Before you begin, it is better to have a basic understanding of how this works. (More details are at the Resources below
and LDP HOWTO page)
The X server is usually started from the X Display Manager program (xdm, kdm and gdm. This document will use gdm as an example).
It provides a nice and consistent interfaces for general users (X-based login, starting up a window manager, clock, etc.).
X Display Manager manages a collection of X displays, which may be on the local host or remote servers.
When xdm runs, it is usually run as a local copy of X, also xdm can listen for requests from remote hosts over a network.
For kdm (which comes with the KDE desktop), it is a replacement of xdm and configures the same way, except its files are in /etc/X11/kdm.
The gdm ( Gnome Display Manager) is a re-implementation of the xdm program. gdm has similar functions to xdm and kdm,
but was written from scratch and does not contain any original XDM / X Consortium code.
In the case of xdm, it offers display management in two different ways. It can manage X servers running on the local machine and specified in X-servers,
and it can manage remote X-servers (typically X-terminals) using XDMCP (the XDM Control Protocol) as specified in the Xaccess file. (Courtesy of xdm man page).
Other good references for the similar setup can be found in the following documents:
Using XDMCP is inherently insecure, therefore, most of the distributions shipped as it's XDMCP default turned off.
If you must use XDMCP, be sure to use it only in a trusted networks, such as corporate network within a firewall.
Unfortunately, XDMCP uses UDP, not TCP, therefore, it is not natively able to use it with SSH. To secure the connection with SSH, the technique is called
X11 TCP/IP Port Forwarding.
Check this Why Port Forwarding? site and
the Resources area for additional HOW-TO information. If you would like to experiment this,
I have added a new section below to show you the basic idea of how it works, and I am
leaving the more advanced way of running it to other experts and/or HOWTOs.
I have tested the setup running a GNOME (gdm), as well as KDE (kdm) on Red Hat 6.0, 6.2 and Red Hat 7.x (up to 7.2). (Thanks to Peter van Eerten
in Netherlands who provides info regarding Slakware 8.0 setup. Many others also provide me info regarding different distributions. I would like
to thank them as well).
The other I have tried on are Caldera eDesktop 2.4, which is similar to RH's setup. I have also test it on current Mandrake version (V8.1) without a problem.
I have not had a chance to test it on other Linux flavors like Debian and Slackware (One Slackware user told me it works the same way as mentioned in
this document). However, the setup should be similar and should works fine.
If you have successfully setup one other than the Red Hat, Caldera and Mandrake platform, please share it with me. I will add them into this document.
My server hardware is an IBM PC clone running an Intel Pentium II 500 MHz with 256 MB memory and 20 GB ATA-66 Hard Drive.
(I found out that my old Pentium 100 MHz PC runs this just fine). I use a 3COM 10/100 Fast Ethernet (3C509B) NIC with an ATAPI 32X CD-ROM and an IOMEGA ZIP drive.
I have also test it on my Toshiba Tecra 8100 laptop connecting using my Lucent/Agere Orinico Wireless LAN card (80211.b).
I use the Hummingbird Exceed 6.x (with Service Pack), Exceed 7.x and have tested them on Windows 98 SE, Windows NT 4.0 and Windows 2000 Pro.
I found out that another popular choice are X-Win32 and X-ThinPro. However, there are many open-source apps as well as commercial one available.
In RH 7.x, you need to setup DNS lookup, in order for some networking function to work properly (such as telnet). If you are in a small isolated
environment (like home or small office, etc.) that do not have access to a public DNS Server, then add entry of the working DNS Server name(s) (such as your ISP's)
in the resolv.conf file or you can add the host name of all workstations in your local host table.
To prepare your X-Server for XDMCP session, you need to make sure the following are properly installed:
Install your Linux OS. In my case, I installed
Red Hat 7.2 (Custom Installation). If you plan to use SSH Port Forwarding, you need to compile SSH with your kernel.
Also, RH 7.x comes with firewall installed as default. You will encounter problem,
if you do not add firewall rules or temporary disable it for setting up XDMCP. I will not cover the firewall rules here in details,
since this is not the focus of this document. I will share only how to make it works first and you can fine-tune it yourself.
To show your firewall rules, use the command ipchains -L to list your default rule sets.
To temporary disable it, use this command ipchains -F to flush
the rules (Don't worry, it will restore by re-loading or re-boot). One user, Ryan Sheidow,
shared with me that by adding this rule, you can do it without disable your firewall
and can allow yourself to access the X-Server (you can try for yourself).
One other easy way is to add rules that only accept certain IP address(es) from your trusted workstations. This is how I use it
myself.
Linux Kernel 2.4x shipped with new firewall app called iptables. Please feel free to experiment it.
Again, I will not cover it here.
Setup your Networking. To test it out,
ping, ftp and telnet
are good commands to use to determine if your network
works. RH 7.2 do not have telnet daemon turn on by default. Remember to enable it, if you prefer to use it
for your test. One other thing is to remember firewall rules are there. Add your own rules or temporary disable it (as mentioned
above) to make these commands work.
Setup X. Do not setup with a
resolution higher than what the remote users are able to use for
their display. Test the X-Server by typing either
startx or telinit 5.
Make sure X is running properly.
Creates the necessary user accounts (and associated groups) for user who will access via the X-Terminal.
These are steps I used to setup the X-server for accepting XDMCP requests:
For RH 6.2, modify /etc/rc.d/init.d/xfs and make the
following changes. Change all (this is where the Font Server port):
daemon xfs -droppriv -daemon -port -1
to:
daemon xfs -droppriv -daemon -port 7100
In Mandrake 7.2, the port is already set to 7100. Also, in RH 7.x, you do not need to do this, since by default, it is, for security enhancement,
not listening to TCP port any longer! If you need to setup default font server to use, do it in /etc/X11/fs/config and add the setting there.
Different Linux distribution may put the xfs in different folder under /etc/rc.d. You may search for it if that's the case.
Modify /etc/X11/xdm/xdm-config and make the
following change. Be default (in most Linux distributions), this line is set, so that it is not listening to XDMCP connection.
This is for security reason. For Caldera using kdm, this file is at /etc/X11/kdm. Find this line:
DisplayManager.requestPort: 0
and comment it out as:
! DisplayManager.requestPort: 0
Remember, this does not affects gdm. For gdm setup, it is in the following section.
In /etc/X11/xdm/Xaccess, change this.
(this allow all hosts to connect). For Caldera using kdm, this file is at /etc/X11/kdm. Set the security to 644 (chmod 644):
#* # any host can get a login window
to:
* # any host can get a login window
xdm usually run as a local copy of X and can listen for requests from remote hosts over a network.
xdm reads its configuration files /etc/X11/xdm/xdm-config for all configuration and log files that xdm uses.
For kdm, it is a replacement of xdm and configures the same way, except its files are in /etc/X11/kdm for Caldera.
It is worth noting that the Xsession file is what runs your environment.
The gdm (Gnome Display Manager) is a re-implementation of the well known xdm.
gdm has similar functions to xdm and kdm, gdm is the Gnome Display Manager, and its configuration files are found in /etc/X11/gdm/gdm.conf.
The gdm.conf file contains sets of variables and many options for gdm, and the Sessions directory contains a script for each session option;
each script calls /etc/X11/xdm/Xsession with the appropriate option.
The above setup is in a Broadcast mode, which will list all the X-Server that are listening and willing to manage your X connection. If you only want
to allow certain connections, use the CHOOSER section in this same file. An example can be found in the Resources.
I use the gdm as default and use gdm login window to switch between KDE and GNOME. For gdm, edit /etc/X11/gdm/gdm.conf.
This activates XDMCP, causing it to listen to the request. (For kdm, if you are using KDE2, edit /usr/share/config/kdm/kdmrc
or /opt/kde2/share/config/kdm/kdmrc for Slackware version). Change this:
[xdmcp]
Enable=0
to:
Enable=1
Make sure "Port=177" is at the end of this block. For Caldera using kdm,
modify this file /usr/share/config/kdm/kdmrc.
Now edit /etc/inittab and change
the following line:
id:3:initdefault:
to:
id:5:initdefault:
Before changing this line, you can use the
telinit command (or preferably ssh command) to test prior to
modifying the line. Use either telinit 3
to set to level 3, or telinit 5 to set to
level 5, graphics mode (you can issue this command on the
second machine that telnets into this server).
Make sure the proper security of the file /etc/X11/xdm/Xservers is set to 444 (chmod 444).
Locate /etc/X11/xdm/Xsetup_0 and chmod 755
this file.
Edit the XF86Config file (if you are using XFree86 4.x, the file is XF86Config-4) at /etc/X11
and change the line, if you are using RH Linux:
FontPath "unix:-1"
to:
FontPath "unix:7100"
(You do not have to make this change. You can keep the default setting, but this is what I use. If you are not sure, leave this alone.)
Add this line to the end of /etc/inittab:
x:5:respawn:/usr/bin/gdm
You are now ready to run a test.
One other thing to know (that some users have asked) is how to display with Willing to manage message with load info As I know this is available
in xdm by adding the following to the /etc/X11/xdm/xdm-config.
DisplayManager.willing: su noboby -c /etc/X11/xdm/XWilling
and the XWilling script must exist. For gdm, add this line to the
/etc/X11/gdm/gdm.conf in [security] section:
To test if your XDMCP with X-Server is ready to accept
connections, do these steps. I find it easier using the X-Server and another machine to test it:
Restart your display manager gdm (or xdm and I am assuming you are running level 5). If you are not sure how to do this, simply reboot your system (but this
is really not necessary, if you know how to restart it using command line. That's the beauty of Linux, comparing to my Windows).
If you have not modify your firewall rules, you need to temporary disable it by using ipchains -F.
Make sure the Graphical login page comes up. Make sure the
display resolution and mouse work. Log in from the console to
see if the local access is OK. If OK, do not log off.
Setup Hummingbird Exceed to either query this machine (using
the IP address or fully qualified DNS name) or set to use XDMCP-Broadcast and try to
connect to the X server. You should see the X Session come
up and the login screen appear.