# Using a Linux desktop at WUR

## Starting point

- Want to use Linux on the desktop
- Ubuntu Noble 24.04 LTS
- Access to various WUR services is required

## Hardware

- Standard Lenovo Thinkpad L13 Gen3 (13 inch Thinkpad) from Servicepoint IT
- Lenovo Thinkpad Universal USB-C Dock from Servicepoint IT
- Multiple (Philips 24") displays attached to the Dock, also from Servicepoint IT

### OS: Ubuntu Linux

Requested a laptop from Servicepoint IT with SecureBoot disabled, which makes it possible to install everything yourself.

Regular Ubuntu install from USB drive seems to support all hardware. You need to wipe the partition table before starting the installer, otherwise the installer will error on the BitLocker partition from the previous Windows install. Note: this means that you also cannot use dual boot with a Windows install supported by IT support.

### Display drivers

The external monitors connected to the Dock don't work until you install the required drivers from Displaylink.

Refs:
- https://www.synaptics.com/products/displaylink-graphics/downloads/ubuntu

## Software

### Microsoft Teams

There is no longer a Teams application for Linux. Microsoft refers (on some places) to the PWA. Open the website using a supported browser (Google Chrome) and login. It will offer you an 'Install' button somewhere, which allows you to add it as if it is a desktop application.

Refs:
- https://learn.microsoft.com/en-us/microsoftteams/get-clients?tabs=Windows#browser-client

### VPN 

#### Openconnect VPN

- Openconnect supports forticlient VPN connections and can be configured through the Gnome Network dialog. Install `network-manager-openconnect-gnome` using `apt-get`. The add a new network connetcion in Settings-> Network -> VPN. Choose Multi-protocol VPN (openconnect), then: protocol=Fortinet SSL VPN, token mode=TOTP.

#### Alternative: OpenFortiVPN

- `openfortivpn` is an open source VPN client that works with Forticlient VPNs. Install `openfortivpn` using `apt-get` and wrap it with a simple shell script to be able request OTP tokens, and then execute as `root`:

`$HOME/bin/wur-ssl-vpn`:
```sh
#!/bin/sh
set -e

TOKEN=$(echo "SETPROMPT WUR-SSL-VPN\nSETDESC Please enter the OTP token:\nGETPIN\n" | pinentry | grep '^D ' | cut -c 3-)

if test -z "$TOKEN"; then
    echo No OTP token supplied
    exit 1
fi

sudo /usr/bin/openfortivpn \
    --config $HOME/.openfortivpn.cfg \
    --otp $TOKEN
```

`~/.openfortivpn.cfg`:
```
host = mol02.wur.nl
port = 443
username = <redacted username @wur.nl>
password = <redacted password>
```

`/etc/sudoers.d/openfortivpn`:
```
%adm ALL=NOPASSWD:SETENV: /usr/bin/openfortivpn *
```

Refs:
- https://github.com/adrienverge/openfortivpn
- https://support.wur.nl/esc?id=kb_article&table=kb_knowledge&sysparm_article=KB0010661&sys_kb_id=58461d39c3dcca18ce1098a4e40131d2&spa=1

#### Fortinet VPN Agent (does not work!)

- Fortinet needs `libgconf-2.4` which is no longer available for Mantic. Download missing packages from http://archive.ubuntu.com/ubuntu/pool/universe/g/gconf/, I took the newest versions of the packages that APT required. I only needed `libgconf-2-4` and `gconf2-common`. Use `sudo apt install --mark-auto ./gconf2-common*.deb` to install, then try `sudo apt install forticlient` again.

- If you get an error 'Backup DNS failed' while connecting, you actually need to change the name of your wifi access point. It should not contain any 'special characters' :(

- BLOCKER: The FortiClient can be used for a month, then it needs to be registered through the supplier. I contacted WUR Supportdesk, and in the end Marc Verstraaten reported that there is no support for registering Forticlient for BYOD.

Refs:
- https://support.wur.nl/esc?id=kb_article&table=kb_knowledge&sysparm_article=KB0010661&sys_kb_id=58461d39c3dcca18ce1098a4e40131d2&spa=1 (Manual: installing Forticlient VPN on your own Windows /Mac / Linux pc)
- https://repo.fortinet.com/ (repo instructions)
- https://2h3ph3rd.medium.com/how-to-install-libgconf-2-4-on-ubuntu-23-10-fec6bda8d5f5
- https://community.fortinet.com/t5/Support-Forum/Backup-DNS-Failed-in-Ubuntu-22-04/td-p/286446


### VMWare Horizon / MyWorkspace

Install the Linux client from the VMWare website, then follow the config as described for Windows. Ignore warnings about display server protocols not being supported (wayland vs x11).

- https://support.wur.nl/esc?id=kb_article_view&sys_kb_id=2ba6d124c32f1190ce1098a4e4013114
- https://support.wur.nl/esc?id=kb_article_view&sysparm_article=KB0011442&sys_kb_id=cacdd5a9c33c0ed4ce1098a4e40131e7&spa=1 (MyWorkSpace for a Windows PC)

#### MyProjects

If you only need VMWare Horizon to access Myprojects (like me), you can also use the webinterface, accessible from Intranet -> Applications (in sidebar) -> MyProjects.

Refs:
- https://intranet.wur.nl/
- https://workspace.wur.nl/portal/webclient/#/launchitems

### E-mail 

#### Outlook PWA

- Visit https://outlook.office365.com/mail/ with Google Chrome, Click install as PWA from the address bar.

#### Alternative: Evolution

Just follow the instruction on Support.

- https://support.wur.nl/esc?id=kb_article&table=kb_knowledge&sysparm_article=KB0010384 (Manual: Setting up WUR email in Evolution with WUR Passcode (Linux))


## Other

### Mounting network shares

You can access the `M:` and `W:` network shares. The easiest way to acces is using the Files (the Gnome file/directory browser). Choose `Other locations` from te left menu and type the share in the Connect dialog. The path is: `smb://wurnet.nl/homes/<username>` (username = your Windows network username, e.g. `janse123`). In the next dialog, enter username, password, and set the domain to `wurnet.nl`.  

You need to use a VPN connection, otherwise access to the network shares is denied. This will give you the unhelpful error message  `Failed to mount Windows share: invalid argument`.

Refs:
- https://lug.wur.nl/index.php?title=File_shares
- https://support.wur.nl/esc?id=kb_article_view&sysparm_article=KB0011365&sys_kb_id=abeb04828304c6146d06f665eeaad3c6&spa=1 (Manual: Access network drives on a Mac)

### Printing

> This does not work for me anymore, error in CUPS webinterface is "Session setup failed: NT_STATUS_NOT_SUPPORTED". As I try to print only 4 times a year, I didn't bother to find out why. (checked: 2025-03-03)

There is no way to add a printer manually anymore from the settings GUI. However, the CUPS webinterface does allow this. Visit http://localhost:631 and add a printer as instructed. When you print a test page, the job will say "Filter failed". Edit the cups config file as in the other ref, and add the authentication stanza. Then release the job, it will ask for authentication. Use your credentials as in the support docs.

Refs:
- https://support.wur.nl/esc?id=kb_article&table=kb_knowledge&sysparm_article=KB0013401&sys_kb_id=624fe8d6c35e7510ce1098a4e40131a2&spa=1 (Printing using linux)
- https://bbs.archlinux.org/viewtopic.php?id=249193