-   Linux - Software (
-   -   Ubuntu Lucid LDAP not authenticating via NX (

ssmitj 07-20-2012 02:55 PM

Ubuntu Lucid LDAP not authenticating via NX
To start of with, I am a sort of newbee so play nice. We have a Ubuntu Lucid box and I am trying to do central authentication. This is a test box but I want to install LDAP on one box to administer accounts and users must be able to log in on any other machine using the LDAP server account I created for the.

I only have this one box to test with so I installed LDAP on the box, created a dummy account called fsmit on it using phpldapadmin. I then installed the ldap client(sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils) on the same server and tried my best to configure it. I connected via Putty from my Windows7 machine to the Ubuntu box and can log in with the fsmit account.

I get simple stuff like cannot change to /home/uesrs/fsmit because the directory does not exist but I see this a a minor change.

My question, how will I get authentication to work if I want to connect to this box with NXClient? I have FreeNX installed on this box and I can connect using the NXClient if I use an account local to that box. Below is the NXClient log:
NX> 203 NXSSH running with pid: 1128
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
NX> 200 Connected to address: on port: 17622
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
HELLO NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: 3.5.0)
NX> 105 hello NXCLIENT - Version 3.2.0
NX> 134 Accepted protocol: 3.2.0
NX> 105 login
NX> 101 User: fsmit
NX> 102 Password:
NX> 103 Welcome to: sfcdevlnxtst1 user: fsmit
NX> 105 listsession --user="fsmit" --status="suspended,running" --geometry="1920x1080x32+render" --type="unix-gnome"
NX> 127 Sessions list of user 'fsmit' for reconnect:

Display Type Session ID Options Depth Screen Status Session Name
------- ---------------- -------------------------------- -------- ----- -------------- ----------- ------------------------------

NX> 148 Server capacity: not reached for user: fsmit
NX> 105 startsession --link="wan" --backingstore="1" --encryption="1" --cache="16M" --images="64M" --shmem="1" --shpix="1" --strict="0" --composite="1" --media="0" --session="LNXTst" --type="unix-gnome" --geometry="1914x990" --client="winnt" --keyboard="pc102/en_US" --screeninfo="1914x990x32+render"

NX> 1000 NXNODE - Version 3.2.0-74-SVN OS (GPL, using backend: 3.5.0)
NX> 705 Session display: 2001
NX> 703 Session type: unix-gnome
NX> 701 Proxy cookie: 881444d393c946888b98c532818318b2
NX> 702 Proxy IP:
NX> 706 Agent cookie: 881444d393c946888b98c532818318b2
NX> 704 Session cache: unix-gnome
NX> 707 SSL tunneling: 1
NX> 1009 Session status: starting
NX> 105 NX> 596 Session startup failed.
NX> 1004 Error: NX Agent exited with exit status 1. To troubleshoot set SESSION_LOG_CLEAN=0 in node.conf and investigate "/home/users/fsmit/.nx/F-C-sfcdevlnxtst1-2001-6251E2D7E2ED95E3B99261BC126F51D6/session". You might also want to try: ssh -X myserver; /usr/lib/nx/nxnode --agent to test the basic functionality. Session log follows:
Can't open /var/lib/nxserver/db/running/sessionId{6251E2D7E2ED95E3B99261BC126F51D6}: No such file or directory.
mv: cannot stat `/var/lib/nxserver/db/running/sessionId{6251E2D7E2ED95E3B99261BC126F51D6}': No such file or directory
NX> 1006 Session status: closed
NX> 1009 Session status: starting
NX> 280 Exiting on signal: 15

mpapet 07-20-2012 03:17 PM

One step at a time.

With PAM-LDAP enabled, can you login at the keyboard? If so, then you should be able to ssh in. Try to test each layer.

A word of caution about using LDAP, first spot of trouble in your openldap stack, you STILL need auth to keep running. I love it, but know that you better have it running in some kind of high-availability way on real n+1 type hardware with real disk storage. (shared raid, iscsi cluster, fibrechannel, etc) Openldap doesn't need much horsepower, so even an older enterprise-ish stack should do fine. I like HP's SCSI MSA cluster. Used is a bargain!

ssmitj 07-20-2012 03:22 PM

This machine is actually a VM at our server farm. Using my account that was created when they built the VM I can SSH and connect using NXClient(all from my desk running Windows7) I installed LDAP and the LDAP client software and created a user called fsmit in phpldapadmin so this user does not exist in the local users group....

I can log in via ssh as fsmit but I cannot log in using NXClient using fsmit.

All times are GMT -5. The time now is 11:01 AM.