User Tools

Site Tools


wiki:obsolete:x2goserver-installation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
wiki:obsolete:x2goserver-installation [2011/09/16 15:10]
atlan
— (current)
Line 1: Line 1:
-====== Installation of X2go Server ====== 
-:!: **Before you begin!** 
-> Please make sure that you have added the X2go repository to your package management system. The required steps are described here: [[adding the x2go repository (Debian)|Debian]], [[adding the x2go repository (Ubuntu)|Ubuntu]] (depending on the distro that you have chosen for your X2go server). 
- 
-X2go server uses quite a list of free software tools (SSH, sshfs, Pulseaudio, NX tools+libraries, etc.) to allow remote access to your GNU/Linux system. Amongst others it uses a database backend for storing session information at its core. This database backend can either be SQLite (a file based db type) or PostgreSQL (a very common server/client based db). Depending on your use case you should choose one or the other. 
- 
- 
-===== Installing minimal X2go Server (SQLite) ===== 
- 
-For testing X2go, personal usage, system administration, etc. the minimal SQLite based X2go server setup is fully sufficient. X2go server (package: ''x2goserver'') will install with SQLite support by default. Simply call 
- 
-<code> 
-$ aptitude install x2goserver 
-</code> 
-to install x2goserver with all dependencies. 
- 
-There should not be anything further to do apart from this step. 
- 
-You have to create the sqlite database with  
- 
-<code> 
-$ x2godbadmin --createdb 
-</code> 
-You find the database with session details in **/var/lib/x2go**. 
- 
-Maybe, you want to take an additional look at the desktop environment bindings, that the X2go project offers: [[installing the KDE (4.*) bindings (Debian/Ubuntu)|x2goplasmoidbindings]], [[installing the GNOME (2.*) bindings (Debian/Ubuntu)|x2gognomebindings]], [[installing the LXDE bindings (Debian/Ubuntu)|x2golxdebindings]] and (the currently unstable package) [[installing the Trinity bindings (Debian/Ubuntu)|x2gotrinitybindings]]. 
- 
-The binding packages add some X2go funtionality to your favourite desktop environment (mounting of remote devices, suspending the current X2go session, etc.). 
- 
- 
-===== Installing productive X2go Server (PostgreSQL) ===== 
- 
-<note> 
-OUTDATED documentation: the next paragraphs need heavy reviewing and updating... They do not apply to x2goserver => 3.0.99 anymore!!! 
-</note> 
- 
-If you would like to use the full featured version of x2goserver, you'll need to configure X2goserver by yourself. There are a lot of different possibilities to install X2goserver in a network of existing services. This manual will describe  the installation on clean and freshly installed systems. The full featured version of X2goserver is needed, if you are planing to use more than one server and those servers should be configured as a server group. This setup will need a PostgreSQL server to store X2go related session information. If you'll continue installation, you'll further need an LDAP server. You can start the installation by installing the base server package: 
- 
-<code> 
-# apt-get install x2goserver 
-</code> 
- 
-Depending on the already installed packages, this command will add additional software to your computer. Please make sure that the following packages are installed: SSHFS and FUSE. You'll further need a PostgreSQL server running in your network. You may use the same server you are installing X2goserver on. If you want to do so, please enter: 
- 
-<code> 
-# apt-get install postgres 
-</code> 
- 
-==== Setting login permissions ==== 
- 
-Please make sure that every user which should be able to log into the x2go system is part of the posix group “x2gousers”. You can add an user to the “x2gousers” group by executing following command: 
- 
-<code> 
-# adduser username x2gousers 
-</code> 
- 
-==== Configuring the file sharing option ==== 
- 
-If you would like to use the file sharing option of x2go, you'll need to install SSHFS: 
- 
-<code> 
-# apt-get install sshfs 
-</code> 
- 
-You will also need to check the permissions an add the selected users to the “fuse” group. 
- 
-==== Installing the database ==== 
- 
-X2goserver will need a database to store session information. You'll only need one PostgreSQL server in your network to do this job. If you plan to run X2goserver and PostgreSQL on the same machine, you'll need to install PostgreSQL with the following command: 
- 
-<code> 
-# apt-get install postgresql 
-</code> 
- 
-The database itself will be installed by a simple shell script: 
- 
-<code> 
-# cd /usr/lib/x2go/script 
-# ./x2gocreatebase.sh 
-</code> 
- 
- 
-===== Installation of the LDAP Tools ===== 
- 
-:!: **Warning!** 
-> The following manual will guide you through the installation of the x2go LDAP tools. This will add multi server functionalities, a messaging service and other extensions to a x2goserver. You'll also be able to use additional graphical administration tools. Please be careful – the commands will alter your system configuration. Be prepared and backup your system! 
- 
-You can use every directory service which can handle InetOrgPerson, PosixAccount, and SambaAccount (optional) schemas. This manual describes the installation on OpenLDAP servers. 
-You'll start the installation by installing the x2goldaptools package and the graphical administration modules: 
- 
-<code> 
-# apt-get install x2goldaptools \ 
-x2gouseradministration x2gohostadministration \ 
-x2gosystemadministration x2gogroupadministration 
-</code> 
- 
-As a dependency, openldap will be installed, too. You may ignore any configuration dialogues during the installation. You'll build new configuration files during the configuration process. 
- 
-==== Configuring name resolution ==== 
- 
-X2go uses the host name of the machines for identification. Please ensure that the command hostname, the env variable $HOSTNAME and other name resolution services return the same value: 
- 
-<code> 
-# echo $HOSTNAME 
-</code> 
- 
-Enter the host names and IP addresses of all servers into the /etc/hosts file (or the used name resolution service). 
- 
-<code> 
-# echo "192.168.0.1 x2goserver.local x2goserver" >> /etc/hosts 
-</code> 
- 
-==== Installation of the samba schemata (optional) ==== 
- 
-If you would like to use the OpenLDAP server also to store samba accounts, you should install the smb extension. You may use the graphical x2go administration tools to administrate the smb groups and the boolean permission of an account to allow smb login. 
- 
-<code> 
-# cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz \ 
-/etc/ldap/schema 
-# cd /etc/ldap/schema 
-# gunzip samba.schema.gz 
-</code> 
- 
-==== Generate LDAP configuration ==== 
- 
-:!: **Warning!** 
-> The script “genconf” will produce a new LDAP configuration and will change existing configuration files. Please back up your /etc directory to avoid any problems. If you have an existing LDAP Server with existing users and groups – don't use this script! 
- 
-Change into the directory containing the “genconf” script: 
- 
-<code> 
-# cd /usr/share/x2goldaptools/config/ 
-</code> 
- 
-The “genconf” script will create new configuration files for your /etc directory. If you execute it without any options, you'll get information about the command syntax: 
- 
-<code> 
-#./genconf 
-</code> 
- 
-//Output:// 
-Usage: ./genconf <LDAP URI> <organization> <country> <domain> <netbiosname> [LDAPMASTER URI] 
- 
-The script will accept the HOSTNAME of the LDAP server, the name of your organisation, your country shortcut, a name for the smb domain and a netbios name for the samba server configuration file. 
-“LDAPMASTER URI” is an optional key to replicate a local LDAP server from a given master server. An example command could look like this: 
- 
-<code> 
-# ./genconf elzar planetexpress de smbgroup elzar 
-</code> 
- 
-“elzar” is the HOSTNAME of the local x2goserver and should be identical to the environment variable “$HOSTNAME”. 
- 
-8-O Before going on, you should make an backup of your /etc directory: 
- 
-<code> 
-# tar cfvz backup_of_etc.tar.gz /etc/ 
-</code> 
- 
-Rename the file /etc/pam_ldap.conf (symbolic link): 
- 
-<code> 
-# mv /etc/pam_ldap.conf /etc/pam_ldap.bak 
-</code> 
- 
-The next step will copy the newly generated configuration files into your real /etc directory. 
- 
-//You should not do this without a valid backup!// 
- 
-<code> 
-# cp -r /usr/share/x2goldaptools/config/etc/ / 
-</code> 
- 
-==== Generating SSL Certificates (for OpenLDAP) ==== 
- 
-Change into the script directory: 
- 
-<code> 
-# cd /usr/share/x2goldaptools/script/ 
-</code> 
- 
-Here you will find helper scripts for the creation of SSL certificates. Those are needed for secure LDAP communication between the clients and the LDAP server. Please take care when answering the questions after you'll run the makeCA command. You'll have to remember the “PEM phrase” to sign further certificates. The prompted question **“Common Name”** should be answered by the local **HOSTNAME**. 
- 
-<code> 
-# ./makeCA 
-</code> 
- 
-//Output / Input:// 
------ 
-  
-\\  
-Enter PEM pass phrase:%%*****%%\\  
-Verifying - Enter PEM pass phrase:%%*****%%\\  
-%%-----%% 
-\\  
-Country Name (2 letter code) [AU]:**de**\\  
-State or Province Name (full name) [Some-State]:**bavaria**\\  
-Locality Name (eg, city) []:**treuchtlingen**\\  
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:**planetexpress**\\  
-Organizational Unit Name (eg, section) []:**spacedelivery**\\  
-Common Name (eg, YOUR name) []:**elzar**\\  
-Email Address []:**prof.farnsworth@planetexpress.de**\\  
-Please enter the following 'extra' attributes\\  
-to be sent with your certificate request\\  
-A challenge password []:\\  
-An optional company name []:\\  
-Using configuration from /usr/lib/ssl/openssl.cnf\\  
-Enter pass phrase for ./demoCA/private/./cakey.pem:%%*****%%\\  
-Check that the request matches the signature\\  
-Signature ok\\  
-Certificate Details:\\  
-Serial Number: 0 (0x0)\\  
-Validity\\  
-...\\  
-...\\  
-Write out database with 1 new entries\\  
-Data Base Updated\\  
------  
-\\  
-After creating the certificate you can sign the needed certificate against it: 
- 
-<code> 
-# ./makenewcert 
-</code> 
- 
-Please make sure that the LDAP server is started after creating and signing the certificates. If OpenLDAP isn't running, you should check the installation again before going on. The next step will import users and groups into the LDAP tree. 
- 
-<code> 
-# ./initsystem 
-</code> 
- 
-After importing users and groups into the LDAP tree, they still exist in the /etc/passed /etc/shadow /etc/groups file. This means that every user can be found two times on the system. This will lead to problems when you would like to change passwords. You should uncomment or delete the users and groups in the /etc directory after you've checked that you can login to the system using LDAP authentication. Please remember: if you also delete the user “root”, you can't log in whenever the LDAP server is down (so our recommendation would be not to delete the user “root”). 
- 
-:!: **Warning!** 
-> The following command will add your x2goserver to the LDAP tree. This will activate the “managed mode features” of x2goserver. This means, that x2goserver is now in multiserver mode and can remotely assign configurations to x2goclient. Please make sure that the LDAP server is running and everything works perfectly – the unmanaged mode of x2goserver will be permanently deactivated. 
- 
-It's time to add the x2goserver to the LDAP tree to activate the “managed mode” of x2goserver. Please use the HOSTNAME as first and the IP address as second command line parameter: 
- 
-<code> 
-# ldap.addserver x2goserver 192.168.0.1 
-</code> 
- 
-Some functionalities of the graphical administration modules require root privileges. If you would like to use those commands without entering a password, you can avoid this by generating a pair of SSH keys: 
- 
-<code> 
-# ssh-keygen -t dsa 
-# cd /root/.ssh/ 
-# ls 
-# id_dsa id_dsa.pub known_hosts 
-# cat id_dsa.pub >>authorized_keys 
-# mv id_dsa x2go_dsa 
-</code> 
- 
-All graphical administration modules can be found inside the KDE Control Center. If you would like to access a module outside the control center, you can do this by using the command “kcmshell”: 
- 
-<code> 
-# kcmshell x2gouseradministration 
-</code> 
  
wiki/obsolete/x2goserver-installation.1316185836.txt.gz · Last modified: 2013/03/08 13:31 (external edit)