[FreeNX-kNX] CentOS5 Freenx installation won't start and /var/log/nxserver.log is empty

Joseph Thames beartham at gmail.com
Thu Feb 12 23:32:45 UTC 2009 

> Date: Sat, 7 Feb 2009 01:19:53 +0100
> From: Terje Andersen <terander at guard.zapto.org>
> Subject: Re: [FreeNX-kNX] CentOS5 Freenx installation won't start and
>        /var/log/nxserver.log is empty
> To: freenx-knx at kde.org
> Message-ID: <20090207011953.b9f5dfe7.terander at guard.zapto.org>
> Content-Type: text/plain; charset=US-ASCII
>
> On Fri, 6 Feb 2009 12:35:58 -0700
> Joseph Thames <beartham at gmail.com> wrote:
>
> > Hello,
> >
>
> Hi there :-)
>
> > I am configuring two 64-bit VPS platforms for KDE-based SaaS products,
> one
> > Ubuntu 8.04 and one CentOS 5. After about two weeks work, with assistance
> of
> > Marcelo Shima, and my VPS vendor, I finally got Freenx working on the
> Ununtu
> > platform. The problem was pseudo-terminals, and we had to disable udev,
> as
> > Ubuntu's *expect *apparently requires static ptys in /dev.
> >
>
> Hmm, never seen this issue on *buntu before.
>
> > On the client-side I am using the NXclient downloaded from the NoMachine
> > website. I have now tested and configured the KDE 3.5 desktop on the
> Ubuntu
> > server from my 32-bit Fedora 8 client box.
> >
> > So far I have been unable to login to the CentOS 5 Freenx, from the
> Fedora
> > client. The client-side message was:
> >
> > The NX service is not available or the NX access was disabled on host
> > 174.136.0.134
> >
> > And the details were:
> >
> > NX> 203 NXSSH running with pid: 10548
> > NX> 285 Enabling check on switch command
> > NX> 285 Enabling skip of SSH config files
> > NX> 285 Setting the preferred NX options
> > NX> 200 Connected to address: 174.136.0.134 on port: 22
> > NX> 202 Authenticating user: nx
> > NX> 208 Using auth method: publickey
> > NX> 204 Authentication failed.
> >
> > Here are some of the things I have tried:
> >
> >    1. NX_LOG_LEVEL=6 (debugging), but I get an empty
> /var/log/nxserver.log,
> >    even though it's owner is nx and group is  root, and I chmod'd it to
> 660.
> >    2. SESSION_LOG_CLEAN=0 to enable the temporary log
> >    ($HOME/.nx/C-<hostname>-<display>-<session_id>), but the .nx
> subdirectory
> >    does not appear after I tried the client login,
> >    3. From an ssh session of user 'bear' on the server, I executed:
> >     echo "<password>" | /usr/bin/nxnode-login -- ssh "bear" "22" >>
> >    "/usr/bin/nxnode" --check
> >    response:
> >    -bash: /usr/bin/nxnode: Permission denied
> >    4. Also from user 'bear' on the server:
> >    [bear at xeon ~]$ nxagent :1000
> >    response:
> >    NXAGENT - Version 3.2.0
> >
> >    Copyright (C) 2001, 2007 NoMachine.
> >    See http://www.nomachine.com/ for more information.
> >
> >    Info: Agent running with pid '31880'.
> >    Session: Starting session at 'Fri Feb  6 10:11:00 2009'.
> >    Error: Aborting session with 'Unable to open display '''.
> >    Session: Aborting session at 'Fri Feb  6 10:11:00 2009'.
> >    Session: Session aborted at 'Fri Feb  6 10:11:00 2009'.
> >
> > I installed Freenx on the CentOS VPS as recommend from the CentOS wiki
> Howto
> > on FreeNX. <http://wiki.centos.org/HowTos/FreeNX?highlight=%28Freenx%29>
> > Now I am about to try its next recommendation (2. Key-based
> authentication),
> > disabling ssh Password Authentication and setting
> > ENABLE_PASSDB_AUTHENTICATION="1" in node.conf to utilize the PASSDB
> > authentication approach.; then requiring --adduser and --passwd for each
> > user.
> >
> > I didn't have to do this on Unbuntu. So I would rather not, if there is
> > another way.
> >
> > Any other recommendations, anyone?
> >
>
> 1) Try (as root):
> /usr/bin/nxsetup --test
>
> examine the output from that one


Here is the result:

[root at xeon ~]# /usr/bin/nxsetup --test

----> Testing your nxserver configuration ...
Warning: Could not find nxdesktop in /usr/bin. RDP sessions won't work.
Warning: Could not find nxviewer in /usr/bin. VNC sessions won't work.
Warning: Invalid value
"APPLICATION_LIBRARY_PRELOAD=/usr/lib/libX11.so.6.2:/usr/lib/libXext.so.6.4:/usr/lib/libXcomp.so
.2:/usr/lib/libXcompext.so:/usr/lib/libXrender.so.1.2".
/usr/lib/libX11.so.6.2 could not be found. Users will not be able to run a
single application in non-rootless mode.
Warning: "/usr/lib/cups/backend/nxipp" is not executable.
         Users will not be able to enable printing.
Warning: Invalid value "DEFAULT_X_SESSION=/etc/X11/xdm/Xsession"
         Users might not be able to request a default X session.
Warning: Invalid value "COMMAND_START_CDE=cdwm"
         Users will not be able to request a CDE session.
Warning: Invalid value "COMMAND_XTERM=xterm"
         Users will not be able to request an xterm session.
Warning: Invalid value "COMMAND_SMBMOUNT=smbmount". You'll not be able to
use SAMBA.
Warning: Invalid value "COMMAND_SMBUMOUNT=smbumount". You'll not be able to
use SAMBA.
Error: Could not find 1.5.0 or 2.[01].0 or 3.[01].0 version string in
nxagent. NX 1.5.0 or 2.[01].0 or 3.[012].0 backend
is needed for this version of FreeNX.

  Warnings occured during config check.
  To enable these features please correct the configuration file.

<---- done

----> Testing your nxserver connection ...
HELLO NXSERVER - Version 3.2.0-73 OS (GPL, using backend: not detected)
<--- done

[root at xeon ~]#


> 2) Try (as root):
> /usr/bin/nxsetup --clean --purge --install --setup-nomachine-key


[root at xeon ~]# /usr/bin/nxsetup --clean --purge --install
--setup-nomachine-key
Removing special user "nx" ...done
Removing session database ...done
Removing logfile ...done
Removing home directory of special user "nx" ...done
Removing configuration files ...done
Setting up /etc/nxserver ...done
Generating public/private dsa key pair.
Your identification has been saved in /etc/nxserver/users.id_dsa.
Your public key has been saved in /etc/nxserver/users.id_dsa.pub.
The key fingerprint is:
21:fe:f1:16:8b:f0:5d:97:0c:65:34:e1:99:37:b2:94 root at xeon.metacalculus.com
Setting up /var/lib/nxserver/db ...done
Setting up /var/log/nxserver.log ...done
Setting up special user "nx" ...Unlocking password for user nx.
passwd: Unsafe operation (use -f to force).
[root at xeon ~]#

What do those last two lines mean? Does unblocking mean NO password? How do
I use -f to force. To force what?

>
>
> 3) Check that the user 'nx' can log into the box over SSH - look in the
> SSHD config. Look at the FAQ (see bottom of mail) for info on how to test a
> connection as the user 'nx'.


In the FAQ: FreeNX FAQ/Server, under "80% of the authorization problems are
server related" it says to login as nx at nxserver with NO
passwd-authorization, try

# ssh -i /usr/NX/share/keys/server.id_dsa.key nx at nxserver

I tried it:
[bear at polaris ~]$ ssh -i /usr/NX/share/keys/server.id_dsa.key
nx at 174.136.0.134
reverse mapping checking getaddrinfo for
xeon.metacalculus.com[174.136.0.134] failed - POSSIBLE BREAK-IN
ATTEMPT!
nx at 174.136.0.134's password:

I have no idea what the nx password should be. I thought it would not ask
for a password, instead responding with

HELLO NXSERVER - Version 1.4.0-04 OS (GPL)
NX> 105

Next the FAQ says to finger the nx-user and look closely on the access
rights of ~nx/.ssh/authorized_keys.

There is no .ssh/authorized_keys under ~nx

I checked sshd_config, according to the FAQ, only X11 forwarding was not
set, so I set it.

Then I tried sshd debugging, using

/etc/init.d/sshd stop then /usr/sbin/sshd -D -d -d -d

but then among all the debug messages, I got:

debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Address already in use.

So when I again tried:

[bear at polaris ~]$ ssh -i /usr/NX/share/keys/server.id_dsa.key
nx at 174.136.0.134

I got:
ssh: connect to host 174.136.0.134 port 22: Connection refused
[bear at polaris ~]$

How do I avoid the port conflict?

Have I already gone beyond the troubleshooting needed to fix freenx?

>
>
> 4) do _not_ do the part where you change SSHD config
> (PasswordAuthentication no), atleast not until you have everything working
> with SSH authentication - then you can consider to change the authentication
> into passdb, if you like/need it.
>
>
> Regards,
> Terje



Should I reboot the server and start over?

Thanks,

-- 
Joseph 'Bear' Thames
Meta Science Foundation
(505) 977-9024 - Cell Phone
Joseph_Thames at metacalculus.net
beartham at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20090212/9c64e1bf/attachment.html>

More information about the FreeNX-kNX mailing list