Can’t start nxserver after setting ldap

Forum / NoMachine for Linux / Can’t start nxserver after setting ldap

Tagged: 

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • October 17, 2014 at 11:07 #5013
    locutus
    Participant

    Ubuntu 14.04 LTS 64-bit
    NoMachine version 4.3.24_1

    Hi I have a problem of starting nxserver after I set up ldap authentication. That means NoMachine worked fine when installed on a fresh Ubuntu, but after I configured ldap, nsswitch.conf and pam, it can’t work anymore. I think only nsswitch.conf and pam are possibly related to this problem. I did “$ sudo pam-auth-update” after modifying nsswitch.conf and enable all available PAM profiles.

    The errors from NX are:
    on-screen:
    $ sudo invoke-rc.d nxserver restart
    NX> 162 Disabled service: nxserver.
    NX> 162 Disabled service: nxd.
    NX> 162 Disabled service: nxnode.
    NX> 161 Enabled service: nxserver.
    NX> 500 ERROR: Cannot start service: nxnode.
    NX> 500 ERROR: Cannot start service: nxd.

    nxserver.log:
    2014-10-17 15:22:19 124.002 2950 NXSERVER Shutting down NoMachine server and services.
    2014-10-17 15:22:19 271.520 2950 NXSERVER Starting NoMachine server 4.3.24 and services.
    2014-10-17 15:22:19 276.716 2950 NXSERVER WARNING! Process (2958) finished with signal ’13’.
    2014-10-17 15:22:29 307.156 2950 NXSERVER WARNING! Service: ‘nxserver’ is not started, pid file doesn’t exist
    2014-10-17 15:22:29 311.917 2950 NXSERVER WARNING! Process (2965) finished with signal ’13’.
    2014-10-17 15:22:29 312.188 2950 NXSERVER WARNING! Cannot check iptables status 13. Please check the ‘nxerror.log’ file for possible issues.
    2014-10-17 17:21:37 648.331 17733 NXSERVER Shutting down NoMachine server and services.
    2014-10-17 17:21:37 688.636 17733 NXSERVER Starting NoMachine server 4.3.24 and services.
    2014-10-17 17:21:37 691.772 17733 NXSERVER WARNING! Process (17739) finished with signal ’13’.
    2014-10-17 17:21:47 710.452 17733 NXSERVER WARNING! Service: ‘nxserver’ is not started, pid file doesn’t exist
    2014-10-17 17:21:47 713.336 17733 NXSERVER WARNING! Process (17744) finished with signal ’13’.
    2014-10-17 17:21:47 713.476 17733 NXSERVER WARNING! Cannot check iptables status 13. Please check the ‘nxerror.log’ file for possible issues.

    nxerror.log:
    There are not entries corresponding to the time stamps above (restart event), but there are some errors probably from the boot time:
    6264 6264 15:06:39 933.867 Features/Features: WARNING! Failed to get release information.
    6264 6264 15:06:39 933.965 Features/Features: WARNING! Error is 5 ‘Input/output error’.
    3478 3478 15:30:44 647.726 Features/Features: WARNING! Failed to get release information.
    3478 3478 15:30:44 647.823 Features/Features: WARNING! Error is 5 ‘Input/output error’.

    For comparison, I diff my /etc/pam.d/* to the original version of Ubuntu running in a VM, where < is original, > is mine:
    common-account
    17c17,18
    < account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so

    > account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
    > account [success=1 default=ignore] pam_ldap.so
    common-auth
    17c17,18
    < auth [success=1 default=ignore] pam_unix.so nullok_secure

    > auth [success=2 default=ignore] pam_unix.so nullok_secure
    > auth [success=1 default=ignore] pam_ldap.so use_first_pass
    common-password
    25c25,27
    < password [success=1 default=ignore] pam_unix.so obscure sha512

    > password requisite pam_cracklib.so retry=3 minlen=8 difok=3
    > password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
    > password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass
    common-session
    29a30
    > session optional pam_ldap.so
    common-session-noninteractive
    29a30
    > session optional pam_ldap.so

    Your help is appreciated, thanks.

    October 20, 2014 at 22:00 #5034
    locutus
    Participant

    Hi,

    I enabled the debug log level to 7. When nxserver started, its child processes died somehow so made nxserver quit and so as nxd and nxnode. I attached nxserver.log when issuing “invoke-rc.d nxserver start”. Please take a look, thanks.

    October 24, 2014 at 08:07 #5167
    locutus
    Participant

    [Problem Solved]

    Hi,

    I found the libnss-ldap package breaks setuid programs (su, sudo) and NoMachine PAM module happens to include su rules. Switch to the newer libnss-ldapd (and accordingly libpam-ldapd etc.) package should solve the problem. For my case I adopted sssd for credentials caching, which has its own ldap backend, and NoMachine works again.

    October 24, 2014 at 09:27 #5172
    Cato
    Participant

    Hello locutus,

     

    We’re glad that you manage to solve the problem. Thank you for sharing the solution.

    We will add proper article on ldap configuration to our knowledge base.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)

This topic was marked as solved, you can't post.