LTSP on Ubuntu 16.04 MAC authentication

end · 12-09-2016, 08:04 AM

hy,

i setup Ubuntu ltsp following this tutorials
https://ubuntuforums.org/showthread.php?t=2173749
https://ubuntuforums.org/showthread.php?t=2177959

everithyng is fine i also wrote iptables script to mount filesystem

Code:

#!/bin/bash

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -I INPUT -p tcp -m tcp -m multiport --sports 80,443 -m state --state ESTABLISHED -j ACCEPT
iptables -I OUTPUT -p tcp -m tcp -m multiport --dports 80,443 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -I INPUT -p udp -m udp --sport 53 -m state --state ESTABLISHED -j ACCEPT
iptables -I OUTPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT

iptables -A INPUT -p tcp --match multiport --sports 30000:56000 -j ACCEPT
iptables -A OUTPUT -p tcp --match multiport --dports 30000:56000 -j ACCEPT

iptables -A INPUT -p udp --match multiport --sports 2070:2076 -j ACCEPT
iptables -A OUTPUT -p udp --match multiport --dports 2070:2076 -j ACCEPT

iptables -A INPUT -p udp --match multiport --sports 49152:56000 -j ACCEPT
iptables -A OUTPUT -p udp --match multiport --dports 49152:56000 -j ACCEPT

iptables -I INPUT -p udp -m udp -m multiport --sports 2049,10809,69,68,67,8099,138,137 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -I OUTPUT -p udp -m udp -m multiport --dports 2049,10809,69,68,67,8099,138,137 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT


iptables -A INPUT -j LOG
iptables -A OUTPUT -j LOG

my problem is i specifay mac address for user this way

Code:

[00:5d:09:22:10:1e]
LDM_GUESTLOGIN = True
LDM_USERNAME = lab01
LDM_PASSWORD = mypassword

but i still can connect from another pc with different mac with this acount. Is something different in 16.04.

i know that lts.conf get executed beacouse i disable ssh and put LDM_DIRECTX = True in lts.conf, and you can see in iptables ssh port is not allowed.

or is there another metod to allow user by mac address.

Thanks and prichiated

jefro · 12-12-2016, 04:12 PM

I've looked at this and was waiting for someone to come up with either a solution or hack.

All I could do is guess a possible way around. Might set static arp entry for the systems and then go back to the IP based.

As to why it is failing, two ideas. One is ltsp was claimed to not work like that and two maybe the way a command in 16 changed.??

end · 12-12-2016, 05:19 PM

thanks for replay

yes static arp would be solution, but i didnt have acces to server last five days i will have tommorow and try.
but i remember i installed ltsp-server and ltsp-server-standalone maybe i need uninstall ltsp-server-standalone maybe there is some conflict. i will try tomorow.

end · 12-14-2016, 02:06 PM

hy

still no luck. i try LDM_ALLOW_USER = user, i found that in man, but same problem. but i notice that from client side when i go to network connection in ubuntu to check mac address all clients use same mac address of server card. when client boot up on pxe he show client mac address and i use that mac in lts.conf. but when client login in network connections is show mac of server card. So any ideas.
in code bellowe i try every combination without guestlogin, without username, password etc..always the same. then i think maybe is because clients use template user, and script in tutorial couse problem i remove them, still the same.

Code:

[00:5d:09:22:10:1e]
LDM_ALLOW_USER = user
LDM_GUESTLOGIN = True
LDM_USERNAME = lab01
LDM_PASSWORD = mypassword