LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/XDMCP-HOWTO/procedure.html

1339 lines
30 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML
><HEAD
><TITLE
>The Procedure</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Linux XDMCP HOWTO"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="Introduction"
HREF="intro.html"><LINK
REL="NEXT"
TITLE="X11 Forwarding using SSH"
HREF="ssh.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Linux XDMCP HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="intro.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="ssh.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="PROCEDURE"
></A
>2. The Procedure</H1
><P
> This section details the procedure for setting up Xterminal using XDMCP. The pre-requisite is to have a (any) Linux distribution
installed and running X.</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN52"
></A
>2.1. Before you begin, some background</H2
><P
> Before you begin, it is better to have a basic understanding of how this works. The X server is usually started from the X Display Manager (DM).
In this <A
HREF="http://en.wikipedia.org/wiki/X_display_manager"
TARGET="_top"
>X DM Wiki</A
> page, it gives you a basic understanding of
how it works! (More details are at the <A
HREF="#REFS"
TARGET="_top"
>Resources</A
> below and
<A
HREF="http://www.tldp.org"
TARGET="_top"
>LDP HOWTO page</A
>)</P
><P
> Almost all the Linux distributions include the xdm, kdm and gdm to you as your choices. (This document will use gdm and kdm as an example).
The Display Manager provides a nice and consistent interfaces for general users (X-based login, starting up a window manager, clock, etc.).
X Display Manager manages a collection of X displays, which may be on the local host or remote servers. It is worth noting that
the <B
CLASS="COMMAND"
>Xsession</B
> file is what runs your environment.</P
><P
> When xdm runs, it offers display management in two different ways. It can manage X Server running on the local machine and specified in "Xservers",
and/or it can manage remote X Servers (typically Xterminals) using XDMCP as specified in the "Xaccess" file. (refer to the xdm man page).</P
><P
> For kdm (which comes with the KDE desktop), it is a replacement of xdm and configures the same way, except its files are in
<TT
CLASS="FILENAME"
>/etc/X11/kdm</TT
> in Caldera/SCO, <TT
CLASS="FILENAME"
>/etc/kde/kdm</TT
> in Red Hat (and Fedora Core) and
<TT
CLASS="FILENAME"
>/usr/share/config/kdm</TT
>, which is a symbolic link to <TT
CLASS="FILENAME"
>/etc/kde/kdm</TT
>, in Mandrake. </P
><P
> The gdm (Gnome Display Manager) is a re-implementation of the well known xdm. gdm has similar functions to xdm and kdm,
gdm is the Gnome Display Manager, and its configuration files are found in <TT
CLASS="FILENAME"
>/etc/X11/gdm/gdm.conf</TT
>.
The <TT
CLASS="FILENAME"
>gdm.conf</TT
> file contains sets of variables and many options for gdm, and the Sessions directory
contains a script for each session option; each script calls <TT
CLASS="FILENAME"
>/etc/X11/xdm/Xsession</TT
> with the appropriate option.
gdm has similar functions to xdm and kdm, but was written from scratch and does not contain any original XDM / X Consortium code. </P
><P
> RH 8.0 introduces the new graphical interface called "Bluecurve". The new interface is aimed for XP feel and styles. The setup makes
no difference in this case!</P
><P
>Other good references for the similar setup can be found in the following documents:</P
><P
> <P
></P
><UL
><LI
><P
> The <A
HREF="http://www.tldp.org/HOWTO/XDM-Xterm/index.html"
TARGET="_top"
>XDM and Xterminal mini-HOWTO</A
>, by Kevin Taylor
</P
></LI
><LI
><P
> Linux <A
HREF=""
TARGET="_top"
>Remote X Apps mini HOWTO</A
> A very good reference for Remote X in both theoretical and practical view.
By Vincent Zweije
</P
></LI
><LI
><P
> The <A
HREF="http://www.tldp.org/HOWTO/Xterminals/index.html"
TARGET="_top"
>Connecting Xterminal mini-HOWTO</A
>, by Salvador J. Peralta
</P
></LI
><LI
><P
> The <A
HREF="http://www.gnome.org/projects/gdm/docs/gdmtalk.pdf"
TARGET="_top"
>Using and Managing GDM</A
> [ PDF ] from The GNOME Project.
</P
></LI
></UL
></P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="SECURITY"
></A
>2.2. Security Reminder</H2
><P
> Do not believe the myth that Linux (or UNIX) is a safer OS than the MS Windows! All OSs are vulnerable to the hackers, if the user does poor configuration
job or maintaining the security updates!</P
><P
> You need to bare this in mind that both X and XDMCP is inherently insecure, and that's why many of the distributions shipped
as it's XDMCP default turned off. If you must use XDMCP, be sure to use it only in a trusted networks, such as corporate network
within a firewall. Never use it in the open network (or Internet) environment without a firewall protection!
If you are using at home, remember to add a firewall equipped router for protection. </P
><P
> A good way to test your network security is to test it using the <A
HREF="http://www.grc.com"
TARGET="_top"
>ShieldsUp</A
> by Gibson Research. It is free and easy to use!</P
><P
> XDMCP connection opens up UDP ports; therefore, it is not natively able to use it with SSH. Currently, SSH1 and SSH2 are not implemented
to securely forward the UDP communication. To secure the connection with SSH, the technique is called X11 TCP/IP Port Forwarding.
Check this <A
HREF="http://www.ox.compsoc.net/~steve/portforwarding.html"
TARGET="_top"
>Why Port Forwarding?</A
> site and
the <A
HREF="#REFS"
TARGET="_top"
>Resources</A
> area for additional HOW-TO information. If you would like to experiment this,
I have add a little section below to show you how it works. I will give you only the basic idea how it works, and I will
leave the more advanced way of running it to other experts and/or HOWTOs.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="SYSTEM"
></A
>2.3. The System I use</H2
><P
> I have tested the setup running a GNOME (gdm), as well as KDE (kdm) on the following distributions:</P
><P
> <P
></P
><UL
><LI
><P
><A
HREF="http://www.redhat.com"
TARGET="_top"
>Red Hat</A
>: From RH 8.0 down to 6.0. RH Workstation v.3 (commercial).
</P
></LI
><LI
><P
> <A
HREF="http://fedoraproject.org"
TARGET="_top"
>Fedora Core</A
> v.5 to v.7. (The new RH free version)
</P
></LI
><LI
><P
> Mandrake Linux from 7.2 to 10.0 and Limited Edition 2005. I would also like to test it out on the new
<A
HREF="http://www.mandriva.com"
TARGET="_top"
>Mandriva</A
> 2007 Spring version.
</P
></LI
><LI
><P
> <A
HREF="http://www.ubuntu"
TARGET="_top"
>Ubuntu</A
> version 6.x, 7.04.
</P
></LI
></UL
>
</P
><P
> SuSE 7.2 (SuSE is now the new <A
HREF="http://www.novell.com/linux"
TARGET="_top"
>Novell Linux</A
>) and
<A
HREF="http://www.slackware.com"
TARGET="_top"
>Slackware</A
> 8.0's setup are tested by the users, thanks to Peter Van Eerten and others,
who helps the test for this HOW-TO. (I would like to thank all users who help me on this project).
The other I have tried on is Caldera eDesktop 2.4 (now owned by SCO), which is similar to RH's setup, except that it uses KDE.
I have not had a chance to test it on other Linux flavors like Debian, Turbolinux, Gentoo, etc. However, the setup should be
similar and should work just fine. If you have successfully setup one other than the distribution listed above,
please share it with me. I will add them into this document.
</P
><P
> The PC hardware that I am using is an IBM PC clone running an Intel Celeron 2.9 GHz with 1 GB memory and a 160 GB
ATA-133 Hard Drive. The oldest system I current have (in 2007) for the testing are using the Intel
Pentium II 450 MHz PC with 128 MB memory and it is running with
good performance. (I test run on an old Pentium 100 MHz PC in 2003 and it runs OK).
I use a built-in Fast Ethernet NIC in my Intel clone M/B. In my old machine, I use the 3Com 10/100 (3C509B) NIC
with an ATAPI DVD-ROM and an IOMEGA ZIP drive. I have also test it on my IBM T21 laptop connecting using my Agere
Wireless LAN card. I have also test the setup on one of my system at home that is using the AMD 64-bit CPU
running the Fedora Core 6.
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="REMOTE"
></A
>2.4. Remote Client Piece</H2
><P
> I use the Hummingbird Exceed 10.0 (Exceed 6.x and 7.0 are also working fine) on my PC and have tested them on Windows NT 4.0, Windows 2000 Pro,
Windows XP. I found out that other popular choices are X-Win32 and X-ThinPro, but I did not have a chance to test them out.
There are also many open-source applications, as well as commercial one available, if you happen to have one.
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="PREP"
></A
>2.5. Server Preparation</H2
><P
> In RH 7.x and other newer dists, you would need to setup DNS lookup, in order for some networking function to work properly
(such as <B
CLASS="COMMAND"
>telnet</B
> that we will use to test the setup). You can use "<B
CLASS="COMMAND"
>netstat -r</B
>"
and/or "<B
CLASS="COMMAND"
>arp -a</B
>" command to verify your DNS setup or response time. If you are in a small environment
(like home or small office) that do not have your own DNS and are relying on your ISP's DNS Server, then add the entry of your
Linux workstation or server name(s) in the "<TT
CLASS="FILENAME"
>/etc/resolv.conf</TT
>" file.
If you are only use it in the lab or at home, then, you can add the
host name of all workstations in your local static hosts table in "<TT
CLASS="FILENAME"
>/etc/host</TT
>".
You would need the root privileges to update the naming information.</P
><P
> To prepare your X Server for XDMCP session, you would need to make sure the following are properly installed:
<P
></P
><OL
TYPE="1"
><LI
><P
> Install your Linux OS. In my case, I use mostly Fedora Core 6 in my lab and Ubuntu 7.04 at home.
If you plan to use SSH Port Forwarding, you need to install the OpenSSH package or compile SSH with your kernel.
Also, most dists now come with firewall installed by default (unless you choose not to). You may encounter problem,
if you do not add firewall rules or temporary disable it in setting up XDMCP. I will not cover the firewall rules here in details,
since this is not the focus of this document. I will share with you only on how to make it works first and you can fine-tune it yourself.
</P
><P
> To show your firewall rules, in kernel 2.2x, use the command <B
CLASS="COMMAND"
>ipchains -L</B
> to list your default rule sets.
To temporary disable it, use this command <B
CLASS="COMMAND"
>ipchains -F</B
> to flush
the rules (Don't worry, it will restore by re-loading or re-boot). For kernel 2.4x and up, replace the command <B
CLASS="COMMAND"
>ipchains</B
> with
<B
CLASS="COMMAND"
>iptables</B
>. To start with it, you can try to edit this <B
CLASS="COMMAND"
>/etc/sysconfig/ipchains</B
> file and commented out
this rule (this is a feedback from a user. You can test it by yourself):
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>-A input -p upd -s 0/0 -d 0/0 0:1023 -j REJECT</PRE
></FONT
></TD
></TR
></TABLE
><P
> and insert these two rules to allow packets pass through port 177:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>-A input -p udp -s 0/0 -d 0/0 0:176 -j REJECT</PRE
></FONT
></TD
></TR
></TABLE
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>-A input -p udp -s 0/0 -d 0/0 178:1023 -j REJECT</PRE
></FONT
></TD
></TR
></TABLE
><P
> (Note: XDMCP uses TCP, UDP port 177 and TCP port 6000 to 6005. xfs server is using port 7100 in our setup).
</P
><P
> You should be able to use the <B
CLASS="COMMAND"
>iptables</B
> in the similar way. (Check for iptables references at
the <A
HREF="#REFS"
TARGET="_top"
>Resources</A
> area
or this
<A
HREF="http://msmvps.com/blogs/rexiology/archive/2006/12/19/windows-x-client-server-to-connect-linux-server-xdmcp-and-vnc-approaches.aspx"
TARGET="_top"
> setup example</A
>).
</P
><P
> For more firewall details, check the
<A
HREF="http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/IP-Masquerade-HOWTO.html"
TARGET="_top"
>IP Masquerade HOWTO page.</A
>
</P
><P
> One other easy way is to add rules that only accept certain IP address(es) from your trusted workstations. Please feel free to experiment it
by using the <B
CLASS="COMMAND"
>iptables</B
> command. Again, I will not cover the details here.
I am the lucky one, because I have my company's firewall to protect me from the outside world.
</P
><P
>If you would like to use the GUI tool to configure the firewall using iptables, try this good one: the
<A
HREF="http://www.fs-security.com"
TARGET="_top"
>Firestarter</A
>.
</P
></LI
><LI
><P
> Setup your Networking. To test it out, you can use the <B
CLASS="COMMAND"
>ping</B
>, <B
CLASS="COMMAND"
>ftp</B
> and <B
CLASS="COMMAND"
>telnet</B
>
command to determine if your are networking. RH 7.x and up do not have <B
CLASS="COMMAND"
>telnet</B
> daemon
turn on by default (for security reason). Remember to enable it, if you prefer to use it for your test.
You can always turn it off when you are done (Using <B
CLASS="COMMAND"
>ntsysv</B
> in RH,
or <B
CLASS="COMMAND"
>rcconf</B
>, <B
CLASS="COMMAND"
>sysvconfig</B
> in Ubuntu and Debian,
with root privilege). One other thing is to remember firewall rules are there. Add your own rules or temporary disable it
(as mentioned above) to make these commands work.
</P
></LI
><LI
><P
> Setup X. Do <EM
>not</EM
> setup with a resolution higher than what the remote users are able to use for their display.
The newer version is now capable of probing the video chipset and determine that for you. Some older (X) version may not!
Test the X Server by typing either <B
CLASS="COMMAND"
>startx</B
> or <B
CLASS="COMMAND"
>telinit 5</B
>. Make sure X is running properly.
</P
></LI
><LI
><P
> Creates the necessary user account(s) (and associated group) for user who will access via the Xterminal.
</P
></LI
></OL
></P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="STEPS"
></A
>2.6. Steps to Complete the Procedures</H2
><P
> Although X can use the local fonts, it is better to use the xfs font server in an networking environment. If this is what you want
in Linux X environment, you need to provide font using either X font server (xfs) or hard coded font path in XF86Config and
XF86Config-4 configuration files. If you plan to use xfs font server (check here to see the
<A
HREF="http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/ref-guide/s1-x-fonts.html"
TARGET="_top"
> xfs advantages</A
>). xfs server can
also offload the burden from your local workstations. If you plan to use local fonts, you can skip step 1.
</P
><P
>These are the steps I used to setup the X Server for accepting XDMCP requests: </P
><P
></P
><OL
TYPE="1"
><LI
><P
> In earlier version of RH and Mandrake, modify <TT
CLASS="FILENAME"
>/etc/rc.d/init.d/xfs</TT
> and make the
following changes. Change all lines(this is where the Font Server port), if the port is not set to 7100.
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>daemon xfs -droppriv -daemon -port -1</PRE
></FONT
></TD
></TR
></TABLE
><P
> to:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>daemon xfs -droppriv -daemon -port 7100</PRE
></FONT
></TD
></TR
></TABLE
><P
> In some new distributions, it is by default, for security enhancement, not listening
to TCP port any longer! If you would like to setup X font server, you need to do the following steps:
</P
><P
> Change this line in <TT
CLASS="FILENAME"
>/etc/rc.d/init.d/xfs (or in /etc/init.d/xfs for some dists)</TT
>:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>daemon xfs -droppriv -daemon</PRE
></FONT
></TD
></TR
></TABLE
><P
> to:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>daemon xfs -droppriv -daemon -port 7100</PRE
></FONT
></TD
></TR
></TABLE
><P
> In Ubuntu 7.04 Desktop version, you need to download and install the xfs package. then modify <TT
CLASS="FILENAME"
>/etc/init.d/xfs</TT
>
and change the following line:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>start-stop-daemon --start --quiet $SSD_START_ARGS -- -daemon \</PRE
></FONT
></TD
></TR
></TABLE
><P
> to:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>start-stop-daemon --start --quiet $SSD_START_ARGS -- -droppriv -daemon -port 7100 \</PRE
></FONT
></TD
></TR
></TABLE
><P
> Then, in <TT
CLASS="FILENAME"
>/etc/X11/fs/config</TT
>, comment out this line:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
># don't listen to TCP ports by default for security reasons
#no-listen = tcp
</PRE
></FONT
></TD
></TR
></TABLE
><P
> If you change or add the port, use this command to restart your X font server (requires root):
<TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>service xfs restart</PRE
></FONT
></TD
></TR
></TABLE
>
</P
><P
> You do not have to use port 7100. You can set a different port, as long as you carefully plan it first to make sure no conflicts in
using the port number and change it accordingly. It is better to consult your Linux admin before doing so, so that he/she knows
the port has been taken! Different Linux distribution may put the xfs in different folder under /etc/rc.d.
You may search for it if that's the case.
</P
></LI
><LI
><P
> If you plan to use the XDM, modify <TT
CLASS="FILENAME"
>/etc/X11/xdm/xdm-config</TT
> and make the
following change. Be default (in most Linux distributions), this line is set, so that it is not listening to XDMCP connection.
This is for security reason. For Caldera and other dists that uses kdm, this file is at <TT
CLASS="FILENAME"
>/etc/X11/kdm</TT
>. Find this line:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>DisplayManager.requestPort: 0</PRE
></FONT
></TD
></TR
></TABLE
><P
> and comment it out as:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>! DisplayManager.requestPort: 0</PRE
></FONT
></TD
></TR
></TABLE
><P
> Remember, this does not affects gdm. For gdm setup, it is in the following section.
</P
></LI
><LI
><P
> In <TT
CLASS="FILENAME"
>/etc/X11/xdm/Xaccess</TT
>, change this.
(this allow all hosts to connect). For Caldera using kdm, this file is at <TT
CLASS="FILENAME"
>/etc/X11/kdm</TT
>. Set the security to 644 (chmod 644):
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>#* # any host can get a login window</PRE
></FONT
></TD
></TR
></TABLE
><P
> to:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>* # any host can get a login window</PRE
></FONT
></TD
></TR
></TABLE
><P
> The above setup is in a Broadcast mode, which will list all the X Server that are listening and willing to manage your X connection.
If you only want to allow certain connections, use the <B
CLASS="COMMAND"
>CHOOSER</B
> section in this same file.
An example can be found in the <A
HREF="#REFS"
TARGET="_top"
>Resources</A
>.
</P
></LI
><LI
><P
> If you plan to use the GDM as default, one benefit of gdm login window is that it allows you to switch between KDE and GNOME.
For gdm, edit <TT
CLASS="FILENAME"
>/etc/X11/gdm/gdm.conf</TT
>.
This activates XDMCP, causing it to listen to the request. For kdm (if you pick KDE as your DM in your installation), edit
<TT
CLASS="FILENAME"
>/usr/share/config/kdm/kdmrc</TT
> for Mandrake and <TT
CLASS="FILENAME"
>/etc/kde/kdm/kdmrc</TT
> for Red Hat
or <TT
CLASS="FILENAME"
>/opt/kde2/share/config/kdm/kdmrc</TT
> for Slackware version (KDE2). Change this line:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>[xdmcp]
Enable=false (may shown as 0 in some distributions)</PRE
></FONT
></TD
></TR
></TABLE
><P
> to:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>Enable=true (or 1 in some distributions)</PRE
></FONT
></TD
></TR
></TABLE
><P
> Make sure "<B
CLASS="COMMAND"
>Port=177</B
>" is at the end of this block, i.e., by commenting out the line "#Port=177".
</P
><P
> (As a side note for Ubuntu user who care only about ease of use, this is what you can do (just turn on XDMCP w/o xfs). From "System" menu,
go to "Administration" and the "Login Window" Alternatively, you can use "sudo gdmsetup" command). Click the "Remote" tab and in "Style", select "Same as Local". Then click the bottom "Configure
XDMCP" button to verify the setup. If you choose "Remote login disabled" in style, it will disable the XDMCP. Additional setup is in the
"Security" tab and the lower "Configure X Server..." button and select "Chooser" in Server. You must restart gdm to enable it! Doing this is quick and simple,
but you lose the sense of what files are being touched and changed! Easy of use or controllability is your choice here!)
</P
></LI
><LI
><P
> (For Ubuntu and new Debian see notes below) Now edit <TT
CLASS="FILENAME"
>/etc/inittab</TT
> and change
the following line. The digit here meaning the default runlevel. For X, the runlevel should be "5".
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>id:3:initdefault:</PRE
></FONT
></TD
></TR
></TABLE
><P
> to:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>id:5:initdefault:</PRE
></FONT
></TD
></TR
></TABLE
><P
> In Slackware, the X11 mode is number "4", not "5". Refer to this <A
HREF="http://en.wikipedia.org/wiki/Runlevel"
TARGET="_top"
>runlevel wiki page</A
>
for different dists' definition.
</P
><P
> This is switching from Text Mode login to Graphical Mode using Display Manager. Before changing this line, you can use the
<B
CLASS="COMMAND"
>telinit</B
> command to test prior to modifying the line. Use either <B
CLASS="COMMAND"
>telinit 3</B
> to set to level 3,
or <B
CLASS="COMMAND"
>telinit 5</B
> to set to level 5, graphics mode (you can issue this command on the second machine that telnets into this server).
</P
><P
> Runlevel 2-5 is the same in Debian and Ubuntu. Since Ubuntu 6.10 (and future Debian), the way to start the runlevel were changed from the init daemon to the
<A
HREF="http://upstart.ubuntu.com"
TARGET="_top"
>Upstart</A
>, with which the tasks and services are managed by events.
Each runlevel is defined by the files in the system in the format of <TT
CLASS="FILENAME"
>/etc/rcx.d</TT
>, where the "x" represent. Each event is trigger
(or changed) by issuing the <B
CLASS="COMMAND"
>telinit 3</B
> command.
</P
></LI
><LI
><P
> Make sure the proper security of the file <TT
CLASS="FILENAME"
>/etc/X11/xdm/Xservers</TT
> is set to 444 (chmod 444).
</P
></LI
><LI
><P
> Locate <TT
CLASS="FILENAME"
>/etc/X11/xdm/Xsetup_0</TT
> and <B
CLASS="COMMAND"
>chmod 755</B
> this file.
</P
></LI
><LI
><P
> Edit the <TT
CLASS="FILENAME"
>xorg.conf</TT
> file in the <TT
CLASS="FILENAME"
>/etc/X11</TT
> folder and change the line (for older version,
it is either <TT
CLASS="FILENAME"
>XF86Config</TT
> or the <TT
CLASS="FILENAME"
>XF86Config-4</TT
> file for XFree86 4.x):
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>FontPath "unix/:-1"</PRE
></FONT
></TD
></TR
></TABLE
><P
> to:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>FontPath "unix/:7100"</PRE
></FONT
></TD
></TR
></TABLE
><P
> If you decide to use the port number other than the usual 7100, be sure to change both in "/etc/rc.d/init.d/xfs" (or in "/etc/init.d/xfs")
file and here!
</P
><P
> To save your time and energy, I recommend you to add the FontPath in the xorg.conf (or XF86Config and/or XF86Config-4) configuration files. If you are
not sure what fonts are available to you, you can use this command to check it out (requires root):
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>chkfontpath --list</PRE
></FONT
></TD
></TR
></TABLE
><P
>The following are some of the example fonts for your reference. Make sure you have these fonts before editing these path.</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> FontPath "/usr/X11R6/lib/X11/fonts/75dpi/"
FontPath "/usr/X11R6/lib/X11/fonts/misc/"
FontPath "/usr/X11R6/lib/X11/fonts/CID/"
FontPath "/usr/X11R6/lib/X11/fonts/Speedo/"
FontPath "/usr/X11R6/lib/X11/fonts/100dpi/"
FontPath "/usr/X11R6/lib/X11/fonts/Type1/"
</PRE
></FONT
></TD
></TR
></TABLE
><P
> If you don't have the chkfontpath command and you are using the local fonts, you can simply edit the file "/etc/X11/fs/config".
Find the line that starts with "catalog=", and add your directory at the end of the list, separated by a comma. An example are like this:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> catalogue = /usr/X11R6/lib/X11/fonts/misc:unscaled,
/usr/X11R6/lib/X11/fonts/100dpi:unscaled,
/usr/X11R6/lib/X11/fonts/100dpi,
/usr/X11R6/lib/X11/fonts/75dpi
</PRE
></FONT
></TD
></TR
></TABLE
></LI
><LI
><P
> (You <B
CLASS="COMMAND"
>do not</B
> have to make this change. You can keep the default setting, but this is what I prefer. If you are not sure, leave this alone.)
Change this line to the end of <TT
CLASS="FILENAME"
>/etc/inittab</TT
>:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>x:5:respawn:/usr/bin/gdm</PRE
></FONT
></TD
></TR
></TABLE
><P
> If you decided not to change this line, it is fine! This is not a required step, but of a personal preference! There is no need to do this in Ubuntu
and newer Debian dist.
</P
></LI
></OL
><P
>You are now ready to run a test.</P
><P
> One other thing to know (that some users have asked) is how to display with <B
CLASS="COMMAND"
>Willing to manage</B
> message
with load info As I know this is available in xdm by adding the following to the <TT
CLASS="FILENAME"
>/etc/X11/xdm/xdm-config</TT
>.
<TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>DisplayManager.willing: su noboby -c /etc/X11/xdm/Xwilling</PRE
></FONT
></TD
></TR
></TABLE
>
and the XWilling script must exist. For gdm, add this line to the <TT
CLASS="FILENAME"
>/etc/X11/gdm/gdm.conf</TT
> in <TT
CLASS="FILENAME"
>[security]</TT
> section:
<TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>Willing=/etc/X11/gdm/Xwilling</PRE
></FONT
></TD
></TR
></TABLE
> </P
><P
>A sample of <A
HREF="http://www.penguinlovers.net/linux/xwilling.html"
TARGET="_top"
>Xwilling script</A
> is here for your reference.
Adding this script or not is your preference. It is not required step here!</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="TESTING"
></A
>2.7. Testing</H2
><P
> To test if your XDMCP with X Server is ready to accept
connection(s), do these steps. I find it easier using the X Server and another machine to test it:
<P
></P
><OL
TYPE="1"
><LI
><P
> (Re-)Start your X (which is in runlevel 5 or runlevel 2 in Ubuntu). If you are not sure how to do this, simply reboot your system (but this
is really not necessary, if you know how to restart it using command line. That's the beauty of Linux, when comparing it to MS Windows).
</P
></LI
><LI
><P
> If you have not modify your firewall rules, you need to temporary disable it by using <B
CLASS="COMMAND"
>iptables -F</B
> (or <B
CLASS="COMMAND"
>ipchains -F</B
>).
</P
></LI
><LI
><P
> Make sure the graphical login page comes up. Make sure the display resolution and mouse work. Log in from the console to
see if the local access is OK. If OK, do not log off.
</P
></LI
><LI
><P
> Setup Hummingbird Exceed (or other X Client software) to either query this machine (using the IP address or fully qualified DNS name)
or set to use XDMCP-Broadcast and try to connect to the X Server. You should see the X Session come up and the login screen appear.
</P
></LI
></OL
></P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="intro.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="ssh.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Introduction</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>X11 Forwarding using SSH</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink