I have an Ubuntu 16.04.2 LTS (Server) which is integrated in the Windows Active Directory (AD). The user authentification is done via Kerberos followed here:
The directories are also mounted automatically every time the user logs on via pam_mount:
<volume user="*" fstype="cifs" server="fileserver1" path="home/%(DOMAIN_USER)" mountpoint="/home/%(DOMAIN_USER)"/>
This works quite nice and I can login via ssh with the user names of the AD. I also would like to use x2go for the AD users. However, it works fine when I try to connect to the server (called ssh or ssh2) from the internal network (192.168.0.0). The users get their remote desktops. However, if they try to login remotely from another subnet the session could not be initialized. I was looking for the problem the last 3 weeks. Of course the first idea was due to a misconfigured firewall.
The configuration is as follows:
INTERNET ----- NAT1 -----(192.168.183.0)------ NAT2 ----(192.168.0.0)------ ssh-server
I replaced the firewall, I put the PC (ssh-server) directly after the NAT. I had a look in all network connections with wireshark. I opened all ports. None of these things solved the problem. However, I can login with a local user (user account on the ssh-server) on the ssh-server but not with a user of the AD (username test01). I set the logging to the debug mode and I see that a file is always blocked. I do not understand why this file is blocked if I login from another subnet. Maybe this is not a bug – I do not know and I do not understand this behavior.
May 5 16:08:41 ssh2 /usr/sbin/x2gocleansessions: test01-50-1493993318_stDXFCE_dp24: updating session status from 'R' to 'F'.
May 5 16:08:41 ssh2 /usr/sbin/x2gocleansessions: test01-50-1493993318_stDXFCE_dp24: is blocked.
May 5 16:08:41 ssh2 /usr/sbin/x2gocleansessions: test01-50-1493993318_stDXFCE_dp24: adding to finished list.
May 5 16:08:41 ssh2 /usr/bin/x2goumount-session: x2goumount-session has been called with options: