English
Русский
Custom Ubuntu - Issues
1.1. Open
- casper-premount takes too long
1.2. Unconfirmed
- printing works - in progress
- inconsistent windows profiles - ?
- try installing on system with 2+ hard drives - parted fails
1.3. Postponed
- nss ldap periodically fails at startup
- apply host name from openvpn after connection
- register logged in users, do not let logged from a different host (probably openvpn will handle this "bad source address"), and remove stale
- uk needs a tool to create create persistent/swap?? partitions on local drivers. this tool shall be placed on desktop of support user
1.4. Lost Gateway
1.4.1. Problem
With current
push redirect-gateway
openvpn client preserves path to the vpn server via original default gateway, but looses direct path to the original default gateway.Indeed this option results in:
- create a static route for the remote address which forwards to the pre-existing default gateway. This is done so that step 3 will not create a routing loop.
- Delete the default gateway route.
- Set the new default gateway to be the VPN endpoint address.
How-To recommends
push "redirect-gateway def1"
to overcome this. As man page explains, the def1 flag makes client instead of wiping out the original default gatewayoverride it by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0 on step 2.
Another problem can happen with with a DHCP server. DHCP client needs to contact it periodicallyto renew the IP address lease. The redirect-gateway option might prevent the client from reachingthe local DHCP server (because DHCP messages would be routed over the VPN), causing it to loseits IP address lease.
As for DNS, try using
push "dhcp-option DNS 172.16.1.1"
However Windows can have problems with this option.
1.4.2. Solution
Solved by replacing
client-to-client
in the server configuration to
push "route 10.20.0.0 255.255.0.0"
It seems that client-to-client adds to the 3-step algorithm above the step that replaces routes over local interfaces by the new default gateway.
Another trick is that duplicate-cn in per-client config files does not work.Without it, the server assigns a single IP address to all clients with the same certificate.Solution: put duplicate-cn in server.conf
A good OpenVPN introducion can be found here (pdf)
1.5. Rejected
- uk/ut removals:
dictionarysamba support
1.6. Solved
- in reconfig.sh - remove "support" from the "admin" group
- pass skin name to kernel
- incorrect skin name in usplash for uk/ut
- need to apply host name from skin on boot (use "setting hostname" in casper)
Set "HOST=" in /etc/casper.conf
- remove all non-dot files from /root in all distributions
- disable user switching
explained in ubuntu forum, gnome deployment guide.Details on using gconftool-2 found in man page, gconf introduction.additionally found that lists are set like follows
gconftool-2 --type list --list-type string --set parameter
"[value1,value2,...]"set this in /etc/gcong/gconf.xml.mandatory:
bool /desktop/gnome/lockdown/disable_user_switching true
string-list /apps/panel/global/disabled_applets
[OAFIID:GNOME_FastUserSwitchApplet]- encrypt root/support passwords in distribution maker
use encrypted passwords with chpasswd as follows:
echo "username:$(echo password
| openssl passwd -1 -stdin)" | chpasswd -e- x-lite cannot find libstdc++.so.5
add package libstdc++.5 to the distribution
- user manager does not start
- ensure proprietary nvidia drivers are in-place
We use the GA-M61PM-S2 mobowith installed Nvidia CineFX 3.0. I suggest it is supported by the same GeForceFX driver. Ubuntu has binary package for it.Install package nvidia-glx-new.Will need to put check in the hardware drivers dialog. But casper disables restricted module manager in 38disable_restricted_manager.
- gdm login screen should have skin emblem
gdm theme mastering is described here
- non-tk still auto-login on consoles
- do not grant PolicyKit to default user by casper
- remove update notifier and network manager applets from the support user panel
this feature is controlled via desktop entry files in /etc/xdg/autostart and ~/.config/autostart. to disable applet for a session, replace
Exec=nm-applet
by
Exec=nm-applet --sm-disable
- show web browser on user desktop
- remove "change user" from gnome logout menu
- remove "xdmcp" from gdm menu
- remove "hibernate" from gdm menu
- reading files needed to boot: failed
- remove in uk/ut:
- all "-dev" packages
- "sun java web start" desktop entry
- remove in uk:
- wacom
- bit-torrent client "transmission"
- gimp (only save f-spot)
- xsane (программа сканирования изображений)
- remove "F4,F5" from boot splash
- add server in /etc/hosts via casper in all images
- disable scrollkeeper in uk
- gdm theme - boxes overlap
- wallpaper: leave only the skin emblem
- user manager icon has a lock symbol on support's desktop
- remove suspend/hibernate from logout menu (made via power-manager)
- root menu should carry domain emblem
- support user looses gconf settings
- show home and trash folders on user desktop
- disable "loading preseed file" in non-tk
- x-lite fails
- more packages needed:
- gstreamer0.10-ffmpeg
- remove local printers from non-tk - empty files: /etc/cups/printers.conf, /etc/printcap
- remove ppds from /etc/cups/ppd (both tk/uk): PellaPDF.ppd, TtkPDF.ppd, TtkPDF, VMware_Virtual_Printer.ppd
- need firewall
- skype works - yes
- try installation on 40+gb hard drive - ok
- all users can login - yes
- windows-like menu - install before running buildiso
svn checkout http://ubuntu-system-panel.googlecode.com/svn/trunk/
ubuntu-system-panel
cd ubuntu-system-panel
./usp_update install fresh- parted fails for two or more drives
- TkPDF printing fails - it logs
failed to set file mode for PDF file (non fatal) (/group/public/tk/PPR_Test_Page.pdf)
happens because AppArmor does not let cups-pdf manipulate files under /group/public/tk. fixed by adding the following line in /etc/apparmor.d/usr.sbin.cupsd,section /usr/lib/cups/backend/cups-pdf:
/group/public/tk/** rw,
- resolv.conf gets overwritten
see here. fixed by the "dhcp-exit" script and "prepend-nameserver" setting in /etc/dhcp3/dhclient.conf
Bookmark this post on:
Comments
Post new comment