[FreeNX-kNX] Initial sshd connection failing for user nx with nxclient, but not with ssh

Sun Jul 4 13:12:58 UTC 2010

Op zondag 4 juli 2010 12:54:51 schreef chris at ccburton.com:

> 
> You are connecting from different machines (ok, maybe out of a different
> NIC in the same machine ).

No the machine I am connecting from is the same. However I do not use nxclient 
for the tests, but I use "ssh -i <file-with-key> nx@<nxserver>

<nxserver> is either a machine in my local network with openSUSE 11.3-RC1 or
a remote machine, which I manage, with openSUSE 11.1.
> 
> You really need to try both methods from the same workstation, so that
> nothing else is different ( except the ssh client ) !!

I am sure the problem is not the client side. It is the server side and I 
found another method for testing. Now I use on the server as root the command 
"su - nx".

This is what I see when it is OK.
ktmhost:~ # su - nx                                                                                             
HELLO NXSERVER - Version 3.2.0-73 OS (GPL, using backend: 3.2.0)                                                
NX> 105 quit                                                                                                    
quit                                                                                                            
Quit                                                                                                            
NX> 999 Bye 

This what I see when it is not OK.
eik113:~ # su - nx
su: wrong password

> Whilst you're at it try setting
> 
>         sudo pam-config -a --pam-debug
> 
> first, and tell us what appears in the log.

This is what I found in the log after giving the above pam-config commands and 
the "su - nx" command.
When OK:
Jul  4 14:26:09 ktmhost su: pam_unix2(su-l:account): pam_sm_acct_mgmt() called
Jul  4 14:26:09 ktmhost su: pam_unix2(su-l:account): username=[nx]
Jul  4 14:26:09 ktmhost su: pam_unix2(su-l:account): expire() returned with 0
Jul  4 14:26:09 ktmhost su: (to nx) freek on /dev/pts/0
Jul  4 14:26:09 ktmhost su: pam_limits(su-l:session): reading settings from 
'/etc/security/limits.conf'
Jul  4 14:26:09 ktmhost su: pam_unix2(su-l:session): session started for user 
nx: service=su-l, tty=pts/0
Jul  4 14:26:13 ktmhost su: pam_unix2(su-l:session): session finished for user 
nx: service=su-l, tty=pts/0

When not OK:
Jul  4 14:27:12 eik113 su: pam_unix2(su-l:account): pam_sm_acct_mgmt() called
Jul  4 14:27:12 eik113 su: pam_unix2(su-l:account): username=[nx]
Jul  4 14:27:12 eik113 su: pam_unix2(su-l:account): expire() returned with 0
Jul  4 14:27:12 eik113 su: pam_unix2(su-l:account): Account is locked for nx
Jul  4 14:27:12 eik113 su: FAILED SU (to nx) root on /dev/pts/0

When I use "passwd -S nx" on both servers, both accounts have LK(=locked) 
displayed, which should be the case (it is locked for password access).

> 
> Are you using an older nxclient ??

In my view this irrelevant at this moment, because it is not used in the above 
tests.

> This sort of thing has been reported before but I can't see where anyone
> fixed it
> at first glance.

I can't think of anything why pam for the account nx returns a locked status.

"pam-config -q --unix2" return the same information on both systems. 

-- 
fr.gr.

Freek de Kruijf