[FreeNX-kNX] PAM authentication doesn't work
Martin Honermeyer
maze at strahlungsfrei.de
Thu Jul 14 09:41:51 UTC 2005
Thanks for your help, guys! I figured out I had to add the nx user to the
tty group. There were problems accessing pty's otherwise (from the FreeNX
0.4.0 log):
The system has no more ptys. Ask your system administrator to create more.
Works, even with FreeNX CVS & NoMachine source snapshot 3!
I think I should have mentioned that this is a VServer, again. As you can
see from my previous posts, adding users to the tty group seems to be a
magic solution for all my NX problems .. Should have tried that first.
Stupid me ;-)
Martin
Jon Severinsson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Martin Honermeyer skrev:
>> Jon Severinsson wrote:
>>> Martin Honermeyer skrev:
>>>> Hello,
>>>>
>>>> I've been trying different configurations and settings, but i've been
>>>> unable to get people to authenticate with PAM (/etc/passwd) so far.
>>>> They have to be added to the passdb with
>>>>
>>>> nxserver --adduser user
>>>> nxserver --password user
>>>>
>>>> in order to be able to login.
>>>>
>>>> I've tried the following (in node.conf):
>>>>
>>>> ENABLE_PASSDB_AUTHENTICATION="0"
>>>> ENABLE_SSH_AUTHENTICATION="1" (alternatively
>>>> ENABLE_SU_AUTHENTICATION="1")
>>>> ENABLE_USER_DB="0"
>>>>
>>>> I also enabled PasswordAuthentication in /etc/ssh/sshd_config and added
>>>> the nx user to the wheel group. Same problem every time
>>>> (from /var/log/nxserver.log, with log level set to 7):
>>>>
>>>> -- NX SERVER START:
>>>> HELLO NXSERVER - Version 1.4.0-04-CVS OS (GPL)
>>>> NX> 105 hello NXCLIENT - Version 1.4.0
>>>> NX> 134 Accepted protocol: 1.4.0
>>>> NX> 105 SET SHELL_MODE SHELL
>>>> NX> 105 SET AUTH_MODE PASSWORD
>>>> NX> 105 login
>>>> NX> 101 User: martin
>>>> NX> 102 Password:
>>>> Info: Auth method: ssh su
>>>> NX> 404 ERROR: wrong password or login
>>>> NX> 999 Bye
>>>>
>>>> I am using FreeNX from _CVS_ and the third 1.5.0 NoMachine source
>>>> snapshot, I think.
>>>>
>>>> So what's the right way to get this going?
>>>>
>>>>
>>>> Greetz,
>>>> Martin
>>>>
>>>
>>> Hi Martin
>>>
>>> Your nice log tells me you have configured freeNX correctly. The telling
>>> line is "Info: Auth method: ssh su " which tells me it tried ssh,
>>> failed, and tried su. The next line tells me that all tried logins
>>> failed. That is, freenx successfully caled the login process (both ssh
>>> and su) and both told nx the login was invalid. It does not have to be
>>> wrong password, but by some reason pam failed to log in the user. Can
>>> you do a manual ssh login with the "martin" user, replace the variables
>>> ($...) below with their values on your system (SSHD_PORT should be 22,
>>> and $PATH_BIN should be either /usr/bin or /usr/NX/bin):
>>>
>>> > ssh -2 -x -l "martin" "127.0.0.1" -o "NumberOfPasswordPrompts 1" -p
>>> "$SSHD_PORT" "$PATH_BIN/nxnode" --check"
>>
>>
>> $ ssh -2 -x -l "martin" "127.0.0.1" -o "NumberOfPasswordPrompts 1" -p
>> "22" "/usr/NX/bin/nxnode --check"
>> Password:
>> NX> 1000 NXNODE - Version 1.4.0-04-CVS OS (GPL)
>> NX> 716 finished
>> NX> 1001 Bye.
>
> This seems quite OK. It is in fact exactly the same as I get on my 1.4.0 &
> 0.4.1 system (using "jon" instead of "martin").
>
>>> If that doesn't work, you have a problem either in ssh or in pam.
>>> If a manual login does work, the problem migh be in nxnode. A printout
>>> of the manual login process would help. I would also like to see the
>>> printout if you revert to the 1.4.0 OSS components, to make sure there
>>> is no vital difrence.
>>
>> This is difficult, as this machine is already used by some people.. I'll
>> try it later.
>
> You realy shouldn't use snapshots and CVS versions for production use, but
> as the 1.5 printout looks identical with my 1.4 printout, that should not
> be the problem in this case.
>
>> Greetz,
>> Martin
>
> To check that the problem is not in nxnode-login, please run it manually,
> replacing all the variables acordingly:
> $ echo "$PASS" | $PATH_BIN/nxnode-login -- ssh "$USER" "$SSHD_PORT"
> "$PATH_BIN/nxnode" --check 2>&1 >/dev/null
> and
> $ echo "$PASS" | $PATH_BIN/nxnode-login -- su "$USER" "$SSHD_PORT"
> "$PATH_BIN/nxnode" --check 2>&1 >/dev/null
>
> Each line should give a return code of 0 if login succedes (check by doing
> "echo $?" immediatly after each line above). If this works, I could only
> gues that you are having some odd pam restrictions applying to a live
> connection, but not a manual check. Do some digging in /etc/pam.d/sshd and
> /etc/pam.d/su and see if commenting out all odd lines (basicly everyone
> but "unix.so" lines, or whatever user database you use). If this works,
> please re-enables the lines one-by one to se what causes the problem. If
> that wont do, I'm out of ideas. Please check with stable versions of the
> !M nx OSS components and freenx. And, just to rule out some other
> misconfiguration, please run "nxloadconfig - --check" to see if it
> produces any errors.
>
> Best Regards
> - - Jonno
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
>
> iD8DBQFC1XgqOOpxqcksWu4RAu5VAKCcal3rNMXwKUa43jOF2n1GVLwlpACbBjBV
> u9ydq+M9ZCd6HuJZ2VnJsGs=
> =nbL6
> -----END PGP SIGNATURE-----
More information about the FreeNX-kNX
mailing list