LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 08-17-2010, 03:31 PM   #1
brianmcgee
Member
 
Registered: Jun 2007
Location: Munich, Germany
Distribution: RHEL, CentOS, Fedora, SLES (...)
Posts: 399

Rep: Reputation: 38
Enable freenx-server with pam/ldap


Currently I have successfully setup a server as remote freenx-server terminal and I may login to this system using local users.

As I want a central ldap based user management, I have setup a working ldaps configuration. I am able to login as a ldap user via ssh.

Now the strange issue I am facing is that the freenx-server won't let me login to my server anymore when I enable the following setting in /etc/ssh/sshd_config:

Code:
UsePAM yes
Naturally if I disable UsePAM, ldap based logins will fail because they are passed through PAM.

uname -a:
Code:
Linux srv01 2.6.26-2-openvz-amd64 #1 SMP Thu Feb 11 01:40:09 UTC 2010 i686 i686 i386 GNU/Linux
my sshd_config:
Code:
Port xxxxx
Protocol 2
ListenAddress 0.0.0.0
SyslogFacility AUTHPRIV
LogLevel DEBUG
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile	.ssh/authorized_keys2
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication no
UsePAM no
ChallengeResponseAuthentication=no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
AcceptEnv LC_IDENTIFICATION LC_ALL
X11Forwarding no
UsePAM yes:
getent passwd -> working
ldapsearch -x -ZZ -> working
ssh login local user -> working
ssh login ldap user -> working
freenx-server login -> fails


UsePAM no:
getent passwd -> working
ldapsearch -x -ZZ -> working
ssh login local user -> working
ssh login ldap user -> fails
freenx-server login -> working

Can someone bring light to this strange issue?

Last edited by brianmcgee; 08-17-2010 at 03:32 PM.
 
Old 09-03-2010, 04:29 AM   #2
brianmcgee
Member
 
Registered: Jun 2007
Location: Munich, Germany
Distribution: RHEL, CentOS, Fedora, SLES (...)
Posts: 399

Original Poster
Rep: Reputation: 38
Here is the log of the sshd during a failed nx connection with a ldap user:

Code:
Sep  3 11:29:49 sessions sshd[23966]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
Sep  3 11:29:49 sessions sshd[23966]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Sep  3 11:29:49 sessions sshd[23966]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Sep  3 11:29:49 sessions sshd[23966]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Sep  3 11:29:49 sessions sshd[23966]: debug1: SSH2_MSG_NEWKEYS sent
Sep  3 11:29:49 sessions sshd[23966]: debug1: expecting SSH2_MSG_NEWKEYS
Sep  3 11:29:49 sessions sshd[23966]: debug1: SSH2_MSG_NEWKEYS received
Sep  3 11:29:49 sessions sshd[23966]: debug1: KEX done
Sep  3 11:29:50 sessions sshd[23966]: debug1: userauth-request for user nx service ssh-connection method none
Sep  3 11:29:50 sessions sshd[23966]: debug1: attempt 0 failures 0
Sep  3 11:30:00 sessions sshd[23965]: debug1: PAM: initializing for "nx"
Sep  3 11:30:00 sessions sshd[23965]: debug1: PAM: setting PAM_RHOST to "p549651c5.dip.t-dialin.net"
Sep  3 11:30:00 sessions sshd[23965]: debug1: PAM: setting PAM_TTY to "ssh"
Sep  3 11:30:00 sessions sshd[23966]: debug1: userauth-request for user nx service ssh-connection method publickey
Sep  3 11:30:00 sessions sshd[23966]: debug1: attempt 1 failures 1
Sep  3 11:30:00 sessions sshd[23965]: debug1: temporarily_use_uid: 102/103 (e=0/0)
Sep  3 11:30:00 sessions sshd[23965]: debug1: trying public key file /var/lib/nxserver/home/.ssh/authorized_keys2
Sep  3 11:30:00 sessions sshd[23965]: debug1: matching key found: file /var/lib/nxserver/home/.ssh/authorized_keys2, line 1
Sep  3 11:30:00 sessions sshd[23965]: Found matching DSA key: 4b:9b:38:6b:24:33:6b:48:e4:f8:c4:5b:c9:f1:fd:98
Sep  3 11:30:00 sessions sshd[23965]: debug1: restore_uid: 0/0
Sep  3 11:30:00 sessions sshd[23965]: debug1: ssh_dss_verify: signature correct
Sep  3 11:30:00 sessions sshd[23965]: debug1: do_pam_account: called
Sep  3 11:30:15 sessions sshd[23965]: Accepted publickey for nx from 84.150.81.197 port 53474 ssh2
Sep  3 11:30:15 sessions sshd[23965]: debug1: monitor_child_preauth: nx has been authenticated by privileged process
Sep  3 11:30:15 sessions sshd[23965]: debug1: PAM: establishing credentials
My freenx config:

Code:
SSHD_PORT=xxxxx
ENABLE_PASSDB_AUTHENTICATION="1"
ENABLE_SSH_AUTHENTICATION="1"
NX_LOG_LEVEL=7
NX_LOGFILE=/var/log/nxserver.log
COMMAND_MD5SUM="md5sum"
AGENT_STARTUP_TIMEOUT="600"
Login of a ldap user via ssh only works as expected...
Seems like nx server can't query the pam module for proper authentication.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Openssh + PAM + LDAP fails only with LDAP users asimula Linux - Newbie 2 04-01-2010 08:10 AM
PAM or ldap, which will be best for my needs? DaijoubuKun Linux - Security 4 11-22-2009 04:23 PM
LDAP authentication without PAM petr.hoffmann Slackware 1 02-12-2009 05:25 PM
Pam ldap sci3ntist Linux - Software 1 01-28-2008 08:46 AM
how to enable root login on console when LDAP server is down ldapsky Linux - Networking 0 05-06-2006 08:27 PM


All times are GMT -5. The time now is 02:57 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration