<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi Mike,<br>
<br>
yes I am using ACL:<br>
<br>
<br>
[vs55-dev-mathias]<br>
user=mathias<br>
host=10.173.20.16<br>
user=student0<br>
name=vSphere 5.5 Dev<br>
command=XFCE<br>
sshproxyuser=mathias<br>
sshproxysameuser=false<br>
acl-groups-allow=mathias<br>
acl-groups-deny=ALL<br>
acl-clients-allow=ALL<br>
acl-any-order=deny-allow<br>
<br>
[vs55-dev-fabian]<br>
user=fabian<br>
host=10.173.20.16<br>
user=student0<br>
name=vSphere 5.5 Dev<br>
command=XFCE<br>
sshproxyuser=fabian<br>
sshproxysameuser=false<br>
acl-groups-allow=fabian<br>
acl-groups-deny=ALL<br>
acl-clients-allow=ALL<br>
acl-any-order=deny-allow<br>
<br>
<br>
I wanted to give access on a per-user basis so I used the groups
that are created with the same name as the username anyways and
did<br>
<br>
addgroup username groupname<br>
<br>
Is there a better solution?<br>
<br>
<br>
I am connected to IRC now, we can go on there.<br>
<br>
<br>
cheers<br>
Mathias<br>
<br>
<br>
<br>
On 10/09/2013 10:21 PM, Mike Gabriel wrote:<br>
</div>
<blockquote
cite="mid:20131009202141.Horde.hmjxvaL6xSqm4KDZH-_szQ1@mail.das-netzwerkteam.de"
type="cite">Hi Mathias,
<br>
<br>
On Mi 09 Okt 2013 21:51:40 CEST, Mathias Ewald wrote:
<br>
<br>
<blockquote type="cite">when I get the no x2go sessions found
message, broker shows
<br>
<br>
2013-10-09 16:26:55,183 - broker - INFO - client address is
79.249.113.198
<br>
2013-10-09 16:26:55,184 - broker - DEBUG - username: fabian,
password: XXXXX, task: listsessions, profile_id:
<br>
2013-10-09 16:26:55,184 - broker - DEBUG -
base_broker.X2GoBroker.get_authentication_mechanism(): found
default-auth-mech in global config section: pam
<br>
2013-10-09 16:26:55,185 - broker - DEBUG -
base_broker.X2GoBroker._do_authenticate(): authenticating
user=fabian with password=<hidden> against
backend=inifile.
<br>
2013-10-09 16:26:55,185 - broker - DEBUG - connecting to
authentication service socket
/run/x2gobroker/x2gobroker-authservice.socket
<br>
2013-10-09 16:26:55,185 - broker - DEBUG - sending
username=fabian, password=<hidden>, service=x2gobroker to
authentication service
<br>
2013-10-09 16:26:55,201 - broker - INFO - authentication against
PAM service »x2gobroker« succeeded for user »fabian«
<br>
2013-10-09 16:26:55,201 - broker - DEBUG -
base_broker.X2GoBroker.check_access(): result of authentication
check is: True
<br>
2013-10-09 16:26:55,209 - broker - DEBUG -
base_broker.X2GoBroker.get_session_autologin(): found
default-session-autologin in global config section: False
<br>
2013-10-09 16:26:55,221 - broker - DEBUG -
base_broker.X2GoBroker.get_session_autologin(): found
default-session-autologin in global config section: False
<br>
2013-10-09 16:26:55,233 - broker - DEBUG -
base_broker.X2GoBroker.get_session_autologin(): found
default-session-autologin in global config section: False
<br>
2013-10-09 16:26:55,245 - broker - DEBUG -
base_broker.X2GoBroker.get_session_autologin(): found
default-session-autologin in global config section: False
<br>
<br>
</blockquote>
<br>
Argh. The 0.0.2.3 x2gobroker is not so verbose at that point...
Neither is the 0.0.3.0, actually. I have to add more debug output
to checkaccess() method in the base broker code.
<br>
<br>
Do you by any chance use any ACL in the broker's session profiles
config?
<br>
<br>
Mike
<br>
<br>
PS: discussing such questions on IRC would really speed up the
debugging process...
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
X2Go-User mailing list
<a class="moz-txt-link-abbreviated" href="mailto:X2Go-User@lists.berlios.de">X2Go-User@lists.berlios.de</a>
<a class="moz-txt-link-freetext" href="https://lists.berlios.de/mailman/listinfo/x2go-user">https://lists.berlios.de/mailman/listinfo/x2go-user</a></pre>
</blockquote>
<br>
</body>
</html>