On 07/27/2018 11:17 PM, Giancarlo Razzolini wrote: > Em julho 27, 2018 14:46 Foxtrot Mike via arch-general escreveu: >> >> The issue with x2go and ltsp is that I'll have to separately manage >> username and passwords for local Linux login. The solution that I'd >> rather prefer would use Active directory authentication so the >> current system administrator won't have to do anything extra. The >> group policies are already there. Once the Arch system is properly >> configured, I'd disable local logins so there will be very limited >> chance for a user to corrupt/modify Arch system. And ideally, the >> user would have no way to interact with the local system. Thats why I >> want to limit the user to freeRDP. Anything else, and the X-session >> expires. > > You have more than one option to authenticate to windows AD servers > [0] . You > have PAM Ldap, winbind, making a samba server the secondary > controller, etc. I thought these options worked together, i.e, I'd to use samba PAM and winbing all together. Thanks for the info. I'll look deeper into it. > > You will probably need a local home dir for storing session data, but > this can > be created/destroyed on demand. > >> >> Plus, I am very much into embedded linux systems (routers, SBCs, >> etc). I think putting the various pieces together would be give me a >> lot more to learn as compared to using a third party specialized >> software such as a kiosk script. >> > > Why reinvent the wheel here? I understand the need for learning, but I > wouldn't > do this on something that is intended as a production system. Again, > don't use > plain X protocol over the network, it's very wasteful. I plan to use RDP. I think it's not the same as using 'plain X protocol over the network' since RDP includes encryption and compression, afaik. Please correct me if I'm wrong. > > Regards, > Giancarlo Razzolini > > [0] https://wiki.archlinux.org/index.php/Active_Directory_Integration
