<br><br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
Date: Sat, 7 Feb 2009 01:19:53 +0100<br>
From: Terje Andersen <<a href="mailto:terander@guard.zapto.org" target="_blank">terander@guard.zapto.org</a>><br>
Subject: Re: [FreeNX-kNX] CentOS5 Freenx installation won't start and<br>
/var/log/nxserver.log is empty<br>
To: <a href="mailto:freenx-knx@kde.org" target="_blank">freenx-knx@kde.org</a><br>
Message-ID: <<a href="mailto:20090207011953.b9f5dfe7.terander@guard.zapto.org" target="_blank">20090207011953.b9f5dfe7.terander@guard.zapto.org</a>><br>
Content-Type: text/plain; charset=US-ASCII<br>
<br>
On Fri, 6 Feb 2009 12:35:58 -0700<br>
Joseph Thames <<a href="mailto:beartham@gmail.com" target="_blank">beartham@gmail.com</a>> wrote:<br>
<br>
> Hello,<br>
><br>
<br>
Hi there :-)<br>
<br>
> I am configuring two 64-bit VPS platforms for KDE-based SaaS products, one<br>
> Ubuntu 8.04 and one CentOS 5. After about two weeks work, with assistance of<br>
> Marcelo Shima, and my VPS vendor, I finally got Freenx working on the Ununtu<br>
> platform. The problem was pseudo-terminals, and we had to disable udev, as<br>
> Ubuntu's *expect *apparently requires static ptys in /dev.<br>
><br>
<br>
Hmm, never seen this issue on *buntu before.<br>
<br>
> On the client-side I am using the NXclient downloaded from the NoMachine<br>
> website. I have now tested and configured the KDE 3.5 desktop on the Ubuntu<br>
> server from my 32-bit Fedora 8 client box.<br>
><br>
> So far I have been unable to login to the CentOS 5 Freenx, from the Fedora<br>
> client. The client-side message was:<br>
><br>
> The NX service is not available or the NX access was disabled on host<br>
> 174.136.0.134<br>
><br>
> And the details were:<br>
><br>
> NX> 203 NXSSH running with pid: 10548<br>
> NX> 285 Enabling check on switch command<br>
> NX> 285 Enabling skip of SSH config files<br>
> NX> 285 Setting the preferred NX options<br>
> NX> 200 Connected to address: 174.136.0.134 on port: 22<br>
> NX> 202 Authenticating user: nx<br>
> NX> 208 Using auth method: publickey<br>
> NX> 204 Authentication failed.<br>
><br>
> Here are some of the things I have tried:<br>
><br>
> 1. NX_LOG_LEVEL=6 (debugging), but I get an empty /var/log/nxserver.log,<br>
> even though it's owner is nx and group is root, and I chmod'd it to 660.<br>
> 2. SESSION_LOG_CLEAN=0 to enable the temporary log<br>
> ($HOME/.nx/C-<hostname>-<display>-<session_id>), but the .nx subdirectory<br>
> does not appear after I tried the client login,<br>
> 3. From an ssh session of user 'bear' on the server, I executed:<br>
> echo "<password>" | /usr/bin/nxnode-login -- ssh "bear" "22" >><br>
> "/usr/bin/nxnode" --check<br>
> response:<br>
> -bash: /usr/bin/nxnode: Permission denied<br>
> 4. Also from user 'bear' on the server:<br>
> [bear@xeon ~]$ nxagent :1000<br>
> response:<br>
> NXAGENT - Version 3.2.0<br>
><br>
> Copyright (C) 2001, 2007 NoMachine.<br>
> See <a href="http://www.nomachine.com/" target="_blank">http://www.nomachine.com/</a> for more information.<br>
><br>
> Info: Agent running with pid '31880'.<br>
> Session: Starting session at 'Fri Feb 6 10:11:00 2009'.<br>
> Error: Aborting session with 'Unable to open display '''.<br>
> Session: Aborting session at 'Fri Feb 6 10:11:00 2009'.<br>
> Session: Session aborted at 'Fri Feb 6 10:11:00 2009'.<br>
><br>
> I installed Freenx on the CentOS VPS as recommend from the CentOS wiki Howto<br>
> on FreeNX. <<a href="http://wiki.centos.org/HowTos/FreeNX?highlight=%28Freenx%29" target="_blank">http://wiki.centos.org/HowTos/FreeNX?highlight=%28Freenx%29</a>><br>
> Now I am about to try its next recommendation (2. Key-based authentication),<br>
> disabling ssh Password Authentication and setting<br>
> ENABLE_PASSDB_AUTHENTICATION="1" in node.conf to utilize the PASSDB<br>
> authentication approach.; then requiring --adduser and --passwd for each<br>
> user.<br>
><br>
> I didn't have to do this on Unbuntu. So I would rather not, if there is<br>
> another way.<br>
><br>
> Any other recommendations, anyone?<br>
><br>
<br>
1) Try (as root):<br>
/usr/bin/nxsetup --test<br>
<br>
examine the output from that one</blockquote><div><br>Here is the result:<br><br>[root@xeon ~]# /usr/bin/nxsetup --test<br><br>----> Testing your nxserver configuration ...<br>Warning: Could not find nxdesktop in /usr/bin. RDP sessions won't work.<br>
Warning: Could not find nxviewer in /usr/bin. VNC sessions won't work.<br>Warning: Invalid value "APPLICATION_LIBRARY_PRELOAD=/usr/lib/libX11.so.6.2:/usr/lib/libXext.so.6.4:/usr/lib/libXcomp.so .2:/usr/lib/libXcompext.so:/usr/lib/libXrender.so.1.2". /usr/lib/libX11.so.6.2 could not be found. Users will not be able to run a <br>
single application in non-rootless mode.<br>Warning: "/usr/lib/cups/backend/nxipp" is not executable.<br> Users will not be able to enable printing.<br>Warning: Invalid value "DEFAULT_X_SESSION=/etc/X11/xdm/Xsession"<br>
Users might not be able to request a default X session.<br>Warning: Invalid value "COMMAND_START_CDE=cdwm"<br> Users will not be able to request a CDE session.<br>Warning: Invalid value "COMMAND_XTERM=xterm"<br>
Users will not be able to request an xterm session.<br>Warning: Invalid value "COMMAND_SMBMOUNT=smbmount". You'll not be able to use SAMBA.<br>Warning: Invalid value "COMMAND_SMBUMOUNT=smbumount". You'll not be able to use SAMBA.<br>
Error: Could not find 1.5.0 or 2.[01].0 or 3.[01].0 version string in nxagent. NX 1.5.0 or 2.[01].0 or 3.[012].0 backend <br>is needed for this version of FreeNX.<br><br> Warnings occured during config check.<br> To enable these features please correct the configuration file.<br>
<br><---- done<br><br>----> Testing your nxserver connection ...<br>HELLO NXSERVER - Version 3.2.0-73 OS (GPL, using backend: not detected)<br><--- done<br><br>[root@xeon ~]# <br><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
2) Try (as root):<br>
/usr/bin/nxsetup --clean --purge --install --setup-nomachine-key</blockquote><div><br>[root@xeon ~]# /usr/bin/nxsetup --clean --purge --install --setup-nomachine-key<br>Removing special user "nx" ...done<br>Removing session database ...done<br>
Removing logfile ...done<br>Removing home directory of special user "nx" ...done<br>Removing configuration files ...done<br>Setting up /etc/nxserver ...done<br>Generating public/private dsa key pair.<br>Your identification has been saved in /etc/nxserver/users.id_dsa.<br>
Your public key has been saved in /etc/nxserver/users.id_dsa.pub.<br>The key fingerprint is:<br>21:fe:f1:16:8b:f0:5d:97:0c:65:34:e1:99:37:b2:94 <a href="mailto:root@xeon.metacalculus.com">root@xeon.metacalculus.com</a><br>
Setting up /var/lib/nxserver/db ...done<br>Setting up /var/log/nxserver.log ...done<br>Setting up special user "nx" ...Unlocking password for user nx.<br>passwd: Unsafe operation (use -f to force).<br>[root@xeon ~]#<br>
<br>What do those last two lines mean? Does unblocking mean NO password? How do I use -f to force. To force what?<br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
<br>
3) Check that the user 'nx' can log into the box over SSH - look in the SSHD config. Look at the FAQ (see bottom of mail) for info on how to test a connection as the user 'nx'.</blockquote><div><br>In the FAQ: FreeNX FAQ/Server, under "80% of the authorization problems are server related" it says to login as <tt>nx@nxserver</tt> with NO passwd-authorization, try<br>
<pre style="margin-left: 40px; font-family: arial,helvetica,sans-serif;"># ssh -i /usr/NX/share/keys/server.id_dsa.key nx@nxserver</pre>I tried it:<br><h1 class="pagetitle"></h1><div style="margin-left: 40px;">[bear@polaris ~]$ ssh -i /usr/NX/share/keys/server.id_dsa.key <a href="mailto:nx@174.136.0.134">nx@174.136.0.134</a><br>
</div><div style="margin-left: 40px;">reverse mapping checking getaddrinfo for <a href="http://xeon.metacalculus.com">xeon.metacalculus.com</a> [174.136.0.134] failed - POSSIBLE BREAK-IN ATTEMPT!<br></div><div style="margin-left: 40px;">
<a href="mailto:nx@174.136.0.134">nx@174.136.0.134</a>'s password:<br></div><br>I have no idea what the nx password should be. I thought it would not ask for a password, instead responding with<br><div style="margin-left: 40px;">
<br>HELLO NXSERVER - Version 1.4.0-04 OS (GPL)<br>NX> 105<br><br> </div>Next the FAQ says to finger the nx-user and look closely on the access rights of ~nx/.ssh/authorized_keys.<br><br>There is no .ssh/authorized_keys under ~nx<br>
<br>I checked sshd_config, according to the FAQ, only X11 forwarding was not set, so I set it. <br><br>Then I tried sshd debugging, using <br><br><div style="margin-left: 40px;">/etc/init.d/sshd stop then /usr/sbin/sshd -D -d -d -d<br>
</div><br>but then among all the debug messages, I got:<br><br><div style="margin-left: 40px;">debug1: Bind to port 22 on 0.0.0.0.<br></div><div style="margin-left: 40px;">Bind to port 22 on 0.0.0.0 failed: Address already in use.<br>
</div><br>So when I again tried: <br><br><div style="margin-left: 40px;">[bear@polaris ~]$ ssh -i /usr/NX/share/keys/server.id_dsa.key <a href="mailto:nx@174.136.0.134">nx@174.136.0.134</a><br></div><br>I got:<br><div style="margin-left: 40px;">
ssh: connect to host 174.136.0.134 port 22: Connection refused<br></div><div style="margin-left: 40px;">[bear@polaris ~]$ <br><br></div>How do I avoid the port conflict?<br><br>Have I already gone beyond the troubleshooting needed to fix freenx? <br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
<br>
4) do _not_ do the part where you change SSHD config (PasswordAuthentication no), atleast not until you have everything working with SSH authentication - then you can consider to change the authentication into passdb, if you like/need it.<br>
<br>
<br>
Regards,<br>
Terje</blockquote><div><br></div></div><br>Should I reboot the server and start over?<br><br>Thanks,<br clear="all"><br>-- <br>Joseph 'Bear' Thames<br>Meta Science Foundation<br>(505) 977-9024 - Cell Phone<br><a href="mailto:Joseph_Thames@metacalculus.net" target="_blank">Joseph_Thames@metacalculus.net</a><br>
<a href="mailto:beartham@gmail.com" target="_blank">beartham@gmail.com</a><br>