hi,
this is not the same as http://bugs.centos.org/view.php?id=6298
I can login with ssh but not with freenx
With 6.3 this worked, I just spinned some new servers and now I can no longer use freenx.
in /var/log/messages:
pr 3 22:05:11 testthuis nxserver[3435]: (nx) Failed login for user=admin from IP=192.168.0.160 Apr 3 22:06:01 testthuis nxserver[3619]: (nx) Failed login for user=admin from IP=192.168.0.160 Apr 3 22:06:52 testthuis nxserver[3818]: (nx) Failed login for user=admin from IP=192.168.0.160
in /var/log/nx/nxserver.log:
-- NX SERVER START: -c /usr/bin/nxserver - ORIG_COMMAND= -- NX SERVER START: - ORIG_COMMAND= Info: Using fds #4 and #3 for communication with nxnode. HELLO NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected) NX> 105 hello NXCLIENT - Version 3.2.0 NX> 134 Accepted protocol: 3.2.0 NX> 105 SET SHELL_MODE SHELL NX> 105 SET AUTH_MODE PASSWORD NX> 105 login NX> 101 User: admin NX> 102 Password: Info: Closing connection to slave with pid 3761. NX> 404 ERROR: wrong password or login NX> 999 Bye
My node.conf file is a copy of the node.conf.sample file, nothing changed. I do not want to use the nx database authentication but our ldap (ipa) authentication., this has always worked until now.
I have temporarily set selinux in permissive mode but no difference.
Can anyone else reproduce this? At work we have a mirror, so I tried at home with a manually installed centos and internet upgrades. No difference.
TIA, -- Groeten, natxo
On Apr 3, 2013, at 1:16 PM, Natxo Asnjo wrote:
hi,
this is not the same as http://bugs.centos.org/view.php?id=6298
I can login with ssh but not with freenx
With 6.3 this worked, I just spinned some new servers and now I can no longer use freenx.
in /var/log/messages:
pr 3 22:05:11 testthuis nxserver[3435]: (nx) Failed login for user=admin from IP=192.168.0.160 Apr 3 22:06:01 testthuis nxserver[3619]: (nx) Failed login for user=admin from IP=192.168.0.160 Apr 3 22:06:52 testthuis nxserver[3818]: (nx) Failed login for user=admin from IP=192.168.0.160
in /var/log/nx/nxserver.log:
-- NX SERVER START: -c /usr/bin/nxserver - ORIG_COMMAND= -- NX SERVER START: - ORIG_COMMAND= Info: Using fds #4 and #3 for communication with nxnode. HELLO NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected) NX> 105 hello NXCLIENT - Version 3.2.0 NX> 134 Accepted protocol: 3.2.0 NX> 105 SET SHELL_MODE SHELL NX> 105 SET AUTH_MODE PASSWORD NX> 105 login NX> 101 User: admin NX> 102 Password: Info: Closing connection to slave with pid 3761. NX> 404 ERROR: wrong password or login NX> 999 Bye
My node.conf file is a copy of the node.conf.sample file, nothing changed. I do not want to use the nx database authentication but our ldap (ipa) authentication., this has always worked until now.
I have temporarily set selinux in permissive mode but no difference.
Can anyone else reproduce this? At work we have a mirror, so I tried at home with a manually installed centos and internet upgrades. No difference.
---- seems pretty obvious that the issue is here…
NX> 404 ERROR: wrong password or login
So the first question is can you SSH into the NX server system as user 'admin' with the same password? If you can then the problem is in /etc/pam.d/ but my money is that you can't and the issue isn't nx at all.
Craig
hi,
Thanks for taking the time to reply.
As stated in my message I can log in from ssh. And yes, the password is the same, I have verified it numerous times.
So no, that is not the problem. And as I wrote in my first message, this has always worked until 6.4. That is why I was asking if anyone else is having this same problem with a new installed 6.4.
nx is unfortunately very difficult to debug.
-- Groeten, natxo
On Wed, Apr 3, 2013 at 10:26 PM, Craig White craig.white@ttiltd.com wrote:
On Apr 3, 2013, at 1:16 PM, Natxo Asnjo wrote:
hi,
this is not the same as http://bugs.centos.org/view.php?id=6298
I can login with ssh but not with freenx
With 6.3 this worked, I just spinned some new servers and now I can no longer use freenx.
in /var/log/messages:
pr 3 22:05:11 testthuis nxserver[3435]: (nx) Failed login for user=admin from IP=192.168.0.160 Apr 3 22:06:01 testthuis nxserver[3619]: (nx) Failed login for
user=admin
from IP=192.168.0.160 Apr 3 22:06:52 testthuis nxserver[3818]: (nx) Failed login for
user=admin
from IP=192.168.0.160
in /var/log/nx/nxserver.log:
-- NX SERVER START: -c /usr/bin/nxserver - ORIG_COMMAND= -- NX SERVER START: - ORIG_COMMAND= Info: Using fds #4 and #3 for communication with nxnode. HELLO NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not
detected)
NX> 105 hello NXCLIENT - Version 3.2.0 NX> 134 Accepted protocol: 3.2.0 NX> 105 SET SHELL_MODE SHELL NX> 105 SET AUTH_MODE PASSWORD NX> 105 login NX> 101 User: admin NX> 102 Password: Info: Closing connection to slave with pid 3761. NX> 404 ERROR: wrong password or login NX> 999 Bye
My node.conf file is a copy of the node.conf.sample file, nothing
changed.
I do not want to use the nx database authentication but our ldap (ipa) authentication., this has always worked until now.
I have temporarily set selinux in permissive mode but no difference.
Can anyone else reproduce this? At work we have a mirror, so I tried at home with a manually installed centos and internet upgrades. No
difference.
seems pretty obvious that the issue is here…
NX> 404 ERROR: wrong password or login
So the first question is can you SSH into the NX server system as user 'admin' with the same password? If you can then the problem is in /etc/pam.d/ but my money is that you can't and the issue isn't nx at all.
Craig _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I have bumped the logging to debug level:
HELLO NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected) NX> 105 hello NXCLIENT - Version 3.2.0 NX> 134 Accepted protocol: 3.2.0 NX> 105 SET SHELL_MODE SHELL NX> 105 SET AUTH_MODE PASSWORD NX> 105 login NX> 101 User: admin NX> 102 Password: Info: Auth method: ssh NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected) Usage: nxserver <option> --passwd: Change password ssh_exchange_identification: Connection closed by remote host expect: spawn id exp5 not open while executing "expect { "Are you sure you want to continue connecting (yes/no)?" { send "yesr" } "assword*:" { sleep 0.3; send -- "$passwordr" } "Permission..." ("while" body line 2) invoked from within "while {1} { expect { "Are you sure you want to continue connecting (yes/no)?" { send "yesr" } "assword*:" { sleep 0.3; send -- "$passwordr" } ..." (file "/usr/bin/nxnode-login" line 69) FREENX> 716 Slave mode failed to start. Info: Closing connection to slave with pid 6358.
NX> 404 ERROR: wrong password or login NX> 999 Bye
Is it asking me to change the password?
-- Groeten, natxo
On Wed, Apr 3, 2013 at 10:34 PM, Natxo Asenjo natxo.asenjo@gmail.comwrote:
hi,
Thanks for taking the time to reply.
As stated in my message I can log in from ssh. And yes, the password is the same, I have verified it numerous times.
So no, that is not the problem. And as I wrote in my first message, this has always worked until 6.4. That is why I was asking if anyone else is having this same problem with a new installed 6.4.
nx is unfortunately very difficult to debug.
-- Groeten, natxo
On Wed, Apr 3, 2013 at 10:26 PM, Craig White craig.white@ttiltd.comwrote:
On Apr 3, 2013, at 1:16 PM, Natxo Asnjo wrote:
hi,
this is not the same as http://bugs.centos.org/view.php?id=6298
I can login with ssh but not with freenx
With 6.3 this worked, I just spinned some new servers and now I can no longer use freenx.
in /var/log/messages:
pr 3 22:05:11 testthuis nxserver[3435]: (nx) Failed login for
user=admin
from IP=192.168.0.160 Apr 3 22:06:01 testthuis nxserver[3619]: (nx) Failed login for
user=admin
from IP=192.168.0.160 Apr 3 22:06:52 testthuis nxserver[3818]: (nx) Failed login for
user=admin
from IP=192.168.0.160
in /var/log/nx/nxserver.log:
-- NX SERVER START: -c /usr/bin/nxserver - ORIG_COMMAND= -- NX SERVER START: - ORIG_COMMAND= Info: Using fds #4 and #3 for communication with nxnode. HELLO NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not
detected)
NX> 105 hello NXCLIENT - Version 3.2.0 NX> 134 Accepted protocol: 3.2.0 NX> 105 SET SHELL_MODE SHELL NX> 105 SET AUTH_MODE PASSWORD NX> 105 login NX> 101 User: admin NX> 102 Password: Info: Closing connection to slave with pid 3761. NX> 404 ERROR: wrong password or login NX> 999 Bye
My node.conf file is a copy of the node.conf.sample file, nothing
changed.
I do not want to use the nx database authentication but our ldap (ipa) authentication., this has always worked until now.
I have temporarily set selinux in permissive mode but no difference.
Can anyone else reproduce this? At work we have a mirror, so I tried at home with a manually installed centos and internet upgrades. No
difference.
seems pretty obvious that the issue is here…
NX> 404 ERROR: wrong password or login
So the first question is can you SSH into the NX server system as user 'admin' with the same password? If you can then the problem is in /etc/pam.d/ but my money is that you can't and the issue isn't nx at all.
Craig _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I have removed nx and freenx, installed the nomachine packages and everything *just works*.
I very much would prefer to use freenx, though. -- Groeten, natxo
Natxo Asenjo wrote:
I have removed nx and freenx, installed the nomachine packages and everything *just works*.
I very much would prefer to use freenx, though.
Could there have been some crypto as the problem? Where did you install from (remembering US idiot crypto export regs).
mark
hi,
thanks for replying.
I live in The Netherlands, so I suppose the mirror was automatically chosen in Europe at least. Sorry, I did not pay attention to that. Is there a logfile where I can look that up? in yum.log I can only see that packages get installed/removed.
-- Groeten, natxo
On Wed, Apr 3, 2013 at 11:26 PM, m.roth@5-cent.us wrote:
Natxo Asenjo wrote:
I have removed nx and freenx, installed the nomachine packages and everything *just works*.
I very much would prefer to use freenx, though.
Could there have been some crypto as the problem? Where did you install from (remembering US idiot crypto export regs).
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Wed, Apr 3, 2013 at 4:13 PM, Natxo Asenjo natxo.asenjo@gmail.com wrote:
I have removed nx and freenx, installed the nomachine packages and everything *just works*.
I very much would prefer to use freenx, though.
Freenx defaults to generating a unique client.id_dsa.key - did you install that in the client for each target?
-- Les Mikesell lesmikesell@gmail.com
hi,
thanks for taking the time to reply.
Yes, I copied the client key. I have followed the wiki instructions except
ENABLE_PASSDB_AUTHENTICATION="1"
and adding the users to it with nxserver --adduser
because we are not interested in that, we use ldap users and that has worked since like for ever, I no longer remember.
-- Groeten, natxo
On Wed, Apr 3, 2013 at 4:35 PM, Natxo Asenjo natxo.asenjo@gmail.com wrote:
thanks for taking the time to reply.
Yes, I copied the client key. I have followed the wiki instructions except
ENABLE_PASSDB_AUTHENTICATION="1"
and adding the users to it with nxserver --adduser
because we are not interested in that, we use ldap users and that has worked since like for ever, I no longer remember.
What wiki instructions? I just 'yum install freenx' and copy the key to the client. I assumed the real logins (after the key-authenticated nx user) went through pam. Are you seeing anything failing in /var/log/secure?
-- Les Mikesell lesmikesell@gmail.com
1st hit on google centos freenx: http://wiki.centos.org/HowTos/FreeNX
in /var/log/secure I just see this:
Apr 3 23:58:55 testthuis sshd[3803]: Accepted publickey for nx from 192.168.0.160 port 57095 ssh2 Apr 3 23:58:55 testthuis sshd[3803]: pam_unix(sshd:session): session opened for user nx by (uid=0) Apr 3 23:58:59 testthuis sshd[3803]: pam_unix(sshd:session): session closed for user nx
-- Groeten, natxo
On Wed, Apr 3, 2013 at 11:43 PM, Les Mikesell lesmikesell@gmail.com wrote:
On Wed, Apr 3, 2013 at 4:35 PM, Natxo Asenjo natxo.asenjo@gmail.com wrote:
thanks for taking the time to reply.
Yes, I copied the client key. I have followed the wiki instructions
except
ENABLE_PASSDB_AUTHENTICATION="1"
and adding the users to it with nxserver --adduser
because we are not interested in that, we use ldap users and that has worked since like for ever, I no longer remember.
What wiki instructions? I just 'yum install freenx' and copy the key to the client. I assumed the real logins (after the key-authenticated nx user) went through pam. Are you seeing anything failing in /var/log/secure?
-- Les Mikesell lesmikesell@gmail.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
hi,
is it possible for someone to spin a new vm with centos 6.4 and the gnome desktop environment, then install freenx and nx and confirm that it works or that it does (or does not) work?
That would be very helpful.
-- Groeten, natxo
All,
As a side note, I just spun up a bare metal box and it is running FreeNX just fine against KDE for me... I hadn't tried GNOME - but seems to work for me...
On Fri, 5 Apr 2013, Natxo Asenjo wrote:
hi,
is it possible for someone to spin a new vm with centos 6.4 and the gnome desktop environment, then install freenx and nx and confirm that it works or that it does (or does not) work?
That would be very helpful.
-- Groeten, natxo _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Scot P. Floess RHCT (Certificate Number 605010084735240) Chief Architect FlossWare http://sourceforge.net/projects/flossware http://flossware.sourceforge.net https://github.com/organizations/FlossWare
thanks for your input
-- Groeten, natxo
On Fri, Apr 5, 2013 at 1:43 PM, Scot P. Floess sfloess@nc.rr.com wrote:
All,
As a side note, I just spun up a bare metal box and it is running FreeNX just fine against KDE for me... I hadn't tried GNOME - but seems to work for me...
On Fri, 5 Apr 2013, Natxo Asenjo wrote:
hi,
is it possible for someone to spin a new vm with centos 6.4 and the gnome desktop environment, then install freenx and nx and confirm that it works or that it does (or does not) work?
That would be very helpful.
-- Groeten, natxo _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Scot P. Floess RHCT (Certificate Number 605010084735240) Chief Architect FlossWare http://sourceforge.net/projects/flossware http://flossware.sourceforge.net https://github.com/organizations/FlossWare _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Very welcome...
So, I just tried GNOME and sure enough it is -not- working for me either...
I'm using CentOS 64 x86_64, NoMachine as a client and FreeNX on the server. KDE is working...
I am seeing this in /var/log/messages:
Apr 5 10:05:47 centos-host-0 gnome-session[5181]: WARNING: No required applications specified
If you google for
gnome-session "no required applications specified"
You may see something that is related to the problem. I'm pretty busy today so don't have time to look into this (and don't really use GNOME anyway)...
This may be of value (from the aforementioned google search): http://www.mail-archive.com/blfs-support@linuxfromscratch.org/msg13287.html
Flossy
On Fri, 5 Apr 2013, Natxo Asenjo wrote:
thanks for your input
-- Groeten, natxo
On Fri, Apr 5, 2013 at 1:43 PM, Scot P. Floess sfloess@nc.rr.com wrote:
All,
As a side note, I just spun up a bare metal box and it is running FreeNX just fine against KDE for me... I hadn't tried GNOME - but seems to work for me...
On Fri, 5 Apr 2013, Natxo Asenjo wrote:
hi,
is it possible for someone to spin a new vm with centos 6.4 and the gnome desktop environment, then install freenx and nx and confirm that it works or that it does (or does not) work?
That would be very helpful.
-- Groeten, natxo _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Scot P. Floess RHCT (Certificate Number 605010084735240) Chief Architect FlossWare http://sourceforge.net/projects/flossware http://flossware.sourceforge.net https://github.com/organizations/FlossWare _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Scot P. Floess RHCT (Certificate Number 605010084735240) Chief Architect FlossWare http://sourceforge.net/projects/flossware http://flossware.sourceforge.net https://github.com/organizations/FlossWare
On Wed, Apr 3, 2013 at 10:16 PM, Natxo Asenjo natxo.asenjo@gmail.comwrote:
Following up a bit late on this, I found out the issue with the failing freenx sessions centos 6.4.
We have a growing freeipa infrastructure (http://freeipa.org), using the identity management solution delivered by RHEL. ,A colleague installed a host and before joining it to the domain, installed freenx. It worked. So that made me think that the problem was not with freenx but with freeipa.
Indeed, a joined host to a freeipa domain gets a few options on its ssh client and server config files:
# diff ssh_config ssh_config.ipa 48a49,52
GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts PubkeyAuthentication yes ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
# diff sshd_config sshd_config.ipa 81d80 < GSSAPIAuthentication yes 97d95 < UsePAM yes 139a138,143
KerberosAuthentication no PubkeyAuthentication yes UsePAM yes GSSAPIAuthentication yes AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
If we revert the ssh_config and sshd_config files and join the hosts, freenx works again.
We lose the known_hosts integration but we already were doing that witch cfengine. For other environments this could be an issue.
I will contact the freeipa guys about this issue, but provided freenx is not a part of RHEL, I do not think they will see this as their problem.
We'll see.
-
Craig White -
Les Mikesell -
m.roth@5-cent.us -
Natxo Asenjo -
Scot P. Floess