Hi All: Am trying to get up to speed on x2go session broker, but am having trouble. Any suggestions? When try to connect I get: Error Login failed! Please try again. Along with... broker url: http://xxx.xxx.xxx.xxx/:8080/plain/inifilebroker url:http://xxx.xxxx.xxx.xxx/:8080/plain/inifile or.... broker url:http://user@xxx.xxx.xxx.xxx/cgi-bin/x2gobroker.cfgi As I'm getting started, I'm trying to do this on my LAN (all behind my firewall) without any ssh (longer term I want to see if I can run sessions inside SSL). I've disabled all the iptable rules on my server....and tried various settings in the x2gobroker.conf and x2gobroker-sessionprofiles.conf files which have not really changed the error message but may be the problem (see below). I can connect using the x2go client GUI "the normal way", and the first time I got a window on the client "The server is unknown. Do you trust the host key....", which I assume is x2go dynamically creating a ssh tunnel? This part works fine. However, when I try from the command line with an "x2goclient --broker-..." type of command, I get the Error message. Both client and server are running Debian Squeeze, and on the server I've successively installed: x2gobroker-wsgi apache2 libapache20mod-wsgi x2gobroker-authservice (wasn't sure if I should install this for my initial tests) My x2gobroker.conf: # This file is part of the X2Go Project - http://www.x2go.org # Copyright (C) 2011-2013 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> # Copyright (C) 2011-2013 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> # Copyright (C) 2012-2013 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> # # X2Go Session Broker is free software; you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # X2Go Session Broker is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program; if not, write to the # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. ### ### GLOBAL section ### [global] # Allow unauthenticated connections? Then set check-credentials to false. check-credentials = false # To secure server-client communication the client can start the communication # with a pre-set, agreed on authentication ID. Set the below value to true # to make the X2Go Session Broker require this feature #require-cookie-auth = false ### NOT-IN-USE-YET # X2Go supports two different cookie authentication modes (static and dynamic). #use-static-cookie = false ### NOT-IN-USE-YET # Every server-client communication (between X2Go Client and broker) has to be # accompanied by this initial authentication cookie. #my-cookie = <aaaavveeeerrrrryyyyylooonnnnggggssttrrriiinnnggg> ### NOT-IN-USE-YET # X2Go Session Broker knows about two output formats: a text/plain based output # and a text/json based output that is compatible with UCCS. The different outputs # run under different URLs. enable {base_url}/plain/ enable-plain-output = true # enable {base_url}/uccs/ #enable-uccs-output = false # use this URL base to create URL field in UCCS-style JSON output #my-uccs-url-base = http://localhost:8080/ # default authentication mechanism for all broker backends default-auth-mech = pam # how does this X2Go Session Broker instance retrieve user and group # information from the system? (defaults for all broker backends) default-user-db = libnss default-group-db = libnss # on large deployments it is recommended to ignore primary group # memberships traversing into all user accounts for primary group # detection can be quite CPU intensive on the X2Go Broker server. #ignore-primary-group-memberships = true # X2Go session autologin via X2Go Session Broker # # Once authenticated against the session # broker, the user becomes a trusted user. That is, the X2Go session login can # be automatized by a very temporary SSH pub/priv key pair. Prior to the session # login the key is generated, after successful session login, the key is dropped # immediately. # # This option can be overridden by the session profile parameter # broker-session-autologin={true|false} broker-session-autologin=true default-session-autologin=true # X2Go's authorized_keys file for broker mediated autologin sessions # # For the X2Go auto-login via X2Go Session Broker feature to work thoroughly, # the X2Go Session Broker has to place the temporary public SSH key into the # user's home directory. It is not recommended to use SSH's default # authorized_keys file for this but a separate and X2Go-specific authorized_keys # file ($HOME/.x2go/authorized_keys). # # Of course, the SSH daemon has to be made aware of this. This can be configured # in /etc/ssh/sshd_config like this: # # --- /etc/ssh/sshd_config.no-x2go 2013-03-01 09:57:04.000000000 +0100 # +++ /etc/ssh/sshd_config 2013-03-01 09:56:57.000000000 +0100 # @@ -28,7 +28,8 @@ # # RSAAuthentication yes # PubkeyAuthentication yes # AuthorizedKeysFile %h/.ssh/authorized_keys # +AuthorizedKeysFile2 %h/.x2go/authorized_keys # # # Don't read the user's ~/.rhosts and ~/.shosts files # IgnoreRhosts yes # # This option can be overridden by the session profile parameter # broker-authorized-keys=<file-location> #default-authorized-keys=%h/.x2go/authorized_keys # X2Go Broker Agent query mode # # The X2Go Broker Agent is needed for multi-server sites configured for # load balancing. Multi-server sites require a setup that uses the # PostgreSQL X2Go session DB backend. The X2Go Broker Agent has to be installed # on the local system (mode: LOCAL) or on all X2Go Servers (mode: SSH) in a # multi-server farm. # # So, there are three query modes for the X2GO Broker Agent: NONE, LOCAL and # SSH. # # NONE - Try to get along without X2Go Broker Agent queries. For simple # broker setups this may suffice. For load-balancing or reliable # session suspending and resuming the broker agent is a must!!! # # LOCAL - This LOCAL mode only works for _one_ configured multi-server farm. # If this X2Go Session Broker is supposed to serve many different # multi-server farms, then the LOCAL mode will not work!!! # # How it works: Assume that the local system has an X2Go Broker Agent # that knows about the multi-server setup. This means: X2Go Server # has to be installed locally and the X2Go Server has to be # configured to use the multi-server farm's PostgreSQL session DB # backend. # # The local system that is running the broker does not necessarily # have to be a real application server. It only has to be aware of # running/suspended sessions within the X2Go multi-server farm setup. # # A typical use-case is X2Go on top of a Debian Edu Terminal-Server # farm: # # TJENER -> PostgreSQL DB, X2Go Server, X2Go Session Broker + # Broker Agent # TS01 - TS0X -> X2Go Server configured to use the PostgreSQL DB # on TJENER # # SSH - The more generic approach, but also more complex. It allows that # the broker on this system may serve for many different X2Go Server # multi-server setups. # # With the SSH agent query mode, the X2Go Session Broker will query # one of the X2Go Servers in the targeted multi-server setup (through # SSH). The SSH authentication is done by a system user account # (normally UID=x2gobroker) and SSH pub/priv key authentication has # to be configured to make this work. # # All X2Go Servers in a multi-server farm need the X2Go Broker Agent # installed, whereas this local system running the X2Go Session # Broker does not need a local X2Go Broker Agent at all. # # The agent query mode can be configured on a per-broker-backend basis, the # below value is the default. #default-agent-query-mode=LOCAL ### ### BACKEND section ### # Possible X2Go Session Broker backends: # # 1. backend = zeroconf (activated by default) # Use the ZeroConf X2Go Session Broker backend, this backend is for demo only # and only operates on localhost. Make sure you have x2gobroker-daemon and # and x2goserver installed on the same machine. No need to install # x2gobroker-agent. # 2. backend = infile (deactivated by default) # The IniFile X2Go Session Broker backend is for providing session profiles # to multiple users/clients on a text config file basis (.ini file format). # # The session profile setup is accomplished by an extra configuration file, # by default named /etc/x2go/broker/x2gobroker-sessionproiles.conf. # # For small-scale deployments the IniFile backend is the recommended backend. [zeroconf] #enable = true #auth-mech = pam #user-db = libnss #group-db = libnss #desktop-shell = KDE [inifile] enable = true session-profiles = /etc/x2go/broker/x2gobroker-sessionprofiles.conf #[ldap] -> MUSIC OF THE FUTURE #enable = false #auth-mech = ldap #user-db = ldap #group-db = ldap #uri = ldap://localhost:389 #base = dc=example,dc=org #user-search-filter = (&(objectClass=posixAccount)(uid=*)) #host-search-filter = (&(objectClass=ipHost)(serial=X2GoServer)(cn=*)) #group-search-filter = (&(objectClass=posifxGroup)(cn=*)) #starttls = false #agent-query-mode = SSH My x2gobroker-sessionprofiles.conf: ### X2Go Broker Session Profiles - ADAPT TO YOUR NEEDS ### # This whole file reflects a set of examplary X2Go session profiles being # provided via the X2Go Session Broker (backend: iniconf). # This whole file could be the broker setup in some university institute that # runs three server pools (pool-A, pool-B and pool-C). Though most univerities # have real IPv4 internet addresses, we use private subnets in the examples # below. # The X2Go Session Broker is served into the institutes local intranet, the # broker cannot be reached from the internet directly. # The first section [DEFAULTS] provides a set of default profile settings that # are common to all session profiles given in sections below. # The other section names can be freely chosen, however, each section name has # to be unique within this file. # IMPORTANT: in the session profiles below you will find some lines starting # with acl-... These lines do neither protect the X2Go Session Broker nor # your X2Go Servers. They simply allow for selective session profile provision # based on client address, user name and group memberships. # # For protecting the broker use iptables and ip6tables. For protecting your # X2Go Servers use iptable+ip6tables and a tightened PAM configuration (e.g. # pam_access.so). Securing X2Go Servers means securing the SSH daemon that # runs on the X2Go Server. [DEFAULT] command=TERMINAL defsndport=true useiconv=false iconvfrom=UTF-8 height=600 export= quality=9 fullscreen=false layout= useexports=true width=800 speed=2 soundsystem=pulse print=true type=auto sndport=4713 xinerama=true variant= usekbd=true fstunnel=true applications=TERMINAL,WWWBROWSER,MAILCLIENT,OFFICE multidisp=false sshproxyport=22 sound=true rootless=false iconvto=UTF-8 soundtunnel=true dpi=96 sshport=22 setdpi=0 pack=16m-jpeg directrdp=false [GNOME] user=xxx host=xxx.xxx.xxx.xxx name=GNOME command=GNOME rootless=false acl-users-allow=xxx acl-groups-allow=gnome-users,admins acl-groups-deny=ALL acl-any-order=deny-allow broker-session-autologin=true
Hi Ted,
On Fr 25 Okt 2013 19:28:11 CEST, Ted Barnes wrote:
Am trying to get up to speed on x2go session broker, but am having
trouble. Any suggestions?When try to connect I get:
Error Login failed! Please try again.
Along with... broker url: http://xxx.xxx.xxx.xxx/:8080/plain/inifilebroker
url:http://xxx.xxxx.xxx.xxx/:8080/plain/inifile
For the X2Go Session Broker standalone daemon (python-tornado
implementation) the X2Go Client cmdline is:
x2goclient --broker-url=http://<host>:8080/plain/inifile
or.... broker url:http://user@xxx.xxx.xxx.xxx/cgi-bin/x2gobroker.cfgi
For the WSGI implementation of X2Go Session Broker, the URL varies.
For our default setup [1], use this X2Go Client cmdline:
x2goclient --broker-url=http://<host>/x2gobroker/plain/inifile
[...]
If you use the SSH implementation of X2Go Session Broker (available
with 0.0.3.0, currently as preview in the nightly builds):
x2goclient --broker-url="ssh://<host>/usr/bin/x2gobroker --backend=inifile"
However, when I try from the command line with an "x2goclient
--broker-..." type of command, I get the Error message.
This is not surprising me, as you have not used the correct URLs, so far.
x2gobroker-authservice (wasn't sure if I should install this for my
initial tests)
Yes. The authentication system of the X2Go Session Broker uses PAM by
default. PAM authentication requires root privileges. The X2Go Session
Broker's Authentication Service runs with root privileges whereas the
broker itself runs as user x2gobroker.
Greets, Mike
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
I am using X2Go, version X2Go client V. 3.99.2.1 (Qt - 4.7.4) on a Mac, OS X 10.7.5. When I attempt to a RHEL6 server I receive the following error message: Connection failed export: Command not found
Doe anyone have any ideas on how to get X2Go working.
Thank you!
Kay Coen
On Di 29 Okt 2013 15:28:14 CET, Coen, Kay L wrote:
I am using X2Go, version X2Go client V. 3.99.2.1 (Qt - 4.7.4) on a
Mac, OS X 10.7.5. When I attempt to a RHEL6 server I receive the
following error message: Connection failed export: Command not foundDoe anyone have any ideas on how to get X2Go working.
Thank you!
Kay Coen
How about installing X2Go Server on the machine you want to connect to?
If X2Go Server is installed, make sure the desktop shell you aim at
using is installed on that machine, as well.
Also, I have heard several people having problems with X2Go on RHEL6.
Fedora 19+20 are the best supported RPM based distros atm.
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...