Hi Mike,

yes I am using ACL:


[vs55-dev-mathias]
user=mathias
host=10.173.20.16
user=student0
name=vSphere 5.5 Dev
command=XFCE
sshproxyuser=mathias
sshproxysameuser=false
acl-groups-allow=mathias
acl-groups-deny=ALL
acl-clients-allow=ALL
acl-any-order=deny-allow

[vs55-dev-fabian]
user=fabian
host=10.173.20.16
user=student0
name=vSphere 5.5 Dev
command=XFCE
sshproxyuser=fabian
sshproxysameuser=false
acl-groups-allow=fabian
acl-groups-deny=ALL
acl-clients-allow=ALL
acl-any-order=deny-allow


I wanted to give access on a per-user basis so I used the groups that are created with the same name as the username anyways and did

addgroup username groupname

Is there a better solution?


I am connected to IRC now, we can go on there.


cheers
Mathias



On 10/09/2013 10:21 PM, Mike Gabriel wrote:
Hi Mathias,

On  Mi 09 Okt 2013 21:51:40 CEST, Mathias Ewald wrote:

when I get the no x2go sessions found message, broker shows

2013-10-09 16:26:55,183 - broker - INFO - client address is 79.249.113.198
2013-10-09 16:26:55,184 - broker - DEBUG - username: fabian, password: XXXXX, task: listsessions, profile_id:
2013-10-09 16:26:55,184 - broker - DEBUG - base_broker.X2GoBroker.get_authentication_mechanism(): found default-auth-mech in global config section: pam
2013-10-09 16:26:55,185 - broker - DEBUG - base_broker.X2GoBroker._do_authenticate(): authenticating user=fabian with password=<hidden> against backend=inifile.
2013-10-09 16:26:55,185 - broker - DEBUG - connecting to authentication service socket /run/x2gobroker/x2gobroker-authservice.socket
2013-10-09 16:26:55,185 - broker - DEBUG - sending username=fabian, password=<hidden>, service=x2gobroker to authentication service
2013-10-09 16:26:55,201 - broker - INFO - authentication against PAM service »x2gobroker« succeeded for user »fabian«
2013-10-09 16:26:55,201 - broker - DEBUG - base_broker.X2GoBroker.check_access(): result of authentication check is: True
2013-10-09 16:26:55,209 - broker - DEBUG - base_broker.X2GoBroker.get_session_autologin(): found default-session-autologin in global config section: False
2013-10-09 16:26:55,221 - broker - DEBUG - base_broker.X2GoBroker.get_session_autologin(): found default-session-autologin in global config section: False
2013-10-09 16:26:55,233 - broker - DEBUG - base_broker.X2GoBroker.get_session_autologin(): found default-session-autologin in global config section: False
2013-10-09 16:26:55,245 - broker - DEBUG - base_broker.X2GoBroker.get_session_autologin(): found default-session-autologin in global config section: False


Argh. The 0.0.2.3 x2gobroker is not so verbose at that point... Neither is the 0.0.3.0, actually. I have to add more debug output to checkaccess() method in the base broker code.

Do you by any chance use any ACL in the broker's session profiles config?

Mike

PS: discussing such questions on IRC would really speed up the debugging process... 



_______________________________________________
X2Go-User mailing list
X2Go-User@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/x2go-user