LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   Enable freenx-server with pam/ldap (http://www.linuxquestions.org/questions/linux-software-2/enable-freenx-server-with-pam-ldap-826836/)

brianmcgee 08-17-2010 03:31 PM

Enable freenx-server with pam/ldap
 
Currently I have successfully setup a server as remote freenx-server terminal and I may login to this system using local users.

As I want a central ldap based user management, I have setup a working ldaps configuration. I am able to login as a ldap user via ssh.

Now the strange issue I am facing is that the freenx-server won't let me login to my server anymore when I enable the following setting in /etc/ssh/sshd_config:

Code:

UsePAM yes
Naturally if I disable UsePAM, ldap based logins will fail because they are passed through PAM.

uname -a:
Code:

Linux srv01 2.6.26-2-openvz-amd64 #1 SMP Thu Feb 11 01:40:09 UTC 2010 i686 i686 i386 GNU/Linux
my sshd_config:
Code:

Port xxxxx
Protocol 2
ListenAddress 0.0.0.0
SyslogFacility AUTHPRIV
LogLevel DEBUG
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile        .ssh/authorized_keys2
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication no
UsePAM no
ChallengeResponseAuthentication=no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
X11Forwarding no

UsePAM yes:
getent passwd -> working
ldapsearch -x -ZZ -> working
ssh login local user -> working
ssh login ldap user -> working
freenx-server login -> fails


UsePAM no:
getent passwd -> working
ldapsearch -x -ZZ -> working
ssh login local user -> working
ssh login ldap user -> fails
freenx-server login -> working

Can someone bring light to this strange issue?

brianmcgee 09-03-2010 04:29 AM

Here is the log of the sshd during a failed nx connection with a ldap user:

Code:

Sep  3 11:29:49 sessions sshd[23966]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
Sep  3 11:29:49 sessions sshd[23966]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Sep  3 11:29:49 sessions sshd[23966]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Sep  3 11:29:49 sessions sshd[23966]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Sep  3 11:29:49 sessions sshd[23966]: debug1: SSH2_MSG_NEWKEYS sent
Sep  3 11:29:49 sessions sshd[23966]: debug1: expecting SSH2_MSG_NEWKEYS
Sep  3 11:29:49 sessions sshd[23966]: debug1: SSH2_MSG_NEWKEYS received
Sep  3 11:29:49 sessions sshd[23966]: debug1: KEX done
Sep  3 11:29:50 sessions sshd[23966]: debug1: userauth-request for user nx service ssh-connection method none
Sep  3 11:29:50 sessions sshd[23966]: debug1: attempt 0 failures 0
Sep  3 11:30:00 sessions sshd[23965]: debug1: PAM: initializing for "nx"
Sep  3 11:30:00 sessions sshd[23965]: debug1: PAM: setting PAM_RHOST to "p549651c5.dip.t-dialin.net"
Sep  3 11:30:00 sessions sshd[23965]: debug1: PAM: setting PAM_TTY to "ssh"
Sep  3 11:30:00 sessions sshd[23966]: debug1: userauth-request for user nx service ssh-connection method publickey
Sep  3 11:30:00 sessions sshd[23966]: debug1: attempt 1 failures 1
Sep  3 11:30:00 sessions sshd[23965]: debug1: temporarily_use_uid: 102/103 (e=0/0)
Sep  3 11:30:00 sessions sshd[23965]: debug1: trying public key file /var/lib/nxserver/home/.ssh/authorized_keys2
Sep  3 11:30:00 sessions sshd[23965]: debug1: matching key found: file /var/lib/nxserver/home/.ssh/authorized_keys2, line 1
Sep  3 11:30:00 sessions sshd[23965]: Found matching DSA key: 4b:9b:38:6b:24:33:6b:48:e4:f8:c4:5b:c9:f1:fd:98
Sep  3 11:30:00 sessions sshd[23965]: debug1: restore_uid: 0/0
Sep  3 11:30:00 sessions sshd[23965]: debug1: ssh_dss_verify: signature correct
Sep  3 11:30:00 sessions sshd[23965]: debug1: do_pam_account: called
Sep  3 11:30:15 sessions sshd[23965]: Accepted publickey for nx from 84.150.81.197 port 53474 ssh2
Sep  3 11:30:15 sessions sshd[23965]: debug1: monitor_child_preauth: nx has been authenticated by privileged process
Sep  3 11:30:15 sessions sshd[23965]: debug1: PAM: establishing credentials

My freenx config:

Code:

SSHD_PORT=xxxxx
ENABLE_PASSDB_AUTHENTICATION="1"
ENABLE_SSH_AUTHENTICATION="1"
NX_LOG_LEVEL=7
NX_LOGFILE=/var/log/nxserver.log
COMMAND_MD5SUM="md5sum"
AGENT_STARTUP_TIMEOUT="600"

Login of a ldap user via ssh only works as expected...
Seems like nx server can't query the pam module for proper authentication.


All times are GMT -5. The time now is 01:49 AM.