, J. Op 07-02-12 19:30, William Fragakis schreef: > Johan, > In the test environment, did the ltsp server have the same ip address or > was it x.x.x.254? > > If the server changes ip address, then you need to run > ltsp-update-sshkeys (and ltsp-update-kernels if you are using nbd > images). > > Hope this helps, > William > > > On Tue, 2012-02-07 at 12:00 -0500, k12osn-request at redhat.com wrote: >> From: Johan Vermeulen >> To: "Support list for open source software in schools." >> >> Subject: Re: [K12OSN] k12ltsp as next-server - solved or almost >> Message-ID:<4F302646.3070207 at cawdekempen.be> >> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed" >> >> Hello William, hello All, >> >> I tested this again today on the production environment. >> >> 1) on the test environment, clients did log in correctly >> >> 2) I don't think it's LDAP related, mostly because root can also not >> log in. >> >> 3) the clients do not log in on the wrong server. I think your advise >> was right, they make the thinclients boot. >> >> I tested today with the two options in dhcpd.conf and ended up >> enabling >> them both, it makes no difference. >> >> so tho thinks are puzling me: >> >> * this is var/log/messages on thinclient boot : >> >> *Feb 6 16:17:05 server2 in.tftpd[9413]: tftp: client does not accept >> options >> Feb 6 16:17:24 server2 rpc.mountd[7744]: authenticated mount request >> from 192.168.50.148:678 for /opt/ltsp/i386 (/opt/ltsp) >> Feb 6 16:17:40 server2 xinetd[7603]: START: nbdswapd pid=9431 >> from=::ffff:192.168.50.148 >> Feb 6 16:17:40 server2 nbd-server: connect from 192.168.50.148, >> assigned file is /var/lib/ltsp/swapfiles/QlNwyt >> Feb 6 16:17:40 server2 nbd-server: Size of exported file/device is >> 67108864 >> Feb 6 16:17:42 server2 xinetd[7603]: START: ldminfod pid=9438 >> from=::ffff:192.168.50.148 >> Feb 6 16:17:42 server2 xinetd[7603]: EXIT: ldminfod status=0 >> pid=9438 >> duration=0(sec) >> Feb 6 16:18:37 server2 xinetd[7603]: START: ldminfod pid=9454 >> from=::ffff:192.168.50.148 >> Feb 6 16:18:37 server2 xinetd[7603]: EXIT: ldminfod status=0 >> pid=9454 >> duration=0(sec) >> * >> so I am wondering about the EXIT; ldminfod part, but I think it's not >> related to the problem. Or is it? >> >> * this is /var/log/secure : >> >> *Feb 6 16:11:12 server2 sshd[9228]: Accepted password for root from >> 192.168.50.174 port 45240 ssh2 >> Feb 6 16:11:12 server2 sshd[9228]: pam_unix(sshd:session): session >> opened for user root by (uid=0) >> Feb 6 16:11:13 server2 sshd[9228]: Received disconnect from >> 192.168.50.174: 11: disconnected by user >> Feb 6 16:11:13 server2 sshd[9228]: pam_unix(sshd:session): session >> closed for user root >> Feb 6 16:12:59 server2 sshd[9271]: Connection closed by >> 192.168.50.148 >> Feb 6 16:15:13 server2 sshd[9309]: Connection closed by >> 192.168.50.148 >> Feb 6 16:18:36 server2 sshd[9443]: Connection closed by >> 192.168.50.148 >> * >> I think this is the problem: sshd gets closed somehow. >> So I tried different firewall configs, but to no avail. Also turned >> off >> Selinux, that's not it, either. >> I also checked /etc/ssh/sshd_config to make shure to have pam=on. >> >> So I think it has to do with sshd, but cannot figure out what. >> >> greetings, J. >> >> > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see From jan at recreatie-zorg.nl Wed Feb 8 09:03:38 2012 From: jan at recreatie-zorg.nl (Jan Middelkoop) Date: Wed, 08 Feb 2012 10:03:38 +0100 Subject: [K12OSN] k12ltsp as next-server - solved or almost In-Reply-To: <4F323679.4030403@cawdekempen.be> References: <1328639433.14394.457.camel@server.ltsp> <4F323679.4030403@cawdekempen.be> Message-ID: <4F323A6A.8040605@recreatie-zorg.nl> Hi Johan, Several schools in Belgium are LTSP-powered. http://nl.wikibooks.org/wiki/Linux_Systeembeheer/Linux-scholen I think that's a far from complete list though, also it doesn't include the companies in Belgium that are running LTSP. You could be the first one in Belgium using the -latest- K12Linux in a production environment though. Congrats on your success! Gefeliciteerd. ;-) Kindest regards, Jan Middelkoop Recreatie en Zorg Groep B.V. -- Website: http://www.recreatie-zorg.nl/ E-mail: jan at recreatie-zorg.nl Telefoon: +31 10 714 22 97 Op 08-02-12 09:46, Johan Vermeulen schreef: > William, > > thanks again for the reply. > > I was able to log in yesterday morning by logging in to the own ip > address, then copying the key from /root/.ssh/known_hosts to > /opt/ltsp/i386/etc/ssh/ssh_known_hosts. > > I think that's the same result as running ltsp-update-sshkeys. > > Thanks to your help, starting next Tuesday, we will have people doing > their desktop business with the help of K12Linux. > Maybe that's a first in Belgium ??!! :-) > > greetings, J. > > > > Op 07-02-12 19:30, William Fragakis schreef: >> Johan, >> In the test environment, did the ltsp server have the same ip address or >> was it x.x.x.254? >> >> If the server changes ip address, then you need to run >> ltsp-update-sshkeys (and ltsp-update-kernels if you are using nbd >> images). >> >> Hope this helps, >> William >> >> >> On Tue, 2012-02-07 at 12:00 -0500, k12osn-request at redhat.com wrote: >>> From: Johan Vermeulen >>> To: "Support list for open source software in schools." >>> >>> Subject: Re: [K12OSN] k12ltsp as next-server - solved or almost >>> Message-ID:<4F302646.3070207 at cawdekempen.be> >>> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed" >>> >>> Hello William, hello All, >>> >>> I tested this again today on the production environment. >>> >>> 1) on the test environment, clients did log in correctly >>> >>> 2) I don't think it's LDAP related, mostly because root can also not >>> log in. >>> >>> 3) the clients do not log in on the wrong server. I think your advise >>> was right, they make the thinclients boot. >>> >>> I tested today with the two options in dhcpd.conf and ended up >>> enabling >>> them both, it makes no difference. >>> >>> so tho thinks are puzling me: >>> >>> * this is var/log/messages on thinclient boot : >>> >>> *Feb 6 16:17:05 server2 in.tftpd[9413]: tftp: client does not accept >>> options >>> Feb 6 16:17:24 server2 rpc.mountd[7744]: authenticated mount request >>> from 192.168.50.148:678 for /opt/ltsp/i386 (/opt/ltsp) >>> Feb 6 16:17:40 server2 xinetd[7603]: START: nbdswapd pid=9431 >>> from=::ffff:192.168.50.148 >>> Feb 6 16:17:40 server2 nbd-server: connect from 192.168.50.148, >>> assigned file is /var/lib/ltsp/swapfiles/QlNwyt >>> Feb 6 16:17:40 server2 nbd-server: Size of exported file/device is >>> 67108864 >>> Feb 6 16:17:42 server2 xinetd[7603]: START: ldminfod pid=9438 >>> from=::ffff:192.168.50.148 >>> Feb 6 16:17:42 server2 xinetd[7603]: EXIT: ldminfod status=0 >>> pid=9438 >>> duration=0(sec) >>> Feb 6 16:18:37 server2 xinetd[7603]: START: ldminfod pid=9454 >>> from=::ffff:192.168.50.148 >>> Feb 6 16:18:37 server2 xinetd[7603]: EXIT: ldminfod status=0 >>> pid=9454 >>> duration=0(sec) >>> * >>> so I am wondering about the EXIT; ldminfod part, but I think it's not >>> related to the problem. Or is it? >>> >>> * this is /var/log/secure : >>> >>> *Feb 6 16:11:12 server2 sshd[9228]: Accepted password for root from >>> 192.168.50.174 port 45240 ssh2 >>> Feb 6 16:11:12 server2 sshd[9228]: pam_unix(sshd:session): session >>> opened for user root by (uid=0) >>> Feb 6 16:11:13 server2 sshd[9228]: Received disconnect from >>> 192.168.50.174: 11: disconnected by user >>> Feb 6 16:11:13 server2 sshd[9228]: pam_unix(sshd:session): session >>> closed for user root >>> Feb 6 16:12:59 server2 sshd[9271]: Connection closed by >>> 192.168.50.148 >>> Feb 6 16:15:13 server2 sshd[9309]: Connection closed by >>> 192.168.50.148 >>> Feb 6 16:18:36 server2 sshd[9443]: Connection closed by >>> 192.168.50.148 >>> * >>> I think this is the problem: sshd gets closed somehow. >>> So I tried different firewall configs, but to no avail. Also turned >>> off >>> Selinux, that's not it, either. >>> I also checked /etc/ssh/sshd_config to make shure to have pam=on. >>> >>> So I think it has to do with sshd, but cannot figure out what. >>> >>> greetings, J. >>> >>> >> _______________________________________________ >> K12OSN mailing list >> K12OSN at redhat.com >> https://www.redhat.com/mailman/listinfo/k12osn >> For more info see > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see From william at fragakis.com Wed Feb 8 17:25:38 2012 From: william at fragakis.com (William Fragakis) Date: Wed, 08 Feb 2012 12:25:38 -0500 Subject: [K12OSN] k12ltsp as next-server - solved or almost In-Reply-To: References: Message-ID: <1328721938.14394.475.camel@server.ltsp> In celebration for both Johan and Jan, I'll toast you both tonight with one of Belgium's finest exports (other than Eddy Merckx). :-) Very glad it all worked out and I didn't send you too far down the wrong road. Good luck and thanks for both being persistent and letting us know it worked out in the end. Regards, William On Wed, 2012-02-08 at 12:00 -0500, k12osn-request at redhat.com wrote: > From: Jan Middelkoop > To: "Support list for open source software in schools." > > Subject: Re: [K12OSN] k12ltsp as next-server - solved or almost > Message-ID: <4F323A6A.8040605 at recreatie-zorg.nl> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Hi Johan, > > Several schools in Belgium are LTSP-powered. > http://nl.wikibooks.org/wiki/Linux_Systeembeheer/Linux-scholen > > I think that's a far from complete list though, also it doesn't > include > the companies in Belgium that are running LTSP. > > You could be the first one in Belgium using the -latest- K12Linux in > a > production environment though. > > Congrats on your success! Gefeliciteerd. ;-) > > Kindest regards, > > Jan Middelkoop > Recreatie en Zorg Groep B.V. > > -- > Website: http://www.recreatie-zorg.nl/ > E-mail: jan at recreatie-zorg.nl > Telefoon: +31 10 714 22 97 > > From redbranchwarrior at gmail.com Wed Feb 8 22:18:41 2012 From: redbranchwarrior at gmail.com (Matthew Carter) Date: Wed, 8 Feb 2012 17:18:41 -0500 Subject: [K12OSN] Light weight Message-ID: <6AC40F37-FDBF-426D-A0AB-5FA8CFF8A4C3@gmail.com> I recently managed to get xfce running on centos 6.2 (not intuitive!). However i had a hard time finding a light weight browser that was as fully featured as firefox. As mentioned before firefox running flash can be a hog. I was wondering what things people were doing to Lighten their server load, so to speak. From jim.kinney at gmail.com Wed Feb 8 23:24:52 2012 From: jim.kinney at gmail.com (Jim Kinney) Date: Wed, 8 Feb 2012 18:24:52 -0500 Subject: [K12OSN] Light weight In-Reply-To: <6AC40F37-FDBF-426D-A0AB-5FA8CFF8A4C3@gmail.com> References: <6AC40F37-FDBF-426D-A0AB-5FA8CFF8A4C3@gmail.com> Message-ID: blocking flash will do more than using a lighter browser. Flash is still the greatest hog (well, second to badly written java applets). On Wed, Feb 8, 2012 at 5:18 PM, Matthew Carter wrote: > I recently managed to get xfce running on centos 6.2 (not intuitive!). > However i had a hard time finding a light weight browser that was as fully > featured as firefox. As mentioned before firefox running flash can be a hog. > > I was wondering what things people were doing to Lighten their server > load, so to speak. > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > -- -- James P. Kinney III As long as the general population is passive, apathetic, diverted to consumerism or hatred of the vulnerable, then the powerful can do as they please, and those who survive will be left to contemplate the outcome. - *2011 Noam Chomsky http://heretothereideas.blogspot.com/ * -------------- next part -------------- An HTML attachment was scrubbed... URL: From brcisna at eazylivin.net Thu Feb 9 23:39:15 2012 From: brcisna at eazylivin.net (Barry R Cisna) Date: Thu, 09 Feb 2012 17:39:15 -0600 Subject: [K12OSN] tftp respawning Message-ID: <1328830755.5007.191.camel@localhost.localdomain> Hello All, I just done a new install of Centos 6 server then done the client build as per the instructions here. https://fedorahosted.org/k12linux/wiki/InstallGuide The only thing different is I am using VirtualBox to launch the virtual pxeclient as I done an 32-bit build. I didn't realize that libvirt and virt-manager only runs on 64-bit Centos now? These items install on 32-bit but never actually will run? I need to read more on this subject. When I start the virtual pxeclient it gets an ip address and stalls out at loading pxe. When running 'tail -f /var/log/messages ' I continually see "Starting tftp" followed by "tftp exiting" (with another pid #,incremented up) about every 10 secs. This will continue until I power down the virtual pxeclient,then the message quits. Anyone have any ideas? Thank You, Barry From news at siddall.name Fri Feb 10 02:50:09 2012 From: news at siddall.name (Jeff Siddall) Date: Thu, 09 Feb 2012 21:50:09 -0500 Subject: [K12OSN] Raspberry Pi support? In-Reply-To: <4F303318.30202@siddall.name> References: <1328471350.5007.84.camel@localhost.localdomain> <4F303318.30202@siddall.name> Message-ID: <4F3485E1.5070409@siddall.name> On 02/06/2012 03:07 PM, Jeff Siddall wrote: > On 02/06/2012 10:53 AM, Dean Jones wrote: >> Are these for sale yet? >> >> Last I checked they were not available just yet. > > Nope, but apparently they started manufacturing now so I suspect they > will be soon. February 20th supposedly: http://www.raspberrypi.org/archives/615 Although I am sure quantities will be limited initially so getting one could still be difficult. Jeff From news at siddall.name Fri Feb 10 03:25:51 2012 From: news at siddall.name (Jeff Siddall) Date: Thu, 09 Feb 2012 22:25:51 -0500 Subject: [K12OSN] SOLVED: Unable to print to thin client attached printer In-Reply-To: <1222157183.42375.1325949697155.JavaMail.open-xchange@email.1and1.com References: <1222157183.42375.1325949697155.JavaMail.open-xchange@email.1and1.com Message-ID: <4F348E3F.4010802@siddall.name> On 01/07/2012 10:21 AM, dmarkovich at drmcs.com wrote: > Hello, > > I have installed K12Linux on Centos 6.2 per K12Linux Server Install Guide. > Using EL6-based i686 chroot. > > Have not been able to print to a client attached printer with cups. > I can print to a direct jet printer attached to the switch on the 1st > nic card ( non client network-168.192.1. ) > Thin clients are on the second nic (172.31.100. ) Yup. Confirmed. Printing busted in SL6.1 client also. The problem seemed to be with the jetpipe app. When I try to manually run it on the client I get: -bash-4.1# /usr/bin/python /usr/sbin/jetpipe -b 9600 -y 8 -p none -x /dev/usblp0 9100 Traceback (most recent call last): File "/usr/sbin/jetpipe", line 45, in import daemon ImportError: No module named daemon However, installing python-daemon in the chroot (part of the epel repo) seems to have solved it. Looks like the ltsp-client package has a missing dependency. Warren, if you are still monitoring this list can you update the dependencies on the ltsp-client package? Thanks, Jeff From jmalone at nrao.edu Fri Feb 10 14:12:10 2012 From: jmalone at nrao.edu (Josh Malone) Date: Fri, 10 Feb 2012 09:12:10 -0500 Subject: [K12OSN] tftp respawning In-Reply-To: <1328830755.5007.191.camel@localhost.localdomain> References: <1328830755.5007.191.camel@localhost.localdomain> Message-ID: <6e6b73333d0d652a59aeded78ba0cd69@nrao.edu> On 09.02.2012 18:39, Barry R Cisna wrote: > When I start the virtual pxeclient it gets an ip address and stalls > out > at loading pxe. > When running 'tail -f /var/log/messages ' I continually see "Starting > tftp" followed by "tftp exiting" (with another pid #,incremented up) > about every 10 secs. This will continue until I power down the > virtual > pxeclient,then the message quits. > Anyone have any ideas? I think that what you are seeing in the logs is the normal result of tftp being spawned by xinetd each time the virtual pxe-client attempts to download its files. You may need to increase the verbosity of your logs (add '-v' to server_args in xinetd's tftp config) to find out what it's trying to download and why it's not succeeding. Trying from a hardware (non-virtual) PXE client may yield better results. -Josh -- --------------------------------------------------------- Joshua Malone Systems Administrator (jmalone at nrao.edu) NRAO Charlottesville 434-296-0263 www.nrao.edu 434-249-5699 (mobile) BOFH excuse #364: Sand fleas eating the Internet cables --------------------------------------------------------- From lichtemi at mtwp.net Fri Feb 10 14:14:44 2012 From: lichtemi at mtwp.net (Mike Lichtenwalner) Date: Fri, 10 Feb 2012 09:14:44 -0500 Subject: [K12OSN] Remote support software Message-ID: <4F34E004020000B500011A29@cal.mtwp.net> Hi All, We are a K12 district which has been offering a small selection of virtual classes to our high school students for several years. The classes are created/delivered using OSS - Moodle, OpenOffice, etc. We would like to be able to offer our students remote support at home if they need it. Does anyone know of a product that meets the following criteria: - Open source - Cross platform (Windows, Mac, Linux) for the teacher and student - "Client-less" (Ideally, the student would visit a website to initiate the remote support session - NO chance of an adult accessing the student's computer without his/her knowledge.) Any and all suggestions are welcome! Thanks! Mike __________________________________ Mike Lichtenwalner Coordinator of Technical Services Manheim Township School District Lancaster, PA From jim.kinney at gmail.com Fri Feb 10 15:00:46 2012 From: jim.kinney at gmail.com (Jim Kinney) Date: Fri, 10 Feb 2012 10:00:46 -0500 Subject: [K12OSN] Remote support software In-Reply-To: <4F34E004020000B500011A29@cal.mtwp.net> References: <4F34E004020000B500011A29@cal.mtwp.net> Message-ID: By "support" do you mean "support of computer operations" like how to do something in OpenOffice? So a student would hit a web page to request help and a support person can then remotely see/controll their desktop? In short, client-less and cross platform is an oxymoron. Each system will require it's own method to share desktop bits. On Fri, Feb 10, 2012 at 9:14 AM, Mike Lichtenwalner wrote: > Hi All, > > We are a K12 district which has been offering a small selection of virtual > classes to our high school students for several years. The classes are > created/delivered using OSS - Moodle, OpenOffice, etc. We would like to be > able to offer our students remote support at home if they need it. Does > anyone know of a product that meets the following criteria: > > - Open source > - Cross platform (Windows, Mac, Linux) for the teacher and student > - "Client-less" (Ideally, the student would visit a website to initiate > the remote support session - NO chance of an adult accessing the student's > computer without his/her knowledge.) > > Any and all suggestions are welcome! > > Thanks! > Mike > > > __________________________________ > Mike Lichtenwalner > Coordinator of Technical Services > Manheim Township School District > Lancaster, PA > > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > -- -- James P. Kinney III As long as the general population is passive, apathetic, diverted to consumerism or hatred of the vulnerable, then the powerful can do as they please, and those who survive will be left to contemplate the outcome. - *2011 Noam Chomsky http://heretothereideas.blogspot.com/ * -------------- next part -------------- An HTML attachment was scrubbed... URL: From lichtemi at mtwp.net Fri Feb 10 15:14:42 2012 From: lichtemi at mtwp.net (Mike Lichtenwalner) Date: Fri, 10 Feb 2012 10:14:42 -0500 Subject: [K12OSN] Remote support software In-Reply-To: References: <4F34E004020000B500011A29@cal.mtwp.net> Message-ID: <4F34EE12020000B500011A86@cal.mtwp.net> Yes, that is the definition of support I am using. I understand that client-less is impossible. My hope is that the client would install automatically in the background so that students would not need to visit one site to download/install a client, then launch the client and verbally provide a pin of some kind to allow the teacher/tech to access the computer. The workflow I'm hoping for is: - Student visits a website. - Student clicks a link to initiate a support session. - Client downloads, installs, launches, and asks if it is OK to allow the teacher/tech to control the computer. Maybe this is just a dream...:-) >>> On 2/10/2012 at 10:00 AM, Jim Kinney wrote: > By "support" do you mean "support of computer operations" like how to do > something in OpenOffice? So a student would hit a web page to request help > and a support person can then remotely see/controll their desktop? > > In short, client-less and cross platform is an oxymoron. Each system will > require it's own method to share desktop bits. > > On Fri, Feb 10, 2012 at 9:14 AM, Mike Lichtenwalner wrote: > > > Hi All, > > > > We are a K12 district which has been offering a small selection of virtual > > classes to our high school students for several years. The classes are > > created/delivered using OSS - Moodle, OpenOffice, etc. We would like to be > > able to offer our students remote support at home if they need it. Does > > anyone know of a product that meets the following criteria: > > > > - Open source > > - Cross platform (Windows, Mac, Linux) for the teacher and student > > - "Client-less" (Ideally, the student would visit a website to initiate > > the remote support session - NO chance of an adult accessing the student's > > computer without his/her knowledge.) > > > > Any and all suggestions are welcome! > > > > Thanks! > > Mike > > > > > > __________________________________ > > Mike Lichtenwalner > > Coordinator of Technical Services > > Manheim Township School District > > Lancaster, PA > > > > > > > > _______________________________________________ > > K12OSN mailing list > > K12OSN at redhat.com > > https://www.redhat.com/mailman/listinfo/k12osn > > For more info see > > > > > > -- > -- > James P. Kinney III > > As long as the general population is passive, apathetic, diverted to > consumerism or hatred of the vulnerable, then the powerful can do as they > please, and those who survive will be left to contemplate the outcome. > - *2011 Noam Chomsky > > http://heretothereideas.blogspot.com/ > * > From jim.kinney at gmail.com Fri Feb 10 15:26:53 2012 From: jim.kinney at gmail.com (Jim Kinney) Date: Fri, 10 Feb 2012 10:26:53 -0500 Subject: [K12OSN] Remote support software In-Reply-To: <4F34EE12020000B500011A86@cal.mtwp.net> References: <4F34E004020000B500011A29@cal.mtwp.net> <4F34EE12020000B500011A86@cal.mtwp.net> Message-ID: OK. Dream bordering on hallucinations! The only cross-platform client will be vnc-based. It does support a permission to remote enter option. Getting a kid to use a download and install this app will never work because if the child can already do that, you've found out the beginning of the problem with their machine :-) I would look at providing a web-based vm/thin-client for them to do their school sanctioned work with. On Fri, Feb 10, 2012 at 10:14 AM, Mike Lichtenwalner wrote: > Yes, that is the definition of support I am using. > > I understand that client-less is impossible. My hope is that the client > would install automatically in the background so that students would not > need to visit one site to download/install a client, then launch the client > and verbally provide a pin of some kind to allow the teacher/tech to access > the computer. The workflow I'm hoping for is: > > - Student visits a website. > - Student clicks a link to initiate a support session. > - Client downloads, installs, launches, and asks if it is OK to allow the > teacher/tech to control the computer. > > Maybe this is just a dream...:-) > > > > >>> On 2/10/2012 at 10:00 AM, Jim Kinney wrote: > > By "support" do you mean "support of computer operations" like how to do > > something in OpenOffice? So a student would hit a web page to request > help > > and a support person can then remotely see/controll their desktop? > > > > In short, client-less and cross platform is an oxymoron. Each system will > > require it's own method to share desktop bits. > > > > On Fri, Feb 10, 2012 at 9:14 AM, Mike Lichtenwalner >wrote: > > > > > Hi All, > > > > > > We are a K12 district which has been offering a small selection of > virtual > > > classes to our high school students for several years. The classes are > > > created/delivered using OSS - Moodle, OpenOffice, etc. We would like > to be > > > able to offer our students remote support at home if they need it. Does > > > anyone know of a product that meets the following criteria: > > > > > > - Open source > > > - Cross platform (Windows, Mac, Linux) for the teacher and student > > > - "Client-less" (Ideally, the student would visit a website to > initiate > > > the remote support session - NO chance of an adult accessing the > student's > > > computer without his/her knowledge.) > > > > > > Any and all suggestions are welcome! > > > > > > Thanks! > > > Mike > > > > > > > > > __________________________________ > > > Mike Lichtenwalner > > > Coordinator of Technical Services > > > Manheim Township School District > > > Lancaster, PA > > > > > > > > > > > > _______________________________________________ > > > K12OSN mailing list > > > K12OSN at redhat.com > > > https://www.redhat.com/mailman/listinfo/k12osn > > > For more info see > > > > > > > > > > > -- > > -- > > James P. Kinney III > > > > As long as the general population is passive, apathetic, diverted to > > consumerism or hatred of the vulnerable, then the powerful can do as they > > please, and those who survive will be left to contemplate the outcome. > > - *2011 Noam Chomsky > > > > http://heretothereideas.blogspot.com/ > > * > > > > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > -- -- James P. Kinney III As long as the general population is passive, apathetic, diverted to consumerism or hatred of the vulnerable, then the powerful can do as they please, and those who survive will be left to contemplate the outcome. - *2011 Noam Chomsky http://heretothereideas.blogspot.com/ * -------------- next part -------------- An HTML attachment was scrubbed... URL: From DLWillson at TheGeek.NU Fri Feb 10 17:04:53 2012 From: DLWillson at TheGeek.NU (David L. Willson) Date: Fri, 10 Feb 2012 10:04:53 -0700 (MST) Subject: [K12OSN] Remote support software In-Reply-To: Message-ID: I've used Yugma, WebEx, RDP, and many sorts of VNC-based solution for remote support. Each one has advantages and disadvantages. In my opinion, the one closest to the sweet-spot between ease-of-use, installation, features, cost, and platform freedom, is Yugma. The price of WebEx gives me rage. The lack of platform-independence of RDP gives me rage. The wild and hairy world of VNC'ish solutions gives me rage. With Yugma, the only thing that's hairy is the initial install. The rest is bliss. David L. Willson Trainer, Engineer, Enthusiast RHCE MCT MCSE Network+ A+ Linux+ LPIC-1 NovellCLA UbuntuCP tel://720.333.LANS Freedom is better when you earn it. Learn Linux. ----- Original Message ----- > OK. Dream bordering on hallucinations! > The only cross-platform client will be vnc-based. It does support a > permission to remote enter option. Getting a kid to use a download > and install this app will never work because if the child can > already do that, you've found out the beginning of the problem with > their machine :-) > I would look at providing a web-based vm/thin-client for them to do > their school sanctioned work with. > On Fri, Feb 10, 2012 at 10:14 AM, Mike Lichtenwalner < > lichtemi at mtwp.net > wrote: > > Yes, that is the definition of support I am using. > > > I understand that client-less is impossible. My hope is that the > > client would install automatically in the background so that > > students would not need to visit one site to download/install a > > client, then launch the client and verbally provide a pin of some > > kind to allow the teacher/tech to access the computer. The workflow > > I'm hoping for is: > > > - Student visits a website. > > > - Student clicks a link to initiate a support session. > > > - Client downloads, installs, launches, and asks if it is OK to > > allow > > the teacher/tech to control the computer. > > > Maybe this is just a dream...:-) > > > >>> On 2/10/2012 at 10:00 AM, Jim Kinney < jim.kinney at gmail.com > > > >>> wrote: > > > > By "support" do you mean "support of computer operations" like > > > how > > > to do > > > > something in OpenOffice? So a student would hit a web page to > > > request help > > > > and a support person can then remotely see/controll their > > > desktop? > > > > > > > > In short, client-less and cross platform is an oxymoron. Each > > > system will > > > > require it's own method to share desktop bits. > > > > > > > > On Fri, Feb 10, 2012 at 9:14 AM, Mike Lichtenwalner < > > > lichtemi at mtwp.net >wrote: > > > > > > > > > Hi All, > > > > > > > > > > We are a K12 district which has been offering a small selection > > > > of virtual > > > > > classes to our high school students for several years. The > > > > classes are > > > > > created/delivered using OSS - Moodle, OpenOffice, etc. We would > > > > like to be > > > > > able to offer our students remote support at home if they need > > > > it. Does > > > > > anyone know of a product that meets the following criteria: > > > > > > > > > > - Open source > > > > > - Cross platform (Windows, Mac, Linux) for the teacher and > > > > student > > > > > - "Client-less" (Ideally, the student would visit a website to > > > > initiate > > > > > the remote support session - NO chance of an adult accessing > > > > the > > > > student's > > > > > computer without his/her knowledge.) > > > > > > > > > > Any and all suggestions are welcome! > > > > > > > > > > Thanks! > > > > > Mike > > > > > > > > > > > > > > > __________________________________ > > > > > Mike Lichtenwalner > > > > > Coordinator of Technical Services > > > > > Manheim Township School District > > > > > Lancaster, PA > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > K12OSN mailing list > > > > > K12OSN at redhat.com > > > > > https://www.redhat.com/mailman/listinfo/k12osn > > > > > For more info see < http://www.k12os.org > > > > > > > > > > > > > > > > > > > > > > -- > > > > -- > > > > James P. Kinney III > > > > > > > > As long as the general population is passive, apathetic, diverted > > > to > > > > consumerism or hatred of the vulnerable, then the powerful can do > > > as they > > > > please, and those who survive will be left to contemplate the > > > outcome. > > > > - *2011 Noam Chomsky > > > > > > > > http://heretothereideas.blogspot.com/ > > > > * > > > > > > > _______________________________________________ > > > K12OSN mailing list > > > K12OSN at redhat.com > > > https://www.redhat.com/mailman/listinfo/k12osn > > > For more info see < http://www.k12os.org > > > -- > -- > James P. Kinney III > As long as the general population is passive, apathetic, diverted to > consumerism or hatred of the vulnerable, then the powerful can do as > they please, and those who survive will be left to contemplate the > outcome. > - 2011 Noam Chomsky > http://heretothereideas.blogspot.com/ > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see -------------- next part -------------- An HTML attachment was scrubbed... URL: From k12ltsp at rwcinc.net Fri Feb 10 23:12:35 2012 From: k12ltsp at rwcinc.net (Patrick Fleming) Date: Fri, 10 Feb 2012 16:12:35 -0700 Subject: [K12OSN] Remote support software In-Reply-To: References: Message-ID: <4F35A463.9010000@rwcinc.net> I recently ran across Teamviewer: http://www.teamviewer.com/en/index.aspx It is cross-platform and dead simple to use. Yes, the student has to give you the ID and PIN. Free for non-commercial use, not open-source. It's what I use when I don't have complete control over the end system. On 02/10/12 10:04, David L. Willson wrote: > I've used Yugma, WebEx, RDP, and many sorts of VNC-based solution for remote support. Each one has advantages and disadvantages. In my opinion, the one closest to the sweet-spot between ease-of-use, installation, features, cost, and platform freedom, is Yugma. The price of WebEx gives me rage. The lack of platform-independence of RDP gives me rage. The wild and hairy world of VNC'ish solutions gives me rage. With Yugma, the only thing that's hairy is the initial install. The rest is bliss. > > David L. Willson > Trainer, Engineer, Enthusiast > RHCE MCT MCSE Network+ A+ Linux+ LPIC-1 NovellCLA UbuntuCP > tel://720.333.LANS > Freedom is better when you earn it. Learn Linux. > > ----- Original Message ----- > >> OK. Dream bordering on hallucinations! > >> The only cross-platform client will be vnc-based. It does support a >> permission to remote enter option. Getting a kid to use a download >> and install this app will never work because if the child can >> already do that, you've found out the beginning of the problem with >> their machine :-) > >> I would look at providing a web-based vm/thin-client for them to do >> their school sanctioned work with. > >> On Fri, Feb 10, 2012 at 10:14 AM, Mike Lichtenwalner < >> lichtemi at mtwp.net > wrote: > >>> Yes, that is the definition of support I am using. >> > >>> I understand that client-less is impossible. My hope is that the >>> client would install automatically in the background so that >>> students would not need to visit one site to download/install a >>> client, then launch the client and verbally provide a pin of some >>> kind to allow the teacher/tech to access the computer. The workflow >>> I'm hoping for is: >> > >>> - Student visits a website. >> >>> - Student clicks a link to initiate a support session. >> >>> - Client downloads, installs, launches, and asks if it is OK to >>> allow >>> the teacher/tech to control the computer. >> > >>> Maybe this is just a dream...:-) >> > >>>>>> On 2/10/2012 at 10:00 AM, Jim Kinney < jim.kinney at gmail.com > >>>>>> wrote: >> >>>> By "support" do you mean "support of computer operations" like >>>> how >>>> to do >> >>>> something in OpenOffice? So a student would hit a web page to >>>> request help >> >>>> and a support person can then remotely see/controll their >>>> desktop? >> >>>> >> >>>> In short, client-less and cross platform is an oxymoron. Each >>>> system will >> >>>> require it's own method to share desktop bits. >> >>>> >> >>>> On Fri, Feb 10, 2012 at 9:14 AM, Mike Lichtenwalner < >>>> lichtemi at mtwp.net >wrote: >> >>>> >> >>>>> Hi All, >> >>>>> >> >>>>> We are a K12 district which has been offering a small selection >>>>> of virtual >> >>>>> classes to our high school students for several years. The >>>>> classes are >> >>>>> created/delivered using OSS - Moodle, OpenOffice, etc. We would >>>>> like to be >> >>>>> able to offer our students remote support at home if they need >>>>> it. Does >> >>>>> anyone know of a product that meets the following criteria: >> >>>>> >> >>>>> - Open source >> >>>>> - Cross platform (Windows, Mac, Linux) for the teacher and >>>>> student >> >>>>> - "Client-less" (Ideally, the student would visit a website to >>>>> initiate >> >>>>> the remote support session - NO chance of an adult accessing >>>>> the >>>>> student's >> >>>>> computer without his/her knowledge.) >> >>>>> >> >>>>> Any and all suggestions are welcome! >> >>>>> >> >>>>> Thanks! >> >>>>> Mike >> >>>>> >> >>>>> >> >>>>> __________________________________ >> >>>>> Mike Lichtenwalner >> >>>>> Coordinator of Technical Services >> >>>>> Manheim Township School District >> >>>>> Lancaster, PA >> >>>>> >> >>>>> >> >>>>> >> >>>>> _______________________________________________ >> >>>>> K12OSN mailing list >> >>>>> K12OSN at redhat.com >> >>>>> https://www.redhat.com/mailman/listinfo/k12osn >> >>>>> For more info see < http://www.k12os.org > >> >>>>> >> >>>> >> >>>> >> >>>> >> >>>> -- >> >>>> -- >> >>>> James P. Kinney III >> >>>> >> >>>> As long as the general population is passive, apathetic, diverted >>>> to >> >>>> consumerism or hatred of the vulnerable, then the powerful can do >>>> as they >> >>>> please, and those who survive will be left to contemplate the >>>> outcome. >> >>>> - *2011 Noam Chomsky >> >>>> >> >>>> http://heretothereideas.blogspot.com/ >> >>>> * >> > >>>> >> > >>> _______________________________________________ >> >>> K12OSN mailing list >> >>> K12OSN at redhat.com >> >>> https://www.redhat.com/mailman/listinfo/k12osn >> >>> For more info see < http://www.k12os.org > >> > >> -- >> -- >> James P. Kinney III > >> As long as the general population is passive, apathetic, diverted to >> consumerism or hatred of the vulnerable, then the powerful can do as >> they please, and those who survive will be left to contemplate the >> outcome. >> - 2011 Noam Chomsky > >> http://heretothereideas.blogspot.com/ > >> _______________________________________________ >> K12OSN mailing list >> K12OSN at redhat.com >> https://www.redhat.com/mailman/listinfo/k12osn >> For more info see >> >> >> _______________________________________________ >> K12OSN mailing list >> K12OSN at redhat.com >> https://www.redhat.com/mailman/listinfo/k12osn >> For more info see From brcisna at eazylivin.net Fri Feb 10 23:33:15 2012 From: brcisna at eazylivin.net (Barry R Cisna) Date: Fri, 10 Feb 2012 17:33:15 -0600 Subject: [K12OSN] Remote support software Message-ID: <1328916795.5007.205.camel@localhost.localdomain> Mike, BigBlueButton This piece is fairly easy to setup now. It has come a long ways in the last two years. if you want a total solution for what you are requesting,I would say this is the best i have seen. I am out in the sticks,though! And of course,,it HAS to be free,,Ya! It does work very fast now that many refinements have been made. The downside is you mostly need a dedicated server for this piece. We do run this as a VM and works fine on a decent server,too! http://www.bigbluebutton.org/ Take Care, Barry From brcisna at eazylivin.net Sat Feb 11 12:48:03 2012 From: brcisna at eazylivin.net (Barry R Cisna) Date: Sat, 11 Feb 2012 06:48:03 -0600 Subject: [K12OSN] tftp respawning Message-ID: <1328964483.5007.213.camel@localhost.localdomain> *SOLVED* Just for completeness I wanted to post that the tftp what appeared to be respawning with client hanged at loading ,,,pxelinux line. I had to hand edit the xinetd/tfpt config file to /var/lib/tftpboot dir. In the server_args line I had the -s switch which was in the older centos 5 config. After removing the -s switch ,the virtual pxeclient booted up as expected. Also adding, in VirtualBox the only nic I could find that would emulate pxe boot was the PCIfast II card. This work as expected for pxe booting. Take Care, Barry From redbranchwarrior at gmail.com Sun Feb 12 19:18:06 2012 From: redbranchwarrior at gmail.com (Matthew Carter) Date: Sun, 12 Feb 2012 14:18:06 -0500 Subject: [K12OSN] XFCE4 Message-ID: Has anyone had any luck in using XFCE as the desktop on their LTSP server? I'm having issues with the clients allowing logins. As soon as I type the username and password, the login screen respawns. I'm using XFCE4 with GDM on the server and I'm assuming the client doesn't have the correct packages to support. When I chroot in to /opt/ltsp/i386, I am unable to update the image with XFCE packages. When I run this with the default Gnome WM and Desktop, it works fine, but this I am trying to conserve memory. Any luck with any other alternate DM's or Desktops? Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: From brcisna at eazylivin.net Mon Feb 13 02:45:32 2012 From: brcisna at eazylivin.net (Barry R Cisna) Date: Sun, 12 Feb 2012 20:45:32 -0600 Subject: [K12OSN] XFCE4 Message-ID: <1329101132.5007.254.camel@localhost.localdomain> Matthew, After trying to do an TC login with XFCE4 desktop,could you copy/paste the last about 50 lines of 'messages' on the ltsp server? Does XFCE actually show up,,,,in the options part at the gnome login box? Try logging into your terminal with KDE as desktop,,and see if you get logged out immediately Also look in server logs for the X11 error.log as well. What error are you getting when trying to chroot to ltsp dir,,,and rebuild image there? BC From ascensiontech at gmail.com Tue Feb 14 00:53:53 2012 From: ascensiontech at gmail.com (Peter Hartmann) Date: Mon, 13 Feb 2012 19:53:53 -0500 Subject: [K12OSN] OT: free hardware Message-ID: Hey LTSPers, If anyone in the NYC area would like to pickup 30 towers best suited for LTSP 4.2 and 18 Dell CRTs (speakers built-in) please contact me. Thanks, sorry for the OT, Peter From william at fragakis.com Wed Feb 15 23:19:53 2012 From: william at fragakis.com (William Fragakis) Date: Wed, 15 Feb 2012 18:19:53 -0500 Subject: [K12OSN] SL 6.2 released In-Reply-To: References: Message-ID: <1329347993.14394.649.camel@server.ltsp> I'm on digest mode so sorry if this is a duplicate. SL 6.2 (final) was released this afternoon. http://www.scientificlinux.org/distributions/6x/62/ Regards, William From redbranchwarrior at gmail.com Thu Feb 16 01:44:20 2012 From: redbranchwarrior at gmail.com (Matthew Carter) Date: Wed, 15 Feb 2012 20:44:20 -0500 Subject: [K12OSN] XFCE4 In-Reply-To: <1329101132.5007.254.camel@localhost.localdomain> References: <1329101132.5007.254.camel@localhost.localdomain> Message-ID: <4F3C5F74.2030702@gmail.com> Sorry about the delay in the response, busy at work and home . . . I think I may have figured out the issue. I had ssh set to an alternate port instead of 22 and it was also limited by username. Once I set that back to the standard port and removed the user limitation, it allowed me to login. I think I'm going to run the communications unencrypted for better speed anyway. Once I logged in to the TC, I only saw the background. I then chrooted on the server to /opt/ltsp/i386 and did a "yum install xfce-panel" and then rebooted the TC. It came up perfectly. Thanks! On 2/12/2012 9:45 PM, Barry R Cisna wrote: > Matthew, > > After trying to do an TC login with XFCE4 desktop,could you > copy/paste the last about 50 lines of 'messages' on the ltsp server? > Does XFCE actually show up,,,,in the options part at the gnome login > box? > Try logging into your terminal with KDE as desktop,,and see if you get > logged out immediately > Also look in server logs for the X11 error.log as well. > > What error are you getting when trying to chroot to ltsp dir,,,and > rebuild image there? > > BC > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see From brcisna at eazylivin.net Sun Feb 19 23:24:36 2012 From: brcisna at eazylivin.net (Barry R Cisna) Date: Sun, 19 Feb 2012 17:24:36 -0600 Subject: [K12OSN] ltsp5 update image Message-ID: <1329693876.5007.313.camel@localhost.localdomain> Hello All, Just wanted to share this with the fellow boarders here. After setting up two new ltsp5 CentOS 6 / SL 6.1 servers,I experienced something somewhat odd. After doing some TC testing before putting these two new servers into the wild in our school setting, This is after doing a couple days worth of CentOS repos updates, FYI. I usually go by the rule, "Let a sleeping dog lie", in regards to getting caught up in the updates revolving door,,but decided to keep these two boxes updated out of the box. My VM pxeclient would boot fine as long as I was using the default ltspbr0 interface. If I switched to my hand configured eth0 interface ,along with the corresponding dhcpd.conf file the same VM pxeclient would boot fine,,,but when getting to a login screen the TC would hang for about 30-45 seconds then would see the "response from server,restarting" thing. This happened every time. After of course Googling found that doing the two following commands was the fix for this. I thought to myself,,,no way will this cure this deal! ltsp-update-sshkeys ltsp-update-image Reboot the TC. Now on the eth0 interface (along with the ltspbr0 interface) the TC's logs in fine. Don't have a clue what this combo is but this did in fact cure the problem. Take Care, BC From jim.kinney at gmail.com Mon Feb 20 13:12:53 2012 From: jim.kinney at gmail.com (Jim Kinney) Date: Mon, 20 Feb 2012 08:12:53 -0500 Subject: [K12OSN] ltsp5 update image In-Reply-To: <1329693876.5007.313.camel@localhost.localdomain> References: <1329693876.5007.313.camel@localhost.localdomain> Message-ID: With the ssh keys, changing the ip or the name of the key, the server end, will cause the connecting client to think a man in the middle attack is on going. So the ltsp-update-sshkeys changes the stored keys sent to the clients to match the the new source connection. Tho other command puts the new data into the client image. On Feb 19, 2012 6:26 PM, "Barry R Cisna" wrote: > Hello All, > > Just wanted to share this with the fellow boarders here. > After setting up two new ltsp5 CentOS 6 / SL 6.1 servers,I experienced > something somewhat odd. > After doing some TC testing before putting these two new servers into > the wild in our school setting, > This is after doing a couple days worth of CentOS repos updates, FYI. I > usually go by the rule, "Let a sleeping dog lie", in regards to getting > caught up in the updates revolving door,,but decided to keep these two > boxes updated out of the box. > > My VM pxeclient would boot fine as long as I was using the default > ltspbr0 interface. If I switched to my hand configured eth0 > interface ,along with the corresponding dhcpd.conf file the same VM > pxeclient would boot fine,,,but when getting to a login screen the TC > would hang for about 30-45 seconds then would see the "response from > server,restarting" thing. This happened every time. > After of course Googling found that doing the two following commands was > the fix for this. > I thought to myself,,,no way will this cure this deal! > > ltsp-update-sshkeys > ltsp-update-image > > Reboot the TC. > Now on the eth0 interface (along with the ltspbr0 interface) the TC's > logs in fine. > Don't have a clue what this combo is but this did in fact cure the > problem. > > Take Care, > BC > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > -------------- next part -------------- An HTML attachment was scrubbed... URL: From cisna-barry at wc235.k12.il.us Tue Feb 21 19:51:45 2012 From: cisna-barry at wc235.k12.il.us (Barry Cisna) Date: Tue, 21 Feb 2012 13:51:45 -0600 Subject: [K12OSN] ltsp5 update image Message-ID: <1329853905.11168.2.camel@wc19.wc235> Jim, This makes perfect sense. On this motherboard after doing the initial install of Centos 6 and SL6 I had to add a third nice as one of the two onboard nics fails to work. This happened on two identical boards. So hence the 'third' nic is supplying the TC's. Thank You, BC From cisna-barry at wc235.k12.il.us Wed Feb 22 12:10:49 2012 From: cisna-barry at wc235.k12.il.us (Barry Cisna) Date: Wed, 22 Feb 2012 06:10:49 -0600 Subject: [K12OSN] Two onboard nics, one works ,one doesnt. Message-ID: <1329912649.3786.1.camel@wc19.wc235> Hello All, Just wanted to share this. Our school purchased two new 1u servers. These two mobos have two realtek8111/8168b integrated nics. Long story short on each of the two boards eth0 works fine and eth1 does not work at all. I have been down the road of using ethtool to try and force link speeds etc. After Googling this has been a problem on Fedora and Centos for almost two years. i have not found a definitive fix. I ended up putting in each an pci nic to get them into production. Probably should have returned both servers but I had them all loaded up with what I thought was going to be a working setup,,until running into the second nic dead snafoo. Take Care, BC From cisna-barry at wc235.k12.il.us Wed Feb 22 12:19:50 2012 From: cisna-barry at wc235.k12.il.us (Barry Cisna) Date: Wed, 22 Feb 2012 06:19:50 -0600 Subject: [K12OSN] SL 6 no cmov support in kernel Message-ID: <1329913190.3786.7.camel@wc19.wc235> Hello All, Just wanted to report this somewhat unknown non-available feature in default kernel in SL6. When trying to boot the Ebox 2300 TC's we have we receive this when PXE starts to run on the TC and then stops. "This kernel requires the following features not present on the cpu. cmov". I have found several reports somewhat similar in nature only the error is no PAE support in kernel. Take Care, BC From william at fragakis.com Wed Feb 22 17:56:57 2012 From: william at fragakis.com (William Fragakis) Date: Wed, 22 Feb 2012 12:56:57 -0500 Subject: [K12OSN] SL 6 no cmov support in kernel In-Reply-To: References: Message-ID: <1329933417.24166.42.camel@server.ltsp> Barry, Are you sure it's not an i686 issue? Have you tried the F11 kernel for the client? F11 was the last i386 compliant Fedora version. http://askubuntu.com/questions/5807/what-is-the-significance-of-the-cmov-cpu-instruction regards, William On Wed, 2012-02-22 at 12:00 -0500, k12osn-request at redhat.com wrote: > Date: Wed, 22 Feb 2012 06:19:50 -0600 > From: Barry Cisna > To: K12LTSP Mailing List > Subject: [K12OSN] SL 6 no cmov support in kernel > Message-ID: <1329913190.3786.7.camel at wc19.wc235> > Content-Type: text/plain; charset="UTF-8" > > Hello All, > > Just wanted to report this somewhat unknown non-available feature in > default kernel in SL6. When trying to boot the Ebox 2300 TC's we have > we > receive this when PXE starts to run on the TC and then stops. > "This kernel requires the following features not present on the cpu. > cmov". > > I have found several reports somewhat similar in nature only the error > is no PAE support in kernel. > > Take Care, > BC > > From news at siddall.name Wed Feb 22 20:42:12 2012 From: news at siddall.name (Jeff Siddall) Date: Wed, 22 Feb 2012 15:42:12 -0500 Subject: [K12OSN] SL 6 no cmov support in kernel In-Reply-To: <1329913190.3786.7.camel@wc19.wc235> References: <1329913190.3786.7.camel@wc19.wc235> Message-ID: <4F455324.4000606@siddall.name> On 02/22/2012 07:19 AM, Barry Cisna wrote: > Hello All, > > Just wanted to report this somewhat unknown non-available feature in > default kernel in SL6. When trying to boot the Ebox 2300 TC's we have we > receive this when PXE starts to run on the TC and then stops. > "This kernel requires the following features not present on the cpu. > cmov". Actually it is the other way around. The i686 kernel uses the cmov instruction which the the CPU doesn't have. This means your CPU probably isn't at least a i686 (ex: old Via Samuel cores etc.) Old distributions that have old i386 or possibly i586 kernels are probably your best bet if you need to support the hardware. Jeff From kent at structural-wood.com Wed Feb 22 21:16:52 2012 From: kent at structural-wood.com (Kent Schumacher) Date: Wed, 22 Feb 2012 15:16:52 -0600 Subject: [K12OSN] SL 6 no cmov support in kernel In-Reply-To: References: <1329913190.3786.7.camel@wc19.wc235> Message-ID: <4F455B44.50303@structural-wood.com> On 02/22/2012 02:52 PM, Support list for open source software in schools. wrote: > On 02/22/2012 07:19 AM, Barry Cisna wrote: >> Hello All, >> >> Just wanted to report this somewhat unknown non-available feature in >> default kernel in SL6. When trying to boot the Ebox 2300 TC's we have we >> receive this when PXE starts to run on the TC and then stops. >> "This kernel requires the following features not present on the cpu. >> cmov". > > Actually it is the other way around. The i686 kernel uses the cmov > instruction which the the CPU doesn't have. This means your CPU probably > isn't at least a i686 (ex: old Via Samuel cores etc.) > > Old distributions that have old i386 or possibly i586 kernels are > probably your best bet if you need to support the hardware. > > Jeff > ltsp-build-client --release 11 will create an LTSP client setup that can boot older i386 terminals. From cisna-barry at wc235.k12.il.us Thu Feb 23 12:57:59 2012 From: cisna-barry at wc235.k12.il.us (Barry Cisna) Date: Thu, 23 Feb 2012 06:57:59 -0600 Subject: [K12OSN] SL 6 no cmov support in kernel Message-ID: <1330001879.18255.5.camel@wc19.wc235> Jeff, Yep,You are right. After I posted this I realized I had the fact reversed. These little Ebox's are the cat's meow,and I'd like to make these usable on SL 6.1. This is what i use personally. I have had the same Ebox for 11 years! I would think someone much smarter than I can compile a kmod module to hang onto the existing running kernel to make the old school processors seem 'acceptable' to the kernel after the kmod is loaded? I may delve into running two client chroots( for the older machines),,although I'd like to stay away from this as I am sure it will involve behind the scene's snafoos. Thanks, Barry From jim.kinney at gmail.com Thu Feb 23 13:28:32 2012 From: jim.kinney at gmail.com (Jim Kinney) Date: Thu, 23 Feb 2012 08:28:32 -0500 Subject: [K12OSN] SL 6 no cmov support in kernel In-Reply-To: <1330001879.18255.5.camel@wc19.wc235> References: <1330001879.18255.5.camel@wc19.wc235> Message-ID: With old (really old!) hardware, it's not about adding a module, it's about having a kernel that doesn't require modern hardware. Basically, there are certain hardware features that are not in your cpu (cmov commands) so you need a kernel that is older and will not be looking for it. I have not seen a kernel module that can emulate missing cpu capabilities. So you will need an _old_ real i386 kernel and that will require all the supporting libs to be compatible. Thus you'll need two chroots and a mechanism to point clients appropriately. As you know the MAC addresses, you can group them in dhcpd.conf and point them to the correct chroots that way. On Thu, Feb 23, 2012 at 7:57 AM, Barry Cisna wrote: > Jeff, > > Yep,You are right. After I posted this I realized I had the fact > reversed. > These little Ebox's are the cat's meow,and I'd like to make these usable > on SL 6.1. This is what i use personally. I have had the same Ebox for > 11 years! I would think someone much smarter than I can compile a kmod > module to hang onto the existing running kernel to make the old school > processors seem 'acceptable' to the kernel after the kmod is loaded? > > I may delve into running two client chroots( for the older > machines),,although I'd like to stay away from this as I am sure it will > involve behind the scene's snafoos. > > Thanks, > Barry > > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > -- -- James P. Kinney III As long as the general population is passive, apathetic, diverted to consumerism or hatred of the vulnerable, then the powerful can do as they please, and those who survive will be left to contemplate the outcome. - *2011 Noam Chomsky http://heretothereideas.blogspot.com/ * -------------- next part -------------- An HTML attachment was scrubbed... URL: From brcisna at eazylivin.net Fri Feb 24 23:56:21 2012 From: brcisna at eazylivin.net (Barry R Cisna) Date: Fri, 24 Feb 2012 17:56:21 -0600 Subject: [K12OSN] ltsp 5 usb attached printer problem Message-ID: <1330127781.26415.15.camel@localhost.localdomain> Hello All, On a fresh install of CentOS 6 32-bit with SL6. I have three people that HAVE to have their own usb attached printers. Each TC has an static ip in dhcpd.conf. When putting in the same lts.conf configuration for each TC, from a working ltsp4.2,,other than changing the usb path to /dev/usblp0. None of the three can i get to work? When dropping to a shell on each TC I do see /dev/usb/usblp0. But,,As the TC boots I never see anything in regards to the actual printer attached for hardware in the scrolling text. I have tried many variants of the ltsp4.2 and the documented ltsp 5 usb printer installation in the lts.conf file. Could someone that has an working usb printer post their lts.conf file please? Thank You, BC From news at siddall.name Sat Feb 25 16:51:30 2012 From: news at siddall.name (Jeff Siddall) Date: Sat, 25 Feb 2012 11:51:30 -0500 Subject: [K12OSN] ltsp 5 usb attached printer problem In-Reply-To: <1330127781.26415.15.camel@localhost.localdomain> References: <1330127781.26415.15.camel@localhost.localdomain> Message-ID: <4F491192.50503@siddall.name> On 02/24/2012 06:56 PM, Barry R Cisna wrote: > Hello All, > > On a fresh install of CentOS 6 32-bit with SL6. > I have three people that HAVE to have their own usb attached printers. > Each TC has an static ip in dhcpd.conf. When putting in the same > lts.conf configuration for each TC, from a working ltsp4.2,,other than > changing the usb path to /dev/usblp0. > None of the three can i get to work? > When dropping to a shell on each TC I do see /dev/usb/usblp0. > But,,As the TC boots I never see anything in regards to the actual > printer attached for hardware in the scrolling text. > I have tried many variants of the ltsp4.2 and the documented ltsp 5 usb > printer installation in the lts.conf file. > > Could someone that has an working usb printer post their lts.conf file > please? Barry, See my post from a couple of weeks back: Yup. Confirmed. Printing busted in SL6.1 client also. The problem seemed to be with the jetpipe app. When I try to manually run it on the client I get: -bash-4.1# /usr/bin/python /usr/sbin/jetpipe -b 9600 -y 8 -p none -x /dev/usblp0 9100 Traceback (most recent call last): File "/usr/sbin/jetpipe", line 45, in import daemon ImportError: No module named daemon However, installing python-daemon in the chroot (part of the epel repo) seems to have solved it. Looks like the ltsp-client package has a missing dependency. Jeff From joseph.bishay at gmail.com Mon Feb 27 16:32:52 2012 From: joseph.bishay at gmail.com (Joseph Bishay) Date: Mon, 27 Feb 2012 11:32:52 -0500 Subject: [K12OSN] Recommendations for gigabit switches? Message-ID: Good day, I hope everyone is well. I am in the process of moving our school to a new facility, and I need to order our network switches. Everything will be running at gigabit speed so I'm looking for some good recommendations on hardware. Based on ntop, we move about 20 TB of data per month but I expect that to grow to 30 TB in the new facility. We will have about 60 thin clients in that new building so I will need several switches. What do you think? Thank you Joseph From cisna-barry at wc235.k12.il.us Mon Feb 27 16:54:25 2012 From: cisna-barry at wc235.k12.il.us (Barry Cisna) Date: Mon, 27 Feb 2012 10:54:25 -0600 Subject: [K12OSN] ltsp 5 usb attached printer problem Message-ID: <1330361665.14657.10.camel@wc19.wc235> Jeff, Thanks for the info. Could you give me an 1,,2,,3,,, what the procedure you done to do the python-daemon into the chroot? If I simply chroot to the /opt/ltsp dir and do an yum install python-daemon,,,will the rpm(s) be pulled down and installed as expected? Then I am guessing I do the ltsp-update-sshkeys,,and ltsp-update-image gig? Then,,after an TC reboot,,is the usb attached printer detected,,setup,,without any entries in lts.conf? Thank You, Barry From jim.kinney at gmail.com Mon Feb 27 17:18:53 2012 From: jim.kinney at gmail.com (Jim Kinney) Date: Mon, 27 Feb 2012 12:18:53 -0500 Subject: [K12OSN] Recommendations for gigabit switches? In-Reply-To: References: Message-ID: Don't go cheap on the high port count portions. Netgear looks great but tends to buckle under load. Cisco is solid but $$$$$$$$$! ouch! There are several middle tier brands that are fine. The things to looks for are command line management and not just a web gui. With cli tools you can poll from the ltsp servers for switch port locations of a mac and use that to set up many rules like default printers and availability of applications (some teachers are OK with puzzle games, others are not). At 30TB/mo, you only need a big gig switch to split out to the classrooms then 100M/1G-uplink in the classrooms. Most schools seem to have only 1 cat5e line per room. With only 60 clients a single decent server with 16G RAM will drive the entire school. Think 8 cores in the server. I did this in 2007 with 4 cores per server and 8GB ram and could run 100 clients per server with the caveat that extensive flash use would bog things down badly. On Mon, Feb 27, 2012 at 11:32 AM, Joseph Bishay wrote: > Good day, > > I hope everyone is well. > > I am in the process of moving our school to a new facility, and I need > to order our network switches. Everything will be running at gigabit > speed so I'm looking for some good recommendations on hardware. Based > on ntop, we move about 20 TB of data per month but I expect that to > grow to 30 TB in the new facility. We will have about 60 thin clients > in that new building so I will need several switches. > > What do you think? > > Thank you > Joseph > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > -- -- James P. Kinney III As long as the general population is passive, apathetic, diverted to consumerism or hatred of the vulnerable, then the powerful can do as they please, and those who survive will be left to contemplate the outcome. - *2011 Noam Chomsky http://heretothereideas.blogspot.com/ * -------------- next part -------------- An HTML attachment was scrubbed... URL: From news at siddall.name Tue Feb 28 01:17:03 2012 From: news at siddall.name (Jeff Siddall) Date: Mon, 27 Feb 2012 20:17:03 -0500 Subject: [K12OSN] ltsp 5 usb attached printer problem In-Reply-To: <1330361665.14657.10.camel@wc19.wc235> References: <1330361665.14657.10.camel@wc19.wc235> Message-ID: <4F4C2B0F.2010302@siddall.name> On 02/27/2012 11:54 AM, Barry Cisna wrote: > Jeff, > > Thanks for the info. > Could you give me an 1,,2,,3,,, what the procedure you done to do the > python-daemon into the chroot? > If I simply chroot to the /opt/ltsp dir and do an yum install > python-daemon,,,will the rpm(s) be pulled down and installed as > expected? > Then I am guessing I do the ltsp-update-sshkeys,,and ltsp-update-image > gig? > Then,,after an TC reboot,,is the usb attached printer > detected,,setup,,without any entries in lts.conf? I just did a yum install python-daemon in the chroot and printing started working. Yes, yum pulls down the dependencies, but you need the epel repo enabled IIRC. If you use NBD images instead of NFS then you need to update those also. You shouldn't to run anything else. Other than the printer device in your lts.conf is all you should need, something like: PRINTER_0_DEVICE=/dev/usblp0 Jeff From news at siddall.name Tue Feb 28 14:23:22 2012 From: news at siddall.name (Jeff Siddall) Date: Tue, 28 Feb 2012 09:23:22 -0500 Subject: [K12OSN] Recommendations for gigabit switches? In-Reply-To: References: Message-ID: <4F4CE35A.2070402@siddall.name> On 02/27/2012 12:18 PM, Jim Kinney wrote: > Don't go cheap on the high port count portions. Netgear looks great but > tends to buckle under load. Cisco is solid but $$$$$$$$$! ouch! I used Netgear ProSafe smart switches, not because they are great but because they are cheap and they stand behind them with a lifetime warranty. Good thing too because I have RMA'd a few of them! Bottom line is you won't likely find a better 24 port gig smart switch for ~$200, or a better 24 port PoE smart switch (12 PoE ports) for ~$250. Be aware they don't have a CLI but the web interface is OK for infrequent use. I have a GE connected servers, some GE clients and a bunch of FE clients and never had any performance issues. I am not saying you should buy Netgear, just that there is at least one person out there that has used them successfully in an LTSP environment. Jeff From lesmikesell at gmail.com Tue Feb 28 15:47:56 2012 From: lesmikesell at gmail.com (Les Mikesell) Date: Tue, 28 Feb 2012 09:47:56 -0600 Subject: [K12OSN] Recommendations for gigabit switches? In-Reply-To: <4F4CE35A.2070402@siddall.name> References: <4F4CE35A.2070402@siddall.name> Message-ID: On Tue, Feb 28, 2012 at 8:23 AM, Jeff Siddall wrote: > On 02/27/2012 12:18 PM, Jim Kinney wrote: >> >> Don't go cheap on the high port count portions. Netgear looks great but >> tends to buckle under load. Cisco is solid but $$$$$$$$$! ouch! > > > I used Netgear ProSafe smart switches, not because they are great but > because they are cheap and they stand behind them with a lifetime warranty. > ?Good thing too because I have RMA'd a few of them! > > Bottom line is you won't likely find a better 24 port gig smart switch for > ~$200, or a better 24 port PoE smart switch (12 PoE ports) for ~$250. > > Be aware they don't have a CLI but the web interface is OK for infrequent > use. > > I have a GE connected servers, some GE clients and a bunch of FE clients and > never had any performance issues. > > I am not saying you should buy Netgear, just that there is at least one > person out there that has used them successfully in an LTSP environment. I've used some older Dell GB switches that have been reliable. But, for this scale you could probably use the kind that have a couple of GBIC connections and daisy-chain the gig link from the server to switch to switch with the rest of the switch ports at 100M. -- Les Mikesell lesmikesell at gmail.com From john at oligario.us Tue Feb 28 17:03:00 2012 From: john at oligario.us (John Oligario) Date: Tue, 28 Feb 2012 09:03:00 -0800 Subject: [K12OSN] Recommendations for gigabit switches? In-Reply-To: References: <4F4CE35A.2070402@siddall.name> Message-ID: <011301ccf63a$d5693640$803ba2c0$@oligario.us> What would you rather have, a solid network or pulling a switch out every few months? -----Original Message----- From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf Of Les Mikesell Sent: Tuesday, February 28, 2012 7:48 AM To: Support list for open source software in schools. Subject: Re: [K12OSN] Recommendations for gigabit switches? On Tue, Feb 28, 2012 at 8:23 AM, Jeff Siddall wrote: > On 02/27/2012 12:18 PM, Jim Kinney wrote: >> >> Don't go cheap on the high port count portions. Netgear looks great >> but tends to buckle under load. Cisco is solid but $$$$$$$$$! ouch! > > > I used Netgear ProSafe smart switches, not because they are great but > because they are cheap and they stand behind them with a lifetime warranty. > ?Good thing too because I have RMA'd a few of them! > > Bottom line is you won't likely find a better 24 port gig smart switch > for ~$200, or a better 24 port PoE smart switch (12 PoE ports) for ~$250. > > Be aware they don't have a CLI but the web interface is OK for > infrequent use. > > I have a GE connected servers, some GE clients and a bunch of FE > clients and never had any performance issues. > > I am not saying you should buy Netgear, just that there is at least > one person out there that has used them successfully in an LTSP environment. I've used some older Dell GB switches that have been reliable. But, for this scale you could probably use the kind that have a couple of GBIC connections and daisy-chain the gig link from the server to switch to switch with the rest of the switch ports at 100M. -- Les Mikesell lesmikesell at gmail.com _______________________________________________ K12OSN mailing list K12OSN at redhat.com https://www.redhat.com/mailman/listinfo/k12osn For more info see From andy at spitcomp.com Tue Feb 28 17:12:42 2012 From: andy at spitcomp.com (Andrew Fisk) Date: Tue, 28 Feb 2012 12:12:42 -0500 Subject: [K12OSN] Recommendations for gigabit switches? In-Reply-To: <011301ccf63a$d5693640$803ba2c0$@oligario.us> References: <4F4CE35A.2070402@siddall.name> <011301ccf63a$d5693640$803ba2c0$@oligario.us> Message-ID: <01F1E7ED-D6CF-4F8B-9FD3-345851A3E263@spitcomp.com> Did you take a look at http://www.enterasys.com/ Enterprise quality without the "market leader" premium. Andy Spitfire Computer Services 406 Beaver Street Sewickley, PA 15143 Phone (412) 254-4727 andy at spitcomp.com www.spitcomp.com On Feb 28, 2012, at Tuesday, February 28, 201212:03 PM, John Oligario wrote: > What would you rather have, a solid network or pulling a switch out every > few months? > > -----Original Message----- > From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf > Of Les Mikesell > Sent: Tuesday, February 28, 2012 7:48 AM > To: Support list for open source software in schools. > Subject: Re: [K12OSN] Recommendations for gigabit switches? > > On Tue, Feb 28, 2012 at 8:23 AM, Jeff Siddall wrote: >> On 02/27/2012 12:18 PM, Jim Kinney wrote: >>> >>> Don't go cheap on the high port count portions. Netgear looks great >>> but tends to buckle under load. Cisco is solid but $$$$$$$$$! ouch! >> >> >> I used Netgear ProSafe smart switches, not because they are great but >> because they are cheap and they stand behind them with a lifetime > warranty. >> Good thing too because I have RMA'd a few of them! >> >> Bottom line is you won't likely find a better 24 port gig smart switch >> for ~$200, or a better 24 port PoE smart switch (12 PoE ports) for ~$250. >> >> Be aware they don't have a CLI but the web interface is OK for >> infrequent use. >> >> I have a GE connected servers, some GE clients and a bunch of FE >> clients and never had any performance issues. >> >> I am not saying you should buy Netgear, just that there is at least >> one person out there that has used them successfully in an LTSP > environment. > > I've used some older Dell GB switches that have been reliable. But, > for this scale you could probably use the kind that have a couple of GBIC > connections and daisy-chain the gig link from the server to switch to switch > with the rest of the switch ports at 100M. > > -- > Les Mikesell > lesmikesell at gmail.com > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4353 bytes Desc: not available URL: From lesmikesell at gmail.com Tue Feb 28 17:16:16 2012 From: lesmikesell at gmail.com (Les Mikesell) Date: Tue, 28 Feb 2012 11:16:16 -0600 Subject: [K12OSN] Recommendations for gigabit switches? In-Reply-To: <011301ccf63a$d5693640$803ba2c0$@oligario.us> References: <4F4CE35A.2070402@siddall.name> <011301ccf63a$d5693640$803ba2c0$@oligario.us> Message-ID: On Tue, Feb 28, 2012 at 11:03 AM, John Oligario wrote: > What would you rather have, a solid network or pulling a switch out every > few months? > Can't say I've ever seen a switch model that failed 'frequently'. Most electronic stuff either breaks immediately (even the expensive Ciscos) or works for years - with rare exceptions, of course. -- Les Mikesell lesmikesell at gmail.com From jim.kinney at gmail.com Tue Feb 28 17:20:00 2012 From: jim.kinney at gmail.com (Jim Kinney) Date: Tue, 28 Feb 2012 12:20:00 -0500 Subject: [K12OSN] Recommendations for gigabit switches? In-Reply-To: <011301ccf63a$d5693640$803ba2c0$@oligario.us> References: <4F4CE35A.2070402@siddall.name> <011301ccf63a$d5693640$803ba2c0$@oligario.us> Message-ID: yeah.... The price difference between switch install and never touch again and switch install plus replace every so often is about the cost of diagnostic time for a single outage from a failed switch. A 24 port Gig switch with management that costs less than $1k is a pretty low end pile of hardware. Yes, it can push 1000Mbps but not across all ports at the same time 5days a week for 8 hours a day. That said, I've used Dell and 3Com gear for years with no problems. I've used netgear as a disposable test-rig setup or for my personal stuff where professional uptime is not being measured. I'm not a Cisco fan as their price far exceeds their value. On Tue, Feb 28, 2012 at 12:03 PM, John Oligario wrote: > What would you rather have, a solid network or pulling a switch out every > few months? > > -----Original Message----- > From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On > Behalf > Of Les Mikesell > Sent: Tuesday, February 28, 2012 7:48 AM > To: Support list for open source software in schools. > Subject: Re: [K12OSN] Recommendations for gigabit switches? > > On Tue, Feb 28, 2012 at 8:23 AM, Jeff Siddall wrote: > > On 02/27/2012 12:18 PM, Jim Kinney wrote: > >> > >> Don't go cheap on the high port count portions. Netgear looks great > >> but tends to buckle under load. Cisco is solid but $$$$$$$$$! ouch! > > > > > > I used Netgear ProSafe smart switches, not because they are great but > > because they are cheap and they stand behind them with a lifetime > warranty. > > Good thing too because I have RMA'd a few of them! > > > > Bottom line is you won't likely find a better 24 port gig smart switch > > for ~$200, or a better 24 port PoE smart switch (12 PoE ports) for ~$250. > > > > Be aware they don't have a CLI but the web interface is OK for > > infrequent use. > > > > I have a GE connected servers, some GE clients and a bunch of FE > > clients and never had any performance issues. > > > > I am not saying you should buy Netgear, just that there is at least > > one person out there that has used them successfully in an LTSP > environment. > > I've used some older Dell GB switches that have been reliable. But, > for this scale you could probably use the kind that have a couple of GBIC > connections and daisy-chain the gig link from the server to switch to > switch > with the rest of the switch ports at 100M. > > -- > Les Mikesell > lesmikesell at gmail.com > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > -- -- James P. Kinney III As long as the general population is passive, apathetic, diverted to consumerism or hatred of the vulnerable, then the powerful can do as they please, and those who survive will be left to contemplate the outcome. - *2011 Noam Chomsky http://heretothereideas.blogspot.com/ * -------------- next part -------------- An HTML attachment was scrubbed... URL: From joseph.bishay at gmail.com Tue Feb 28 17:20:02 2012 From: joseph.bishay at gmail.com (Joseph Bishay) Date: Tue, 28 Feb 2012 12:20:02 -0500 Subject: [K12OSN] Recommendations for gigabit switches? In-Reply-To: <011301ccf63a$d5693640$803ba2c0$@oligario.us> References: <4F4CE35A.2070402@siddall.name> <011301ccf63a$d5693640$803ba2c0$@oligario.us> Message-ID: Hello, On Tue, Feb 28, 2012 at 12:03 PM, John Oligario wrote: > What would you rather have, a solid network or pulling a switch out every > few months? Certainly I would want a solid network. Is there a brand you're suggesting that would result in pulling a switch out every few months? Thank you Joseph From news at siddall.name Tue Feb 28 21:21:55 2012 From: news at siddall.name (Jeff Siddall) Date: Tue, 28 Feb 2012 16:21:55 -0500 Subject: [K12OSN] Recommendations for gigabit switches? In-Reply-To: References: <4F4CE35A.2070402@siddall.name> <011301ccf63a$d5693640$803ba2c0$@oligario.us> Message-ID: <4F4D4573.1030707@siddall.name> On 02/28/2012 12:20 PM, Jim Kinney wrote: > yeah.... The price difference between switch install and never touch > again and switch install plus replace every so often is about the cost > of diagnostic time for a single outage from a failed switch. That all depends on how much diagnostic time costs. I volunteer so that comes pretty cheap! > A 24 port Gig switch with management that costs less than $1k is a > pretty low end pile of hardware. Yes, it can push 1000Mbps but not > across all ports at the same time 5days a week for 8 hours a day. Agreed, and I have never pushed a gig through every port of any cheap switch. I would argue if that is what you are trying to do you already have the wrong box and should have installed 10 GE. > I'm not a Cisco fan as their price far exceeds their value. Agree there. Consider Avaya stuff, like the 4524GT. True enterprise grade stuff, better efficiency, non-blocking, 10 GE support, stackable, lifetime warranty. Jeff From jim.kinney at gmail.com Tue Feb 28 22:02:58 2012 From: jim.kinney at gmail.com (Jim Kinney) Date: Tue, 28 Feb 2012 17:02:58 -0500 Subject: [K12OSN] Recommendations for gigabit switches? In-Reply-To: <4F4D4573.1030707@siddall.name> References: <4F4CE35A.2070402@siddall.name> <011301ccf63a$d5693640$803ba2c0$@oligario.us> <4F4D4573.1030707@siddall.name> Message-ID: On Tue, Feb 28, 2012 at 4:21 PM, Jeff Siddall wrote: > On 02/28/2012 12:20 PM, Jim Kinney wrote: > >> yeah.... The price difference between switch install and never touch >> again and switch install plus replace every so often is about the cost >> of diagnostic time for a single outage from a failed switch. >> > > That all depends on how much diagnostic time costs. I volunteer so that > comes pretty cheap! well.... Every minute you spend fixing broken stuff is a minute lost from adding new hotness :-) > > > A 24 port Gig switch with management that costs less than $1k is a >> pretty low end pile of hardware. Yes, it can push 1000Mbps but not >> across all ports at the same time 5days a week for 8 hours a day. >> > > Agreed, and I have never pushed a gig through every port of any cheap > switch. I would argue if that is what you are trying to do you already > have the wrong box and should have installed 10 GE. server w/ x4 1Gb nics bonded -> 24 port switch w/ each port to a classroom (20) -> 1Gb uplink port in classroom switch with 10-12 clients plus teacher and printer I pushed a few bits down the pipe :-) > > I'm not a Cisco fan as their price far exceeds their value. >> > > Agree there. Consider Avaya stuff, like the 4524GT. True enterprise > grade stuff, better efficiency, non-blocking, 10 GE support, stackable, > lifetime warranty. > > Jeff > > > ______________________________**_________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/**mailman/listinfo/k12osn > For more info see > -- -- James P. Kinney III As long as the general population is passive, apathetic, diverted to consumerism or hatred of the vulnerable, then the powerful can do as they please, and those who survive will be left to contemplate the outcome. - *2011 Noam Chomsky http://heretothereideas.blogspot.com/ * -------------- next part -------------- An HTML attachment was scrubbed... URL: From joseph.bishay at gmail.com Tue Feb 28 22:12:09 2012 From: joseph.bishay at gmail.com (Joseph Bishay) Date: Tue, 28 Feb 2012 17:12:09 -0500 Subject: [K12OSN] Recommendations for gigabit switches? In-Reply-To: References: <4F4CE35A.2070402@siddall.name> <011301ccf63a$d5693640$803ba2c0$@oligario.us> <4F4D4573.1030707@siddall.name> Message-ID: Hello, On Tue, Feb 28, 2012 at 5:02 PM, Jim Kinney wrote: > server w/ x4 1Gb nics bonded -> 24 port switch w/ each port to a classroom > (20) -> 1Gb uplink port in classroom switch with 10-12 clients plus teacher > and printer So this is a very similar setup we have, except that every network jack in each classroom has been "run home" back to the network room so there's no need for the switches in each classroom. In your example, is the switch a managed or unmanaged switch? I guess this is where I'm stuck. It appears to me in that case you described, there is not a need for a managed switch. Or am I missing something? Thank you Joseph From dean.jones at oregonstate.edu Tue Feb 28 22:29:57 2012 From: dean.jones at oregonstate.edu (Dean Jones) Date: Tue, 28 Feb 2012 14:29:57 -0800 Subject: [K12OSN] Compiling custom kernel? Message-ID: Hi all, Any tips for compiling a custom kernel for TCs? I need a newer kernel version to support some new shiny hardware. Newer than the default packaged kerneles. 3.x series seems to work. Should I just compiled in an i386 chroot then push that kernel out to pxe and the working chroots? Is /boot/config-* in the chroot the actual kernel config? thanks From john at oligario.us Tue Feb 28 22:33:10 2012 From: john at oligario.us (John Oligario) Date: Tue, 28 Feb 2012 14:33:10 -0800 Subject: [K12OSN] Recommendations for gigabit switches? In-Reply-To: References: <4F4CE35A.2070402@siddall.name> <011301ccf63a$d5693640$803ba2c0$@oligario.us> <4F4D4573.1030707@siddall.name> Message-ID: <01a301ccf668$f4e6a650$deb3f2f0$@oligario.us> Here is a place to look: http://www.enterprisestorageforum.com/technology/features/article.php/11192_ 2211021_1 an unmanaged switch is 'dumb' data in, data out. You have no control of ports, of systems not being able to talk with each other, ie ftp mail sql etc -----Original Message----- From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf Of Joseph Bishay Sent: Tuesday, February 28, 2012 2:12 PM To: Support list for open source software in schools. Subject: Re: [K12OSN] Recommendations for gigabit switches? Hello, On Tue, Feb 28, 2012 at 5:02 PM, Jim Kinney wrote: > server w/ x4 1Gb nics bonded -> 24 port switch w/ each port to a > classroom > (20) -> 1Gb uplink port in classroom switch with 10-12 clients plus > teacher and printer So this is a very similar setup we have, except that every network jack in each classroom has been "run home" back to the network room so there's no need for the switches in each classroom. In your example, is the switch a managed or unmanaged switch? I guess this is where I'm stuck. It appears to me in that case you described, there is not a need for a managed switch. Or am I missing something? Thank you Joseph _______________________________________________ K12OSN mailing list K12OSN at redhat.com https://www.redhat.com/mailman/listinfo/k12osn For more info see From joseph.bishay at gmail.com Tue Feb 28 22:36:16 2012 From: joseph.bishay at gmail.com (Joseph Bishay) Date: Tue, 28 Feb 2012 17:36:16 -0500 Subject: [K12OSN] Recommendations for gigabit switches? In-Reply-To: <01a301ccf668$f4e6a650$deb3f2f0$@oligario.us> References: <4F4CE35A.2070402@siddall.name> <011301ccf63a$d5693640$803ba2c0$@oligario.us> <4F4D4573.1030707@siddall.name> <01a301ccf668$f4e6a650$deb3f2f0$@oligario.us> Message-ID: Hello, On Tue, Feb 28, 2012 at 5:33 PM, John Oligario wrote: > Here is a place to look: > http://www.enterprisestorageforum.com/technology/features/article.php/11192_ > 2211021_1 > > an unmanaged switch is 'dumb' data in, data out. You have no control of > ports, of systems not being able to talk with each other, ie ftp mail sql > etc I do understand the different between the unmanaged vs. managed switches in terms of controls, vlans, etc. I guess my question more accurately is, in an LTSP environment (thin clients connecting to server) why do I need a managed server? thank you Joseph From brcisna at eazylivin.net Tue Feb 28 22:38:38 2012 From: brcisna at eazylivin.net (Barry R Cisna) Date: Tue, 28 Feb 2012 16:38:38 -0600 Subject: [K12OSN] ltsp 5 usb attached printer problem Message-ID: <1330468718.5410.7.camel@localhost.localdomain> Jeff, This fixup,,,worked like a charm! The usb printer kicked right in after the yum install you suggested. I did mess up,,a bit,,,as I had to wrangle for a bit,,,even after the yum install. I have always used in the past in the lts.conf file,,, [ws005], per client ,,and has worked to add the client variables... I couldn't get the usb printer to do it's thing. I finally realized I now have to use [macaddress] for each TC in stead of the 'ol [ws005] entry. Guess I'm too old school k12ltsp. Oh well. Thank You, Barry From lesmikesell at gmail.com Tue Feb 28 22:38:48 2012 From: lesmikesell at gmail.com (Les Mikesell) Date: Tue, 28 Feb 2012 16:38:48 -0600 Subject: [K12OSN] Recommendations for gigabit switches? In-Reply-To: <01a301ccf668$f4e6a650$deb3f2f0$@oligario.us> References: <4F4CE35A.2070402@siddall.name> <011301ccf63a$d5693640$803ba2c0$@oligario.us> <4F4D4573.1030707@siddall.name> <01a301ccf668$f4e6a650$deb3f2f0$@oligario.us> Message-ID: On Tue, Feb 28, 2012 at 4:33 PM, John Oligario wrote: > > an unmanaged switch is 'dumb' data in, data out. You have no control of > ports, of systems not being able to talk with each other, ie ftp mail sql > etc Which, about 99% of the time is all a switch should be doing unless you are trunking VLANS. The down side of the unmanaged variety is mostly that you can't get any diagnostics or bandwidth statistics from them. -- Les Mikesell lesmikesell at gmail.com From jim.kinney at gmail.com Tue Feb 28 22:46:52 2012 From: jim.kinney at gmail.com (Jim Kinney) Date: Tue, 28 Feb 2012 17:46:52 -0500 Subject: [K12OSN] Recommendations for gigabit switches? In-Reply-To: References: <4F4CE35A.2070402@siddall.name> <011301ccf63a$d5693640$803ba2c0$@oligario.us> <4F4D4573.1030707@siddall.name> Message-ID: All switches in this install were managed switches. For our purposes, we didn't need managed in the classroom. We had to use switches in the classroom as there was only a single connection per room. We needed managed in the server closet so we could find the printers and each client in individual rooms. Too bad the switches only had web gui tools. Command line is easier to script with than having to craft a pile of screen scrapers. Note: what ever switch goes in the classroom it should be SILENT! The rackmount monsters we had would horribly loud and I felt they disrupted the classroom. I had scripts that required knowledge of where each client was to set things like default printer. Also wanted to do some hacking on the teacher-tool and make it useable in the large-scale environment so teacher A could not accidentally (or otherwise) observe or control a student in room B. Was also looking at things like having teacher set "preferred application sets" so floating teachers could get their specialty app and block distraction apps by loging in and requesting their "setup" in their new room. The system would then unset automagically when that teacher logged out of that classroom. Stuff like that. with a managed switch you can track what mac is on what port plus other stupid network tricks.. That lets finding a wayward client easy. The clients on my project had a bar code with the mac address so we had a list of all them. On Tue, Feb 28, 2012 at 5:12 PM, Joseph Bishay wrote: > Hello, > On Tue, Feb 28, 2012 at 5:02 PM, Jim Kinney wrote: > > server w/ x4 1Gb nics bonded -> 24 port switch w/ each port to a > classroom > > (20) -> 1Gb uplink port in classroom switch with 10-12 clients plus > teacher > > and printer > > So this is a very similar setup we have, except that every network > jack in each classroom has been "run home" back to the network room so > there's no need for the switches in each classroom. > > In your example, is the switch a managed or unmanaged switch? I guess > this is where I'm stuck. It appears to me in that case you described, > there is not a need for a managed switch. Or am I missing something? > > Thank you > Joseph > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > -- -- James P. Kinney III As long as the general population is passive, apathetic, diverted to consumerism or hatred of the vulnerable, then the powerful can do as they please, and those who survive will be left to contemplate the outcome. - *2011 Noam Chomsky http://heretothereideas.blogspot.com/ * -------------- next part -------------- An HTML attachment was scrubbed... URL: From news at siddall.name Wed Feb 29 19:37:46 2012 From: news at siddall.name (Jeff Siddall) Date: Wed, 29 Feb 2012 14:37:46 -0500 Subject: [K12OSN] Recommendations for gigabit switches? In-Reply-To: References: <4F4CE35A.2070402@siddall.name> <011301ccf63a$d5693640$803ba2c0$@oligario.us> <4F4D4573.1030707@siddall.name> <01a301ccf668$f4e6a650$deb3f2f0$@oligario.us> Message-ID: <4F4E7E8A.5020502@siddall.name> On 02/28/2012 05:36 PM, Joseph Bishay wrote: > I do understand the different between the unmanaged vs. managed > switches in terms of controls, vlans, etc. I guess my question more > accurately is, in an LTSP environment (thin clients connecting to > server) why do I need a managed server? If you have a flat network and don't want to do anything special then yes, you can go entirely unmanaged. However, even in a relatively simple environment, there are significant benefits to a managed switch, which I have listed below in my personal order of importance: 1. You can segregate traffic. I have "privileged" ports that can reach the LTSP server plus other stuff like printers and file servers. I also have public ports that are much more locked down. VLANs enable this type capability. You can also do handy stuff like using VLANs to allow separate client images. If you configure the DHCP server with different options for different subnets (VLANs) then you can change how a client boots simply by changing it's switch port VLAN. Because this is all done from an IP management interface there are never cables to pull to make changes so you can do pretty much anything remotely. The related aspect of this is that you can also use VLANs in linux to allow a server to talk to multiple VLANs over a single physical NIC. 2. As others also noted, you can track down MAC addresses, find misbehaving NICs, traffic statistics, etc. 3. Fancy stuff, like LAG (link aggregation), or anything else that requires any amount of configuration, simply can't be done on an unmanaged switch. 4. If you get a L3 (routing) switch then you don't have to use servers for routing. L3 switches offer much higher performance than software routers. There are many more benefits also but that should give you some ideas. Jeff From brcisna at eazylivin.net Wed Feb 29 19:50:31 2012 From: brcisna at eazylivin.net (Barry R Cisna) Date: Wed, 29 Feb 2012 13:50:31 -0600 Subject: [K12OSN] img md25um possible Message-ID: <1330545031.5410.32.camel@localhost.localdomain> Hello All, Does anyone know if it is possible to run an md5sum on the ltsp img? I am just grasping for straws,it goes without saying:) My quandry. Yesterday early morning I installed the python-daemon via yum on ltsp 5 Centos 6 with SL6.1 as the chroot to get a couple usb printers to work. Afterwards I done the ltsp-update-sshkeys & ltsp-update-image routine. I rebooted several machines to make certain everything was kosher. They all rebooted fine. Late afternoon i was getting some more TC's ready to put onto benches and now the TC's would usually stall out at "dracut:starting plymouth daemon". After looking at the server configs till my eyes were getting crossed...I accidentally found if i continually tapped the escape key as soon as the SL logo appeared the TC's would boot past this,,but ends up stalling out at "adding udev persitent rules". Also my pxeclient VM on the server does boot but never gets to an actual login screen. Screen stays black.It hangs bad when trying to shut it down. It has never done this before,as I tested this lots when setting this server up initially. I can see nothing obvious in the messages log. Also I have noticed that the two VM's I have running in VirtualBox on this server will not shutdown,cleanly now.VirtualBox hangs bad. It had never done this before,,as I thrash this pretty good to make sure there are no hangs after doing a new VM install into VB. I disabled VirtualBox daemon to eliminate VB being the culprit. I am wondering if possibly I have bad memory now,,in this new server(as of three weeks ago)? A couple people told me there TC's did actually boot up,,I don't know how.It somewhat acts like when there is an extra dhcp server running on the subnet but this is not the case here. I am going to run memtest86 in the morning on the server itself. Anyone ever run into a corrupt img in ltsp 5? Sorry for long post. Thanks, BC From redbranchwarrior at gmail.com Wed Feb 29 19:52:49 2012 From: redbranchwarrior at gmail.com (Matthew Carter) Date: Wed, 29 Feb 2012 14:52:49 -0500 Subject: [K12OSN] iptables Message-ID: I'm trying to bring up my firewall on my server on only one of my two interfaces. ltspbr0 is attached to eth1 and eth0 is the external connection. In /etc/sysconfig/iptables, I added: -A INPUT -i ltspbr0 -s 172.31.100.0/24 -j ACCEPT where the bridge and subsequent network is 172.31.100/24. There should be no other connections to the outside world on that side of the server. Is this a gaping security hole, ie, can my users connecting to the outside world cause a backdoor to the bridge side of the server? Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: From jim.kinney at gmail.com Wed Feb 29 22:47:51 2012 From: jim.kinney at gmail.com (Jim Kinney) Date: Wed, 29 Feb 2012 17:47:51 -0500 Subject: [K12OSN] iptables In-Reply-To: References: Message-ID: Bear in mind that your users are connecting FROM the SERVER itself to the outside world. Technically, yes, the server _is_ a network bridge between the outside and the 172 network where your clients are. If the 172 clients can't connect to the server, then they get no thin-client goodness. So as long as the ltspbr0 is on the inside NIC eth1, this rule is fine. On Wed, Feb 29, 2012 at 2:52 PM, Matthew Carter wrote: > I'm trying to bring up my firewall on my server on only one of my two > interfaces. ltspbr0 is attached to eth1 and eth0 is the external > connection. In /etc/sysconfig/iptables, I added: > -A INPUT -i ltspbr0 -s 172.31.100.0/24 -j ACCEPT > where the bridge and subsequent network is 172.31.100/24. > > There should be no other connections to the outside world on that side of > the server. Is this a gaping security hole, ie, can my users connecting to > the outside world cause a backdoor to the bridge side of the server? > > Thanks! > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > -- -- James P. Kinney III As long as the general population is passive, apathetic, diverted to consumerism or hatred of the vulnerable, then the powerful can do as they please, and those who survive will be left to contemplate the outcome. - *2011 Noam Chomsky http://heretothereideas.blogspot.com/ * -------------- next part -------------- An HTML attachment was scrubbed... URL: