[FreeNX-kNX] PAM authentication doesn't work
Martin Honermeyer
maze at strahlungsfrei.de
Thu Jul 14 09:40:55 UTC 2005
Thanks for your help, guys! I figured out I had to add the nx user to the
tty group. There were problems accessing pty's otherwise (from the FreeNX
0.4.0 log):
The system has no more ptys. Ask your system administrator to create more.
Works, even with FreeNX CVS & NoMachine source snapshot 3!
I think I should have mentioned that this is a VServer, again. As you can
see from my previous posts, adding users to the tty group seems to be a
magic solution for all my NX problems .. Should have tried that first.
Stupid me ;-)
Martin
Martin Honermeyer wrote:
> Jon Severinsson wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Martin Honermeyer skrev:
>>> Jon Severinsson wrote:
>>>> Martin Honermeyer skrev:
>>>>> Hello,
>>>>>
>>>>> I've been trying different configurations and settings, but i've been
>>>>> unable to get people to authenticate with PAM (/etc/passwd) so far.
>>>>> They have to be added to the passdb with
>>>>>
>>>>> nxserver --adduser user
>>>>> nxserver --password user
>>>>>
>>>>> in order to be able to login.
>>>>>
>>>>> I've tried the following (in node.conf):
>>>>>
>>>>> ENABLE_PASSDB_AUTHENTICATION="0"
>>>>> ENABLE_SSH_AUTHENTICATION="1" (alternatively
>>>>> ENABLE_SU_AUTHENTICATION="1")
>>>>> ENABLE_USER_DB="0"
>>>>>
>>>>> I also enabled PasswordAuthentication in /etc/ssh/sshd_config and
>>>>> added the nx user to the wheel group. Same problem every time
>>>>> (from /var/log/nxserver.log, with log level set to 7):
>>>>>
>>>>> -- NX SERVER START:
>>>>> HELLO NXSERVER - Version 1.4.0-04-CVS OS (GPL)
>>>>> NX> 105 hello NXCLIENT - Version 1.4.0
>>>>> NX> 134 Accepted protocol: 1.4.0
>>>>> NX> 105 SET SHELL_MODE SHELL
>>>>> NX> 105 SET AUTH_MODE PASSWORD
>>>>> NX> 105 login
>>>>> NX> 101 User: martin
>>>>> NX> 102 Password:
>>>>> Info: Auth method: ssh su
>>>>> NX> 404 ERROR: wrong password or login
>>>>> NX> 999 Bye
>>>>>
>>>>> I am using FreeNX from _CVS_ and the third 1.5.0 NoMachine source
>>>>> snapshot, I think.
>>>>>
>>>>> So what's the right way to get this going?
>>>>>
>>>>>
>>>>> Greetz,
>>>>> Martin
>>>>>
>>>>
>>>> Hi Martin
>>>>
>>>> Your nice log tells me you have configured freeNX correctly. The
>>>> telling line is "Info: Auth method: ssh su " which tells me it tried
>>>> ssh, failed, and tried su. The next line tells me that all tried logins
>>>> failed. That is, freenx successfully caled the login process (both ssh
>>>> and su) and both told nx the login was invalid. It does not have to be
>>>> wrong password, but by some reason pam failed to log in the user. Can
>>>> you do a manual ssh login with the "martin" user, replace the variables
>>>> ($...) below with their values on your system (SSHD_PORT should be 22,
>>>> and $PATH_BIN should be either /usr/bin or /usr/NX/bin):
>>>>
>>>> > ssh -2 -x -l "martin" "127.0.0.1" -o "NumberOfPasswordPrompts 1" -p
>>>> "$SSHD_PORT" "$PATH_BIN/nxnode" --check"
>>>
>>>
>>> $ ssh -2 -x -l "martin" "127.0.0.1" -o "NumberOfPasswordPrompts 1" -p
>>> "22" "/usr/NX/bin/nxnode --check"
>>> Password:
>>> NX> 1000 NXNODE - Version 1.4.0-04-CVS OS (GPL)
>>> NX> 716 finished
>>> NX> 1001 Bye.
>>
>> This seems quite OK. It is in fact exactly the same as I get on my 1.4.0
>> & 0.4.1 system (using "jon" instead of "martin").
>>
>>>> If that doesn't work, you have a problem either in ssh or in pam.
>>>> If a manual login does work, the problem migh be in nxnode. A printout
>>>> of the manual login process would help. I would also like to see the
>>>> printout if you revert to the 1.4.0 OSS components, to make sure there
>>>> is no vital difrence.
>>>
>>> This is difficult, as this machine is already used by some people.. I'll
>>> try it later.
>>
>> You realy shouldn't use snapshots and CVS versions for production use,
>> but as the 1.5 printout looks identical with my 1.4 printout, that should
>> not be the problem in this case.
>>
>>> Greetz,
>>> Martin
>>
>> To check that the problem is not in nxnode-login, please run it manually,
>> replacing all the variables acordingly:
>> $ echo "$PASS" | $PATH_BIN/nxnode-login -- ssh "$USER" "$SSHD_PORT"
>> "$PATH_BIN/nxnode" --check 2>&1 >/dev/null
>> and
>> $ echo "$PASS" | $PATH_BIN/nxnode-login -- su "$USER" "$SSHD_PORT"
>> "$PATH_BIN/nxnode" --check 2>&1 >/dev/null
>
> Tried it, everything okay.
>
>
>>
>> Each line should give a return code of 0 if login succedes (check by
>> doing "echo $?" immediatly after each line above). If this works, I could
>> only gues that you are having some odd pam restrictions applying to a
>> live connection, but not a manual check. Do some digging in
>> /etc/pam.d/sshd and /etc/pam.d/su and see if commenting out all odd lines
>> (basicly everyone but "unix.so" lines, or whatever user database you
>> use). If this works, please re-enables the lines one-by one to se what
>> causes the problem. If that wont do, I'm out of ideas. Please check with
>> stable versions of the !M nx OSS components and freenx. And, just to rule
>> out some other misconfiguration, please run "nxloadconfig - --check" to
>> see if it produces any errors.
>
> Thanks for your help. My PAM configuration is a standard Gentoo one.
> Commenting out modules didn't help. Config is okay. I am going to
> downgrade the NoMachine sources now..
>
>
> Greetz,
> Martin
More information about the FreeNX-kNX
mailing list