[Freeipa-users] freenx stops working after joining centos 6.4 to ipa domain (with workaround)

[Denis De Messemacker]

On Thu, May 23, 2013 at 1:53 PM, Natxo Asenjo <natxo.asenjo at gmail.com>wrote:

> hi,
>
> after (long) troubleshooting I finally pinpointed an annoying problem.
>
> Centos offers freenx (the free version of nomachine, so not a Red Hat
> problem) that allows multiple sessions and not just only 2 users like the
> free nochine version. This is very nice.
>
> After the upgrade to version 6.4, the ssh client config file
> /etc/ssh/ssh_config, is changed. This change breaks freenx completely:
>
> The new ssh_config file *after* joining the ipa domain adds this:
>
> # diff ssh_config.nxworks ssh_config.ipa
> 48a49,52
> > GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
> > PubkeyAuthentication yes
> > ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
>
> if we remove those settings, freenx works again.
>
> I repeat: this has nothing to do with Red Hat, this is not their problem.
>
> I do not know what the implications are for this action, I suspect it will
> break the known_hosts functionality. We do not manage that with ipa, so
> that is not an issue for us (we use cfengine for that).
>
> If anyone else has had this problem, there you have a workaround.
> --
> Groeten,
> natxo
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>


Hello,

Indeed, this is an annoying problem.

We have been also impacted and there is a bugzilla for that:
https://bugzilla.redhat.com/show_bug.cgi?id=889720

Basically, you can let the Proxy command untouched in ssh_config and
modify nxnode-login
script so it does overides that option.

Anyway, it was indeed not easy to find.

Best regards,

Denis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130523/d42fbca0/attachment.htm>