Hi Ted,I am not sure (and do not have the time to x-check) if the wiki page contains what I provide as info in this mail. If there is a mismatch between wiki and my info could you please update the wiki page? Thanks in advance.
On Sa 22 Sep 2012 17:17:04 CEST wrote:
SETUP 1) On Vserver Guest (x2go server):- Installed and set up PostgreSQL; added the "user" to postgres (user1) to be used when connecting from the x2go client to the x2go server and PostgreSQL database (x2godgadmin --adduser user1).- Installed x2go-server-printing
If you can login via X2Go and you use PostgreSQL as db backend then your PostgreSQL setup is correct.
2) On Vserver Host (Cups Server): - Installed cups-x2go- Used "http://localhost:631"; and added the virtual x2go printer and shared it (we couldn't see it on the client unless we shared it)- Used Visudo to add "x2goprint ALL=(ALL) NOPASSWD: /usr/bin/x2goprint- Set up SSH Keys using http://www.x2go.org/doku.php/wiki:advanced:multi-node:x2goserver-printing
Issue 1)The sudo line for x2goprint user has to be placed on every X2Go server (Vserver guest in your case).
Issue 2) As root@cups-server (Vserver host) you have to be able to run this command: $ ssh -lx2goprint -i /root/.ssh/id_dsa-x2goprint <x2goserver>The default key algorithm in Debian is RSA, we recommend DSA, but it does not matter. Just make sure that you have the private key on the cups-server under the above name and the corresponding public key in
~x2goprint/.ssh/autorized_keysMake sure that ~x2goprint/.ssh has restrictive permissions (0700). Same for files in that folder.
NOTE: we had trouble getting the keys to copy over (ssh-copy-id /usr/bin/ssh-copy-id: ERROR: No identities found). We cannot ping the Guest from the Host by server name (e.g., vserver1.mydomain.com), but can by ip address. We ended up creating /home/x2goprint/.ssh/authorized_keys and adding the contents of
Why /home/x2goprint??? The default installation procedure creates a home for x2goprint: /var/spool/x2goprint, so the public key has to be placed in
/var/spool/x2goprint/.ssh/authorized_keys
id_dsa-x2goprint.pub by hand. We then issued ssh -i /root/.ssh/id_dsa-x2goprint x2goprint@x192.168.1.112 and got:Is this "Permission denied (publickey)." the cause of our problems?
You have to make sure that DNS works properly. For a quick test, use /etc/hosts to place hostnames and IPs in. X2Go uses the hostnames to connect between different machines. Check the output of x2golistsessions (4th field).
It appears to have added an RSA key where we think the keys created where DSA...
See above. The key algorithm does not matter. The ssh login (see above) has to work.
4) Observations On the Vserver host (cups server) a) the print job files show up in /var/spool/cups b) in http://localhost:631 the print jobs show as completedc) there are no errors in /var/log/cups/error_log and the page_log and access_log seem to restister the successful print job and access to the cups
The next step to check: on the X2Go server (vserver guest) in /var/spool/x2goprint/If files do not appear there, check the SSH key login and check that DNS works.
Then the cups-x2go backend on the cups server (Vserver host) executes the x2goprint command (on the vserver guest) via SSH. This only works if
(a) the SSH login from root@cups-server to x2goprint@x2goserver works (b) the x2goprint user is allowed to execute the x2goprint with sudo
5) HelpQ: is this some sort of DNS issue - we can't ping "vserver1.mydomain.com" but assume this is a protocol/firewall issue and not the problem in terms of printing.
DNS has to work!!!
Q: John Sullivan wondered if this is a permissions issue (i.e., does the cups server have write access to the client spool directory): if this is the issue, we're not sure how to test or fix it. We looked at the permissions on the "working" vs. "not working" set ups on the spool directory and couldn't see any differences, but may be missing the point.
cups -> cups spool dir -> cups-x2go cups-x2go -> copy print job to x2goprint@x2goserver:~x2goprint cups-x2go -> executes via SSH on x2goserver: ,,sudo x2goprint <options>'',,sudo x2goprint <options>'' script (on x2goserver) copies the spool file into /tmp/.x2go-<uid>/spool/<session>/. Under this spool dir the sshfs client-side spool directory is mounted. So now, the print job files are on the X2Go Client.
Q: Vserver uses an fstab configu outside of the vserver itself where /tmp is listed as "none /tmp tmpfs size=128m,mode=1777 0 0" (and the /etc/fstab inside the Vserver only has "# UNCONFIGURED FSTAB FOR BASE SYSTEM"). Does the Vserver fstab set up get in the way of the spool link writing to the /tmp/.x2go....folder on the client? If so, this sound like it might be along the lines of John Sullivan's suggestion.
This should not be an issue.
Q: did the errors we got when generated the ssh keys matter "(Permission denied (publickey)."? The content of the Vserver/Cups Server host known hosts has:- a prefix of "|1|Ha2q5mBmGyrl4CYri92TPRb6NNU=|3gihEfRTYU8UHwI4FrQcSq29Exg="- then the contents of the authorized_keys on the Vserver Guest/x2go server /home/user1/.ssh/authorized_keys file up to but excluding the "r...@vserver1.mydomain.com"
Ahhh... this is another issue. You have to generate a known_hosts file for root@cups-server that allows the login to x2goprint@x2goserver (with SSH key /root/.ssh/id_dsa-x2goprint.
For this, just to be sure, do several manual ssh logins from cups-server to x2goserver:
ssh -lx2goprint <ip> ssh -lx2goprint <hostname> ssh -lx2goprint <hostname>.<fqdn>
Or did we create DSA keys but somehow when trying to add them got crossed up with RSA keys (e.g., Warning: Permanently added '192.168.1.112' (RSA) to the list of known hosts.").
Again, DSA or RSA doesn't really matter. Only thing important: you have to be able to log in from root@cups-server to x2goprint@x2goserver without password. Consult other SSH docs on the web, if that is nothing you set up regularly.
Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
pgpwfTaKjE9Gz.pgp
Description: Digitale PGP-Unterschrift
_______________________________________________ X2Go-Dev mailing list X2Go-Dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
