Running vncserver on Fedora Core 10 with gdm

 in

Fedora Core 10 introduces several new features, and as with all new releases, several new frustrations. In this how-to, I cover the steps needed to get vncserver up and running, so you can connect to your GNOME-based desktop.

First, Core 10 is more secure out of the box than any prior version of the Fedora operating system. How secure? It installs both iptables and SELinux by default, and it does not give you the option not to install them or turn them off initially. If you are unfamiliar with these, especially SELinux, you should read up on them. It has been ten years since I last worked with SELinux, so I need to get back to the books...er...wikis.

Second, vncserver does not install by default, nor do the twm or xterm applications that the default configuration of vncserver uses.

So, first, install the package(s). I did a simple yum install vncserver xterm twm.

Then, run vncserver (for the initial connection, I always take the defaults just to make sure it installed correctly):


[admin@core ~]$ vncserver

You will require a password to access your desktops.

Password:
Verify:
xauth: creating new authority file /home/admin/.Xauthority

New 'core.lab.foo.bar:1 (admin)' desktop is core.lab.foo.bar:1

Creating default startup script /home/admin/.vnc/xstartup
Starting applications specified in /home/admin/.vnc/xstartup
Log file is /home/admin/.vnc/core.lab.foo.bar:1.log

If you look in the .vnc directory, you'll find the xstartup script. In my case, it contains the following:


[admin@core .vnc]$ cat xstartup
#!/bin/sh

vncconfig -iconic &
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

Fire up your VNC viewer (I use Real VNC on my Windows machines) and…oops, cannot connect—remember that point about the firewalls? You need to add the ports to your iptables:

iptables -A INPUT -p tcp --destination-port 5901 --source x.x.x.x/xx -j ACCEPT

(where the xxx.xxx.xxx.xxx/xx is the CIDR address range to allow, so 192.168.0.0/24, for example). Now I can connect, but the twm is not the most enlightening window manager in the toolbox, especially since I spent time installing all those really cool widgets and games into GNOME (and KDE, your choice—I use both equally well).

In the old days, it was a simple matter of commenting out the xterm and twm & and replacing them with gnome-sessions & (or gdm &, more recently). If you do that, well, you get some interesting errors:


[admin@core .vnc]$ cat core.lab.foo.bar:1.log

Xvnc Free Edition 4.1.3
Copyright (C) 2002-2008 RealVNC Ltd.
See http://www.realvnc.com for information on VNC.
Underlying X server release 10503000,

Wed Feb 25 08:52:53 2009
vncext: VNC extension running!
vncext: Listening for VNC connections on port 5901
vncext: created VNC server for screen 0

** (gdm-binary:3164): WARNING **: Failed to acquire org.gnome.DisplayManager: Connection ":1.47" is not allowed to own the service "org.gnome.DisplayManager" due to security policies in the configuration file

** (gdm-binary:3164): WARNING **: Could not acquire name; bailing out

And, if you connect, you get a lovely gray screen and the xterm window—not exactly what you were expecting.

Now, perhaps I have been setting it up wrong all these years, but if you follow the directions in xstartup and uncomment the lines for normal desktop:


[admin@core .vnc]$ cat xstartup
#!/bin/sh

vncconfig -iconic &
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER #<-- uncomment
exec /etc/X11/xinit/xinitrc #<-- uncomment

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
#twm &

you are up and running in no time (although you still might get a few X-related display errors in the log files).

______________________

David Lane, KG4GIY is a member of Linux Journal's Editorial Advisory Panel and the Control Op for Linux Journal's Virtual Ham Shack

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Awesome!

Anonymous's picture

Thank you SO MUCH for spamming my internet with the one millionth article instructing me on how to do something that fedora pretty much does automatically. Now what I want to do is let students at my school use a windows vnc client to logon on to THEIR OWN account. Why is it that not *one* of you linux blow-hards has figured out how to do this?

Don't tell me about ltsp - they have no clue! No the answer is not at Fedora's forums - they have no clue! The answer is most definitely not to be found by googling - Why do I keep reading about imaginary files on my system like /etc/X11/gdm.conf if I'm using the same OS as the author? I even found one clown claiming to have combined ltsp, vnc logons and Fedora 10 only to find his install guide involves overwriting an ALREADY WORKING dhcp and network setup with an imaginary network card that clients can't actually connect to, as such.

Now I know you get what you pay for and all that so I guess I'm going to have to choose between the students paying microsoft for the privilege of using dysfunctional software or me paying for your hubris with my own job.

What would you choose?

'Your' internet? Blow-hards?

Wahalle's picture

'Your' internet? Blow-hards? Are you an AOL user? But I digress. If what you want is 'terminal services' from Linux, then the LTSP is the most mature offering in the FOSS realm, despite your misgivings. If overwriting an 'already working' networking setup is unpalatable to you, and you don't have spare hardware, run a Xen virtual host (Xen kernels available in|built-in to Fedora since Core 3 IIRC) - or even download the free VMWare Server product for Linux and run a virtual machine in there. Run multiple virtual machines on an internal virtual mini LAN on either one of the above solutions. Experiment inside this 'sandbox' until you get it right.

Linux isn't about canned solutions, it's about customization and freedom to do things the way *you* want|need them done. If that means learning a bit about the underlying OS (try the 'man' command), and you aren't comfortable with that, then go pay the M$ tax. Or, even better, if you are damned and determined to pay for a canned solution, get Macs. You allude to being an educational institution, and thus are eligible for Apple's education discounts. Mac OSX Server since 10.4 has had canned solutions for what you want: VNC terminal services, point-and-click interface for setup and accounts, integration with Windows AD domains, etc., etc.

Stop whining about a lack of documentation. These 'how tos' are written by people who implemented their own solution. If you were anything like a real (UNIX) Systems Administrator, you would figure it out yourself and then enlighten the rest of us with a thoughtful article.

comments

Boxing equipment's picture

fedora seems good to use with. i think it will be a great revolution in coming future..

comments

sarah jane furniture's picture

i have not used this fedora till now. but i know it will perform better whenever will be used....

This one is not easily

car pictures's picture

This one is not easily understandable by the non developers. But quite an interesting one site for use. Continue giving such an information.

Convoluted I know

David Lane's picture

Yes, this one was a bit tricky (and the web site is being flaky and not showing the formatting which doesn't help - we are working on that).

This is one of those cases where I spent a bit of time on a couple of other sites compiling the solution into one place. If you use VNC especially as an old time user, it makes perfect sense (at least it should...). If I can be clearer or answer something specific, post a follow up.

David Lane, KG4GIY is a member of Linux Journal's Editorial Advisory Panel and the Control Op for Linux Journal's Virtual Ham Shack

It's Fedora and not Fedora

Anonymous's picture

It's Fedora and not Fedora Core since Fedora 7 (Fedora Extras was merge with Fedora Core).

> SELinux, so I need to get back to the books...er...wikis.

A good help^W book : http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/

O'Reilly too.

David Lane's picture

Thanks for the pointer. I have the O'Reilly book from the dark ages too.

David Lane, KG4GIY is a member of Linux Journal's Editorial Advisory Panel and the Control Op for Linux Journal's Virtual Ham Shack

what about gdm?

Anonymous's picture

Running vncserver as a user will get you a gnome desktop login, but it doesn't present you with the actual GDM login manager at all. Is there an easy way to get the actual login screen so that any user can log in via vnc?

VNC is not RDP

David Lane's picture

Remember that VNC has its own security model, and functionally by-passes the login screen because it assumes you have already entered your "strong" password when you launched the vncserver the first time.

If you are used to the RDP protocol, it is essentially acting as a terminal client and presenting you with the login etc. VNC doesn't do that. It will prompt you with the password to YOUR desktop, not a general sever login.

For terminal access, I believe you need the Linux Terminal Project...

David Lane, KG4GIY is a member of Linux Journal's Editorial Advisory Panel and the Control Op for Linux Journal's Virtual Ham Shack

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState