From felix.b.mueller@gmx.net Fri May 5 17:03:09 2017 Received: (at submit) by bugs.x2go.org; 5 May 2017 15:03:10 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-2.7 required=3.0 tests=BAYES_50,FREEMAIL_FROM, HTML_MESSAGE,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H2 autolearn=ham autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 415505DAD0 for ; Fri, 5 May 2017 17:03:09 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VZwIo7oSurHv for ; Fri, 5 May 2017 17:03:02 +0200 (CEST) X-Greylist: delayed 301 seconds by postgrey-1.35 at ymir.das-netzwerkteam.de; Fri, 05 May 2017 17:03:02 CEST Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 48F015DACF for ; Fri, 5 May 2017 17:03:02 +0200 (CEST) Received: from desktop6 ([91.44.40.247]) by mail.gmx.com (mrgmx102 [212.227.17.168]) with ESMTPSA (Nemesis) id 0LyS5K-1eA3CA2Q2Y-015tEa for ; Fri, 05 May 2017 16:58:00 +0200 From: =?iso-8859-1?Q?Felix_B._M=FCller?= To: Subject: stDXFCE_dp24: is blocked Date: Fri, 5 May 2017 16:57:59 +0200 Message-ID: <001201d2c5af$fd0b4a90$f721dfb0$@gmx.net> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0013_01D2C5C0.C0957A20" X-Mailer: Microsoft Outlook 14.0 Thread-Index: AdLFr9Cof3RG8bA1SH2mmrltGUPw/w== Content-Language: de X-Provags-ID: V03:K0:5OTtegcDC/MrNcYZUBDcEGPweBmfHyThH3furj7dLiSmV8J6Eg9 Psbmj4HYXpCZGDbTCEblY752ifxr8XSfPjFhkfDEos5QOdM9lABIcYDQLiMMcZwSekxUUKx sJvy/Y07nkzbVmtcawrMEiu+NFavZDwIMKYI454iByxCOjx+FvP0yF1brUSjupEwnEUfBNa 3tQ7CDO6gS3cv7SKpr4Rw== X-UI-Out-Filterresults: notjunk:1;V01:K0:bAH/7PnbfW0=:Y71/5cwZrHqyuKmYDeE77s KxGY7d5LRy1ZzeMuCfxd07B7bS1ZX1jJNS4EvE/Z4tKCwkn9hfLBUDNhRX5J60k7jhjJ4yd85 lsCSBLdkPjs+m9SPY4aNfdm6rONVHj5h3sILiVACL/eUyzFN/DSO1bnCqNuiFWuw8el8f2PfI svVLRgr+ijmm4RnamrnJmOyS5ORc3jiu6fNE1PLR7EPT+C8yrKVu9WQo6qQdHj0P7WyNzCUAw wfle5cAqElljtWgjTB7QbpqG5ajOsYGmC02j+8ytMBMTWs3bAFqfHnm3VbWJ05/GxBkEXAbXN PZs+f4imwH3ozX+O14M8yAK41CP40G0VcMnkhZR0tvv0ms/7O4FMnNHizcggW2Cg4qwty2nH9 rrY2pnE0NRHchfUHjtaZVY+/0DtD0NUWEMvfAwJvgLVHypA5gLOdR2xjTLaduWbfBZmRZCVn2 66OrEQt/9l/Fut+dvrM3eGJjK6BpixLNC+sYd0q/uZQw4i5iinQae2jZYFr4jnNTT+55Il+CR vvuZEtBD6YEDGbMwnnCcyQVcKyuLiaw/DaTqIOIlTIUnL+bL8UeJMmEFm0FrODOq5c0hNc9p/ xmL6APeF/fCRzYZikl3yUQEWJXEUaBNntq9K/FEJFZ43Y6pFGXvZfnoECisIAl6YFHo2m+iji xTupQ1C4YceIuh6e7AryglL/v/5WNGcIXUmJhoF/XkF8pTkQNvFL5pDATJICSM/dN6yD5WUwu zMyXKr5hCRieA8i9yYag0MB+Iq4jGna0/4RWQTWc2nxOsVBy1GXP71UYijWDfpu1WtfNsefna e/clfu7 This is a multipart message in MIME format. ------=_NextPart_000_0013_01D2C5C0.C0957A20 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Package: x2go-server Version: 4.0.1.20 =20 =20 Dear all, I have an Ubuntu 16.04.2 LTS (Server) which is integrated in the Windows Active Directory (AD). The user authentification is done via Kerberos followed here: https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto =20 The directories are also mounted automatically every time the user logs = on via pam_mount: =20 This works quite nice and I can login via ssh with the user names of the = AD. I also would like to use x2go for the AD users. However, it works fine = when I try to connect to the server (called ssh or ssh2) from the internal network (192.168.0.0). The users get their remote desktops. However, if = they try to login remotely from another subnet the session could not be initialized. I was looking for the problem the last 3 weeks. Of course = the first idea was due to a misconfigured firewall. The configuration is as follows: INTERNET ----- NAT1 -----(192.168.183.0)------ NAT2 = ----(192.168.0.0)------ ssh-server=20 =20 I replaced the firewall, I put the PC (ssh-server) directly after the = NAT. I had a look in all network connections with wireshark. I opened all = ports. None of these things solved the problem. However, I can login with a = local user (user account on the ssh-server) on the ssh-server but not with a = user of the AD (username test01). I set the logging to the debug mode and I = see that a file is always blocked. I do not understand why this file is = blocked if I login from another subnet. Maybe this is not a bug =96 I do not = know and I do not understand this behavior. =20 May 5 16:08:41 ssh2 /usr/sbin/x2gocleansessions[1717]: test01-50-1493993318_stDXFCE_dp24: updating session status from 'R' to = 'F'. May 5 16:08:41 ssh2 /usr/sbin/x2gocleansessions[1717]: test01-50-1493993318_stDXFCE_dp24: is blocked. May 5 16:08:41 ssh2 /usr/sbin/x2gocleansessions[1717]: test01-50-1493993318_stDXFCE_dp24: adding to finished list. May 5 16:08:41 ssh2 /usr/bin/x2goumount-session[11035]: = x2goumount-session has been called with options: =20 =20 =20 Best regards! ------=_NextPart_000_0013_01D2C5C0.C0957A20 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Package: = x2go-server

Version: 4.0.1.20

 

 

Dear all,

I have an Ubuntu 16.04.2 LTS (Server) which is integrated = in the Windows Active Directory (AD). The user authentification is done = via Kerberos  followed here:

ht= tps://help.ubuntu.com/community/ActiveDirectoryWinbindHowto

 

The directories are also mounted automatically every time = the user logs on via pam_mount:

  <volume = user=3D"*" fstype=3D"cifs" = server=3D"fileserver1" path=3D"home/%(DOMAIN_USER)" = mountpoint=3D"/home/%(DOMAIN_USER)"/>

<= p class=3DMsoNormal> 

This works quite nice and I can = login via ssh with the user names of the AD. I also would like to use = x2go for the AD users. However, it works fine when I try to connect to = the server (called ssh or ssh2) from the internal network (192.168.0.0). = The users get their remote desktops. However, if they try to login = remotely from another subnet the session could not be initialized. I was = looking for the problem the last 3 weeks. Of course the first idea was = due to a misconfigured firewall.

The configuration is as = follows:

INTERNET ----- NAT1 -----(192.168.183.0)------  NAT2 = ----(192.168.0.0)------ ssh-server

 

I replaced the firewall, I put the = PC (ssh-server) directly after the NAT. I had a look in all network = connections with wireshark. I opened all ports. None of these things = solved the problem. However, I can login with a local user (user account = on the ssh-server) on the ssh-server but not with a user of the AD = (username test01). I set the logging to the debug mode and I see that a = file is always blocked. I do not understand why this file is blocked if = I login from another subnet. Maybe this is not a bug – I do not = know and I do not understand this behavior.

 

May=A0 5 16:08:41 ssh2 = /usr/sbin/x2gocleansessions[1717]: test01-50-1493993318_stDXFCE_dp24: = updating session status from 'R' to 'F'.

May=A0 5 16:08:41 ssh2 = /usr/sbin/x2gocleansessions[1717]: test01-50-1493993318_stDXFCE_dp24: is = blocked.

May=A0 5 16:08:41 ssh2 /usr/sbin/x2gocleansessions[1717]: = test01-50-1493993318_stDXFCE_dp24: adding to finished = list.

May=A0 5 16:08:41 ssh2 /usr/bin/x2goumount-session[11035]: = x2goumount-session has been called with options:

 

 

 

Best = regards!

------=_NextPart_000_0013_01D2C5C0.C0957A20-- From ionic@ionic.de Sat May 6 12:21:00 2017 Received: (at control) by bugs.x2go.org; 6 May 2017 10:21:02 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-0.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MISSING_SUBJECT,SPF_HELO_PASS autolearn=no autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id ECDFC5DAD0 for ; Sat, 6 May 2017 12:20:59 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qqe0DcNbS-gw for ; Sat, 6 May 2017 12:20:50 +0200 (CEST) Received: from Root24.de (powered.by.root24.eu [5.135.3.88]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id A34255DACF for ; Sat, 6 May 2017 12:20:49 +0200 (CEST) Received: from [10.30.16.26] (178.162.222.41.adsl.inet-telecom.org [178.162.222.41]) by mail.ionic.de (Postfix) with ESMTPSA id B67474F00657 for ; Sat, 6 May 2017 12:20:47 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ionic.de; s=default; t=1494066047; bh=ZMF23rtvXiISnpuZeYU4z++1DEnmNMN40wCx05u4KGU=; h=To:From:Date:From; b=m4MKcrcghk8QTmI/jr5EWXZjDqqw6URyFlOcY1uOgRI7PG8O3C6tLFE4ADNeQIFdQ geofXV+/W7s5TxqQa+MmJikGSZpGHPFt5e6AQghB936xDrSDKK6Wf8BB61Mn++9Ihq s34RPX2X5DypSHxXgFM9CMXV8ik0pUczl3uYkrio= To: control@bugs.x2go.org From: Mihai Moldovan Message-ID: <3a294aa7-4039-df7c-65d9-31522776b61d@ionic.de> Date: Sat, 6 May 2017 12:20:36 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="jipkwdgNHXd4dCL9uTA6h11ftbkIrmdBa" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --jipkwdgNHXd4dCL9uTA6h11ftbkIrmdBa Content-Type: multipart/mixed; boundary="cgGQ20gfGLdHucqg2LJwcs8hgctRGNaFv"; protected-headers="v1" From: Mihai Moldovan To: control@bugs.x2go.org Message-ID: <3a294aa7-4039-df7c-65d9-31522776b61d@ionic.de> --cgGQ20gfGLdHucqg2LJwcs8hgctRGNaFv Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable reassign 1173 x2goserver reassign 1174 x2goserver merge 1173 1174 --cgGQ20gfGLdHucqg2LJwcs8hgctRGNaFv-- --jipkwdgNHXd4dCL9uTA6h11ftbkIrmdBa Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCgAdFiEEbhHQj3UzgcdE8cg8H9Yu2W4lOocFAlkNo3QACgkQH9Yu2W4l Ooc5qxAA1B8AkNQcUHi7EjBkz3kTqDAQFYN6XRfdTW8c0zL8Hj8Q3hJkgryaik7S 9vYUfRlVannkiYEfY5xp/TucaaLB/4xQwqaVlQPr77wDe8OV0LCpX4AAJR5BVvCL Ow53FXYfhi7w+WW717DMET0t+R2qqhd6yaXfBR+ZWLkB2mYbNU1voTWC/2GyNdgT MJtuqacge8S+eMib38CZNi7VEg7K8GN+McddQfMsSTA05hm9oeffZMzp36cK1wa7 csY8rMPM3Ag0mDFwseskX3w/pL7sfubCSFJu/634/vkRbBN3+yDHXwF4Ia92jial wuDOYTKkRxgMDsJf+pHM0q+PFJMmonCmbnbFWbrAXmAF/y0ea4FZ4IAu+Owv/CdW b4nXyfHPUX0bumkxWluEvHUoPKDbIjEFTDd8Oq7dJEy0CEAIL/WQgggZv6BfZo8t Eq4BN1hyyADacpNnodv/MM7zldanGF+YYjd4iD3FvMaQTKV34/xJWXYZskD+XPKr hFfjgVVqIRqppgLDBsfnFtijPqH+VJyFIMa+q3Tgxk773vfVpjbBWEIDhzagqugZ yt80SJoEWvuQBhpQjzTLCguwYZ5W/m+jaiG0Ih9WucC6b3GS23tcbffF3ptjzTJG 5Zi5fm8yiYJSLXjKwUT0DyO8Ry3IJFhrnQ9o4TF/bM68Njbpw/Y= =NdhK -----END PGP SIGNATURE----- --jipkwdgNHXd4dCL9uTA6h11ftbkIrmdBa--