samba - Apr 2004 - Workaround found, .Xauthority and SMB, Mounting home directory

Hi,

Finally got this working!!

I have found a potential Workaround to the following error:
>/etc/X11/gdm/PreSession/Default: Registering your session with wtmp
>and
> utmp
> /etc/X11/gdm/PreSession/Default: running: /usr/bin/X11/sessreg -a
>-w /var/log/wtmp -u /var/run/utmp -x "/var/gdm/:0.Xservers" -h
"" -1
>":0"
>"test"
>Xlib: connection to ":0.0" refused by server
>Xlib: No protocol specified
>
Some prerequisites:
I'm running Fedora Core 1 ( stock install ) with pam_mount mounting my home 
directory on the PDC.
I'm reluctantly using GDM ( not my favorite but it will do )
Last, I'm using KDE, but GNOME works too.

First, I followed suggestions from previous posts, and did a little tweaking 
on my own, which include the following:

a) I've added the following to the user's .bash_profile:
export XAUTHORITY=/tmp/.Xauthority
export ICEAUTHORITY=/tmp/.ICEauthority

b) NOTE: gnome doesn't require this step.
I did some editing of my /usr/bin/startkde script to move all .kde and .kderc 
etc... files OUT of the home directory.  From what I can tell, limits in the 
SMBFS are not allowing kde to start successfully. (sockets??)
 This is a heavy workaround, but works nicely in our environment.
If you would like details on this fix let me know.

**Despite these changes, the above mentioned error was still appearing.**

**Here is what I've done:**

1) add the following to the file: /etc/X11/gdm/PreSession/Default

XHOST=`which xhost 2>/dev/null`
if [ "x$XHOST" != "x" ] ; then
        echo "Executing xhost +localhost.."
        exec "$XHOST" +localhost
fi

I think it's important to add this before the following line:
SESSREG=`which sessreg 2>/dev/null`
...


Essentially, I'm executing the following command: "xhost
+localhost".
I used their conventions for running a command, hence the if statement etc...

2) I'm pretty sure you need to restart GDM.

3) now go ahead and log in. It will work perfectly!!!

I don't know enough about X to give you a complete explanation for the fix, 
but using xhost in this fashion allows any user on the host
"localhost" to
connect to the X server.  Without it, the connection is refused, hence the 
error you were getting.

I would gladly accept any feedback or comments on this fix.  
I'm also very curious if anybody else tried running a GUI with their home 
directory mounted via SMBFS or NFS?

I've attempted both and found SMBFS to be a adequate.  This issue was the
last
to get over.  Now I must go through and refine different aspects
-- 
Ben Ford
Bio-Logic Aqua Technologies
5001 Lower River Rd
Grants Pass, OR 97526

800-FOR-MIST (367-6478)
ben@naturestears.com

>From what I have read, the default kerberos (v1.2.7) in Red Hat Linux 9 will
not work for Windows 2003 AD authentication/Samba.  I have looked and
searched and googled for the RPMs.  I would even settle for Fedora builds,
but I cannot even find those.  I anyone has a clue as to where I could find
them, it would be appreciated.

Thanks in advance

Hi,

just an idea:

the display manager (GDM, ...) usually stores the XAUTHORITY cookie in the 
.Xauthority file in the users' home dir. If you mount that on-the-fly, 
maybe you mount it too late ? So that .Xauthority in the user home dir is 
not accessible at this stage ? With the xhost +localhost you effectively 
circumvent X security.

I had a similar case here (though with Novell servers) and solved it and 
the KDE / GNOME problem you describe by keeping the homedir local and 
mounting the server homedir in a subdirectory of the homedir. This way the 
Linux stuff stays on the Linux side and the personal files and data stays 
on the server side.

Regards,
Schlomo

PS: BTW. If you use XDM as display manager, you can debug better because 
it is much simpler than any other display manager.
PPS: Tell please, if this helps.


On Mon, 26 Apr 2004, Ben Ford - Bio-Logic Aqua Technologies wrote:
> Hi,
> 
> Finally got this working!!
> 
> I have found a potential Workaround to the following error:
> 
> >/etc/X11/gdm/PreSession/Default: Registering your session with wtmp
> >and
> > utmp
> > /etc/X11/gdm/PreSession/Default: running: /usr/bin/X11/sessreg -a
> >-w /var/log/wtmp -u /var/run/utmp -x "/var/gdm/:0.Xservers"
-h "" -1
> >":0"
> >"test"
> >Xlib: connection to ":0.0" refused by server
> >Xlib: No protocol specified
> >
> Some prerequisites:
> I'm running Fedora Core 1 ( stock install ) with pam_mount mounting my
home
> directory on the PDC.
> I'm reluctantly using GDM ( not my favorite but it will do )
> Last, I'm using KDE, but GNOME works too.
> 
> First, I followed suggestions from previous posts, and did a little
tweaking
> on my own, which include the following:
> 
> a) I've added the following to the user's .bash_profile:
> export XAUTHORITY=/tmp/.Xauthority
> export ICEAUTHORITY=/tmp/.ICEauthority
> 
> b) NOTE: gnome doesn't require this step.
> I did some editing of my /usr/bin/startkde script to move all .kde and
.kderc
> etc... files OUT of the home directory.  From what I can tell, limits in
the
> SMBFS are not allowing kde to start successfully. (sockets??)
>  This is a heavy workaround, but works nicely in our environment.
> If you would like details on this fix let me know.
> 
> **Despite these changes, the above mentioned error was still appearing.**
> 
> **Here is what I've done:**
> 
> 1) add the following to the file: /etc/X11/gdm/PreSession/Default
> 
> XHOST=`which xhost 2>/dev/null`
> if [ "x$XHOST" != "x" ] ; then
>         echo "Executing xhost +localhost.."
>         exec "$XHOST" +localhost
> fi
> 
> I think it's important to add this before the following line:
> SESSREG=`which sessreg 2>/dev/null`
> ...
> 
> 
> Essentially, I'm executing the following command: "xhost
+localhost".
> I used their conventions for running a command, hence the if statement
etc...
> 
> 2) I'm pretty sure you need to restart GDM.
> 
> 3) now go ahead and log in. It will work perfectly!!!
> 
> I don't know enough about X to give you a complete explanation for the
fix,
> but using xhost in this fashion allows any user on the host
"localhost" to
> connect to the X server.  Without it, the connection is refused, hence the 
> error you were getting.
> 
> I would gladly accept any feedback or comments on this fix.  
> I'm also very curious if anybody else tried running a GUI with their
home
> directory mounted via SMBFS or NFS?
> 
> I've attempted both and found SMBFS to be a adequate.  This issue was
the last
> to get over.  Now I must go through and refine different aspects
> 
-- 
Regards,
Schlomo

> But, note this FACT: with the home directory mounted as SMBFS ( 
> ?which
doesn't
> support locking?) you cannot run X with the .Xauthority being written
> in
your
> home directory.  You get the following error: xauth:  error in
> locking authority file /home/ben_ford/.Xauthority
xauthority and some other tools (ice) do some strange things with hard
links to try and work better over nfs.  This breaks on smbfs unless you
are using the unix extensions.

Unfortunately, some other tools like gconf do even more stupid things
which require delete on close semantics which do not work over smbfs.
The only workaround for that is to use /tmp (or another local
filesystem) or disable locking in gconf (there are patches available and
RH might include them).

John.

-- 
John Newbigin - Computer Systems Officer
School of Information Technology
Swinburne University of Technology
Melbourne, Australia
http://www.it.swin.edu.au/staff/jnewbigin