Hey there, I'm having troubles with running x2go on ldap/kerberos-enabled Ubuntu machines.
If I try to login via x2go to an account that's in the server's local /etc/passwd, everything works as expected.
But if I try to login via x2go to an account that's not in the server's passwd, but in ldap/kerberos, the x2go white login dialog disappears, but nothing else happens. Running x2go from a terminal, I get this output:
http://debian.pastebin.com/m20ae8e2d The last message is repeated indefinitely.
With the same kerberiz'ed account I can locally login on the server machine just fine.
Pam is configured as follows:
common-account: http://debian.pastebin.com/f2780c0cc common-auth: http://debian.pastebin.com/f1a8f599c common-password: http://debian.pastebin.com/f7db1cc29 common-session: http://debian.pastebin.com/f4acfcf5e
Using X2Go Client gtk-3.01-8 on Ubuntu 9.04 and 9.10.
Any advice?
Cheers, Robert
Robert Markula wrote:
If I try to login via x2go to an account that's in the server's local /etc/passwd, everything works as expected.
But if I try to login via x2go to an account that's not in the server's passwd, but in ldap/kerberos, the x2go white login dialog disappears, but nothing else happens. Running x2go from a terminal, I get this output:
To put the above in other words: How can one get x2go to use an existing ldap/kerberos-server to authenticate the user?
I'm quite sure I once saw an environment where the x2go client used its own session management (no ldap-server set in the x2go client settings), but as the username and password was given from a user in ldap/kerberos, he could login and all worked smoothly. I was quite impressed back then to see how seamless x2go integrates in the existing authentication infrastructure.
I guess it was just a PAM issue on the x2go server machine, but I'm a bit lost at what has to be configured exactly.
Cheers, Robert
Hi again,
Robert Markula wrote:
But if I try to login via x2go to an account that's not in the server's passwd, but in ldap/kerberos, the x2go white login dialog disappears, but nothing else happens. Running x2go from a terminal, I get this output:
Forgot to mention that I can see heavy traffic going from the x2go server to the x2go client after login. No terminal output window is shown however. So I guess authentication was somewhat successful?
Cheers, Robert
Robert Markula schrieb:
Hi again,
Robert Markula wrote:
But if I try to login via x2go to an account that's not in the server's passwd, but in ldap/kerberos, the x2go white login dialog disappears, but nothing else happens. Running x2go from a terminal, I get this output:
Forgot to mention that I can see heavy traffic going from the x2go server to the x2go client after login. No terminal output window is shown however. So I guess authentication was somewhat successful?
Cheers, Robert
X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev Hello Robert,
as I already wrote, your problem is sudo configuration. As you can see in output from x2goclient, you cannot execute "sudo x2gopgwrapper" :
sudo: setreuid(ROOT_UID, user_uid): Operation not permitted
all users running x2go should be a part of group "x2gousers". This group can execute "sudo x2gopgwrapper". It is configured in your "sudoers" file :
Defaults env_reset root ALL=(ALL) ALL #### X2GO section %x2gousers ALL=(ALL) NOPASSWD: /usr/bin/x2gopgwrapper
You can check your configuration this way:
user@client:~$ ssh user@server user@server's password: Linux debian 2.6.26-1-amd64 #1 SMP Fri Mar 13 17:46:45 UTC 2009 x86_64
user@server:~$ id uid=1000(user) gid=1000(user) Gruppen=110(fuse),114(x2gousers),1000(user) user@server:~$ sudo x2gopgwrapper : wrong argument
As you can see in output from "id", the user is a part from group "x2gousers", and can execute command "sudo x2gopgwrapper". In your case, your have output:
sudo: setreuid(ROOT_UID, user_uid): Operation not permitted
so, you have definitely problem with your sudo configuration. I think, you must simple add your user in group "x2gousers" or modify your "sudoers" file with command "visudo" to allow your user run "sudo x2gopgwrapper"
Regards
Oleksandr Shneyder Dipl. Informatik X2go Core Developer Team
email: oleksandr.shneyder@obviously-nice.de web: www.obviously-nice.de
--> X2go - everywhere@home
Hi!
Oleksandr.shneyder wrote:
as I already wrote, your problem is sudo configuration.
Sorry, your original reply didn't make it through.
so, you have definitely problem with your sudo configuration. I think, you must simple add your user in group "x2gousers" or modify your "sudoers" file with command "visudo" to allow your user run "sudo x2gopgwrapper"
Yes, that was it. Now it works smoothly like never before. Great!
Cheers, Robert
-
Oleksandr.shneyder -
Robert Markula