From felix.b.mueller@gmx.net Fri May 5 17:03:09 2017 Received: (at submit) by bugs.x2go.org; 5 May 2017 15:03:10 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-2.7 required=3.0 tests=BAYES_50,FREEMAIL_FROM, HTML_MESSAGE,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H2 autolearn=ham autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 415505DAD0 for ; Fri, 5 May 2017 17:03:09 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VZwIo7oSurHv for ; Fri, 5 May 2017 17:03:02 +0200 (CEST) X-Greylist: delayed 301 seconds by postgrey-1.35 at ymir.das-netzwerkteam.de; Fri, 05 May 2017 17:03:02 CEST Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 48F015DACF for ; Fri, 5 May 2017 17:03:02 +0200 (CEST) Received: from desktop6 ([91.44.40.247]) by mail.gmx.com (mrgmx102 [212.227.17.168]) with ESMTPSA (Nemesis) id 0LyS5K-1eA3CA2Q2Y-015tEa for ; Fri, 05 May 2017 16:58:00 +0200 From: =?iso-8859-1?Q?Felix_B._M=FCller?= To: Subject: stDXFCE_dp24: is blocked Date: Fri, 5 May 2017 16:57:59 +0200 Message-ID: <001201d2c5af$fd0b4a90$f721dfb0$@gmx.net> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0013_01D2C5C0.C0957A20" X-Mailer: Microsoft Outlook 14.0 Thread-Index: AdLFr9Cof3RG8bA1SH2mmrltGUPw/w== Content-Language: de X-Provags-ID: V03:K0:5OTtegcDC/MrNcYZUBDcEGPweBmfHyThH3furj7dLiSmV8J6Eg9 Psbmj4HYXpCZGDbTCEblY752ifxr8XSfPjFhkfDEos5QOdM9lABIcYDQLiMMcZwSekxUUKx sJvy/Y07nkzbVmtcawrMEiu+NFavZDwIMKYI454iByxCOjx+FvP0yF1brUSjupEwnEUfBNa 3tQ7CDO6gS3cv7SKpr4Rw== X-UI-Out-Filterresults: notjunk:1;V01:K0:bAH/7PnbfW0=:Y71/5cwZrHqyuKmYDeE77s KxGY7d5LRy1ZzeMuCfxd07B7bS1ZX1jJNS4EvE/Z4tKCwkn9hfLBUDNhRX5J60k7jhjJ4yd85 lsCSBLdkPjs+m9SPY4aNfdm6rONVHj5h3sILiVACL/eUyzFN/DSO1bnCqNuiFWuw8el8f2PfI svVLRgr+ijmm4RnamrnJmOyS5ORc3jiu6fNE1PLR7EPT+C8yrKVu9WQo6qQdHj0P7WyNzCUAw wfle5cAqElljtWgjTB7QbpqG5ajOsYGmC02j+8ytMBMTWs3bAFqfHnm3VbWJ05/GxBkEXAbXN PZs+f4imwH3ozX+O14M8yAK41CP40G0VcMnkhZR0tvv0ms/7O4FMnNHizcggW2Cg4qwty2nH9 rrY2pnE0NRHchfUHjtaZVY+/0DtD0NUWEMvfAwJvgLVHypA5gLOdR2xjTLaduWbfBZmRZCVn2 66OrEQt/9l/Fut+dvrM3eGJjK6BpixLNC+sYd0q/uZQw4i5iinQae2jZYFr4jnNTT+55Il+CR vvuZEtBD6YEDGbMwnnCcyQVcKyuLiaw/DaTqIOIlTIUnL+bL8UeJMmEFm0FrODOq5c0hNc9p/ xmL6APeF/fCRzYZikl3yUQEWJXEUaBNntq9K/FEJFZ43Y6pFGXvZfnoECisIAl6YFHo2m+iji xTupQ1C4YceIuh6e7AryglL/v/5WNGcIXUmJhoF/XkF8pTkQNvFL5pDATJICSM/dN6yD5WUwu zMyXKr5hCRieA8i9yYag0MB+Iq4jGna0/4RWQTWc2nxOsVBy1GXP71UYijWDfpu1WtfNsefna e/clfu7 This is a multipart message in MIME format. ------=_NextPart_000_0013_01D2C5C0.C0957A20 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Package: x2go-server Version: 4.0.1.20 =20 =20 Dear all, I have an Ubuntu 16.04.2 LTS (Server) which is integrated in the Windows Active Directory (AD). The user authentification is done via Kerberos followed here: https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto =20 The directories are also mounted automatically every time the user logs = on via pam_mount: =20 This works quite nice and I can login via ssh with the user names of the = AD. I also would like to use x2go for the AD users. However, it works fine = when I try to connect to the server (called ssh or ssh2) from the internal network (192.168.0.0). The users get their remote desktops. However, if = they try to login remotely from another subnet the session could not be initialized. I was looking for the problem the last 3 weeks. Of course = the first idea was due to a misconfigured firewall. The configuration is as follows: INTERNET ----- NAT1 -----(192.168.183.0)------ NAT2 = ----(192.168.0.0)------ ssh-server=20 =20 I replaced the firewall, I put the PC (ssh-server) directly after the = NAT. I had a look in all network connections with wireshark. I opened all = ports. None of these things solved the problem. However, I can login with a = local user (user account on the ssh-server) on the ssh-server but not with a = user of the AD (username test01). I set the logging to the debug mode and I = see that a file is always blocked. I do not understand why this file is = blocked if I login from another subnet. Maybe this is not a bug =96 I do not = know and I do not understand this behavior. =20 May 5 16:08:41 ssh2 /usr/sbin/x2gocleansessions[1717]: test01-50-1493993318_stDXFCE_dp24: updating session status from 'R' to = 'F'. May 5 16:08:41 ssh2 /usr/sbin/x2gocleansessions[1717]: test01-50-1493993318_stDXFCE_dp24: is blocked. May 5 16:08:41 ssh2 /usr/sbin/x2gocleansessions[1717]: test01-50-1493993318_stDXFCE_dp24: adding to finished list. May 5 16:08:41 ssh2 /usr/bin/x2goumount-session[11035]: = x2goumount-session has been called with options: =20 =20 =20 Best regards! ------=_NextPart_000_0013_01D2C5C0.C0957A20 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Package: = x2go-server

Version: 4.0.1.20

 

 

Dear all,

I have an Ubuntu 16.04.2 LTS (Server) which is integrated = in the Windows Active Directory (AD). The user authentification is done = via Kerberos  followed here:

ht= tps://help.ubuntu.com/community/ActiveDirectoryWinbindHowto

 

The directories are also mounted automatically every time = the user logs on via pam_mount:

  <volume = user=3D"*" fstype=3D"cifs" = server=3D"fileserver1" path=3D"home/%(DOMAIN_USER)" = mountpoint=3D"/home/%(DOMAIN_USER)"/>

<= p class=3DMsoNormal> 

This works quite nice and I can = login via ssh with the user names of the AD. I also would like to use = x2go for the AD users. However, it works fine when I try to connect to = the server (called ssh or ssh2) from the internal network (192.168.0.0). = The users get their remote desktops. However, if they try to login = remotely from another subnet the session could not be initialized. I was = looking for the problem the last 3 weeks. Of course the first idea was = due to a misconfigured firewall.

The configuration is as = follows:

INTERNET ----- NAT1 -----(192.168.183.0)------  NAT2 = ----(192.168.0.0)------ ssh-server

 

I replaced the firewall, I put the = PC (ssh-server) directly after the NAT. I had a look in all network = connections with wireshark. I opened all ports. None of these things = solved the problem. However, I can login with a local user (user account = on the ssh-server) on the ssh-server but not with a user of the AD = (username test01). I set the logging to the debug mode and I see that a = file is always blocked. I do not understand why this file is blocked if = I login from another subnet. Maybe this is not a bug – I do not = know and I do not understand this behavior.

 

May=A0 5 16:08:41 ssh2 = /usr/sbin/x2gocleansessions[1717]: test01-50-1493993318_stDXFCE_dp24: = updating session status from 'R' to 'F'.

May=A0 5 16:08:41 ssh2 = /usr/sbin/x2gocleansessions[1717]: test01-50-1493993318_stDXFCE_dp24: is = blocked.

May=A0 5 16:08:41 ssh2 /usr/sbin/x2gocleansessions[1717]: = test01-50-1493993318_stDXFCE_dp24: adding to finished = list.

May=A0 5 16:08:41 ssh2 /usr/bin/x2goumount-session[11035]: = x2goumount-session has been called with options:

 

 

 

Best = regards!

------=_NextPart_000_0013_01D2C5C0.C0957A20--