Natxo Asenjo
2013-Apr-03 20:16 UTC
[CentOS] freenx not working with newly installed centos 6.4
hi, this is not the same as http://bugs.centos.org/view.php?id=6298 I can login with ssh but not with freenx With 6.3 this worked, I just spinned some new servers and now I can no longer use freenx. in /var/log/messages: pr 3 22:05:11 testthuis nxserver[3435]: (nx) Failed login for user=admin from IP=192.168.0.160 Apr 3 22:06:01 testthuis nxserver[3619]: (nx) Failed login for user=admin from IP=192.168.0.160 Apr 3 22:06:52 testthuis nxserver[3818]: (nx) Failed login for user=admin from IP=192.168.0.160 in /var/log/nx/nxserver.log: -- NX SERVER START: -c /usr/bin/nxserver - ORIG_COMMAND-- NX SERVER START: - ORIG_COMMANDInfo: Using fds #4 and #3 for communication with nxnode. HELLO NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected) NX> 105 hello NXCLIENT - Version 3.2.0 NX> 134 Accepted protocol: 3.2.0 NX> 105 SET SHELL_MODE SHELL NX> 105 SET AUTH_MODE PASSWORD NX> 105 login NX> 101 User: admin NX> 102 Password: Info: Closing connection to slave with pid 3761. NX> 404 ERROR: wrong password or login NX> 999 Bye My node.conf file is a copy of the node.conf.sample file, nothing changed. I do not want to use the nx database authentication but our ldap (ipa) authentication., this has always worked until now. I have temporarily set selinux in permissive mode but no difference. Can anyone else reproduce this? At work we have a mirror, so I tried at home with a manually installed centos and internet upgrades. No difference. TIA, -- Groeten, natxo
Craig White
2013-Apr-03 20:26 UTC
[CentOS] freenx not working with newly installed centos 6.4
On Apr 3, 2013, at 1:16 PM, Natxo Asnjo wrote:> hi, > > this is not the same as http://bugs.centos.org/view.php?id=6298 > > I can login with ssh but not with freenx > > With 6.3 this worked, I just spinned some new servers and now I can no > longer use freenx. > > in /var/log/messages: > > pr 3 22:05:11 testthuis nxserver[3435]: (nx) Failed login for user=admin > from IP=192.168.0.160 > Apr 3 22:06:01 testthuis nxserver[3619]: (nx) Failed login for user=admin > from IP=192.168.0.160 > Apr 3 22:06:52 testthuis nxserver[3818]: (nx) Failed login for user=admin > from IP=192.168.0.160 > > in /var/log/nx/nxserver.log: > > -- NX SERVER START: -c /usr/bin/nxserver - ORIG_COMMAND> -- NX SERVER START: - ORIG_COMMAND> Info: Using fds #4 and #3 for communication with nxnode. > HELLO NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected) > NX> 105 hello NXCLIENT - Version 3.2.0 > NX> 134 Accepted protocol: 3.2.0 > NX> 105 SET SHELL_MODE SHELL > NX> 105 SET AUTH_MODE PASSWORD > NX> 105 login > NX> 101 User: admin > NX> 102 Password: > Info: Closing connection to slave with pid 3761. > NX> 404 ERROR: wrong password or login > NX> 999 Bye > > My node.conf file is a copy of the node.conf.sample file, nothing changed. > I do not want to use the nx database authentication but our ldap (ipa) > authentication., this has always worked until now. > > I have temporarily set selinux in permissive mode but no difference. > > Can anyone else reproduce this? At work we have a mirror, so I tried at > home with a manually installed centos and internet upgrades. No difference.---- seems pretty obvious that the issue is here?> NX> 404 ERROR: wrong password or loginSo the first question is can you SSH into the NX server system as user 'admin' with the same password? If you can then the problem is in /etc/pam.d/ but my money is that you can't and the issue isn't nx at all. Craig
m.roth at 5-cent.us
2013-Apr-03 21:26 UTC
[CentOS] freenx not working with newly installed centos 6.4
Natxo Asenjo wrote:> I have removed nx and freenx, installed the nomachine packages and > everything *just works*. > > I very much would prefer to use freenx, though. > --Could there have been some crypto as the problem? Where did you install from (remembering US idiot crypto export regs). mark
Les Mikesell
2013-Apr-03 21:26 UTC
[CentOS] freenx not working with newly installed centos 6.4
On Wed, Apr 3, 2013 at 4:13 PM, Natxo Asenjo <natxo.asenjo at gmail.com> wrote:> I have removed nx and freenx, installed the nomachine packages and > everything *just works*. > > I very much would prefer to use freenx, though.Freenx defaults to generating a unique client.id_dsa.key - did you install that in the client for each target? -- Les Mikesell lesmikesell at gmail.com
Natxo Asenjo
2013-Apr-03 21:35 UTC
[CentOS] freenx not working with newly installed centos 6.4
hi, thanks for taking the time to reply. Yes, I copied the client key. I have followed the wiki instructions except ENABLE_PASSDB_AUTHENTICATION="1" and adding the users to it with nxserver --adduser because we are not interested in that, we use ldap users and that has worked since like for ever, I no longer remember. -- Groeten, natxo
Natxo Asenjo
2013-Apr-03 21:38 UTC
[CentOS] freenx not working with newly installed centos 6.4
hi, thanks for replying. I live in The Netherlands, so I suppose the mirror was automatically chosen in Europe at least. Sorry, I did not pay attention to that. Is there a logfile where I can look that up? in yum.log I can only see that packages get installed/removed. -- Groeten, natxo On Wed, Apr 3, 2013 at 11:26 PM, <m.roth at 5-cent.us> wrote:> Natxo Asenjo wrote: > > I have removed nx and freenx, installed the nomachine packages and > > everything *just works*. > > > > I very much would prefer to use freenx, though. > > -- > Could there have been some crypto as the problem? Where did you install > from (remembering US idiot crypto export regs). > > mark > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
Natxo Asenjo
2013-May-22 12:27 UTC
[CentOS] freenx not working with newly installed centos 6.4
On Wed, Apr 3, 2013 at 10:16 PM, Natxo Asenjo <natxo.asenjo at gmail.com>wrote: Following up a bit late on this, I found out the issue with the failing freenx sessions centos 6.4. We have a growing freeipa infrastructure (http://freeipa.org), using the identity management solution delivered by RHEL. ,A colleague installed a host and before joining it to the domain, installed freenx. It worked. So that made me think that the problem was not with freenx but with freeipa. Indeed, a joined host to a freeipa domain gets a few options on its ssh client and server config files: # diff ssh_config ssh_config.ipa 48a49,52> GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts > PubkeyAuthentication yes > ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h# diff sshd_config sshd_config.ipa 81d80 < GSSAPIAuthentication yes 97d95 < UsePAM yes 139a138,143> KerberosAuthentication no > PubkeyAuthentication yes > UsePAM yes > GSSAPIAuthentication yes > AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeysIf we revert the ssh_config and sshd_config files and join the hosts, freenx works again. We lose the known_hosts integration but we already were doing that witch cfengine. For other environments this could be an issue. I will contact the freeipa guys about this issue, but provided freenx is not a part of RHEL, I do not think they will see this as their problem. We'll see. -- groet, natxo