On Tue, 2010-12-14 at 08:32 +0200, Ivan Boyadzhiev wrote:
Hi, I've implemented x2go with likewise-open, still I do have 2 issues, which are present only when I use LDAP account, and not present with regular account on the linux. More details: OS Ubuntu 10.10; x2go 3.0.1-5; likewise-open 5.4.0.42111. Ubuntu is joined to Windows Active Directory through LDAP. I don't have any issues there, and everything work fine with this configuration (one issue that I've overcome: when joining LDAP, the users have other group IDs, which came from LDAP. In order to connect to x2go server, your username must have the x2gousers group assignment. In my case in LDAP I do have special group which contains users who have to have access. I've logged to LDAP locally on the ubuntu, and using command id I've checked the unique identification of that LDAP group. Then I've set this number to the x2gousers in the file /etx/groups. This way I overwrite the group that came from LDAP with the local group, and only these users can connect to x2go).
Note: I've read all the documentation and I still didn't find solutions for my issues. They are:
- Connecting remotely with x2go client with LDAP credentials doesn't forward sound - thus no sound can be heard. This problem doesn't occur when I login locally on the Ubuntu with same LDAP credentials. When I'm logged in locally, the next remote login (using the client), has sound. However, I thought that it is something with groups for audio, but seems it is not, as I'm using very same credentials and the only difference is local and remote, this way all user permissions are same (confirmed)...
- Connecting remotely with x2go client with LDAP credentials doesn't stop the session, when disconnected in every way. The session remain open (visible with x2golistsessions_sql HOSTNAME). I've made around 20 client sessions from one host, and on the next ones it refused to connect me, because the number of authentications were too much. Again, when doing this locally on the Ubuntu, the sessions really terminate. I've even replaced x2gosuspend with x2goterminate, without any success. The only way is to delete file /var/db/x2go/x2go_sessions and to create empty one with /usr/lib/x2go/script/x2gosqlite.sh. The live sessions still remain active, but this doesn't seem good solution. It is not possible to terminate or to resume open sessions with the client as well. So they stay like zombies there.
Do you have an idea what can be the root causes for these issues? My logic lead me to some un-escaped symbols used when joining the Domain
- like @ and \. Because when logging to the LDAP I am using USERNAME@DOMAIN. Another possibility is to be from Likewise-open, still, there should not happen this as locally everything works fine.
Best Regards Ivan Hmm . . . I do not know the answer. We are using LDAP authentication and it is working well (RedHat Directory Server). We are using local groups but the members are defined in LDAP. However, we are using uid to identify the user rather than email so your hunch about the unescaped characters might be correct.
The connections are really provided by ssh. What happens if you try to establish a simple ssh connection using the username@domain rather than x2go? - John