AUTHOR: Jaap Struyk DATE: 2005-11-29 LICENSE: GPL, MIT/X11 for X11 bits SYNOPSIS: Setup an FreeNX server on a (H)LFS system. DESCRIPTION: Setup a secure remote X-window connection using FreeNX and sshd. SYSTEM: x86, 32bit, 2.6 kernel, Glibc-2.3.x. PREREQUISITES: * expat --> http://expat.sourceforge.net/ * audiofile --> http://www.68k.org/~michael/audiofile * openssl --> http://www.openssl.org * libjpeg --> http://www.ijg.org * libpng --> http://www.libpng.org/pub/png/libpng.html * XFree86/Xorg --> http://www.xfree86.org --> http://www.x.org * openssh --> http://www.openssh.com You need to have sshd setup listening on your external and loopback network! * netcat --> http://netcat.sourceforge.net * expect --> http://expect.nist.gov * perl --> http://www.cpan.org FILES: * The NX core --> http://www.nomachine.com/sources.php nx-X11-1.5.0-21.tar.gz nxagent-1.5.0-112.tar.gz nxcomp-1.5.0-80.tar.gz nxcompext-1.5.0-20.tar.gz nxdesktop-1.5.0-78.tar.gz nxproxy-1.5.0-9.tar.gz nxscripts-1.5.0-11.tar.gz nxviewer-1.5.0-15.tar.gz * The FreeNX scripts --> http://freenx.berlios.de http://debian.tu-bs.de/knoppix/nx/freenx-0.4.4.tar.gz or http://www.iem.pw.edu.pl/ftp/distfiles/freenx-0.4.4.tar.gz * Latest version of this hint available at http://www.linuxfromscratch.org/hints/downloads/files/freenx.txt or http://www.japie.deserver.nl/ftp/HLFS/freenx.hint NEEDED PATCHES: * Patch for the NX packages http://www.linuxfromscratch.org/hints/downloads/attachments/freenx/NX-lfs_hint.diff or http://www.japie.deserver.nl/ftp/HLFS/NX-lfs_hint.diff * Patch for freenx http://www.linuxfromscratch.org/hints/downloads/attachments/freenx/freenx-lfs_hint.diff or http://www.japie.deserver.nl/ftp/HLFS/freenx-lfs_hint.diff HINT: ========= CONTENTS: ========= 1. Introduction 2. Installation 3. Configuration 4. Setup client 5. References ================ 1. INTRODUCTION: ================ This is a proper and secure way to setup a thin client system on a linux server. In comparison to a standard remote X session it's very fast and is even workable on bandwiths off 40k (ISDN). You can use any X-window manager, kde, gnome whatever. As server U can use any configuration, but since that machine will do the X+apps. part and the encryption I would suggest 1Ghz. 512Mb. for several users. (that's a personal opinion) ================ 2. INSTALLATION: ================ # start with unpacking all the tar.gz files... find . -name "*tar.gz" -exec tar -zxf {} \; rm *.tar.gz # apply the NX patch... patch -p0 < NX-lfs_hint.diff # modify the configure scripts... perl -pi -e"s|CXXFLAGS=.-O.*|CXXFLAGS=\"$CXXFLAGS\"|" */configure # build X11 Support Libraries and Agents... pushd nx-X11 make World popd # build Proxy Library... pushd nxproxy ./configure --prefix=/srv/NX make popd # build RFB Agent... pushd nxviewer xmkmf -a cp -a /usr/X11R6/lib/libXp.so* ../nx-X11/exports/lib/ make 2> /dev/null popd # build RDP Agent... pushd nxdesktop ./configure --prefix=/srv/NX --sharedir=/srv/NX/share make popd # create some directory's... mkdir -p /srv/NX/bin mkdir -p /srv/NX/lib mkdir -p /srv/NX/man/man1 mkdir -p /srv/NX/share/doc # install X11 Support Libraries and Agents... cp -a nx-X11/lib/X11/libX11.so.* nx-X11/lib/Xext/libXext.so.* nx-X11/lib/Xrender/libXrender.so.* /srv/NX/lib install -m 755 nx-X11/programs/Xserver/nxagent /srv/NX/lib # create a custom nxagent script that handles all programs... cat > nxagent << "EOF" #!/bin/sh NXCOMMAND=$(basename $0) export LD_LIBRARY_PATH=/srv/NX/lib:$LD_LIBRARY_PATH exec /srv/NX/lib/$NXCOMMAND ${1+"$@"} EOF # install that script... install -m 755 nxagent /srv/NX/bin # install Compression Libraries and Proxy... cp -a nxcomp/libXcomp.so.* /srv/NX/lib cp -a nxcompext/libXcompext.so.* /srv/NX/lib install -m 755 nxproxy/nxproxy /srv/NX/lib ln -snf nxagent /srv/NX/bin/nxproxy # install RFB Agent... pushd nxviewer make install DESTDIR=/srv/NX mv /srv/NX/usr/X11R6/bin/nxviewer /srv/NX/lib ln -snf nxagent /srv/NX/bin/nxviewer chmod 755 /srv/NX/bin/nxviewer mv /srv/NX/usr/X11R6/bin/nxpasswd /srv/NX/bin popd # install RDP Agent... pushd nxdesktop make install mv /srv/NX/bin/nxdesktop /srv/NX/lib ln -snf nxagent /srv/NX/bin/nxdesktop chmod 755 /srv/NX/bin/nxdesktop rm -rf /srv/NX/usr popd # install scripts... cp -r nxscripts /srv/NX/share/doc # install FreeNX mkdir -p /srv/NX/etc mkdir -p /srv/NX/var mkdir -p /srv/NX/var/db mkdir -p /srv/NX/home mkdir -p /srv/NX/home/nx pushd freenx-0.4.4 # apply the freenx patch... patch -p0 < ../freenx-lfs_hint.diff cp -a nxnode /srv/NX/bin cp -a nxserver /srv/NX/bin cp -a nxsetup /srv/NX/bin cp -a nxkeygen /srv/NX/bin cp -a nxnode-login /srv/NX/bin cp -a nxloadconfig /srv/NX/bin cp -a nxclient /srv/NX/bin cp -a nxprint /srv/NX/bin install -m 755 node.conf.sample /srv/NX/etc popd ================= 3. CONFIGURATION: ================= # add user and group and check the gid of your nx is allowed by grsec tpe_gid... groupadd -g 77 nx useradd -c 'FreeNX user' -d /srv/NX/home/nx -g nx -s /bin/bash -u 77 nx passwd -u nx chown -R root.root /srv/NX chown -R nx.nx /srv/NX/home/nx /srv/NX/bin/nxsetup --install --uid 77 --gid 77 # check if server is running... /srv/NX/bin/nxserver --status # Should provide something like: NX> 100 NXSERVER - Version 1.4.0-44 OS (GPL) NX> 110 NX Server is running NX> 999 Bye # setup the config file... mv /srv/NX/etc/node.conf.sample /srv/NX/etc/node.conf Open that file in your favorite editor and change line 339 so it matches: ENABLE_1_5_0_BACKEND="1" (don't forget to remove the coment) # user setup... The first thing is to lett freenx find a way to auth your user, the easyest is using your own ssh setup. Edit /srv/NX/etc/node.conf: ENABLE_SSH_AUTHENTICATION="1" And don't forget to remove the # from this line ;-) copy /srv/NX/home/nx/.ssh/client.id_dsa.key to your local machine for import in your nxclient. ================ 4. SETUP CLIENT: ================ # client setup... http://64.34.161.181/download/1.5.0/client/xft/nxclient-1.5.0-113.i386.tar.gz extract to /opt and add the path /opt/NX/bin to your profile. Pitty it needs libstdc++-libc6.2-2.so.3 so you have to compile gcc-2.9x and find it. Start with: "nxclient --wizard" and follow the steps, at the end choose for "Advanced configuration Dialog" where you can import the client.id_dsa.key from above. Now you would be able to login as any user would via ssh. Have fun! ============== 5. REFERENCES: ============== http://www.gnomeuser.org/documents/howto/nx.html http://fedoranews.org/contributors/rick_stout/freenx/ Rick Stout's spec file. CHANGELOG: [2005-11-29] * Initial hint. [2005-12-27] * Upgraded some packages. * Eased up build order. [2006-01-05] * Fixed some problems with installing freenx scripts. * Fixed the freenx patch. * Unlock the nx user. * Minor changes. [2006-01-21] * Added download location for the patches.