Forum / NoMachine for Linux / Can’t start nxserver after setting ldap
Tagged: ldap
- This topic has 3 replies, 2 voices, and was last updated 10 years ago by Cato.
-
AuthorPosts
-
October 17, 2014 at 11:07 #5013locutusParticipant
Ubuntu 14.04 LTS 64-bit
NoMachine version 4.3.24_1Hi I have a problem of starting nxserver after I set up ldap authentication. That means NoMachine worked fine when installed on a fresh Ubuntu, but after I configured ldap, nsswitch.conf and pam, it can’t work anymore. I think only nsswitch.conf and pam are possibly related to this problem. I did “$ sudo pam-auth-update” after modifying nsswitch.conf and enable all available PAM profiles.
The errors from NX are:
on-screen:
$ sudo invoke-rc.d nxserver restart
NX> 162 Disabled service: nxserver.
NX> 162 Disabled service: nxd.
NX> 162 Disabled service: nxnode.
NX> 161 Enabled service: nxserver.
NX> 500 ERROR: Cannot start service: nxnode.
NX> 500 ERROR: Cannot start service: nxd.nxserver.log:
2014-10-17 15:22:19 124.002 2950 NXSERVER Shutting down NoMachine server and services.
2014-10-17 15:22:19 271.520 2950 NXSERVER Starting NoMachine server 4.3.24 and services.
2014-10-17 15:22:19 276.716 2950 NXSERVER WARNING! Process (2958) finished with signal ’13’.
2014-10-17 15:22:29 307.156 2950 NXSERVER WARNING! Service: ‘nxserver’ is not started, pid file doesn’t exist
2014-10-17 15:22:29 311.917 2950 NXSERVER WARNING! Process (2965) finished with signal ’13’.
2014-10-17 15:22:29 312.188 2950 NXSERVER WARNING! Cannot check iptables status 13. Please check the ‘nxerror.log’ file for possible issues.
2014-10-17 17:21:37 648.331 17733 NXSERVER Shutting down NoMachine server and services.
2014-10-17 17:21:37 688.636 17733 NXSERVER Starting NoMachine server 4.3.24 and services.
2014-10-17 17:21:37 691.772 17733 NXSERVER WARNING! Process (17739) finished with signal ’13’.
2014-10-17 17:21:47 710.452 17733 NXSERVER WARNING! Service: ‘nxserver’ is not started, pid file doesn’t exist
2014-10-17 17:21:47 713.336 17733 NXSERVER WARNING! Process (17744) finished with signal ’13’.
2014-10-17 17:21:47 713.476 17733 NXSERVER WARNING! Cannot check iptables status 13. Please check the ‘nxerror.log’ file for possible issues.nxerror.log:
There are not entries corresponding to the time stamps above (restart event), but there are some errors probably from the boot time:
6264 6264 15:06:39 933.867 Features/Features: WARNING! Failed to get release information.
6264 6264 15:06:39 933.965 Features/Features: WARNING! Error is 5 ‘Input/output error’.
3478 3478 15:30:44 647.726 Features/Features: WARNING! Failed to get release information.
3478 3478 15:30:44 647.823 Features/Features: WARNING! Error is 5 ‘Input/output error’.For comparison, I diff my /etc/pam.d/* to the original version of Ubuntu running in a VM, where < is original, > is mine:
common-account
17c17,18
< account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
—
> account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
> account [success=1 default=ignore] pam_ldap.so
common-auth
17c17,18
< auth [success=1 default=ignore] pam_unix.so nullok_secure
—
> auth [success=2 default=ignore] pam_unix.so nullok_secure
> auth [success=1 default=ignore] pam_ldap.so use_first_pass
common-password
25c25,27
< password [success=1 default=ignore] pam_unix.so obscure sha512
—
> password requisite pam_cracklib.so retry=3 minlen=8 difok=3
> password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
> password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass
common-session
29a30
> session optional pam_ldap.so
common-session-noninteractive
29a30
> session optional pam_ldap.soYour help is appreciated, thanks.
October 20, 2014 at 22:00 #5034locutusParticipantHi,
I enabled the debug log level to 7. When nxserver started, its child processes died somehow so made nxserver quit and so as nxd and nxnode. I attached nxserver.log when issuing “invoke-rc.d nxserver start”. Please take a look, thanks.
October 24, 2014 at 08:07 #5167locutusParticipant[Problem Solved]
Hi,
I found the libnss-ldap package breaks setuid programs (su, sudo) and NoMachine PAM module happens to include su rules. Switch to the newer libnss-ldapd (and accordingly libpam-ldapd etc.) package should solve the problem. For my case I adopted sssd for credentials caching, which has its own ldap backend, and NoMachine works again.
October 24, 2014 at 09:27 #5172CatoParticipantHello locutus,
We’re glad that you manage to solve the problem. Thank you for sharing the solution.
We will add proper article on ldap configuration to our knowledge base.
-
AuthorPosts
This topic was marked as solved, you can't post.