XDMCP problems on FC5

srosburg · 09-14-2006, 03:22 AM

Linux Experts:

I am having problems with XDMCP on FC5. I have two Linux boxes: one running FC3 i386, and another running FC5 i386 (2174smp kernel). My FC5 machine is in every way superior to the FC3 box, yet the XDMCP performance on the FC5 box is absolutely horrendous.

For example, I can do the following on both machines as a comparison:

1. Open an ssh terminal (from my windows client machine)
2. xhost +server
3. export DISPLAY=client:0.0
4. system-config-users

When running against my FC3 server, the User Manager window that displays renders quickly and the interactive response is very acceptable. Also, I can open a full-screen interactive desktop (using NetSarang's Xbrowser for Xmanager Enterprise 2.0) which allows me to choose my login, session, etc. Basically, everything works perfectly against my FC3 server.

When running against my FC5 server, on the other hand, the User Manager window repaints so slow that you can actually watch the different screen elements render. Selecting an item, clicking a tab, or restoring the window -- basically anything that involves a repaint -- takes several seconds.

Further, I cannot open a full-screen XDMCP window on my FC5 box at all, as it results in a "XDMCP connection failed" error after 30 seconds. I don't know whether this is because of a configuration problem on the FC5 server or because it's just taking too long and the Xbrowser app is timing out.

I have followed the XDMCP HOWTO, and to the best of my knowledge I have everything configured correctly. I am using Gnome on my FC3 system and KDE on my FC5 system (although Gnome is also installed on my FC5 system) -- I don't know whether this makes a difference or not. I have compared my configurations on the two machines to the best of my ability, and they appear to be configured similarly, although I'm no expert so I certainly could have missed something.

Can someone provide some possible explanation and/or troubleshooting steps regarding the poor performance and/or inability to open a full-screen XDMCP session on FC5?

I am happy to provide any configuration settings for either system to help with the troubleshooting.

BTW, please don't just tell me to use VNC instead; that's a cop out and is not the kind of help I'm looking for.

Many thanks in advance,
Steve Rosburg (becoming less of a newbie with every painful learning experience)

jcliburn · 09-14-2006, 08:31 PM

You may already know this, but you don't need to use xhost to send a window to a client when you've ssh'd into the server. You can send the X window back through the encrypted ssh tunnel by initially connecting with "ssh -X <remote_host>".

For XDMCP, I wrote up this howto for myself awhile ago. It's for two FC5 hosts. Adjust for FC3 as necessary.

Code:

[jcliburn@osprey howtos]$ cat xdmcp.txt 
This procedure assumes you're on a private LAN, 
192.168.1.0/24.  If you're not, adjust IP addresses 
accordingly.

If you have console access to the remote machine, skip 
to step 4.  Steps 1-3 enable the remote machine to send 
an X window to your local machine, but you don't need 
that if you can sit down in front of the remote 
machine's console.

1.  On the local machine, edit /etc/ssh/ssh_config and 
set ForwardX11 yes.  Edit /etc/sysconfig/iptables and 
add the following line before the line that contains 
"reject-with icmp-host-prohibited".

-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 6000 -j ACCEPT

Save the file.  Restart iptables.

2.  On the remote machine, edit /etc/ssh/sshd_config 
and set X11Forwarding yes.  Restart sshd.  Logout of 
the remote machine.

3.  ssh to the remote machine.  



NOW CONFIGURE THE REMOTE MACHINE FOR XDMCP.

4.  On the remote machine, become root.  Run gdmsetup.  
Select the Remote tab and choose "Same as Local".  
Click "Configure XDMCP" in lower right corner.  Make 
sure that "Honor indirect requests" is UNchecked.  
Make sure "Listen on UDP port:" is set to 177.  Click 
Close.  Click Close.  Edit /etc/sysconfig/iptables 
and add this line before the line that contains 
"reject-with icmp-host-prohibited".

-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p udp --dport 177 -j ACCEPT

Save the file.  Restart iptables.  

If you're sitting at the remote machine's console, 
execute init 3 from the command line.  A text session 
appears.  Press enter if it appears hung.  Login as 
root.  Execute init 5 from the command line.  X starts.  
Press CTRL-ALT-F1.  The text session reappears.  Logout 
of the root session.  Pres CTRL-ALT-F7 to return to X.

If you're sitting at the local machine and accessing 
the remote system through ssh, execute init 3 from the 
command line.  Nothing unusual happens.  Execute init 5 
from the command line.  Nothing unusual happens.

Whether you're at the console or not, execute the 
following command and verify that gdm-binary has 
opened port 177/udp.

[root@petrel ~]# netstat --inet -pnl | grep 177
udp  0  0 0.0.0.0:177  0.0.0.0:*  3474/gdm-binary

If so, XDMCP is now running on the remote host.

4.  On the local machine, become root.  Edit 
/etc/sysconfig/iptables and add the following line 
before the line that contains "reject-with 
icmp-host-prohibited".

-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 6001 -j ACCEPT

Save the file.  Restart iptables.  Return to a non-root 
shell.  From the command line, kick off an X session 
connecting to the remote host's X server, sending the 
display to local display :1.  Here's the command to do 
it.

Xorg :1 -ac -query REMOTE_HOST_IP_ADDR

srosburg · 09-15-2006, 12:50 AM

jcliburn,

Thanks for the info.

I have firewall turned off for both my FC3 and FC5 installs, so there's no /etc/sysconfig/iptables file or corresponding configuration to bother with.

I previously had "Honor indirect requests" checked on both my FC3 and FC5 system. Unchecking it on my FC5 system causes my Xbrowser app to return immediately (unsuccessfully), but on my FC3 system it doesn't seem to make any difference whether it's checked or not -- XDMCP works either way. I'm not sure what to make of this.

Regards,
Steve

srosburg · 09-15-2006, 02:31 AM

jcliburn,

While I still cannot get a full-screen XDMCP session to my FC5 server (ROSBURG4200 = 192.168.1.106) from my Windows machine (steved480fl71 = 192.168.1.103) via Xbrowser, I am now able to load a full-screen session on my FC3 machine (using it as my local host instead of Windows/Xbrowser). So, something must be right, but why it still isn't working from my Xbrowser app on Windows remains a mystery.

Just in case anybody can make heads or tails of it, I've copied the relevant info from the system log when I try to connect from my Windows machine using Xbrowser:

Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_xdmcp_decode: Received opcode QUERY from client 192.168.1.103
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_xdmcp_handle_query: Opcode 2 from 192.168.1.103
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_xdmcp_host_allow: client->hostname is steved480fl71
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_xdmcp_send_willing: Sending WILLING to 192.168.1.103
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_xdmcp_decode: Received opcode REQUEST from client 192.168.1.103
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_xdmcp_handle_request: Got REQUEST from 192.168.1.103
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_xdmcp_host_allow: client->hostname is steved480fl71
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_xdmcp_handle_request: xdmcp_pending=0, MaxPending=4, xdmcp_sessions=0, MaxSessions=16, ManufacturerID=
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_xdmcp_display_dispose_check (steved480fl71:1)
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_auth_secure_display: Setting up access for steved480fl71:1
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_auth_secure_display: Setting up access
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_auth_secure_display: Setting up access for steved480fl71:1 - 1 entries
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_xdmcp_display_alloc: display=steved480fl71:1, session id=-113297881, xdmcp_pending=1
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_xdmcp_send_accept: Sending ACCEPT to 192.168.1.103 with SessionID=-113297881
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_xdmcp_decode: Received opcode MANAGE from client 192.168.1.103
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_xdmcp_handle_manage: Got MANAGE from 192.168.1.103
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_xdmcp_host_allow: client->hostname is steved480fl71
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_xdmcp_handle_manage: Got Display=1, SessionID=-113297881 Class=Xmanager from 192.168.1.103
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_xdmcp_handle_manage: Looked up steved480fl71:1
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_forward_query_lookup: Host 192.168.1.103 not found
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_display_manage: Managing steved480fl71:1
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: loop check: last_start 0, last_loop 0, now: 1158303333, retry_count: 0
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: Resetting counts for loop of death detection
Sep 14 23:55:33 ROSBURG4200 gdm[2532]: gdm_slave_start: Starting slave process for steved480fl71:1
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: gdm_display_manage: Forked slave: 2532
Sep 14 23:55:33 ROSBURG4200 gdm[2532]: gdm_slave_start: Loop Thingie
Sep 14 23:55:33 ROSBURG4200 gdm[2532]: gdm_slave_run: Opening display steved480fl71:1
Sep 14 23:55:33 ROSBURG4200 gdm[2532]: gdm_slave_greeter: Running greeter on steved480fl71:1
Sep 14 23:55:33 ROSBURG4200 gdm[2532]: gdm_slave_greeter: Greeter on pid 2542
Sep 14 23:55:33 ROSBURG4200 gdm[2532]: Sending GREETPID == 2542 for slave 2532
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: Handling message: 'GREETPID 2532 2542'
Sep 14 23:55:33 ROSBURG4200 gdm[2261]: Got GREETPID == 2542
Sep 14 23:55:34 ROSBURG4200 gdm[2532]: term_quit: Final cleanup
Sep 14 23:55:34 ROSBURG4200 gdm[2532]: gdm_slave_quick_exit: Will kill everything from the display
Sep 14 23:55:34 ROSBURG4200 gdm[2532]: gdm_slave_quick_exit: Killed everything from the display
Sep 14 23:55:34 ROSBURG4200 gdm[2261]: mainloop_sig_callback: Got signal 17
Sep 14 23:55:34 ROSBURG4200 gdm[2261]: gdm_cleanup_children: child 2532 returned 65
Sep 14 23:55:34 ROSBURG4200 gdm[2261]: gdm_child_action: In remanage
Sep 14 23:55:34 ROSBURG4200 gdm[2261]: gdm_display_unmanage: Stopping steved480fl71:1 (slave pid: 0)

Again, any help is much appreciated.

Regards,
Steve

jcliburn · 09-17-2006, 07:46 AM

Can you compare a good session's log output with the bad session log?

Might Windows firewall be getting in the way?