Summary: | net-misc/nxserver-freenx: User nx not allowed because account is locked | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Joseph <syscon780> |
Component: | New packages | Assignee: | Gentoo NX Server project <nx> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | dabbott |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Joseph
2009-03-15 01:18:54 UTC
Did you try to solve this with the following command? usermod -U nx Yes, I tried it already: usermod -U nx usermod: unlocking the user would result in a passwordless account. You should set password with usermod -p to unlock this user account. If I try this sequence: usermod -p 123456 nx usermod -U nx works, no message pops up; but as soon as I run the setup script: nxsetup --install --setup-nomachine-key --clean --purge ... Setting up /var/log/nxserver.log ...done Setting up special user "nx" ...passwd: unlocking the user would result in a passwordless account. You should set a password with usermod -p to unlock this user account. Password changed. done. ... ----> Testing your nxserver connection ... Permission denied (publickey,keyboard-interactive). Fatal error: Could not connect to NX Server. Please check your ssh setup: The following are _examples_ of what you might need to check. - Make sure "nx" is one of the AllowUsers in sshd_config. (or that the line is outcommented/not there) - Make sure "nx" is one of the AllowGroups in sshd_config. (or that the line is outcommented/not there) - Make sure your sshd allows public key authentication. - Make sure your sshd is really running on port 22. - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2. (this should be a filename not a pathname+filename) - Make sure you allow ssh on localhost, this could come from some restriction of: -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost -the iptables. add to it: $ iptables -A INPUT -i lo -j ACCEPT $ iptables -A OUTPUT -o lo -j ACCEPT So at this point I'm back to square one in log/messages I get: User nx not allowed because account is locked Which nxserver-freenx version do you have installed? Also, a user reported once he had missing files in the ~nx folder (mostly the allowed keys), completely removing the nx user (and personal folder) and remerging nxserver-freenx did the trick for him. If you want to try this, can you post the output of `ls -la ~nx/ ~nx/.ssh/` before? I have nxserver-freenx-0.7.3-r2 ls -la ~nax/ ~nx/.ssh/ ls: cannot access ~nax/: No such file or directory /var/lib/nxserver/home/.ssh/: total 20 drwx------ 2 nx root 4096 2009-03-19 11:55 . drwx------ 3 nx root 4096 2009-03-19 11:55 .. -rw------- 1 nx root 669 2009-03-19 11:55 authorized_keys2 -rw------- 1 nx root 668 2009-03-19 11:55 client.id_dsa.key -rw-r--r-- 1 nx root 232 2009-03-19 11:55 known_hosts I've removed user and group "nx" re-emerge the above version but still no luck :-/ the same problem nxsetup --install --setup-nomachine-key --clean --purge Removing special user "nx" ...done Removing session database ...done Removing logfile ...done Removing home directory of special user "nx" ...done Removing configuration files ...done Setting up /etc/nxserver ...done Generating public/private dsa key pair. Your identification has been saved in /etc/nxserver/users.id_dsa. Your public key has been saved in /etc/nxserver/users.id_dsa.pub. The key fingerprint is: 93:77:08:0d:c0:00:7a:0f:a7:da:68:ce:26:e4:4a:7e root@syscon2 The key's randomart image is: +--[ DSA 1024]----+ | ...o... | | . . o | |. o . . . | | . = o . | | . . S o . | | = o . | |=o. | |Bo E | |=+. | +-----------------+ Setting up /var/lib/nxserver/db ...done Setting up /var/log/nxserver.log ...done Setting up special user "nx" ...passwd: unlocking the user would result in a passwordless account. You should set a password with usermod -p to unlock this user account. Password changed. done Adding user "nx" to group "utmp" ...done Setting up known_hosts and authorized_keys2 ...done Setting up permissions ...done Setting up cups nxipp backend ...done ----> Testing your nxserver configuration ... Warning: Could not find nxdesktop in /usr/bin. RDP sessions won't work. Warning: Could not find nxviewer in /usr/bin. VNC sessions won't work. Warning: Invalid value "COMMAND_START_KDE=startkde" Users will not be able to request a KDE session. Warning: Invalid value "COMMAND_START_GNOME=gnome-session" Users will not be able to request a Gnome session. Warning: Invalid value "COMMAND_START_CDE=cdwm" Users will not be able to request a CDE session. Warning: Invalid cupsd version of "/usr/sbin/cupsd". Need version 1.2. Users will not be able to enable printing. Warnings occured during config check. To enable these features please correct the configuration file. <---- done ----> Testing your nxserver connection ... Permission denied (publickey,keyboard-interactive). Fatal error: Could not connect to NX Server. Please check your ssh setup: The following are _examples_ of what you might need to check. - Make sure "nx" is one of the AllowUsers in sshd_config. (or that the line is outcommented/not there) - Make sure "nx" is one of the AllowGroups in sshd_config. (or that the line is outcommented/not there) - Make sure your sshd allows public key authentication. - Make sure your sshd is really running on port 22. - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2. (this should be a filename not a pathname+filename) - Make sure you allow ssh on localhost, this could come from some restriction of: -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost -the iptables. add to it: $ iptables -A INPUT -i lo -j ACCEPT $ iptables -A OUTPUT -o lo -j ACCEPT Was the fix applied to ver. 0.7.3_p102 ? OK, I never saw the problem because I have UsePAM enabled (from USE=pam openssh). So this does not work without pam, let me check where the problem lies... OK, from what I've read (until an openssh expert contradicts me), you can not login via public key with a locked (passwordless) account, when not using PAM So the only workaround I see is to set a password for the nx user, and run this nxsetup line (which will be the recommended on in freenx ebuilds from now on): "nxsetup --install --setup-nomachine-key" (without clean or purge, this will leave the nx user as it is on your system). This will be in nxserver-freenx-0.7.3_p104 ebuild, that I'll add to portage after fixing bug #266572 nxserver-freenx-0.7.3_p104 in portage now, updated as detailed in previous comment Thanks for the report and suggestions! |