LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 12-09-2016, 09:04 AM   #1
end
Member
 
Registered: Aug 2016
Posts: 259

Rep: Reputation: Disabled
LTSP on Ubuntu 16.04 MAC authentication


hy,

i setup Ubuntu ltsp following this tutorials
https://ubuntuforums.org/showthread.php?t=2173749
https://ubuntuforums.org/showthread.php?t=2177959

everithyng is fine i also wrote iptables script to mount filesystem

Code:
#!/bin/bash

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -I INPUT -p tcp -m tcp -m multiport --sports 80,443 -m state --state ESTABLISHED -j ACCEPT
iptables -I OUTPUT -p tcp -m tcp -m multiport --dports 80,443 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -I INPUT -p udp -m udp --sport 53 -m state --state ESTABLISHED -j ACCEPT
iptables -I OUTPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT

iptables -A INPUT -p tcp --match multiport --sports 30000:56000 -j ACCEPT
iptables -A OUTPUT -p tcp --match multiport --dports 30000:56000 -j ACCEPT

iptables -A INPUT -p udp --match multiport --sports 2070:2076 -j ACCEPT
iptables -A OUTPUT -p udp --match multiport --dports 2070:2076 -j ACCEPT

iptables -A INPUT -p udp --match multiport --sports 49152:56000 -j ACCEPT
iptables -A OUTPUT -p udp --match multiport --dports 49152:56000 -j ACCEPT

iptables -I INPUT -p udp -m udp -m multiport --sports 2049,10809,69,68,67,8099,138,137 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -I OUTPUT -p udp -m udp -m multiport --dports 2049,10809,69,68,67,8099,138,137 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT


iptables -A INPUT -j LOG
iptables -A OUTPUT -j LOG
my problem is i specifay mac address for user this way

Code:
[00:5d:09:22:10:1e]
LDM_GUESTLOGIN = True
LDM_USERNAME = lab01
LDM_PASSWORD = mypassword
but i still can connect from another pc with different mac with this acount. Is something different in 16.04.

i know that lts.conf get executed beacouse i disable ssh and put LDM_DIRECTX = True in lts.conf, and you can see in iptables ssh port is not allowed.

or is there another metod to allow user by mac address.

Thanks and prichiated
 
Old 12-12-2016, 05:12 PM   #2
jefro
Moderator
 
Registered: Mar 2008
Posts: 19,506

Rep: Reputation: 3014Reputation: 3014Reputation: 3014Reputation: 3014Reputation: 3014Reputation: 3014Reputation: 3014Reputation: 3014Reputation: 3014Reputation: 3014Reputation: 3014
I've looked at this and was waiting for someone to come up with either a solution or hack.

All I could do is guess a possible way around. Might set static arp entry for the systems and then go back to the IP based.

As to why it is failing, two ideas. One is ltsp was claimed to not work like that and two maybe the way a command in 16 changed.??
 
1 members found this post helpful.
Old 12-12-2016, 06:19 PM   #3
end
Member
 
Registered: Aug 2016
Posts: 259

Original Poster
Rep: Reputation: Disabled
re

thanks for replay

yes static arp would be solution, but i didnt have acces to server last five days i will have tommorow and try.
but i remember i installed ltsp-server and ltsp-server-standalone maybe i need uninstall ltsp-server-standalone maybe there is some conflict. i will try tomorow.
 
Old 12-14-2016, 03:06 PM   #4
end
Member
 
Registered: Aug 2016
Posts: 259

Original Poster
Rep: Reputation: Disabled
re

hy

still no luck. i try LDM_ALLOW_USER = user, i found that in man, but same problem. but i notice that from client side when i go to network connection in ubuntu to check mac address all clients use same mac address of server card. when client boot up on pxe he show client mac address and i use that mac in lts.conf. but when client login in network connections is show mac of server card. So any ideas.
in code bellowe i try every combination without guestlogin, without username, password etc..always the same. then i think maybe is because clients use template user, and script in tutorial couse problem i remove them, still the same.

Code:
[00:5d:09:22:10:1e]
LDM_ALLOW_USER = user
LDM_GUESTLOGIN = True
LDM_USERNAME = lab01
LDM_PASSWORD = mypassword

Last edited by end; 12-14-2016 at 03:09 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LDAP - mac authentication robertkwild Other *NIX 3 09-18-2015 08:12 AM
radius mac authentication sholah Linux - Server 9 12-05-2011 03:04 AM
[SOLVED] 389-ds and Mac OS X Authentication cskip Linux - Server 1 03-08-2011 10:16 AM
mac address authentication pradeepraja Linux - Networking 4 04-07-2008 10:25 AM
K12 LTSP 4.4.1: problems w winbind authentication cls Linux - Software 0 12-17-2005 02:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration