On Thu, Mar 19, 2009 at 11:16 AM, Paul Hartman <paul.hartman+gen...@gmail.com> wrote: > On Thu, Mar 19, 2009 at 11:10 AM, Joseph <syscon...@gmail.com> wrote: >> On 03/19/09 10:51, Paul Hartman wrote: >>>> >>>> Yes, I tried it already: >>>> >>>> passwd -u nx >>>> passwd: unlocking the user would result in a passwordless account. >>>> You should set password with usermod -p to unlock this user account. >>>> Password changed. >>>> >>>> What do you do next? >>>> >>>> When I try to run again: >>>> nxsetup --install --setup-nomachine-key --clean --purge >>>> >>>> I get: >>>> ... >>>> Setting up /var/log/nxserver.log ...done >>>> Setting up special user "nx" ...passwd: unlocking the user would result >>>> in a >>>> passwordless account. >>>> You should set a password with usermod -p to unlock this user account. >>>> Password changed. >>>> done. >>>> ... >>>> ----> Testing your nxserver connection ... >>>> Permission denied (publickey,keyboard-interactive). >>>> Fatal error: Could not connect to NX Server. >>>> >>>> Please check your ssh setup: >>>> >>>> The following are _examples_ of what you might need to check. >>>> >>>> - Make sure "nx" is one of the AllowUsers in sshd_config. >>>> (or that the line is outcommented/not there) >>>> - Make sure "nx" is one of the AllowGroups in sshd_config. >>>> (or that the line is outcommented/not there) >>>> - Make sure your sshd allows public key authentication. >>>> - Make sure your sshd is really running on port 22. >>>> - Make sure your sshd_config AuthorizedKeysFile in sshd_config is >>>> set >>>> to authorized_keys2. >>>> (this should be a filename not a pathname+filename) >>>> - Make sure you allow ssh on localhost, this could come from some >>>> restriction of: >>>> -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost >>>> -the iptables. add to it: >>>> $ iptables -A INPUT -i lo -j ACCEPT >>>> $ iptables -A OUTPUT -o lo -j ACCEPT >>>> >>>> >>>> So at this point I'm back to square one in log/messages I get: >>>> User nx not allowed because account is locked >>> >>> Oh, try to give user nx a password on your system. It uses ssh keys >>> to login, so it doesn't even matter what the password is. Just don't >>> make it something easily guessed/brute-force like "nx" or "1234" or >>> else you might have some unwanted guests in your system :) >> >> I did give it a password usermod -p something nx >> >> it accepted the password, now do I run the setup again: >> nxsetup --install --setup-nomachine-key --clean --purge >> >> If I try to login from another machine do I login as user "nx"? >> When I try to login from another machine on my network I get: >> Your guest account has expired... > > The way NX works is it uses the nx user as an intermediate. You need > to login as a normal user, and you need to explicitly give that user > permission to use NX by doing nxserver --useradd yourname (which will > generate NX ssh keys and put them in that user's directory). > > If you use interactive/PAM authentication on your system, NX can use > your user's normal system password; if you use key-based > authentication for SSH the only way to make NX work is to use its > internal password database and assing an NX-specific password to that > user. In nxclient, copy the normal SSH key, and then in the nxclient > login box put the NX username and password. >
I think the user DB setting is in /usr/NX/etc/server.cfg