I just updated to 12.3 (because of the heartbleed thing) and now FreeNX isnt’ working. I tried reinstalling via YaST…
http://download.opensuse.org/repositories/X11:/RemoteDesktop/openSUSE_12.3/
… and everything goes nominally, except I get an error connecting with the !Machine client - the connection happens and then the server closes the connection.
There seems to need to be a user named “nx” - but:
OS121-TY3:/home/patti # nxserver --restart
No such user name: nx
NX> 100 NXSERVER - Version 3.2.0-73 OS (GPL, using backend: 3.4.0)
NX> 500 Service was already stopped
NX> 999 Bye
OS121-TY3:/home/patti #
I feel like I should add a user “nx” maybe, but what should I assign the user? group? privileges?
EDIT: I see a group named nx - I wonder if I should create a user of the same name? Or maybe it’s as
simple as adding all users to the nx group?
Tried adding all users to the nx group, and now the !machine client says “authentication failed…”
and
OS121-TY3:/home/patti # nxserver --start
No such user name: nx
NX> 100 NXSERVER - Version 3.2.0-73 OS (GPL, using backend: 3.4.0)
mv: cannot stat ‘/var/lib/nxserver/home/.ssh/authorized_keys2.disabled’: No such file or directory
NX> 122 Service started
NX> 999 Bye
OS121-TY3:/home/patti # nxserver --restart
No such user name: nx
NX> 100 NXSERVER - Version 3.2.0-73 OS (GPL, using backend: 3.4.0)
NX> 500 Service was already stopped
NX> 999 Bye
OS121-TY3:/home/patti #
OS121-TY3:/home/patti # nxserver --status
No such user name: nx
NX> 100 NXSERVER - Version 3.2.0-73 OS (GPL, using backend: 3.4.0)
NX> 110 NX Server is stopped
NX> 999 Bye
OS121-TY3:/home/patti #
Well, that’s closer at least…
Don’t remember ever encountering this issue before with FreeNX…
Can anyone help?
Patti:(
Update (can’t edit old post): ran nxsetup and it generated a keypair - but server still disconnects as soon as !machine connects…
I see it claims to have set up the special user “nx” and now the nxserver will actually run… (even though YaST does now show a user named “nx”)
| . +|
| .E|
| |
| |
+-----------------+
Setting up /var/lib/nxserver/db ...done
Setting up /var/log/nxserver.log ...done
Setting up special user "nx" ...done
Adding user "nx" to group "utmp" ...done
Setting up known_hosts and authorized_keys2 ...done
Setting up permissions ...done
----> Testing your nxserver configuration ...
Warning: Invalid value "COMMAND_FOOMATIC=/usr/lib64/cups/driver/foomatic-ppdfile"
Users will not be able to use foomatic.
Warning: "/usr/lib64/cups/backend/nxipp" is not executable.
Users will not be able to enable printing.
Warning: "/usr/lib64/cups/backend/smb" is not executable.
Users will not be able to enable printing.
Warning: Invalid value "CUPS_ETC=/etc/cups/"
Users will not be able to enable printing.
Warning: Invalid value "COMMAND_START_GNOME=gnome-session"
Users will not be able to request a Gnome session.
Warning: Invalid value "COMMAND_START_CDE=cdwm"
Users will not be able to request a CDE session.
Warning: Invalid value "COMMAND_SMBMOUNT=smbmount". You'll not be able to use SAMBA.
Warning: Invalid value "COMMAND_SMBUMOUNT=smbumount". You'll not be able to use SAMBA.
Warning: Invalid cupsd version of "/usr/sbin/cupsd". Need version 1.2.
Users will not be able to enable printing.
Warnings occured during config check.
To enable these features please correct the configuration file.
<---- done
----> Testing your nxserver connection ...
Connection closed by 127.0.0.1
expect: spawn id exp4 not open
while executing
"expect {
"Are you sure you want to continue connecting (yes/no)?" { send "yes\r" }
"Permission denied*" { exit 1 }
"HELLO NXSERVER - Version*..."
invoked from within
"if { "$auth_method"=="test-nx" } {
set stty_init "raw icrnl -echo"
set publickey ""
catch {set publickey $env(NODE_PUBLICKEY)}
set pid spawn -..."
(file "/usr/bin/nxnode-login" line 30)
Fatal error: Could not connect to NX Server.
Please check your ssh setup:
The following are _examples_ of what you might need to check.
- Make sure "nx" is one of the AllowUsers in sshd_config.
(or that the line is outcommented/not there)
- Make sure "nx" is one of the AllowGroups in sshd_config.
(or that the line is outcommented/not there)
- Make sure your sshd allows public key authentication.
- Make sure your sshd is really running on port 22.
- Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2.
(this should be a filename not a pathname+filename)
- Make sure you allow ssh on localhost, this could come from some
restriction of:
-the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost
-the iptables. add to it:
$ iptables -A INPUT -i lo -j ACCEPT
$ iptables -A OUTPUT -o lo -j ACCEPT
OS121-TY3:/home/patti # nxserver --status
No processes found.
NX> 100 NXSERVER - Version 3.2.0-73 OS (GPL, using backend: 3.4.0)
NX> 110 NX Server is running
NX> 999 Bye
OS121-TY3:/home/patti # nxserver --restart
No processes found.
NX> 100 NXSERVER - Version 3.2.0-73 OS (GPL, using backend: 3.4.0)
NX> 123 Service stopped
NX> 122 Service started
NX> 999 Bye
OS121-TY3:/home/patti # nxserver --status
No processes found.
NX> 100 NXSERVER - Version 3.2.0-73 OS (GPL, using backend: 3.4.0)
NX> 110 NX Server is running
NX> 999 Bye
OS121-TY3:/home/patti #
SSHD is set up on port 22, allowing public key (per YaST), and…
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
#AuthorizedKeysFile .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
What is this? (From above warnings)
“Make sure you allow ssh on localhost,”
NX> 203 NXSSH running with pid: 9160
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
NX> 200 Connected to address: xxx.xxx.xxx.111 on port: 22
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
Connection closed by xxx.xxx.xxx.111
(the last code fragment is the error thrown by the !machine windows client trying to connect across the LAN)
Huh - found this… what in the world…? Ideas anyone?
Does this have anything to do with no user named “nx” appearing in YaST users/groups applet?
OS121-TY3:/home/patti # grep sshd /var/log/messages | tail
2014-04-25T14:54:18.428878-07:00 OS121-TY3 sshd[9204]: Connection closed by xxx.xxx.59.19 [preauth]
2014-04-25T14:55:45.647217-07:00 OS121-TY3 sshd[9372]: Invalid user nx from xxx.xxx.59.19
2014-04-25T14:55:45.648298-07:00 OS121-TY3 sshd[9372]: input_userauth_request: invalid user nx [preauth]
2014-04-25T14:55:45.652592-07:00 OS121-TY3 sshd[9372]: Connection closed by xxx.xxx.59.19 [preauth]
2014-04-25T15:01:45.503527-07:00 OS121-TY3 sshd[7368]: Server listening on 0.0.0.0 port 22.
2014-04-25T15:01:45.504497-07:00 OS121-TY3 sshd[7368]: Server listening on :: port 22.
2014-04-25T15:50:02.916996-07:00 OS121-TY3 sshd[8864]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T15:51:00.083355-07:00 OS121-TY3 sshd[9028]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:03:56.248891-07:00 OS121-TY3 sshd[10289]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:04:20.482626-07:00 OS121-TY3 sshd[10349]: fatal: Access denied for user nx by PAM account configuration [preauth]
OS121-TY3:/home/patti # grep sshd /var/log/messages | tail
2014-04-25T14:54:18.428878-07:00 OS121-TY3 sshd[9204]: Connection closed by xxx.xxx.59.19 [preauth]
2014-04-25T14:55:45.647217-07:00 OS121-TY3 sshd[9372]: Invalid user nx from xxx.xxx.59.19
2014-04-25T14:55:45.648298-07:00 OS121-TY3 sshd[9372]: input_userauth_request: invalid user nx [preauth]
2014-04-25T14:55:45.652592-07:00 OS121-TY3 sshd[9372]: Connection closed by xxx.xxx.59.19 [preauth]
2014-04-25T15:01:45.503527-07:00 OS121-TY3 sshd[7368]: Server listening on 0.0.0.0 port 22.
2014-04-25T15:01:45.504497-07:00 OS121-TY3 sshd[7368]: Server listening on :: port 22.
2014-04-25T15:50:02.916996-07:00 OS121-TY3 sshd[8864]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T15:51:00.083355-07:00 OS121-TY3 sshd[9028]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:03:56.248891-07:00 OS121-TY3 sshd[10289]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:04:20.482626-07:00 OS121-TY3 sshd[10349]: fatal: Access denied for user nx by PAM account configuration [preauth]
OS121-TY3:/home/patti # grep ssh /var/log/messages | tail
2014-04-25T15:00:38.579111-07:00 OS121-TY3 avahi-daemon[1059]: Loading service file /etc/avahi/services/sftp-ssh.service.
2014-04-25T15:00:38.579365-07:00 OS121-TY3 avahi-daemon[1059]: Loading service file /etc/avahi/services/ssh.service.
2014-04-25T15:00:38.580873-07:00 OS121-TY3 avahi-daemon[1059]: Service "OS121-TY3" (/etc/avahi/services/ssh.service) successfully established.
2014-04-25T15:00:38.581118-07:00 OS121-TY3 avahi-daemon[1059]: Service "OS121-TY3" (/etc/avahi/services/sftp-ssh.service) successfully established.
2014-04-25T15:01:45.503527-07:00 OS121-TY3 sshd[7368]: Server listening on 0.0.0.0 port 22.
2014-04-25T15:01:45.504497-07:00 OS121-TY3 sshd[7368]: Server listening on :: port 22.
2014-04-25T15:50:02.916996-07:00 OS121-TY3 sshd[8864]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T15:51:00.083355-07:00 OS121-TY3 sshd[9028]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:03:56.248891-07:00 OS121-TY3 sshd[10289]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:04:20.482626-07:00 OS121-TY3 sshd[10349]: fatal: Access denied for user nx by PAM account configuration [preauth]
OS121-TY3:/home/patti #
I finally hit the right search terms… I had to do all of this - now it works… WEIRD!!!
OS121-TY3:/home/patti # grep sshd /var/log/messages | tail
2014-04-25T14:55:45.652592-07:00 OS121-TY3 sshd[9372]: Connection closed by xxx.xxx.59.19 [preauth]
2014-04-25T15:01:45.503527-07:00 OS121-TY3 sshd[7368]: Server listening on 0.0.0.0 port 22.
2014-04-25T15:01:45.504497-07:00 OS121-TY3 sshd[7368]: Server listening on :: port 22.
2014-04-25T15:50:02.916996-07:00 OS121-TY3 sshd[8864]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T15:51:00.083355-07:00 OS121-TY3 sshd[9028]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:03:56.248891-07:00 OS121-TY3 sshd[10289]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:04:20.482626-07:00 OS121-TY3 sshd[10349]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:22:32.144563-07:00 OS121-TY3 sshd[11090]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:24:12.981497-07:00 OS121-TY3 sshd[11365]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:25:09.892814-07:00 OS121-TY3 sshd[11378]: fatal: Access denied for user nx by PAM account configuration [preauth]
OS121-TY3:/home/patti # grep ssh /var/log/messages | tail
2014-04-25T15:00:38.581118-07:00 OS121-TY3 avahi-daemon[1059]: Service "OS121-TY3" (/etc/avahi/services/sftp-ssh.service) successfully established.
2014-04-25T15:01:45.503527-07:00 OS121-TY3 sshd[7368]: Server listening on 0.0.0.0 port 22.
2014-04-25T15:01:45.504497-07:00 OS121-TY3 sshd[7368]: Server listening on :: port 22.
2014-04-25T15:50:02.916996-07:00 OS121-TY3 sshd[8864]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T15:51:00.083355-07:00 OS121-TY3 sshd[9028]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:03:56.248891-07:00 OS121-TY3 sshd[10289]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:04:20.482626-07:00 OS121-TY3 sshd[10349]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:22:32.144563-07:00 OS121-TY3 sshd[11090]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:24:12.981497-07:00 OS121-TY3 sshd[11365]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:25:09.892814-07:00 OS121-TY3 sshd[11378]: fatal: Access denied for user nx by PAM account configuration [preauth]
OS121-TY3:/home/patti # nxserver --restart
No processes found.
NX> 100 NXSERVER - Version 3.2.0-73 OS (GPL, using backend: 3.4.0)
NX> 123 Service stopped
NX> 122 Service started
NX> 999 Bye
OS121-TY3:/home/patti #
I searcher, “Access denied for user nx by PAM account configuration [preauth]”
(per… http://gentoo.2317880.n4.nabble.com/nxserver-freenx-user-nx-not-allowed-because-account-is-locked-td138256.html )
After adding a password, it almost worked, but failed after getting
the NX environment connected - so I tried then deleting the password
for user “nx” - and then it would logon… I wonder if I will have to do
this each time I reboot?
OS121-TY3:/home/patti # passwd nx
New Password:
Reenter New Password:
Passwords do not match.
New Password:
Reenter New Password:
Password changed.
passwd: password updated successfully
OS121-TY3:/home/patti # nxserver --restart
No processes found.
NX> 100 NXSERVER - Version 3.2.0-73 OS (GPL, using backend: 3.4.0)
NX> 123 Service stopped
NX> 122 Service started
NX> 999 Bye
OS121-TY3:/home/patti # grep ssh /var/log/messages | tail
2014-04-25T16:26:50.047571-07:00 OS121-TY3 sshd[11462]: Received signal 15; terminating.
2014-04-25T16:26:50.086656-07:00 OS121-TY3 sshd[11585]: Server listening on 0.0.0.0 port 22.
2014-04-25T16:26:50.087685-07:00 OS121-TY3 sshd[11585]: Server listening on :: port 22.
2014-04-25T16:26:58.212005-07:00 OS121-TY3 sshd[11590]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:29:47.462133-07:00 OS121-TY3 sshd[11777]: Accepted publickey for nx from xxx.xxx.59.19 port 54150 ssh2
2014-04-25T16:29:48.821892-07:00 OS121-TY3 sshd[11900]: Accepted keyboard-interactive/pam for patti from 127.0.0.1 port 42471 ssh2
2014-04-25T16:29:52.206921-07:00 OS121-TY3 sshd[11903]: Received disconnect from 127.0.0.1: 11: disconnected by user
2014-04-25T16:31:08.360487-07:00 OS121-TY3 sshd[12577]: Accepted publickey for nx from xxx.xxx.59.19 port 54153 ssh2
2014-04-25T16:31:09.742316-07:00 OS121-TY3 sshd[12700]: Accepted keyboard-interactive/pam for patti from 127.0.0.1 port 42504 ssh2
2014-04-25T16:31:13.011449-07:00 OS121-TY3 sshd[12703]: Received disconnect from 127.0.0.1: 11: disconnected by user
OS121-TY3:/home/patti # grep sshd /var/log/messages | tail
2014-04-25T16:26:50.047571-07:00 OS121-TY3 sshd[11462]: Received signal 15; terminating.
2014-04-25T16:26:50.086656-07:00 OS121-TY3 sshd[11585]: Server listening on 0.0.0.0 port 22.
2014-04-25T16:26:50.087685-07:00 OS121-TY3 sshd[11585]: Server listening on :: port 22.
2014-04-25T16:26:58.212005-07:00 OS121-TY3 sshd[11590]: fatal: Access denied for user nx by PAM account configuration [preauth]
2014-04-25T16:29:47.462133-07:00 OS121-TY3 sshd[11777]: Accepted publickey for nx from xxx.xxx.59.19 port 54150 ssh2
2014-04-25T16:29:48.821892-07:00 OS121-TY3 sshd[11900]: Accepted keyboard-interactive/pam for patti from 127.0.0.1 port 42471 ssh2
2014-04-25T16:29:52.206921-07:00 OS121-TY3 sshd[11903]: Received disconnect from 127.0.0.1: 11: disconnected by user
2014-04-25T16:31:08.360487-07:00 OS121-TY3 sshd[12577]: Accepted publickey for nx from xxx.xxx.59.19 port 54153 ssh2
2014-04-25T16:31:09.742316-07:00 OS121-TY3 sshd[12700]: Accepted keyboard-interactive/pam for patti from 127.0.0.1 port 42504 ssh2
2014-04-25T16:31:13.011449-07:00 OS121-TY3 sshd[12703]: Received disconnect from 127.0.0.1: 11: disconnected by user
OS121-TY3:/home/patti # passwd -d nx
passwd: password expiry information changed.
OS121-TY3:/home/patti #
OK, after a LOT of trouble-shooting (for me anyway, not being a Wizard, or even an IT person), I am at least up and running with FreeNX on 12.3+KDE (online upgrade from an updated/working 12.2).
I am hoping someone can help with suggestions about this: !Machine outright crashes whenever I or a user tries to start GKrellM, GEDIT, or Gnome System Monitor in the !machine client. They run fine at the console.
Does anyone have any idea where a problem like this may lie? I believe these are Gnome apps. They always worked in 12.2 and previous distros on the !machine client.