• ThinClients

Introduction

We'd like to have some thin client machines scattered around campus for Compsoc users to use for remote X logins into compsoc1. Adam has built one using the approach below; it's in SE105.

Various people have donated hardware. We've now got bits to build at least two more complete machines. cs-sysadmin have kindly offered to provide old monitors, keyboards and mice upon request.

Build instructions

The effect is to end up with a minimal Debian Sarge installation that just runs an X server doing "-query compsoc1". The machine needs a hard disk of a few hundred meg, 64MB of RAM, a functioning graphics card, and a network card.

Use pwgen to generate three passwords for the machine: a BIOS supervisor password, a GRUB password and a root password. Write them down somewhere secure.

With Debian

Install Debian Sarge (stable) from netinst CD.

In the installer, pick the default options except:

• hostname "compsoctc1"
• root password (as chosen earlier)
• no user account (Cancel the dialog, then go back to that step and it'll ask if you want a user account or not)
• apt: HTTP, Oxford mirror (should be mirrorservice once done)
• "manual package selection", then quit with "q"

You'll now be at a login prompt.

• "vi /etc/apt/sources.list" and check that it looks sensible
• add proxies to /etc/apt/apt.conf if machine has no internet access
• "apt-get update"
• "apt-get dist-upgrade"

(when asked whether to overwrite a configuration file, always pick Y, since you haven't edited anything yet)

• set debconf to only ask about critical questions
• "apt-get install xserver-xfree86 xfonts-100dpi xfonts-75dpi xfonts-base xfonts-base-transcoded xfonts-jmk xfonts-scalable"
• dpkg-reconfigure xserver-xfree86
• pick appropriate driver (ati for compsoctc1)
• "gb" keyboard layout
• mouse port "/dev/psaux", mouse proto PS/2 (not ImPS/2)
• simple monitor config (then pick appropriate options for whatever monitor the machine has -- if you're not sure, start X manually later, and look for the DDC probe output in /var/log/XFree86.0.log)
• add to /etc/inittab "X:2:respawn:/usr/bin/X11/X -query compsoc1"
• add to /boot/grub/menu.lst "password XYZ" (where XYZ is the unencrypted GRUB password you chose earlier)
• "chmod 600 /boot/grub/menu.lst"
• "init q" to start the X server (if it hangs, make sure the mouse is plugged in)

We shouldn't need to touch these machines after building them, unless someone wants to upgrade the X server -- just log in as root (ask azz for the password) and do "apt-get update; apt-get dist-upgrade".

With Ubuntu

Do a "server" installation of Ubuntu 5.04 (i.e. enter "server" at the boot prompt so it only installs the base system).

In the installer, pick the default options except:

• United Kingdom locale
• hostname "compsoctc1"
• for the default account: real name, username and password all "compsoc" (we'll remove this user later)

After the reboot, you'll end up at a login prompt.

• log in as compsoc/compsoc, then "sudo -s" to become root
• "passwd", and set the root password you chose
• log out, then back in as root
• "deluser compsoc"
• "vi /etc/apt/sources.list", remove the cdrom entry, and add "universe" to the source lines (for xfonts-jmk!)
• "apt-get update"
• "apt-get dist-upgrade"
• "apt-get install xserver-xorg xfonts-100dpi xfonts-75dpi xfonts-base xfonts-jmk xfonts-scalable"
• edit video modes list appropriately for the monitor
• try "X -query compsoc1"; if that doesn't give you a sensible video mode tweak /etc/X11/xorg.conf by hand (I had to set the horizontal and vertical refresh upper limit to 90 for the big Sun monitors)
• add to /etc/inittab "X:2:respawn:/usr/bin/X11/X -query compsoc1"
• add to /boot/grub/menu.lst "password XYZ" (where XYZ is the unencrypted GRUB password you chose earlier)
• "chmod 600 /boot/grub/menu.lst"
• "init q" to start the X server (if it hangs, make sure the mouse is plugged in)

Note that once the X server is running, you'll need to do Ctrl-Alt-F6/F7 to get back to the console.

Finally

In the BIOS:

• set the BIOS supervisor password to the one you chose earlier
• set the "Boot Sequence" to "C only" (or the equivalent)
• save and exit

Future work

As set up, the machines' X connections to compsoc1 are not encrypted. It'd be nice if they were. The most straightforward (well, ish) way might be to set up IPSec between the thin clients and compsoc1; alternately we could look at tunnelling X over SSL or something.