Nx

From Linuxintro
Revision as of 09:16, 5 December 2014 by imported>ThorstenStaerk (→‎authentication failed for user)

NX is software for a terminal server. It allows you to control a computer via the network graphicall. NX is faster than vNc. One implementation is freeNX.

Concept

For NX, a user called nx must exist on the server and this user must allow passwordless login. The user must also have nxserver as default shell in /etc/passwd. The client has they key that is authorized and can therefore start commands in the nxserver shell on the server. After connecting the NX user via ssh, the user for the session is authenticated.

Install NX as display manager

Maybe you have a very old computer and want to make it a thin client to a faster one (the faster one acting as terminal server). Then you want the old computer to display the NX client program right after startup, without a user having to log in. So you want Nx to be your display manager. Here are some changes I did to /etc/init.d/xdm to make this happen:

case "$1" in
    start)
        X &
        export DISPLAY=:0
        /usr/NX/bin/nxclient
        while true; do sleep 9; done

TroubleShooting

To get logging output to /var/log/messages, edit /usr/NX/etc/node.cfg. Set

SessionLogLevel = "6"

and you can read NX' log from /var/log/messages. Let's look at this one:

Jan  8 17:07:18 mars NXNODE-3.2.0-11[30374]: ERROR: run command: process: 30461 died because of signal: 9 Logger::log nxnode 3844
Jan  8 17:07:18 mars NXNODE-3.2.0-11[30480]: Directory '/home/tstaerk/.nx/C-mars-1019-7C3118AB902BD0DFE9CEC4AC7631B407' renamed into '/home/user/.nx/F-C-mars-1019-7C3118AB902BD0DFE9CEC4AC7631B407' for further investigation Logger::log nxnode 6215

Now you cd to /home/user/.nx/F-C-mars-1019-7C3118AB902BD0DFE9CEC4AC7631B407 and look at the log files.

Connecting to ...

When I had this error that NX showed nothing but connecting to... it helped to kill nxd.

The NX service is not available

Symptom
When logging in you get the error message
The NX service is not available or the NX access was disabled on host hostname

When clicking onto "Detail" you get

NX> 200 Connected to address: 10.20.68.47 on port: 22
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
NX> 204 Authentication failed.

For every log in attempt you find the following message in /var/log/messages:

2013-11-27T08:55:47.608389+01:00 ls3523 sshd[19975]: Connection closed by 10.20.68.47 [preauth]
Variant 1

There is no file /usr/NX/home/nx/.ssh/authorized_keys, only a file /usr/NX/home/nx/.ssh/authorized_keys2

Solution 1
Copy the file authorized_keys2 to authorized_keys:
tweedleburg:/usr/NX/home/nx/.ssh # cp authorized_keys2 authorized_keys
tweedleburg:/usr/NX/home/nx/.ssh # chown nx authorized_keys

and it works

Variant 2

If you call nxssh it does not work.

Solution 2
Make sure nxssh works from the client to the server. In the following example it does not:
# nxssh 10.30.67.18
nxssh: error while loading shared libraries: libcrypto.so.0.9.8: cannot open shared object file: No such file or directory

In this example install the needed dependencies, for example under SUSE:

yast -i openssl-devel libjpeg62 
ln -s /usr/NX/lib/libXcomp.so* /usr/lib64
ln -s /usr/NX/lib/libXcomp.so* /usr/lib
Variant 3

The user who runs nxclient cannot log in without a password to nx@nxserver:

tweedleburg:/mnt/barracuda/archiv/downloads/nx # ssh nx@nxserver
Password:
Solution 3

Establish passwordless login between the user who runs nxclient and the user nx on the NX server:

home # scp ~/.ssh/id_dsa.pub root@nxserver:
id_dsa.pub                                                                 100%  605     0.6KB/s   00:00    
home # ssh nxserver
Last login: Thu Jul 17 11:05:46 2014 from 147.204.247.199
Have a lot of fun...
nxserver:~ # cat /etc/passwd | grep nx
nx:x:1002:100::/home/nx:/usr/bin/nxserver
nxserver:~ # cat id_dsa.pub >> /home/nx/.ssh/authorized_keys
nxserver:~ # exit
logout
Connection to 10.20.68.47 closed.

Now make sure it works:

home # ssh nx@nxserver
Last login: Wed Jul 16 18:06:27 2014 from localhost
Have a lot of fun...
HELLO NXSERVER - Version 3.2.0-73 OS (GPL, using backend: 3.5.0)
NX> 105


user 'root' cannot be used as an NX user

edit /usr/NX/etc/server.cfg, EnableAdministratorLogin 1

wrong colors

Sometimes you see wrong colors in your NxClient like this: Snapshot-wrong-colors.png In this case, disable compression.

Connected to ...

Symptom: Your attempt to connect to NX fails after nxclient output "Connected to computername". You get the error message

The NX service is not available or the NX access was disabled on host computername

When you click on "Detail" you get something like

NX> 203 NXSSH running with pid: 7266
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
NX> 200 Connected to address: 192.168.178.3 on port: 22
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
NX> 204 Authentication failed.

Solution, in this case for SUSE Linux 12.2 and NX 3.5:

ln -s /usr/NX/home/nx/.ssh/authorized_keys2 /usr/NX/home/nx/.ssh/authorized_keys

authentication failed for user

Symptom
When logging in you get the error message
authentication failed for user youruser 
Solution
One time the problem was that nxserver was set to authenticate via its own password database. Instead I wanted it to use the system users. Solution was to edit /usr/NX/etc/server.cfg and set
EnableUserDB="0"

Downloading the session information

Symptom 1: Your NX connection fails after the message "Downloading session information". When you set SessionLogLevel to 7 in /usr/NX/etc/node.cfg and try again you find in /var/log/messages something like

NX> 596 /usr/bin/xauth: /home/user/.nx/C-hostname-1007-E856077CEA415BD723D2013A45400AC9/scripts/authority:3:  
bad display name "hostname:1007" in "add" command

Reason 1-1: NX expects to be able to connect to the localhost by using its hostname.

Solution 1-1: Make sure you can ping your local host like this:

ping $(hostname)

Reason 1-2: You do not have enough disk space left.

Solution 1-2: Free up some disk space.

Symptom 2: Your NX connection fails after the message "Downloading session information". You get an error message saying: "Connection error", when you click on "Details" you get:

cat: /var/lib/nxserver/db/running/sessionId{C5763A18515642F4BE46F8488615912D}: No such file or directory
NX> 1000 NXNODE - Version 3.2.0-73 OS (GPL, using backend: 3.5.0)
NX> 280 Exiting on signal: 15

Solution 2: Create the missing folder like this:

nxserver:/var/lib/nxserver/db # mkdir running
nxserver:/var/lib/nxserver/db # chown nx running/

Established display connection

Symptom: Your NX connection fails after the message "Established display connection". The log file on the server under /home/user/.nx/latest/session contains a string

Error: Aborting session with 'Could not open default font 'fixed''.

Solution 1: It may be the X Font Server. Start it

/etc/init.d/xfs start

Solution 2: Copy over the folder /usr/share/fonts/misc from your client to the server.

Server configuration error

You get

Server configuration error. Cannot log in.
Please contact your system administrator.

Solution 1: you need: a home dir for the user

Solution 2: your harddisk is full, make space

Maximum number of allowed users

Symptom: When logging in you get the error message

Reached the maximum number of allowed users on 
this server.

Solution:

  • add your user to /usr/NX/users.db
vi /usr/NX/etc/users.db
  • restart the NX service using the command
/etc/init.d/nxserver restart

not available

If you get an error message that NX is not available or has been disabled, re-install it:

/usr/NX/bin/nxserver --uninstall
/usr/NX/bin/nxserver --install

maximum session number exceeded

List your user sessions with

nxkill --list

Then kill them like this:

# ps -A | grep -i nx
 3435 ?        00:00:00 nxserver
 3477 ?        00:00:00 nxssh
 3481 ?        00:00:00 nxnode
 3576 ?        00:00:03 nxagent
 3579 ?        00:00:00 nxserver
 3586 ?        00:00:00 nxssh
 3594 ?        00:00:00 nxnode
28689 ?        00:00:00 nxserver
28732 ?        00:00:00 nxssh
28737 ?        00:00:00 nxnode
28830 ?        00:25:54 nxagent
28833 ?        00:00:00 nxserver
28838 ?        00:02:01 nxssh
28848 ?        00:00:00 nxnode
# nxkill --kill --pid 28830

no sessions are active

enable users

If you cannot log in to the NX server and get an error message like

maximum session number exceeded

AND

nxkill --list 

shows you there are no active user sessions, this can be the case because your user is not enabled to log in. To find out if your user is enabled to log in, use

nxserver --userlist

You will be able to log in with all users that are shown then.

Re-install NX

If no sessions are shown, you will have to re-install NX:

/usr/NX/bin/nxserver --uninstall
/usr/NX/bin/nxserver --install

TroubleShooting authentication problems

To troubleshoot authentication problems best strace the nxclient process like this:

strace -s 99 nxclient 

You will see a lot of output so you may want to redirect it to a file or filter it as described in piping. One output that you will see is what is being transmitted between nxclient and nxserver:

write(10, "hello NXCLIENT - Version 3.5.0\n", 31) = 31
write(10, "SET SHELL_MODE SHELL\nSET AUTH_MODE PASSWORD\nlogin\n", 50) = 50

You can now manually replay this:

# su - nx
HELLO NXSERVER - Version 3.5.0-9 - LFE
NX> 105 hello NXCLIENT - Version 3.5.0
Hello NXCLIENT - Version 3.5.0
NX> 134 Accepted protocol: 3.5.0
NX> 105 SET SHELL_MODE SHELL
Set shell_mode: shell
NX> 105 SET AUTH_MODE PASSWORD
Set auth_mode: password
NX> 105 login
Login 
NX> 101 User: tstaerk
tstaerk
NX> 102 Password: ********
NX> 404 ERROR: wrong password or login.
NX> 999 Bye.

For example one time I saw a suspicious line

open("/usr/NX/etc/passwords.db", O_RDONLY) = 4

which showed me that nxserver would look in /usr/NX/etc/passwords.db for passwords. I set the respective parameter in /usr/NX/etc/server.cfg and authentication worked again.

See also