I have x2go server installed on CentOS 7. I can create an x2go client session without any problems using a local system user account. The server also allows Active Directory logins via PBIS Open and I can ssh to the server using an Active Directory account. However, if I try to start an x2go session using an AD account the session just hangs.
Here is the contents of /var/log/secure:
Jun 11 12:11:57 my-server sshd[20288]: Connection from x.x.x.x port 37844 on y.y.y.y port 22 Jun 11 12:11:57 my-server sshd[20288]: Postponed keyboard-interactive for <username> from x.x.x.x port 37844 ssh2 [preauth] Jun 11 12:11:57 my-server sshd[20478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x user=<username> Jun 11 12:11:58 my-server sshd[20288]: Postponed keyboard-interactive/pam for <username> from x.x.x.x port 37844 ssh2 [preauth] Jun 11 12:11:58 my-server sshd[20288]: Accepted keyboard-interactive/pam for <username> from x.x.x.x port 37844 ssh2 Jun 11 12:11:58 my-server sshd[20288]: pam_unix(sshd:session): session opened for user <username> by (uid=0) Jun 11 12:11:58 my-server sshd[20288]: User child is on pid 21148 Jun 11 12:11:58 my-server sshd[21148]: Starting session: command for <username> from x.x.x.x port 37844 Jun 11 12:11:59 my-server sshd[21148]: Starting session: command for <username> from x.x.x.x port 37844 Here's my /etc/pam.d/sshd:
auth required pam_sepermit.so auth substack password- auth auth include postlogin # Used with polkit to re authorize users in remote sessions -auth optional pam_re authorize.so prepare account required pam_nologin.so account include password- auth password include password- auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session required pam_namespace.so session optional pam_keyinit.so force revoke session include password- auth session include postlogin # Used with polkit to re authorize users in remote sessions -session optional pam_re authorize.so prepare session sufficient pam_lsass.so Here's my /etc/pam.d/system-auth-ac:
auth required pam_env.so auth requisite pam_lsass.so smartcard_prompt try_first_pass auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth sufficient pam_lsass.so try_first_pass auth required pam_deny.so account required pam_lsass.so unknown_ok account sufficient pam_lsass.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account required pam_permit.so password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_ authtok password sufficient pam_lsass.so try_first_pass use_ authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so I think this is any issue with my PAM setup because of the authentication failure line in /var/log/secure but can't for the life of me work out what's happening because the session then appears to start but then fails. Any advice would be much appreciated!
