Iwd as wifi-backend has some disadvantages:
- teachers cannot add wpa-Enterprise connections with the
networkManager
- gnome-network-displays (miracast) does not work
Switching to wpa-supplicant will solve these problems.
In Linux socket paths are limited to 108 char length.
/var/tmp/vm/$UID/.config will be too long in some cases.
So we use /var/tmp/vm/$UID
/var/tmp/vm must be
- cleaned on startup
- created with sticky-bit (used by different users)
When terminating screen lock, pam_exec is called in the context of the corresponding user.
Non-root users don't have the permission to start/stop firewalld. So exit immediately.
Exam mode don't collect home-directories on localhome clients.
Deleting home of exam-users will result in potential data loss. But keeping
the home under the same name will prevent new exam at the next day.
Solution: Rename home (and /lmn/media/) of user after 12h and delete after 10d.
For working exam-mode we need to block direct internet access by firewall.
Users have to use squid-proxy on firewall, which can be disabled for exam-users.
To allow VM-traffic (anonymous user), we use a local squid server with users
kerberos-ticket to authenticate on the parent squid.
When using VMs on teacherdevices offsite, the local squid has to use direct internet access.
So we need two squid configs. When switching between offsite and onsite,
the squid has to be restartet with corresponding config.
Some Windows programs have problems with virtiofsd drives.
So that the appropriate SMB shares can be mounted directly in Windows,
a corresponding list of network drives is created before the VM starts.
Existing dolphin configs can be incorrect for two reasons:
- Instead of the class identifier, a * was incorrectly entered in the home@server URL.
- If the student has changed classes, the old class name is still in the home URL.
lmn-patch-dolphin.sh no longer enters a * in the home@server URL.
lmn-fixhome-dolphin.sh will fix existing configs.
Fixed EDID modes are set on the HDMI switch (ACER 120Hz problem).
This means that the affected PCs always see a second screen, even if beamer is off.
To avoid confusion, it must be ensured that no information is displayed on invisible devices:
- set primary screen for login dialog
- set primary screen after login
- clone screen
If the primary screen deviates from the standard, this information is maintained via inventory.
In addition, some PCs have different audio autputs than HDMI (or they have multiple HDMI outputs).
It is therefore possible to specify the audio device in the inventory.
